mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-08-06 05:47:13 +02:00
4debf536dc
See: * https://github.com/wbond/oscrypto/issues/82 * https://github.com/wbond/oscrypto/issues/80
122 lines
6.8 KiB
Diff
122 lines
6.8 KiB
Diff
See https://github.com/wbond/oscrypto/issues/82
|
|
|
|
diff -upr oscrypto-1.3.0.orig/tests/test_tls.py oscrypto-1.3.0/tests/test_tls.py
|
|
--- oscrypto-1.3.0.orig/tests/test_tls.py 2024-07-10 15:13:24.273901857 +0200
|
|
+++ oscrypto-1.3.0/tests/test_tls.py 2024-07-10 15:14:21.530695208 +0200
|
|
@@ -90,7 +90,6 @@ class TLSTests(unittest.TestCase):
|
|
return (
|
|
('google', 'www.google.com', 443),
|
|
('package_control', 'packagecontrol.io', 443),
|
|
- ('dh1024', 'dh1024.badtls.io', 10005),
|
|
)
|
|
|
|
@data('tls_hosts', True)
|
|
@@ -142,35 +141,41 @@ class TLSTests(unittest.TestCase):
|
|
s.close()
|
|
socket.setdefaulttimeout(def_timeout)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_missing_issuer(self):
|
|
expected = 'certificate issuer not found in trusted root certificate store'
|
|
with assert_exception(self, errors.TLSVerificationError, expected):
|
|
tls.TLSSocket('domain-match.badtls.io', 10000)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_domain_mismatch(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
with assert_exception(self, errors.TLSVerificationError, 'does not match'):
|
|
tls.TLSSocket('domain-mismatch.badtls.io', 11002, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_san_mismatch(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
with assert_exception(self, errors.TLSVerificationError, 'does not match'):
|
|
tls.TLSSocket('san-mismatch.badtls.io', 11003, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_wildcard_success(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
tls.TLSSocket('wildcard-match.badtls.io', 10001, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_not_yet_valid(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
with assert_exception(self, errors.TLSVerificationError, 'not valid until'):
|
|
tls.TLSSocket('future.badtls.io', 11001, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_expired_2(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
@@ -179,30 +184,35 @@ class TLSTests(unittest.TestCase):
|
|
with assert_exception(self, errors.TLSVerificationError, 'certificate expired|not valid until'):
|
|
tls.TLSSocket('expired-1963.badtls.io', 11000, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_client_cert_required(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
with assert_exception(self, errors.TLSError, 'client authentication'):
|
|
tls.TLSSocket('required-auth.badtls.io', 10003, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_handshake_error_3(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
with assert_exception(self, errors.TLSError, 'weak certificate signature algorithm'):
|
|
tls.TLSSocket('weak-sig.badtls.io', 11004, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_non_web(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
with assert_exception(self, errors.TLSVerificationError, 'verification failed'):
|
|
tls.TLSSocket('bad-key-usage.badtls.io', 11005, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_wildcard_mismatch(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
with assert_exception(self, errors.TLSVerificationError, 'does not match'):
|
|
tls.TLSSocket('wildcard.mismatch.badtls.io', 11007, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_expired(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
@@ -225,18 +235,21 @@ class TLSTests(unittest.TestCase):
|
|
with assert_exception(self, errors.TLSError, regex):
|
|
tls.TLSSocket('dh512.badssl.com', 443)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_handshake_error(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
with assert_exception(self, errors.TLSError, 'TLS handshake failed'):
|
|
tls.TLSSocket('rc4-md5.badtls.io', 11009, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_error_handshake_error_2(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
|
|
with assert_exception(self, errors.TLSError, 'TLS handshake failed'):
|
|
tls.TLSSocket('rc4.badtls.io', 11008, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_extra_trust_roots_no_match(self):
|
|
expected = 'certificate issuer not found in trusted root certificate store'
|
|
@@ -244,6 +257,7 @@ class TLSTests(unittest.TestCase):
|
|
session = tls.TLSSession(extra_trust_roots=[digicert_ca_path])
|
|
tls.TLSSocket('domain-match.badtls.io', 10000, session=session)
|
|
|
|
+ @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
|
|
@connection_timeout()
|
|
def test_tls_extra_trust_roots(self):
|
|
session = tls.TLSSession(extra_trust_roots=[badtls_ca_path, digicert_ca_path])
|