Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix TLS 1.3 client tests with requests #192

Merged
merged 6 commits into from Apr 22, 2019
Merged

Fix TLS 1.3 client tests with requests #192

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
0c81f10
Revert "Merge pull request #175 from cherrypy/bugfix/173-xfail-client…
webknjaz Apr 22, 2019
b0ad9dd
⇧ Set the lower bound of urllib3 test dependency
webknjaz Apr 22, 2019
5b648a9
πŸš‘ Skip TLS test when there's no IPv6
webknjaz Apr 22, 2019
4ab5046
πŸš‘ Improve pytest IPv6 marker check
webknjaz Apr 22, 2019
95857f5
Don't xpass test_https_over_http_error @ PyPy3
webknjaz Apr 22, 2019
b4a0d7f
xfail client SSL cert verification w/ OpenSSL 1.0
webknjaz Apr 22, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
39 changes: 30 additions & 9 deletions cheroot/test/test_ssl.py
View file
Open in desktop
Expand Up @@ -27,10 +27,15 @@
EPHEMERAL_PORT,
# get_server_client,
_get_conn_data,
_probe_ipv6_sock,
)


IS_LIBRESSL_BACKEND = ssl.OPENSSL_VERSION.startswith('LibreSSL')
IS_PYOPENSSL_SSL_VERSION_1_0 = (
OpenSSL.SSL.SSLeay_version(OpenSSL.SSL.SSLEAY_VERSION).
startswith(b'OpenSSL 1.0.')
)
PY27 = sys.version_info[:2] == (2, 7)


Expand All @@ -54,6 +59,15 @@
)


missing_ipv6 = pytest.mark.skipif(
not _probe_ipv6_sock('::1'),
reason=''
'IPv6 is disabled '
'(for example, under Travis CI '
'which runs under GCE supporting only IPv4)',
)


class HelloWorldGateway(Gateway):
"""Gateway responding with Hello World to root URI."""

Expand Down Expand Up @@ -282,17 +296,24 @@ def test_tls_client_auth(

if not test_cert_rejection:
resp = make_https_request()
assert resp.status_code == 200
is_req_successful = resp.status_code == 200
if (
not is_req_successful
and IS_PYOPENSSL_SSL_VERSION_1_0
and adapter_type == 'builtin'
and tls_verify_mode == ssl.CERT_REQUIRED
and tls_client_identity == 'localhost'
and is_trusted_cert
):
pytest.xfail(
'OpenSSL 1.0 has problems with verifying client certs',
)
assert is_req_successful
assert resp.text == 'Hello world!'
return

with pytest.raises(requests.exceptions.SSLError) as ssl_err:
try:
make_https_request()
except OpenSSL.SSL.Error:
pytest.xfail(
reason='https://github.com/cherrypy/cheroot/issues/173',
)
make_https_request()

err_text = ssl_err.value.args[0].reason.args[0].args[0]

Expand Down Expand Up @@ -334,14 +355,14 @@ def test_https_over_http_error(http_server, ip_addr):
'adapter_type',
(
'builtin',
pytest.param('pyopenssl', marks=fails_under_py3_in_pypy),
'pyopenssl',
),
)
@pytest.mark.parametrize(
'ip_addr',
(
ANY_INTERFACE_IPV4,
ANY_INTERFACE_IPV6,
pytest.param(ANY_INTERFACE_IPV6, marks=missing_ipv6),
),
)
def test_http_over_https_error(
Expand Down
4 changes: 4 additions & 0 deletions setup.cfg
View file
Open in desktop
Expand Up @@ -103,6 +103,10 @@ testing =
# HTTP over UNIX socket
requests-unixsocket

# This addresses https://github.com/cherrypy/cheroot/issues/173.
# It's a transitive dependency of requests library:
urllib3>=1.25

[options.entry_points]
console_scripts =
cheroot = cheroot.cli:main