| |
@@ -0,0 +1,182 @@
|
| |
+ diff --git a/Lib/test/dh1024.pem b/Lib/test/dh1024.pem
|
| |
+ deleted file mode 100644
|
| |
+ index a391176..0000000
|
| |
+ --- a/Lib/test/dh1024.pem
|
| |
+ +++ /dev/null
|
| |
+ @@ -1,7 +0,0 @@
|
| |
+ ------BEGIN DH PARAMETERS-----
|
| |
+ -MIGHAoGBAIbzw1s9CT8SV5yv6L7esdAdZYZjPi3qWFs61CYTFFQnf2s/d09NYaJt
|
| |
+ -rrvJhIzWavqnue71qXCf83/J3nz3FEwUU/L0mGyheVbsSHiI64wUo3u50wK5Igo0
|
| |
+ -RNs/LD0irs7m0icZ//hijafTU+JOBiuA8zMI+oZfU7BGuc9XrUprAgEC
|
| |
+ ------END DH PARAMETERS-----
|
| |
+ -
|
| |
+ -Generated with: openssl dhparam -out dh1024.pem 1024
|
| |
+ diff --git a/Lib/test/ffdh3072.pem b/Lib/test/ffdh3072.pem
|
| |
+ new file mode 100644
|
| |
+ index 0000000..ad69bac
|
| |
+ --- /dev/null
|
| |
+ +++ b/Lib/test/ffdh3072.pem
|
| |
+ @@ -0,0 +1,41 @@
|
| |
+ + DH Parameters: (3072 bit)
|
| |
+ + prime:
|
| |
+ + 00:ff:ff:ff:ff:ff:ff:ff:ff:ad:f8:54:58:a2:bb:
|
| |
+ + 4a:9a:af:dc:56:20:27:3d:3c:f1:d8:b9:c5:83:ce:
|
| |
+ + 2d:36:95:a9:e1:36:41:14:64:33:fb:cc:93:9d:ce:
|
| |
+ + 24:9b:3e:f9:7d:2f:e3:63:63:0c:75:d8:f6:81:b2:
|
| |
+ + 02:ae:c4:61:7a:d3:df:1e:d5:d5:fd:65:61:24:33:
|
| |
+ + f5:1f:5f:06:6e:d0:85:63:65:55:3d:ed:1a:f3:b5:
|
| |
+ + 57:13:5e:7f:57:c9:35:98:4f:0c:70:e0:e6:8b:77:
|
| |
+ + e2:a6:89:da:f3:ef:e8:72:1d:f1:58:a1:36:ad:e7:
|
| |
+ + 35:30:ac:ca:4f:48:3a:79:7a:bc:0a:b1:82:b3:24:
|
| |
+ + fb:61:d1:08:a9:4b:b2:c8:e3:fb:b9:6a:da:b7:60:
|
| |
+ + d7:f4:68:1d:4f:42:a3:de:39:4d:f4:ae:56:ed:e7:
|
| |
+ + 63:72:bb:19:0b:07:a7:c8:ee:0a:6d:70:9e:02:fc:
|
| |
+ + e1:cd:f7:e2:ec:c0:34:04:cd:28:34:2f:61:91:72:
|
| |
+ + fe:9c:e9:85:83:ff:8e:4f:12:32:ee:f2:81:83:c3:
|
| |
+ + fe:3b:1b:4c:6f:ad:73:3b:b5:fc:bc:2e:c2:20:05:
|
| |
+ + c5:8e:f1:83:7d:16:83:b2:c6:f3:4a:26:c1:b2:ef:
|
| |
+ + fa:88:6b:42:38:61:1f:cf:dc:de:35:5b:3b:65:19:
|
| |
+ + 03:5b:bc:34:f4:de:f9:9c:02:38:61:b4:6f:c9:d6:
|
| |
+ + e6:c9:07:7a:d9:1d:26:91:f7:f7:ee:59:8c:b0:fa:
|
| |
+ + c1:86:d9:1c:ae:fe:13:09:85:13:92:70:b4:13:0c:
|
| |
+ + 93:bc:43:79:44:f4:fd:44:52:e2:d7:4d:d3:64:f2:
|
| |
+ + e2:1e:71:f5:4b:ff:5c:ae:82:ab:9c:9d:f6:9e:e8:
|
| |
+ + 6d:2b:c5:22:36:3a:0d:ab:c5:21:97:9b:0d:ea:da:
|
| |
+ + 1d:bf:9a:42:d5:c4:48:4e:0a:bc:d0:6b:fa:53:dd:
|
| |
+ + ef:3c:1b:20:ee:3f:d5:9d:7c:25:e4:1d:2b:66:c6:
|
| |
+ + 2e:37:ff:ff:ff:ff:ff:ff:ff:ff
|
| |
+ + generator: 2 (0x2)
|
| |
+ + recommended-private-length: 276 bits
|
| |
+ +-----BEGIN DH PARAMETERS-----
|
| |
+ +MIIBjAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
| |
+ ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
| |
+ +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
| |
+ +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
| |
+ +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
| |
+ +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
|
| |
+ +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
|
| |
+ +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu
|
| |
+ +N///////////AgECAgIBFA==
|
| |
+ +-----END DH PARAMETERS-----
|
| |
+ diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
|
| |
+ index f9488a9..da8ba32 100644
|
| |
+ --- a/Lib/test/test_ftplib.py
|
| |
+ +++ b/Lib/test/test_ftplib.py
|
| |
+ @@ -880,18 +880,23 @@ class TestTLS_FTPClass(TestCase):
|
| |
+ # clear text
|
| |
+ with self.client.transfercmd('list') as sock:
|
| |
+ self.assertNotIsInstance(sock, ssl.SSLSocket)
|
| |
+ + self.assertEqual(sock.recv(1024), LIST_DATA.encode('ascii'))
|
| |
+ self.assertEqual(self.client.voidresp(), "226 transfer complete")
|
| |
+
|
| |
+ # secured, after PROT P
|
| |
+ self.client.prot_p()
|
| |
+ with self.client.transfercmd('list') as sock:
|
| |
+ self.assertIsInstance(sock, ssl.SSLSocket)
|
| |
+ + # consume from SSL socket to finalize handshake and avoid
|
| |
+ + # "SSLError [SSL] shutdown while in init"
|
| |
+ + self.assertEqual(sock.recv(1024), LIST_DATA.encode('ascii'))
|
| |
+ self.assertEqual(self.client.voidresp(), "226 transfer complete")
|
| |
+
|
| |
+ # PROT C is issued, the connection must be in cleartext again
|
| |
+ self.client.prot_c()
|
| |
+ with self.client.transfercmd('list') as sock:
|
| |
+ self.assertNotIsInstance(sock, ssl.SSLSocket)
|
| |
+ + self.assertEqual(sock.recv(1024), LIST_DATA.encode('ascii'))
|
| |
+ self.assertEqual(self.client.voidresp(), "226 transfer complete")
|
| |
+
|
| |
+ def test_login(self):
|
| |
+ diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
|
| |
+ index 7bbaa9f..ea528b5 100644
|
| |
+ --- a/Lib/test/test_ssl.py
|
| |
+ +++ b/Lib/test/test_ssl.py
|
| |
+ @@ -55,7 +55,6 @@ CAPATH = data_file("capath")
|
| |
+ BYTES_CAPATH = os.fsencode(CAPATH)
|
| |
+ CAFILE_NEURONIO = data_file("capath", "4e1295a3.0")
|
| |
+ CAFILE_CACERT = data_file("capath", "5ed36f99.0")
|
| |
+ -WRONG_CERT = data_file("wrongcert.pem")
|
| |
+
|
| |
+ CERTFILE_INFO = {
|
| |
+ 'issuer': ((('countryName', 'XY'),),
|
| |
+ @@ -118,7 +117,7 @@ BADKEY = data_file("badkey.pem")
|
| |
+ NOKIACERT = data_file("nokia.pem")
|
| |
+ NULLBYTECERT = data_file("nullbytecert.pem")
|
| |
+
|
| |
+ -DHFILE = data_file("dh1024.pem")
|
| |
+ +DHFILE = data_file("ffdh3072.pem")
|
| |
+ BYTES_DHFILE = os.fsencode(DHFILE)
|
| |
+
|
| |
+ # Not defined in all versions of OpenSSL
|
| |
+ @@ -2846,8 +2845,8 @@ class ThreadedTests(unittest.TestCase):
|
| |
+ connect to it with a wrong client certificate fails.
|
| |
+ """
|
| |
+ client_context, server_context, hostname = testing_context()
|
| |
+ - # load client cert
|
| |
+ - client_context.load_cert_chain(WRONG_CERT)
|
| |
+ + # load client cert that is not signed by trusted CA
|
| |
+ + client_context.load_cert_chain(CERTFILE)
|
| |
+ # require TLS client authentication
|
| |
+ server_context.verify_mode = ssl.CERT_REQUIRED
|
| |
+ # TLS 1.3 has different handshake
|
| |
+ @@ -2879,7 +2878,8 @@ class ThreadedTests(unittest.TestCase):
|
| |
+ @unittest.skipUnless(ssl.HAS_TLSv1_3, "Test needs TLS 1.3")
|
| |
+ def test_wrong_cert_tls13(self):
|
| |
+ client_context, server_context, hostname = testing_context()
|
| |
+ - client_context.load_cert_chain(WRONG_CERT)
|
| |
+ + # load client cert that is not signed by trusted CA
|
| |
+ + client_context.load_cert_chain(CERTFILE)
|
| |
+ server_context.verify_mode = ssl.CERT_REQUIRED
|
| |
+ server_context.minimum_version = ssl.TLSVersion.TLSv1_3
|
| |
+ client_context.minimum_version = ssl.TLSVersion.TLSv1_3
|
| |
+ diff --git a/Lib/test/wrongcert.pem b/Lib/test/wrongcert.pem
|
| |
+ deleted file mode 100644
|
| |
+ index 5f92f9b..0000000
|
| |
+ --- a/Lib/test/wrongcert.pem
|
| |
+ +++ /dev/null
|
| |
+ @@ -1,32 +0,0 @@
|
| |
+ ------BEGIN RSA PRIVATE KEY-----
|
| |
+ -MIICXAIBAAKBgQC89ZNxjTgWgq7Z1g0tJ65w+k7lNAj5IgjLb155UkUrz0XsHDnH
|
| |
+ -FlbsVUg2Xtk6+bo2UEYIzN7cIm5ImpmyW/2z0J1IDVDlvR2xJ659xrE0v5c2cB6T
|
| |
+ -f9lnNTwpSoeK24Nd7Jwq4j9vk95fLrdqsBq0/KVlsCXeixS/CaqqduXfvwIDAQAB
|
| |
+ -AoGAQFko4uyCgzfxr4Ezb4Mp5pN3Npqny5+Jey3r8EjSAX9Ogn+CNYgoBcdtFgbq
|
| |
+ -1yif/0sK7ohGBJU9FUCAwrqNBI9ZHB6rcy7dx+gULOmRBGckln1o5S1+smVdmOsW
|
| |
+ -7zUVLBVByKuNWqTYFlzfVd6s4iiXtAE2iHn3GCyYdlICwrECQQDhMQVxHd3EFbzg
|
| |
+ -SFmJBTARlZ2GKA3c1g/h9/XbkEPQ9/RwI3vnjJ2RaSnjlfoLl8TOcf0uOGbOEyFe
|
| |
+ -19RvCLXjAkEA1s+UE5ziF+YVkW3WolDCQ2kQ5WG9+ccfNebfh6b67B7Ln5iG0Sbg
|
| |
+ -ky9cjsO3jbMJQtlzAQnH1850oRD5Gi51dQJAIbHCDLDZU9Ok1TI+I2BhVuA6F666
|
| |
+ -lEZ7TeZaJSYq34OaUYUdrwG9OdqwZ9sy9LUav4ESzu2lhEQchCJrKMn23QJAReqs
|
| |
+ -ZLHUeTjfXkVk7dHhWPWSlUZ6AhmIlA/AQ7Payg2/8wM/JkZEJEPvGVykms9iPUrv
|
| |
+ -frADRr+hAGe43IewnQJBAJWKZllPgKuEBPwoEldHNS8nRu61D7HzxEzQ2xnfj+Nk
|
| |
+ -2fgf1MAzzTRsikfGENhVsVWeqOcijWb6g5gsyCmlRpc=
|
| |
+ ------END RSA PRIVATE KEY-----
|
| |
+ ------BEGIN CERTIFICATE-----
|
| |
+ -MIICsDCCAhmgAwIBAgIJAOqYOYFJfEEoMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
|
| |
+ -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
|
| |
+ -aWRnaXRzIFB0eSBMdGQwHhcNMDgwNjI2MTgxNTUyWhcNMDkwNjI2MTgxNTUyWjBF
|
| |
+ -MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
|
| |
+ -ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
|
| |
+ -gQC89ZNxjTgWgq7Z1g0tJ65w+k7lNAj5IgjLb155UkUrz0XsHDnHFlbsVUg2Xtk6
|
| |
+ -+bo2UEYIzN7cIm5ImpmyW/2z0J1IDVDlvR2xJ659xrE0v5c2cB6Tf9lnNTwpSoeK
|
| |
+ -24Nd7Jwq4j9vk95fLrdqsBq0/KVlsCXeixS/CaqqduXfvwIDAQABo4GnMIGkMB0G
|
| |
+ -A1UdDgQWBBTctMtI3EO9OjLI0x9Zo2ifkwIiNjB1BgNVHSMEbjBsgBTctMtI3EO9
|
| |
+ -OjLI0x9Zo2ifkwIiNqFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
|
| |
+ -U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOqYOYFJ
|
| |
+ -fEEoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAQwa7jya/DfhaDn7E
|
| |
+ -usPkpgIX8WCL2B1SqnRTXEZfBPPVq/cUmFGyEVRVATySRuMwi8PXbVcOhXXuocA+
|
| |
+ -43W+iIsD9pXapCZhhOerCq18TC1dWK98vLUsoK8PMjB6e5H/O8bqojv0EeC+fyCw
|
| |
+ -eSHj5jpC8iZKjCHBn+mAi4cQ514=
|
| |
+ ------END CERTIFICATE-----
|
| |
+ diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py
|
| |
+ index 20d4eeac12..a0c683bbcf 100644
|
| |
+ --- a/Lib/test/test_poplib.py
|
| |
+ +++ b/Lib/test/test_poplib.py
|
| |
+ @@ -178,7 +178,8 @@ class DummyPOP3Handler(asynchat.async_chat):
|
| |
+ return self.handle_close()
|
| |
+ # TODO: SSLError does not expose alert information
|
| |
+ elif ("SSLV3_ALERT_BAD_CERTIFICATE" in err.args[1] or
|
| |
+ - "SSLV3_ALERT_CERTIFICATE_UNKNOWN" in err.args[1]):
|
| |
+ + "SSLV3_ALERT_CERTIFICATE_UNKNOWN" in err.args[1] or
|
| |
+ + "bad record type" in err.args[1]):
|
| |
+ return self.handle_close()
|
| |
+ raise
|
| |
+ except OSError as err:
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1618753