diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2021-03-10 22:35:24 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-10 15:35:24 -0600 |
| commit | 5dc698861c91b4aa83b284b282c0e91cdcee49a3 (patch) | |
| tree | d98c73d18f263a76f0b10c7c75d1ea26d4ac858c /tests | |
| parent | d290855aab9f12d7cf739c63aad9ca3699d936f7 (diff) | |
| download | pyopenssl-git-5dc698861c91b4aa83b284b282c0e91cdcee49a3.tar.gz | |
Add SSL_CTX_set_min_proto_version/SSL_CTX_set_max_proto_version bindings (#985)
* add Context.set_*_proto_version, fix #860
* docs: add new openssl tls methods
* accept the fact that nothing can be taken for granted
* bump minimum required cryptography version to 3.3
* drop support for Python 3.5
* use binary wheels for cryptography
* Revert "use binary wheels for cryptography"
This reverts commit 91a04c612ed1d0dd9fd541dfefe21cac7c25b1c1.
* docker ci: compile cryptography with rust
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_ssl.py | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/tests/test_ssl.py b/tests/test_ssl.py index 27f2d43..e79d9fa 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -48,7 +48,14 @@ from OpenSSL.crypto import dump_privatekey, load_privatekey from OpenSSL.crypto import dump_certificate, load_certificate from OpenSSL.crypto import get_elliptic_curves -from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS +from OpenSSL.SSL import ( + OPENSSL_VERSION_NUMBER, + SSLEAY_VERSION, + SSLEAY_CFLAGS, + TLS_METHOD, + TLS1_2_VERSION, + TLS1_1_VERSION, +) from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN from OpenSSL.SSL import ( @@ -1039,6 +1046,25 @@ class TestContext(object): assert all(isinstance(conn, Connection) for conn, line in called) assert all(b"CLIENT_RANDOM" in line for conn, line in called) + def test_set_proto_version(self): + server_context = Context(TLS_METHOD) + server_context.use_certificate( + load_certificate(FILETYPE_PEM, root_cert_pem) + ) + server_context.use_privatekey( + load_privatekey(FILETYPE_PEM, root_key_pem) + ) + server_context.set_min_proto_version(TLS1_2_VERSION) + + client_context = Context(TLS_METHOD) + client_context.set_max_proto_version(TLS1_1_VERSION) + + with pytest.raises(Error, match="unsupported protocol"): + self._handshake_test(server_context, client_context) + + client_context.set_max_proto_version(0) + self._handshake_test(server_context, client_context) + def _load_verify_locations_test(self, *args): """ Create a client context which will verify the peer certificate and call |