author | Martin Geisler <mg@lazybytes.net> |
Mon, 25 Oct 2010 23:46:26 +0200 | |
branch | stable |
changeset 12842 | 9905fb060ace |
parent 12742 | 6ab4a7d3c179 |
child 12865 | 4c50552fc9bc |
permissions | -rw-r--r-- |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
1 |
#!/usr/bin/env python |
12737
7adb1274a4f9
test-url: skip test when ssl module is unavailable
Augie Fackler <durin42@gmail.com>
parents:
12592
diff
changeset
|
2 |
import sys |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
3 |
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
4 |
def check(a, b): |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
5 |
if a != b: |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
6 |
print (a, b) |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
7 |
|
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
8 |
def cert(cn): |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
9 |
return dict(subject=((('commonName', cn),),)) |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
10 |
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
11 |
from mercurial.url import _verifycert |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
12 |
|
12724
66e7ba85585b
test-url: remove trailing whitespace
Augie Fackler <durin42@gmail.com>
parents:
12606
diff
changeset
|
13 |
# Test non-wildcard certificates |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
14 |
check(_verifycert(cert('example.com'), 'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
15 |
None) |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
16 |
check(_verifycert(cert('example.com'), 'www.example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
17 |
'certificate is for example.com') |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
18 |
check(_verifycert(cert('www.example.com'), 'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
19 |
'certificate is for www.example.com') |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
20 |
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
21 |
# Test wildcard certificates |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
22 |
check(_verifycert(cert('*.example.com'), 'www.example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
23 |
None) |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
24 |
check(_verifycert(cert('*.example.com'), 'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
25 |
'certificate is for *.example.com') |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
26 |
check(_verifycert(cert('*.example.com'), 'w.w.example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
27 |
'certificate is for *.example.com') |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
28 |
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
29 |
# Avoid some pitfalls |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
30 |
check(_verifycert(cert('*.foo'), 'foo'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
31 |
'certificate is for *.foo') |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
32 |
check(_verifycert(cert('*o'), 'foo'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
33 |
'certificate is for *o') |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
34 |
|
12742
6ab4a7d3c179
url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
12738
diff
changeset
|
35 |
check(_verifycert({'subject': ()}, |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
36 |
'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
37 |
'no commonName found in certificate') |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
38 |
check(_verifycert(None, 'example.com'), |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
39 |
'no certificate received') |