| author | Durham Goode <durham@fb.com> |
| Fri, 11 Nov 2016 01:15:59 -0800 | |
| changeset 30373 | 31de088945cd |
| parent 29452 | 26a5d605b868 |
| child 37874 | 0dcd03637d36 |
| permissions | -rw-r--r-- |
|
29451
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
1 |
# coding=utf-8 |
|
28914
63fe5ddb8715
tests: make test-url use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28677
diff
changeset
|
2 |
from __future__ import absolute_import, print_function |
|
63fe5ddb8715
tests: make test-url use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28677
diff
changeset
|
3 |
|
|
63fe5ddb8715
tests: make test-url use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28677
diff
changeset
|
4 |
import doctest |
|
15398
474279be5add
tests: fix readline escape characters in heredoctest.py/test-url.py
Brodie Rao <brodie@bitheap.org>
parents:
15018
diff
changeset
|
5 |
import os |
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
6 |
|
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
7 |
def check(a, b): |
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
8 |
if a != b: |
|
28677
2903558a6991
py3: make test-url use print_function
Pulkit Goyal <7895pulkit@gmail.com>
parents:
26421
diff
changeset
|
9 |
print((a, b)) |
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
10 |
|
|
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
11 |
def cert(cn): |
|
20685
56b1f39dd0c1
test-url: move from dict() construction to {} literals
Augie Fackler <raf@durin42.com>
parents:
15611
diff
changeset
|
12 |
return {'subject': ((('commonName', cn),),)}
|
|
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
13 |
|
|
28914
63fe5ddb8715
tests: make test-url use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28677
diff
changeset
|
14 |
from mercurial import ( |
|
63fe5ddb8715
tests: make test-url use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28677
diff
changeset
|
15 |
sslutil, |
|
63fe5ddb8715
tests: make test-url use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28677
diff
changeset
|
16 |
) |
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
17 |
|
|
28914
63fe5ddb8715
tests: make test-url use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents:
28677
diff
changeset
|
18 |
_verifycert = sslutil._verifycert |
|
12724
66e7ba85585b
test-url: remove trailing whitespace
Augie Fackler <durin42@gmail.com>
parents:
12606
diff
changeset
|
19 |
# Test non-wildcard certificates |
|
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
20 |
check(_verifycert(cert('example.com'), 'example.com'),
|
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
21 |
None) |
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
22 |
check(_verifycert(cert('example.com'), 'www.example.com'),
|
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
23 |
'certificate is for example.com') |
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
24 |
check(_verifycert(cert('www.example.com'), 'example.com'),
|
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
25 |
'certificate is for www.example.com') |
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
26 |
|
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
27 |
# Test wildcard certificates |
|
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
28 |
check(_verifycert(cert('*.example.com'), 'www.example.com'),
|
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
29 |
None) |
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
30 |
check(_verifycert(cert('*.example.com'), 'example.com'),
|
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
31 |
'certificate is for *.example.com') |
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
32 |
check(_verifycert(cert('*.example.com'), 'w.w.example.com'),
|
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
33 |
'certificate is for *.example.com') |
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
34 |
|
|
13249
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
35 |
# Test subjectAltName |
|
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
36 |
san_cert = {'subject': ((('commonName', 'example.com'),),),
|
|
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
37 |
'subjectAltName': (('DNS', '*.example.net'),
|
|
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
38 |
('DNS', 'example.net'))}
|
|
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
39 |
check(_verifycert(san_cert, 'example.net'), |
|
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
40 |
None) |
|
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
41 |
check(_verifycert(san_cert, 'foo.example.net'), |
|
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
42 |
None) |
|
14666
27b080aa880a
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)
Nicolas Bareil <nico@chdir.org>
parents:
14313
diff
changeset
|
43 |
# no fallback to subject commonName when subjectAltName has DNS |
|
13249
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
44 |
check(_verifycert(san_cert, 'example.com'), |
|
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
45 |
'certificate is for *.example.net, example.net') |
|
14666
27b080aa880a
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)
Nicolas Bareil <nico@chdir.org>
parents:
14313
diff
changeset
|
46 |
# fallback to subject commonName when no DNS in subjectAltName |
|
27b080aa880a
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)
Nicolas Bareil <nico@chdir.org>
parents:
14313
diff
changeset
|
47 |
san_cert = {'subject': ((('commonName', 'example.com'),),),
|
|
27b080aa880a
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)
Nicolas Bareil <nico@chdir.org>
parents:
14313
diff
changeset
|
48 |
'subjectAltName': (('IP Address', '8.8.8.8'),)}
|
|
27b080aa880a
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)
Nicolas Bareil <nico@chdir.org>
parents:
14313
diff
changeset
|
49 |
check(_verifycert(san_cert, 'example.com'), None) |
|
13249
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
50 |
|
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
51 |
# Avoid some pitfalls |
|
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
52 |
check(_verifycert(cert('*.foo'), 'foo'),
|
|
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
53 |
'certificate is for *.foo') |
|
29452
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
54 |
check(_verifycert(cert('*o'), 'foo'), None)
|
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
55 |
|
|
12742
6ab4a7d3c179
url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
12738
diff
changeset
|
56 |
check(_verifycert({'subject': ()},
|
|
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
57 |
'example.com'), |
|
13249
75d0c38a0bca
url: check subjectAltName when verifying ssl certificate
Yuya Nishihara <yuya@tcha.org>
parents:
13248
diff
changeset
|
58 |
'no commonName or subjectAltName found in certificate') |
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
59 |
check(_verifycert(None, 'example.com'), |
|
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
60 |
'no certificate received') |
|
13248
00411a4fa1bb
url: fix UnicodeDecodeError on certificate verification error
Yuya Nishihara <yuya@tcha.org>
parents:
12865
diff
changeset
|
61 |
|
|
14666
27b080aa880a
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)
Nicolas Bareil <nico@chdir.org>
parents:
14313
diff
changeset
|
62 |
# Unicode (IDN) certname isn't supported |
|
27b080aa880a
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)
Nicolas Bareil <nico@chdir.org>
parents:
14313
diff
changeset
|
63 |
check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), |
|
27b080aa880a
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)
Nicolas Bareil <nico@chdir.org>
parents:
14313
diff
changeset
|
64 |
'IDN in certificate not supported') |
|
27b080aa880a
sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)
Nicolas Bareil <nico@chdir.org>
parents:
14313
diff
changeset
|
65 |
|
|
29451
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
66 |
# The following tests are from CPython's test_ssl.py. |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
67 |
check(_verifycert(cert('example.com'), 'example.com'), None)
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
68 |
check(_verifycert(cert('example.com'), 'ExAmple.cOm'), None)
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
69 |
check(_verifycert(cert('example.com'), 'www.example.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
70 |
'certificate is for example.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
71 |
check(_verifycert(cert('example.com'), '.example.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
72 |
'certificate is for example.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
73 |
check(_verifycert(cert('example.com'), 'example.org'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
74 |
'certificate is for example.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
75 |
check(_verifycert(cert('example.com'), 'exampleXcom'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
76 |
'certificate is for example.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
77 |
check(_verifycert(cert('*.a.com'), 'foo.a.com'), None)
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
78 |
check(_verifycert(cert('*.a.com'), 'bar.foo.a.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
79 |
'certificate is for *.a.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
80 |
check(_verifycert(cert('*.a.com'), 'a.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
81 |
'certificate is for *.a.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
82 |
check(_verifycert(cert('*.a.com'), 'Xa.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
83 |
'certificate is for *.a.com') |
|
29452
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
84 |
check(_verifycert(cert('*.a.com'), '.a.com'),
|
|
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
85 |
'certificate is for *.a.com') |
|
29451
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
86 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
87 |
# only match one left-most wildcard |
|
29452
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
88 |
check(_verifycert(cert('f*.com'), 'foo.com'), None)
|
|
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
89 |
check(_verifycert(cert('f*.com'), 'f.com'), None)
|
|
29451
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
90 |
check(_verifycert(cert('f*.com'), 'bar.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
91 |
'certificate is for f*.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
92 |
check(_verifycert(cert('f*.com'), 'foo.a.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
93 |
'certificate is for f*.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
94 |
check(_verifycert(cert('f*.com'), 'bar.foo.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
95 |
'certificate is for f*.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
96 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
97 |
# NULL bytes are bad, CVE-2013-4073 |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
98 |
check(_verifycert(cert('null.python.org\x00example.org'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
99 |
'null.python.org\x00example.org'), None) |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
100 |
check(_verifycert(cert('null.python.org\x00example.org'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
101 |
'example.org'), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
102 |
'certificate is for null.python.org\x00example.org') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
103 |
check(_verifycert(cert('null.python.org\x00example.org'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
104 |
'null.python.org'), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
105 |
'certificate is for null.python.org\x00example.org') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
106 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
107 |
# error cases with wildcards |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
108 |
check(_verifycert(cert('*.*.a.com'), 'bar.foo.a.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
109 |
'certificate is for *.*.a.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
110 |
check(_verifycert(cert('*.*.a.com'), 'a.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
111 |
'certificate is for *.*.a.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
112 |
check(_verifycert(cert('*.*.a.com'), 'Xa.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
113 |
'certificate is for *.*.a.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
114 |
check(_verifycert(cert('*.*.a.com'), '.a.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
115 |
'certificate is for *.*.a.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
116 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
117 |
check(_verifycert(cert('a.*.com'), 'a.foo.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
118 |
'certificate is for a.*.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
119 |
check(_verifycert(cert('a.*.com'), 'a..com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
120 |
'certificate is for a.*.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
121 |
check(_verifycert(cert('a.*.com'), 'a.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
122 |
'certificate is for a.*.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
123 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
124 |
# wildcard doesn't match IDNA prefix 'xn--' |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
125 |
idna = u'püthon.python.org'.encode('idna').decode('ascii')
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
126 |
check(_verifycert(cert(idna), idna), None) |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
127 |
check(_verifycert(cert('x*.python.org'), idna),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
128 |
'certificate is for x*.python.org') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
129 |
check(_verifycert(cert('xn--p*.python.org'), idna),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
130 |
'certificate is for xn--p*.python.org') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
131 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
132 |
# wildcard in first fragment and IDNA A-labels in sequent fragments |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
133 |
# are supported. |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
134 |
idna = u'www*.pythön.org'.encode('idna').decode('ascii')
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
135 |
check(_verifycert(cert(idna), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
136 |
u'www.pythön.org'.encode('idna').decode('ascii')),
|
|
29452
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
137 |
None) |
|
29451
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
138 |
check(_verifycert(cert(idna), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
139 |
u'www1.pythön.org'.encode('idna').decode('ascii')),
|
|
29452
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
140 |
None) |
|
29451
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
141 |
check(_verifycert(cert(idna), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
142 |
u'ftp.pythön.org'.encode('idna').decode('ascii')),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
143 |
'certificate is for www*.xn--pythn-mua.org') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
144 |
check(_verifycert(cert(idna), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
145 |
u'pythön.org'.encode('idna').decode('ascii')),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
146 |
'certificate is for www*.xn--pythn-mua.org') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
147 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
148 |
c = {
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
149 |
'notAfter': 'Jun 26 21:41:46 2011 GMT', |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
150 |
'subject': (((u'commonName', u'linuxfrz.org'),),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
151 |
'subjectAltName': ( |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
152 |
('DNS', 'linuxfr.org'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
153 |
('DNS', 'linuxfr.com'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
154 |
('othername', '<unsupported>'),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
155 |
) |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
156 |
} |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
157 |
check(_verifycert(c, 'linuxfr.org'), None) |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
158 |
check(_verifycert(c, 'linuxfr.com'), None) |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
159 |
# Not a "DNS" entry |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
160 |
check(_verifycert(c, '<unsupported>'), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
161 |
'certificate is for linuxfr.org, linuxfr.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
162 |
# When there is a subjectAltName, commonName isn't used |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
163 |
check(_verifycert(c, 'linuxfrz.org'), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
164 |
'certificate is for linuxfr.org, linuxfr.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
165 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
166 |
# A pristine real-world example |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
167 |
c = {
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
168 |
'notAfter': 'Dec 18 23:59:59 2011 GMT', |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
169 |
'subject': ( |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
170 |
((u'countryName', u'US'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
171 |
((u'stateOrProvinceName', u'California'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
172 |
((u'localityName', u'Mountain View'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
173 |
((u'organizationName', u'Google Inc'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
174 |
((u'commonName', u'mail.google.com'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
175 |
), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
176 |
} |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
177 |
check(_verifycert(c, 'mail.google.com'), None) |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
178 |
check(_verifycert(c, 'gmail.com'), 'certificate is for mail.google.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
179 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
180 |
# Only commonName is considered |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
181 |
check(_verifycert(c, 'California'), 'certificate is for mail.google.com') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
182 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
183 |
# Neither commonName nor subjectAltName |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
184 |
c = {
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
185 |
'notAfter': 'Dec 18 23:59:59 2011 GMT', |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
186 |
'subject': ( |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
187 |
((u'countryName', u'US'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
188 |
((u'stateOrProvinceName', u'California'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
189 |
((u'localityName', u'Mountain View'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
190 |
((u'organizationName', u'Google Inc'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
191 |
), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
192 |
} |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
193 |
check(_verifycert(c, 'mail.google.com'), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
194 |
'no commonName or subjectAltName found in certificate') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
195 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
196 |
# No DNS entry in subjectAltName but a commonName |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
197 |
c = {
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
198 |
'notAfter': 'Dec 18 23:59:59 2099 GMT', |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
199 |
'subject': ( |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
200 |
((u'countryName', u'US'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
201 |
((u'stateOrProvinceName', u'California'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
202 |
((u'localityName', u'Mountain View'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
203 |
((u'commonName', u'mail.google.com'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
204 |
), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
205 |
'subjectAltName': (('othername', 'blabla'),),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
206 |
} |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
207 |
check(_verifycert(c, 'mail.google.com'), None) |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
208 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
209 |
# No DNS entry subjectAltName and no commonName |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
210 |
c = {
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
211 |
'notAfter': 'Dec 18 23:59:59 2099 GMT', |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
212 |
'subject': ( |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
213 |
((u'countryName', u'US'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
214 |
((u'stateOrProvinceName', u'California'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
215 |
((u'localityName', u'Mountain View'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
216 |
((u'organizationName', u'Google Inc'),), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
217 |
), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
218 |
'subjectAltName': (('othername', 'blabla'),),
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
219 |
} |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
220 |
check(_verifycert(c, 'google.com'), |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
221 |
'no commonName or subjectAltName found in certificate') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
222 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
223 |
# Empty cert / no cert |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
224 |
check(_verifycert(None, 'example.com'), 'no certificate received') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
225 |
check(_verifycert({}, 'example.com'), 'no certificate received')
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
226 |
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
227 |
# avoid denials of service by refusing more than one |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
228 |
# wildcard per fragment. |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
229 |
check(_verifycert({'subject': (((u'commonName', u'a*b.com'),),)},
|
|
29452
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
230 |
'axxb.com'), None) |
|
29451
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
231 |
check(_verifycert({'subject': (((u'commonName', u'a*b.co*'),),)},
|
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
232 |
'axxb.com'), 'certificate is for a*b.co*') |
|
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
233 |
check(_verifycert({'subject': (((u'commonName', u'a*b*.com'),),)},
|
|
29452
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
234 |
'axxbxxc.com'), |
|
26a5d605b868
sslutil: synchronize hostname matching logic with CPython
Gregory Szorc <gregory.szorc@gmail.com>
parents:
29451
diff
changeset
|
235 |
'too many wildcards in certificate DNS name: a*b*.com') |
|
29451
676f4d0e3a7b
tests: import CPython's hostname matching tests
Gregory Szorc <gregory.szorc@gmail.com>
parents:
28914
diff
changeset
|
236 |
|
| 13770 | 237 |
def test_url(): |
238 |
""" |
|
|
14076
924c82157d46
url: move URL parsing functions into util to improve startup time
Brodie Rao <brodie@bitheap.org>
parents:
13848
diff
changeset
|
239 |
>>> from mercurial.util import url |
| 13770 | 240 |
|
241 |
This tests for edge cases in url.URL's parsing algorithm. Most of |
|
242 |
these aren't useful for documentation purposes, so they aren't |
|
243 |
part of the class's doc tests. |
|
244 |
||
245 |
Query strings and fragments: |
|
246 |
||
247 |
>>> url('http://host/a?b#c')
|
|
248 |
<url scheme: 'http', host: 'host', path: 'a', query: 'b', fragment: 'c'> |
|
249 |
>>> url('http://host/a?')
|
|
250 |
<url scheme: 'http', host: 'host', path: 'a'> |
|
251 |
>>> url('http://host/a#b#c')
|
|
252 |
<url scheme: 'http', host: 'host', path: 'a', fragment: 'b#c'> |
|
253 |
>>> url('http://host/a#b?c')
|
|
254 |
<url scheme: 'http', host: 'host', path: 'a', fragment: 'b?c'> |
|
255 |
>>> url('http://host/?a#b')
|
|
256 |
<url scheme: 'http', host: 'host', path: '', query: 'a', fragment: 'b'> |
|
|
13827
f1823b9f073b
url: nuke some newly-introduced underbars in identifiers
Matt Mackall <mpm@selenic.com>
parents:
13817
diff
changeset
|
257 |
>>> url('http://host/?a#b', parsequery=False)
|
| 13770 | 258 |
<url scheme: 'http', host: 'host', path: '?a', fragment: 'b'> |
|
13827
f1823b9f073b
url: nuke some newly-introduced underbars in identifiers
Matt Mackall <mpm@selenic.com>
parents:
13817
diff
changeset
|
259 |
>>> url('http://host/?a#b', parsefragment=False)
|
| 13770 | 260 |
<url scheme: 'http', host: 'host', path: '', query: 'a#b'> |
|
13827
f1823b9f073b
url: nuke some newly-introduced underbars in identifiers
Matt Mackall <mpm@selenic.com>
parents:
13817
diff
changeset
|
261 |
>>> url('http://host/?a#b', parsequery=False, parsefragment=False)
|
| 13770 | 262 |
<url scheme: 'http', host: 'host', path: '?a#b'> |
263 |
||
264 |
IPv6 addresses: |
|
265 |
||
266 |
>>> url('ldap://[2001:db8::7]/c=GB?objectClass?one')
|
|
267 |
<url scheme: 'ldap', host: '[2001:db8::7]', path: 'c=GB', |
|
268 |
query: 'objectClass?one'> |
|
269 |
>>> url('ldap://joe:xxx@[2001:db8::7]:80/c=GB?objectClass?one')
|
|
270 |
<url scheme: 'ldap', user: 'joe', passwd: 'xxx', host: '[2001:db8::7]', |
|
271 |
port: '80', path: 'c=GB', query: 'objectClass?one'> |
|
272 |
||
273 |
Missing scheme, host, etc.: |
|
274 |
||
275 |
>>> url('://192.0.2.16:80/')
|
|
276 |
<url path: '://192.0.2.16:80/'> |
|
|
26421
4b0fc75f9403
urls: bulk-change primary website URLs
Matt Mackall <mpm@selenic.com>
parents:
20685
diff
changeset
|
277 |
>>> url('https://mercurial-scm.org')
|
|
4b0fc75f9403
urls: bulk-change primary website URLs
Matt Mackall <mpm@selenic.com>
parents:
20685
diff
changeset
|
278 |
<url scheme: 'https', host: 'mercurial-scm.org'> |
| 13770 | 279 |
>>> url('/foo')
|
280 |
<url path: '/foo'> |
|
281 |
>>> url('bundle:/foo')
|
|
282 |
<url scheme: 'bundle', path: '/foo'> |
|
283 |
>>> url('a?b#c')
|
|
284 |
<url path: 'a?b', fragment: 'c'> |
|
285 |
>>> url('http://x.com?arg=/foo')
|
|
286 |
<url scheme: 'http', host: 'x.com', query: 'arg=/foo'> |
|
287 |
>>> url('http://joe:xxx@/foo')
|
|
288 |
<url scheme: 'http', user: 'joe', passwd: 'xxx', path: 'foo'> |
|
289 |
||
290 |
Just a scheme and a path: |
|
291 |
||
292 |
>>> url('mailto:John.Doe@example.com')
|
|
293 |
<url scheme: 'mailto', path: 'John.Doe@example.com'> |
|
294 |
>>> url('a:b:c:d')
|
|
| 13808 | 295 |
<url path: 'a:b:c:d'> |
296 |
>>> url('aa:bb:cc:dd')
|
|
297 |
<url scheme: 'aa', path: 'bb:cc:dd'> |
|
| 13770 | 298 |
|
299 |
SSH examples: |
|
300 |
||
301 |
>>> url('ssh://joe@host//home/joe')
|
|
302 |
<url scheme: 'ssh', user: 'joe', host: 'host', path: '/home/joe'> |
|
303 |
>>> url('ssh://joe:xxx@host/src')
|
|
304 |
<url scheme: 'ssh', user: 'joe', passwd: 'xxx', host: 'host', path: 'src'> |
|
305 |
>>> url('ssh://joe:xxx@host')
|
|
306 |
<url scheme: 'ssh', user: 'joe', passwd: 'xxx', host: 'host'> |
|
307 |
>>> url('ssh://joe@host')
|
|
308 |
<url scheme: 'ssh', user: 'joe', host: 'host'> |
|
309 |
>>> url('ssh://host')
|
|
310 |
<url scheme: 'ssh', host: 'host'> |
|
311 |
>>> url('ssh://')
|
|
312 |
<url scheme: 'ssh'> |
|
313 |
>>> url('ssh:')
|
|
314 |
<url scheme: 'ssh'> |
|
315 |
||
316 |
Non-numeric port: |
|
317 |
||
318 |
>>> url('http://example.com:dd')
|
|
319 |
<url scheme: 'http', host: 'example.com', port: 'dd'> |
|
320 |
>>> url('ssh://joe:xxx@host:ssh/foo')
|
|
321 |
<url scheme: 'ssh', user: 'joe', passwd: 'xxx', host: 'host', port: 'ssh', |
|
322 |
path: 'foo'> |
|
323 |
||
324 |
Bad authentication credentials: |
|
325 |
||
326 |
>>> url('http://joe@joeville:123@4:@host/a?b#c')
|
|
327 |
<url scheme: 'http', user: 'joe@joeville', passwd: '123@4:', |
|
328 |
host: 'host', path: 'a', query: 'b', fragment: 'c'> |
|
329 |
>>> url('http://!*#?/@!*#?/:@host/a?b#c')
|
|
330 |
<url scheme: 'http', host: '!*', fragment: '?/@!*#?/:@host/a?b#c'> |
|
331 |
>>> url('http://!*#?@!*#?:@host/a?b#c')
|
|
332 |
<url scheme: 'http', host: '!*', fragment: '?@!*#?:@host/a?b#c'> |
|
333 |
>>> url('http://!*@:!*@@host/a?b#c')
|
|
334 |
<url scheme: 'http', user: '!*@', passwd: '!*@', host: 'host', |
|
335 |
path: 'a', query: 'b', fragment: 'c'> |
|
336 |
||
337 |
File paths: |
|
338 |
||
339 |
>>> url('a/b/c/d.g.f')
|
|
340 |
<url path: 'a/b/c/d.g.f'> |
|
341 |
>>> url('/x///z/y/')
|
|
342 |
<url path: '/x///z/y/'> |
|
|
13848
b2798c1defff
url: be stricter about detecting schemes
Brodie Rao <brodie@bitheap.org>
parents:
13827
diff
changeset
|
343 |
>>> url('/foo:bar')
|
|
b2798c1defff
url: be stricter about detecting schemes
Brodie Rao <brodie@bitheap.org>
parents:
13827
diff
changeset
|
344 |
<url path: '/foo:bar'> |
|
b2798c1defff
url: be stricter about detecting schemes
Brodie Rao <brodie@bitheap.org>
parents:
13827
diff
changeset
|
345 |
>>> url('\\\\foo:bar')
|
|
b2798c1defff
url: be stricter about detecting schemes
Brodie Rao <brodie@bitheap.org>
parents:
13827
diff
changeset
|
346 |
<url path: '\\\\foo:bar'> |
|
b2798c1defff
url: be stricter about detecting schemes
Brodie Rao <brodie@bitheap.org>
parents:
13827
diff
changeset
|
347 |
>>> url('./foo:bar')
|
|
b2798c1defff
url: be stricter about detecting schemes
Brodie Rao <brodie@bitheap.org>
parents:
13827
diff
changeset
|
348 |
<url path: './foo:bar'> |
| 13770 | 349 |
|
|
13817
7f18bab2c0b0
url: abort on file:// URLs with non-localhost hosts
Brodie Rao <brodie@bitheap.org>
parents:
13808
diff
changeset
|
350 |
Non-localhost file URL: |
|
7f18bab2c0b0
url: abort on file:// URLs with non-localhost hosts
Brodie Rao <brodie@bitheap.org>
parents:
13808
diff
changeset
|
351 |
|
|
26421
4b0fc75f9403
urls: bulk-change primary website URLs
Matt Mackall <mpm@selenic.com>
parents:
20685
diff
changeset
|
352 |
>>> u = url('file://mercurial-scm.org/foo')
|
|
13817
7f18bab2c0b0
url: abort on file:// URLs with non-localhost hosts
Brodie Rao <brodie@bitheap.org>
parents:
13808
diff
changeset
|
353 |
Traceback (most recent call last): |
|
7f18bab2c0b0
url: abort on file:// URLs with non-localhost hosts
Brodie Rao <brodie@bitheap.org>
parents:
13808
diff
changeset
|
354 |
File "<stdin>", line 1, in ? |
|
7f18bab2c0b0
url: abort on file:// URLs with non-localhost hosts
Brodie Rao <brodie@bitheap.org>
parents:
13808
diff
changeset
|
355 |
Abort: file:// URLs can only refer to localhost |
|
7f18bab2c0b0
url: abort on file:// URLs with non-localhost hosts
Brodie Rao <brodie@bitheap.org>
parents:
13808
diff
changeset
|
356 |
|
| 13770 | 357 |
Empty URL: |
358 |
||
359 |
>>> u = url('')
|
|
360 |
>>> u |
|
361 |
<url path: ''> |
|
362 |
>>> str(u) |
|
363 |
'' |
|
364 |
||
365 |
Empty path with query string: |
|
366 |
||
367 |
>>> str(url('http://foo/?bar'))
|
|
368 |
'http://foo/?bar' |
|
369 |
||
370 |
Invalid path: |
|
371 |
||
372 |
>>> u = url('http://foo/bar')
|
|
373 |
>>> u.path = 'bar' |
|
374 |
>>> str(u) |
|
375 |
'http://foo/bar' |
|
376 |
||
|
14313
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
377 |
>>> u = url('file:/foo/bar/baz')
|
|
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
378 |
>>> u |
|
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
379 |
<url scheme: 'file', path: '/foo/bar/baz'> |
|
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
380 |
>>> str(u) |
|
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
381 |
'file:///foo/bar/baz' |
|
15018
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
382 |
>>> u.localpath() |
|
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
383 |
'/foo/bar/baz' |
|
14313
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
384 |
|
| 13770 | 385 |
>>> u = url('file:///foo/bar/baz')
|
386 |
>>> u |
|
387 |
<url scheme: 'file', path: '/foo/bar/baz'> |
|
388 |
>>> str(u) |
|
|
14313
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
389 |
'file:///foo/bar/baz' |
|
15018
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
390 |
>>> u.localpath() |
|
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
391 |
'/foo/bar/baz' |
|
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
392 |
|
|
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
393 |
>>> u = url('file:///f:oo/bar/baz')
|
|
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
394 |
>>> u |
|
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
395 |
<url scheme: 'file', path: 'f:oo/bar/baz'> |
|
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
396 |
>>> str(u) |
| 15611 | 397 |
'file:///f:oo/bar/baz' |
|
15018
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
398 |
>>> u.localpath() |
|
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
399 |
'f:oo/bar/baz' |
|
14313
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
400 |
|
|
15496
396e83d635a6
url: handle file://localhost/c:/foo "correctly"
Mads Kiilerich <mads@kiilerich.com>
parents:
15398
diff
changeset
|
401 |
>>> u = url('file://localhost/f:oo/bar/baz')
|
|
396e83d635a6
url: handle file://localhost/c:/foo "correctly"
Mads Kiilerich <mads@kiilerich.com>
parents:
15398
diff
changeset
|
402 |
>>> u |
|
396e83d635a6
url: handle file://localhost/c:/foo "correctly"
Mads Kiilerich <mads@kiilerich.com>
parents:
15398
diff
changeset
|
403 |
<url scheme: 'file', host: 'localhost', path: 'f:oo/bar/baz'> |
|
396e83d635a6
url: handle file://localhost/c:/foo "correctly"
Mads Kiilerich <mads@kiilerich.com>
parents:
15398
diff
changeset
|
404 |
>>> str(u) |
| 15513 | 405 |
'file://localhost/f:oo/bar/baz' |
|
15496
396e83d635a6
url: handle file://localhost/c:/foo "correctly"
Mads Kiilerich <mads@kiilerich.com>
parents:
15398
diff
changeset
|
406 |
>>> u.localpath() |
|
396e83d635a6
url: handle file://localhost/c:/foo "correctly"
Mads Kiilerich <mads@kiilerich.com>
parents:
15398
diff
changeset
|
407 |
'f:oo/bar/baz' |
|
396e83d635a6
url: handle file://localhost/c:/foo "correctly"
Mads Kiilerich <mads@kiilerich.com>
parents:
15398
diff
changeset
|
408 |
|
|
14313
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
409 |
>>> u = url('file:foo/bar/baz')
|
|
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
410 |
>>> u |
|
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
411 |
<url scheme: 'file', path: 'foo/bar/baz'> |
|
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
412 |
>>> str(u) |
|
a389dd285282
util: make str(url) return file:/// for abs paths again
Peter Arrenbrecht <peter.arrenbrecht@gmail.com>
parents:
14204
diff
changeset
|
413 |
'file:foo/bar/baz' |
|
15018
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
414 |
>>> u.localpath() |
|
e89f62dcd723
url: really handle urls of the form file:///c:/foo/bar/ correctly
Mads Kiilerich <mads@kiilerich.com>
parents:
14666
diff
changeset
|
415 |
'foo/bar/baz' |
| 13770 | 416 |
""" |
417 |
||
|
15398
474279be5add
tests: fix readline escape characters in heredoctest.py/test-url.py
Brodie Rao <brodie@bitheap.org>
parents:
15018
diff
changeset
|
418 |
if 'TERM' in os.environ: |
|
474279be5add
tests: fix readline escape characters in heredoctest.py/test-url.py
Brodie Rao <brodie@bitheap.org>
parents:
15018
diff
changeset
|
419 |
del os.environ['TERM'] |
|
474279be5add
tests: fix readline escape characters in heredoctest.py/test-url.py
Brodie Rao <brodie@bitheap.org>
parents:
15018
diff
changeset
|
420 |
|
| 13770 | 421 |
doctest.testmod(optionflags=doctest.NORMALIZE_WHITESPACE) |