summaryrefslogtreecommitdiff
path: root/tests/test_ssl.py
Commit message (Collapse)AuthorAgeFilesLines
...
* Add Context.set_tlsext_use_srtp (#734)Jeremy Lainé2018-05-161-0/+29
| | | | This allows negotiating SRTP keying material, which is useful when using DTLS-SRTP, as WebRTC does for example.
* Fixed a handful of typos (#755)Alex Gaynor2018-05-141-1/+1
|
* Increase the size of RSA key used in tests for OpenSSL 1.1.1 (#750)Alex Gaynor2018-05-121-3/+3
| | | | | | | | * Increase the size of RSA key used in tests for OpenSSL 1.1.1 * here too * In test_ssl.py as well
* fixed tests that want SNI (#751)Alex Gaynor2018-05-121-0/+1
|
* Raise minimum cryptography version to 2.2.1, drop python 2.6 (#742)Jeremy Lainé2018-03-211-11/+1
|
* Export keying material support (#725)Paul Kehrer2017-11-301-0/+22
| | | | | | | | | | | | | | * added method to export keying material from an ssl connection * updated tests to use bytestrings to avoid breaking python3 tests * added additional comments to test * simplify export_keying_material * add changelog * address review feedback
* fix a memory leak and a potential UAF and also #722 (#723)Paul Kehrer2017-11-301-0/+25
| | | | | | | | * fix a memory leak and a potential UAF and also #722 * sanity check * bump cryptography minimum version, add changelog
* Fix another test to not hardcode TLSv1 (#683)Alex Gaynor2017-08-071-1/+1
|
* Don't use "TLSv1" as a default for loopback clients/servers (#682)Alex Gaynor2017-08-071-2/+2
| | | | | | * Don't use "TLSv1" as a default for loopback clients/servers * We're sticklers for spelling
* remove gibberish comment (#648)Alex Gaynor2017-06-301-2/+0
|
* Kill dead code (#647)Alex Gaynor2017-06-291-5/+0
| | | | | | | | | | * Simplify code * dead code * unused... * write imports normally
* Fixed #461 -- make the tests pass when SSLv3 isn't supported (#644)Alex Gaynor2017-06-291-3/+5
| | | | | | | | | | | | | | * Fixed #461 -- make the tests pass when SSLv3 isn't supported We no longer support OpenSSL 1.0.0, so TLSv1.2 should always be available and this code can be simplified. * Try the opposite direction? * Another shot at getting this passing * uhhh * grump
* try loading trusted certs from a list of fallbacks (#633)Paul Kehrer2017-06-291-1/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * try loading trusted certs from a list of fallbacks pyca/cryptography will shortly begin shipping a wheel. Since SSL_CTX_set_default_verify_paths uses a hardcoded path compiled into the library, this will start failing to load the proper certificates for users on many linux distributions. To avoid this we can use the Go solution of iterating over a list of potential candidates and loading it when found. * capath is lazy loaded so we need to do a lot more checks This now checks to see if env vars are set as well as seeing if the dir exists and has valid certs in it. If either of those are true (or the number of certs is > 0) it won't load the fallback. If it does do the fallback it will also attempt to load certs from a dir as a final fallback * remove an early return * this shouldn't be commented out * oops * very limited testing * sigh, can't use these py3 exceptions of course * expand the tests a bit * coverage! * don't need this now * change the approach to use a pyca/cryptography guard value * test fix * older python sometimes calls itself linux2 * flake8 * add changelog * coverage * slash opt
* Assorted cheap coverage wins (#602)Alex Chan2017-04-201-22/+65
|
* Fix up some pytest-related stuff (#601)Hynek Schlawack2017-02-181-4/+4
|
* Limit SSL_write bufsize to avoid OverflowErrors (#603)Maximilian Hils2017-02-101-0/+24
| | | | | | * limit SSL_write bufsize to avoid OverflowErrors * fix .send() truncation, add test
* Rip out the last vestages of unittest from the test suite (#599)Alex Chan2017-01-301-353/+282
|
* Convert the rest of TestConnection to be pytest-style (#594)Alex Chan2017-01-301-377/+286
|
* Convert TestContext to be pytest-style (#589)Alex Chan2017-01-241-395/+284
|
* Add support for OCSP stapling. (#580)Cory Benfield2017-01-241-0/+244
| | | | | | | | | | | | | | | | | | | | | | | | * Define the OCSPCallbackHelper. * Define set_ocsp_status_callback function. * Reframe this as the "server" helper. * Add OCSP helper. * Allow clients to request OCSP * Some tests for OCSP. * Don't forget to throw callback errors. * Add changelog entry for OCSP stapling. * Require at least cryptography 1.7 * Sorry Flake8, won't happen again. * How does spelling work?
* Convert a few more small test classes to be pytest-style (#585)Alex Chan2016-12-191-12/+12
| | | | | | | | * Rewrite test_tsafe to be pytest-style * Rewrite TestRevoked to be pytest-style * Convert TestConnection to be pytest-style
* Convert ALPN and SessionTests to use pytest-style tests (#570)Alex Chan2016-11-101-37/+25
| | | | | | * Convert ALPN tests to be pytest-style * Convert SessionTests to be pytest-style
* Convert NextProtoNegotiationTests to use pytest-style tests (#569)Alex Chan2016-11-101-151/+127
| | | | | | | | | | | | | | | | | | * Convert NextProtoNegotiationTests to use pytest-style tests Addresses #340. * Fix Twisted test suite See https://twistedmatrix.com/trac/ticket/8876 * Remove tests for OpenSSL with no NPN support NPN was added in OpenSSL 1.0.1. As of version 16.1.0, PyOpenSSL only supports OpenSSL 1.0.1 or later, so this test is: 1. Testing a use case that's no longer supported. 2. Dead code in CI.
* Convert ServerNameCallbackTests to use pytest-style tests (#565)Alex Chan2016-11-051-67/+59
| | | | | | | | | | | | | | | | | | | * Convert ServerNameCallbackTests to use pytest-style tests As well as pytest-ifying up the tests, remove a few redundant tests and tidy up docstrings as per feedback in #563. Addresses #340. * Remove a stray ':py:obj:' in test docstring * Remove _LoopbackMixin from TestServerNameCallback Per @hynek feedback. This test class only depended on one method, which can be broken out as a separate function anyway -- I'll gradually disassemble the loopback as I pytest-ify other tests. * Re-wrap a few comments
* Test on OpenSSL 1.1.0 with travis. Fixes #524 (#526)Alex Gaynor2016-09-241-15/+43
|
* Fixed #529 -- use the native bytes syntax (#536)Alex Gaynor2016-09-111-52/+52
|
* Don't use SSLv3 (#534)Alex Gaynor2016-09-101-1/+1
|
* make these tests pass if OP_NO_SSLv2 is 0 (#532)Alex Gaynor2016-09-101-2/+2
|
* bump the size of some test keys (#531)Alex Gaynor2016-09-101-3/+3
|
* bump the size of the test dhparam (#530)Alex Gaynor2016-09-101-3/+5
|
* Simplify conditions and delete an unused function (#512)Alex Gaynor2016-07-311-16/+0
|
* Remove some pointless branches (#511)Alex Gaynor2016-07-311-42/+20
| | | | | | | | * Remove some pointless branches * this nonsense too * this is unused
* Clean out some cruft (#509)Alex Gaynor2016-07-311-5/+0
|
* Test markups.Cory Benfield2016-03-301-3/+3
|
* Switch to pytest test style.Cory Benfield2016-03-301-6/+9
|
* Add basic tests for _make_requiresCory Benfield2016-03-301-0/+39
|
* Implement Context.set_session_idHynek Schlawack2016-03-161-21/+133
|
* Rename state_name to get_state_nameHynek Schlawack2016-03-141-2/+2
| | | | | A bit more consistent naming. Rename is possible because the method hasn't been part of a release yet.
* Pluck more unrelated bits from #422Hynek Schlawack2016-03-131-2/+9
|
* GrammarHynek Schlawack2016-03-111-3/+3
|
* Fix set_cipher_list on modern OpenSSLHynek Schlawack2016-03-111-40/+40
| | | | Also port forward a few changes from #422.
* Greatly simplify test_state_stringHynek Schlawack2016-01-311-36/+2
| | | | It used to more or less a functional test. No wonder it was rather flaky.
* Fixed AttributeError when calling get_app_data()Todd Chapman2016-01-181-1/+2
|
* Use Google and a more generic methodHynek Schlawack2015-10-211-2/+2
|
* Move package into srcHynek Schlawack2015-10-171-0/+3773
Prevents accidental imports when running tests.
View Lorry Controller Status