pool/python-pyOpenSSL
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
python-pyOpenSSL/tls13-renegotiation.patch

57 lines
2.0 KiB
Diff
Raw Blame History

Index: pyOpenSSL-18.0.0/tests/test_ssl.py
===================================================================
--- pyOpenSSL-18.0.0.orig/tests/test_ssl.py 2018-10-30 20:43:38.806954080 +0100
+++ pyOpenSSL-18.0.0/tests/test_ssl.py 2018-10-30 20:58:46.133504622 +0100
@@ -3181,6 +3181,7 @@ class TestConnectionRenegotiate(object):
"""
Tests for SSL renegotiation APIs.
"""
+
def test_total_renegotiations(self):
"""
`Connection.total_renegotiations` returns `0` before any renegotiations
@@ -3193,7 +3194,16 @@ class TestConnectionRenegotiate(object):
"""
Go through a complete renegotiation cycle.
"""
- server, client = loopback()
+ # renegotiation works with TLS version <= 1.2
+ def makeServer12(socket):
+ ctx = Context(TLSv1_2_METHOD)
+ ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
+ ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
+ server = Connection(ctx, socket)
+ server.set_accept_state()
+ return server
+
+ server, client = loopback(server_factory=makeServer12)
server.send(b"hello world")
@@ -3216,6 +3226,25 @@ class TestConnectionRenegotiate(object):
while False is server.renegotiate_pending():
pass
+ # renegotiation is forbidden in TLS 1.3
+ server, client = loopback()
+
+ server.send(b"hello world")
+
+ assert b"hello world" == client.recv(len(b"hello world"))
+
+ assert 0 == server.total_renegotiations()
+ assert False is server.renegotiate_pending()
+
+ # renegotian under TLS 1.3 must fail
+
+ if client.get_protocol_version_name() == "TLSv1.3":
+ try:
+ assert False is server.renegotiate()
+ #error ('SSL routines', 'SSL_renegotiate', 'wrong ssl version')
+ except SSL.Error:
+ pass
+
class TestError(object):
"""
Reference in New Issue View Git Blame Copy Permalink