class OpenSSLOptionsTests(OpenSSLOptionsTestsMixin, TestCase): (source)
Tests for sslverify.OpenSSLOptions
.
Method | set |
Same as OpenSSLOptionsTestsMixin.setUp , but it also patches sslverify._ChooseDiffieHellmanEllipticCurve . |
Method | test_abbreviating |
Check that abbreviations used in certificates correctly map to complete names. |
Method | test_acceptable |
If the user doesn't supply custom acceptable ciphers, a shipped secure default is used. We can't check directly for it because the effective cipher string we set varies with platforms. |
Method | test_allowed |
Check that anonymous connections are allowed when certificates aren't required on the server. |
Method | test_basic |
Every context must have OP_NO_SSLv2, OP_NO_COMPRESSION, and OP_CIPHER_SERVER_PREFERENCE set. |
Method | test_certificate |
Test that __setstate__(__getstate__()) round-trips properly. |
Method | test_certificate |
Enabling session tickets should not set the OP_NO_TICKET option. |
Method | test_certificate |
Enabling session tickets should set the OP_NO_TICKET option. |
Method | test_constructor |
It's currently a NOP, but valid. |
Method | test_constructor |
A extraCertChain without privateKey doesn't make sense and is thus rejected. |
Method | test_constructor |
A extraCertChain without certificate doesn't make sense and is thus rejected. |
Method | test_constructor |
verify, requireCertificate, and caCerts must not be specified by the caller (to be any value, even the default!) when specifying trustRoot. |
Method | test_constructor |
verify must not be True without specifying caCerts. |
Method | test_constructor |
Setting extraCertChain works if certificate and privateKey are set along with it. |
Method | test_constructor |
Specifying privateKey and certificate initializes correctly. |
Method | test_constructor |
privateKey and certificate make only sense if both are set. |
Method | test_constructor |
privateKey and certificate make only sense if both are set. |
Method | test_constructor |
Specifying verify and caCerts initializes correctly. |
Method | test_dh |
If dhParams is set, they are loaded into each new context. |
Method | test_enabling |
The enableSessions argument sets the session cache mode; it defaults to False (at least until https://twistedmatrix.com/trac/ticket/9764 can be resolved). |
Method | test_extra |
extraCertChain doesn't break OpenSSL.SSL.Context creation. |
Method | test_extra |
If extraCertChain is set and all prerequisites are met, the specified chain certificates are added to Contexts that get created. |
Method | test_failed |
Check that connecting with a certificate not accepted by the server CA fails. |
Method | test_gives |
If there is no valid cipher that matches the user's wishes, a ValueError is raised. |
Method | test_honors |
If acceptable ciphers are passed, they are used. |
Method | test_inspect |
Test that the inspect method of sslverify.Certificate returns a human-readable string containing some basic information about the certificate. |
Method | test_method |
Passing method to sslverify.OpenSSLCertificateOptions is deprecated. |
Method | test_mode |
Every context must be in MODE_RELEASE_BUFFERS mode. |
Method | test_public |
PublicKey.matches returns True for keys from certificates with the same key, and False for keys from certificates with different keys. |
Method | test_refused |
Check that anonymous connections are refused when certificates are required on the server. |
Method | test_single |
If singleUseKeys is set, every context must have OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE set. |
Method | test_successful |
Test a successful connection with client certificate validation on server side. |
Method | test_successful |
Test a successful connection with validation on both server and client sides. |
Method | test_tls |
When calling sslverify.OpenSSLCertificateOptions with insecurelyLowerMinimumTo set to TLSv1.0 and lowerMaximumSecurityTo to TLSv1.2, it will exclude both SSLs and the (unreleased) TLSv1.3. |
Method | test_tls |
When calling sslverify.OpenSSLCertificateOptions with insecurelyLowerMinimumTo set to TLSv1.2, it will ignore all TLSs below 1.2 and SSL. |
Method | test_tls |
When calling sslverify.OpenSSLCertificateOptions with raiseMinimumTo set to TLSv1.2, it will ignore all TLSs below 1.2 and SSL. |
Method | test_tls |
When calling sslverify.OpenSSLCertificateOptions with raiseMinimumTo set to a value lower than Twisted's default will cause it to use the more secure default. |
Method | test_tls |
Passing insecurelyLowerMinimumTo along with raiseMinimumTo to sslverify.OpenSSLCertificateOptions will cause it to raise an exception. |
Method | test_tls |
Passing raiseMinimumTo along with method to sslverify.OpenSSLCertificateOptions will cause it to raise an exception. |
Method | test_tls |
Passing lowerMaximumSecurityTo along with method to sslverify.OpenSSLCertificateOptions will cause it to raise an exception. |
Method | test_tls |
Passing insecurelyLowerMinimumTo along with method to sslverify.OpenSSLCertificateOptions will cause it to raise an exception. |
Method | test_tls |
When calling sslverify.OpenSSLCertificateOptions with lowerMaximumSecurityTo but no raiseMinimumTo or insecurelyLowerMinimumTo set, and lowerMaximumSecurityTo is below the minimum default, the minimum will be made the new maximum. |
Method | test_tls |
When calling sslverify.OpenSSLCertificateOptions with insecurelyLowerMinimumTo and lowerMaximumSecurityTo set to SSLv3, it will exclude all others. |
Method | test_tls |
When calling sslverify.OpenSSLCertificateOptions with insecurelyLowerMinimumTo and lowerMaximumSecurityTo set to v1.0, it will exclude all others. |
Method | test_tls |
When calling sslverify.OpenSSLCertificateOptions with insecurelyLowerMinimumTo and lowerMaximumSecurityTo set to v1.1, it will exclude all others. |
Method | test_tls |
When calling sslverify.OpenSSLCertificateOptions with insecurelyLowerMinimumTo and lowerMaximumSecurityTo set to v1.2, it will exclude all others. |
Method | test_tlsv12 |
sslverify.OpenSSLCertificateOptions will make the default minimum TLS version v1.2, if no method, or insecurelyLowerMinimumTo is given. |
Method | test_tls |
Passing out of order TLS versions to insecurelyLowerMinimumTo and lowerMaximumSecurityTo will cause it to raise an exception. |
Method | test_tls |
Passing out of order TLS versions to raiseMinimumTo and lowerMaximumSecurityTo will cause it to raise an exception. |
Method | test |
Check certificates verification building custom certificates data. |
Method | test |
Undocumented |
Method | test |
Undocumented |
Inherited from OpenSSLOptionsTestsMixin
:
Method | loopback |
Undocumented |
Method | tear |
Undocumented |
Instance Variable | ca |
Undocumented |
Instance Variable | ca |
Undocumented |
Instance Variable | ca |
Undocumented |
Instance Variable | c |
Undocumented |
Instance Variable | c |
Undocumented |
Instance Variable | client |
Undocumented |
Instance Variable | extra |
Undocumented |
Instance Variable | on |
Undocumented |
Instance Variable | on |
Undocumented |
Instance Variable | s |
Undocumented |
Instance Variable | server |
Undocumented |
Instance Variable | s |
Undocumented |
Inherited from TestCase
(via OpenSSLOptionsTestsMixin
):
Method | __call__ |
Run the test. Should always do exactly the same thing as run(). |
Method | __init__ |
Construct an asynchronous test case for methodName. |
Method | add |
Extend the base cleanup feature with support for cleanup functions which return Deferreds. |
Method | assert |
Fail if deferred does not errback with one of expectedFailures. Returns the original Deferred with callbacks added. You will need to return this Deferred from your test case. |
Method | defer |
Run any scheduled cleanups and report errors (if any) to the result. object. |
Method | defer |
Undocumented |
Method | defer |
Undocumented |
Method | defer |
Undocumented |
Method | get |
Undocumented |
Method | get |
Returns the timeout value set on this test. Checks on the instance first, then the class, then the module, then packages. As soon as it finds something with a timeout attribute, returns that. Returns util.DEFAULT_TIMEOUT_DURATION ... |
Instance Variable | timeout |
A real number of seconds. If set, the test will raise an error if it takes longer than timeout seconds. If not set, util.DEFAULT_TIMEOUT_DURATION is used. |
Method | _cb |
Undocumented |
Method | _class |
Undocumented |
Method | _clean |
Undocumented |
Method | _deprecate |
Deprecate iterate, crash and stop on reactor. That is, each method is wrapped in a function that issues a deprecation warning, then calls the original. |
Method | _eb |
Undocumented |
Method | _eb |
Undocumented |
Method | _eb |
Undocumented |
Method | _make |
Create a method which wraps the reactor method name. The new method issues a deprecation warning and calls the original. |
Method | _run |
Run a single method, either a test method or fixture. |
Method | _run |
Really run setUp, the test method, and tearDown. Any of these may return defer.Deferred s. After they complete, do some reactor cleanup. |
Method | _undeprecate |
Restore the deprecated reactor methods. Undoes what _deprecateReactor did. |
Method | _wait |
Take a Deferred that only ever callbacks. Block until it happens. |
Instance Variable | _passed |
Undocumented |
Instance Variable | _reactor |
Undocumented |
Instance Variable | _timed |
Undocumented |
Inherited from SynchronousTestCase
(via OpenSSLOptionsTestsMixin
, TestCase
):
Method | __eq__ |
Override the comparison defined by the base TestCase which considers instances of the same class with the same _testMethodName to be equal. Since trial puts TestCase instances into a set, that definition of comparison makes it impossible to run the same test method twice... |
Method | __hash__ |
Undocumented |
Method | call |
Call a function that should have been deprecated at a specific version and in favor of a specific alternative, and assert that it was thusly deprecated. |
Method | flush |
Remove stored errors received from the log. |
Method | flush |
Remove stored warnings from the list of captured warnings and return them. |
Method | get |
Retrieve a module attribute which should have been deprecated, and assert that we saw the appropriate deprecation warning. |
Method | get |
Return the skip reason set on this test, if any is set. Checks on the instance first, then the class, then the module, then packages. As soon as it finds something with a skip attribute, returns that in a tuple (... |
Method | get |
Return a Todo object if the test is marked todo. Checks on the instance first, then the class, then the module, then packages. As soon as it finds something with a todo attribute, returns that. Returns ... |
Method | mktemp |
Create a new path name which can be used for a new file or directory. |
Method | patch |
Monkey patch an object for the duration of the test. |
Method | run |
Run the test case, storing the results in result. |
Method | run |
If no methodName argument is passed to the constructor, run will treat this method as the thing with the actual test inside. |
Method | short |
Undocumented |
Instance Variable | failure |
An exception class, defaulting to FailTest. If the test method raises this exception, it will be reported as a failure, rather than an exception. All of the assertion methods raise this if the assertion fails. |
Instance Variable | skip |
None or a string explaining why this test is to be skipped. If defined, the test will not be run. Instead, it will be reported to the result object as 'skipped' (if the TestResult supports skipping). |
Instance Variable | suppress |
None or a list of tuples of (args, kwargs) to be passed to warnings.filterwarnings. Use these to suppress warnings raised in a test. Useful for testing deprecated code. See also util.suppress . |
Instance Variable | todo |
None , a string or a tuple of (errors, reason) where errors is either an exception class or an iterable of exception classes, and reason is a string. See Todo or makeTodo for more information. |
Method | _get |
Return the reason to use for skipping a test method. |
Method | _get |
Returns any warning suppressions set for this test. Checks on the instance first, then the class, then the module, then packages. As soon as it finds something with a suppress attribute, returns that. ... |
Method | _install |
Undocumented |
Method | _remove |
Undocumented |
Method | _run |
Synchronously run any cleanups which have been added. |
Instance Variable | _cleanups |
Undocumented |
Instance Variable | _observer |
Undocumented |
Instance Variable | _parents |
Undocumented |
Instance Variable | _test |
Undocumented |
Instance Variable | _warnings |
Undocumented |
Inherited from _Assertions
(via OpenSSLOptionsTestsMixin
, TestCase
, SynchronousTestCase
):
Method | assert |
Fail if the two objects are unequal as determined by their difference rounded to the given number of decimal places (default 7) and comparing to zero. |
Method | assert |
Fail if first - second > tolerance |
Method | assert |
Fail the test if first and second are not equal. |
Method | assert |
Fail the test if condition evaluates to True. |
Method | assert |
Fail the test if containee is not found in container. |
Method | assert |
Fail the test if first is not second. This is an obect-identity-equality test, not an object equality (i.e. __eq__) test. |
Method | assert |
Fail if instance is not an instance of the given class or of one of the given classes. |
Method | assert |
Fail the test if first is second. This is an obect-identity-equality test, not an object equality (i.e. __eq__) test. |
Method | assert |
Assert that deferred does not have a result at this point. |
Method | assert |
Fail if the two objects are equal as determined by their difference rounded to the given number of decimal places (default 7) and comparing to zero. |
Method | assert |
Fail the test if first == second. |
Method | assert |
Fail the test if containee is found in container. |
Method | assert |
Fail if instance is an instance of the given class or of one of the given classes. |
Method | assert |
Fail if astring contains substring. |
Method | assert |
Fail the test unless calling the function f with the given args and kwargs raises exception. The failure will report the traceback and call stack of the unexpected exception. |
Method | assert |
Fail if substring does not exist within astring. |
Method | assert |
Fail the test if condition evaluates to False. |
Method | assert |
Fail if the given function doesn't generate the specified warning when called. It calls the function, checks the warning, and forwards the result of the function if everything is fine. |
Method | fail |
Absolutely fail the test. Do not pass go, do not collect $200. |
Method | failure |
Return the current failure result of deferred or raise self.failureException. |
Method | success |
Return the current success result of deferred or raise self.failureException. |
Same as OpenSSLOptionsTestsMixin.setUp
, but it also patches sslverify._ChooseDiffieHellmanEllipticCurve
.
If the user doesn't supply custom acceptable ciphers, a shipped secure default is used. We can't check directly for it because the effective cipher string we set varies with platforms.
verify, requireCertificate, and caCerts must not be specified by the caller (to be any value, even the default!) when specifying trustRoot.
The enableSessions argument sets the session cache mode; it defaults to False (at least until https://twistedmatrix.com/trac/ticket/9764 can be resolved).
If extraCertChain is set and all prerequisites are met, the specified chain certificates are added to Contexts that get created.
Test that the inspect method of sslverify.Certificate
returns a human-readable string containing some basic information about the certificate.
PublicKey.matches
returns True
for keys from certificates with the same key, and False
for keys from certificates with different keys.
When calling sslverify.OpenSSLCertificateOptions
with insecurelyLowerMinimumTo set to TLSv1.0 and lowerMaximumSecurityTo to TLSv1.2, it will exclude both SSLs and the (unreleased) TLSv1.3.
When calling sslverify.OpenSSLCertificateOptions
with insecurelyLowerMinimumTo set to TLSv1.2, it will ignore all TLSs below 1.2 and SSL.
When calling sslverify.OpenSSLCertificateOptions
with raiseMinimumTo set to TLSv1.2, it will ignore all TLSs below 1.2 and SSL.
When calling sslverify.OpenSSLCertificateOptions
with raiseMinimumTo set to a value lower than Twisted's default will cause it to use the more secure default.
Passing insecurelyLowerMinimumTo along with raiseMinimumTo to sslverify.OpenSSLCertificateOptions
will cause it to raise an exception.
Passing raiseMinimumTo along with method to sslverify.OpenSSLCertificateOptions
will cause it to raise an exception.
Passing lowerMaximumSecurityTo along with method to sslverify.OpenSSLCertificateOptions
will cause it to raise an exception.
Passing insecurelyLowerMinimumTo along with method to sslverify.OpenSSLCertificateOptions
will cause it to raise an exception.
When calling sslverify.OpenSSLCertificateOptions
with lowerMaximumSecurityTo but no raiseMinimumTo or insecurelyLowerMinimumTo set, and lowerMaximumSecurityTo is below the minimum default, the minimum will be made the new maximum.
When calling sslverify.OpenSSLCertificateOptions
with insecurelyLowerMinimumTo and lowerMaximumSecurityTo set to SSLv3, it will exclude all others.
When calling sslverify.OpenSSLCertificateOptions
with insecurelyLowerMinimumTo and lowerMaximumSecurityTo set to v1.0, it will exclude all others.
When calling sslverify.OpenSSLCertificateOptions
with insecurelyLowerMinimumTo and lowerMaximumSecurityTo set to v1.1, it will exclude all others.
When calling sslverify.OpenSSLCertificateOptions
with insecurelyLowerMinimumTo and lowerMaximumSecurityTo set to v1.2, it will exclude all others.
sslverify.OpenSSLCertificateOptions
will make the default minimum TLS version v1.2, if no method, or insecurelyLowerMinimumTo is given.
Passing out of order TLS versions to insecurelyLowerMinimumTo and lowerMaximumSecurityTo will cause it to raise an exception.
Passing out of order TLS versions to raiseMinimumTo and lowerMaximumSecurityTo will cause it to raise an exception.