Mercurial: tests/test-url.py@b7b26e54e37a (annotated)

12737 7adb1274a4f9 test-url: skip test when ssl module is unavailable Augie Fackler <durin42@gmail.com> parents: 12592 diff changeset	1	import sys
12592 f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	2
f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	3	def check(a, b):
f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	4	if a != b:
f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	5	print (a, b)
f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	6
12606 5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	7	def cert(cn):
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	8	return dict(subject=((('commonName', cn),),))
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	9
12592 f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	10	from mercurial.url import _verifycert
f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	11
12724 66e7ba85585b test-url: remove trailing whitespace Augie Fackler <durin42@gmail.com> parents: 12606 diff changeset	12	# Test non-wildcard certificates
12606 5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	13	check(_verifycert(cert('example.com'), 'example.com'),
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	14	None)
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	15	check(_verifycert(cert('example.com'), 'www.example.com'),
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	16	'certificate is for example.com')
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	17	check(_verifycert(cert('www.example.com'), 'example.com'),
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	18	'certificate is for www.example.com')
12592 f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	19
f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	20	# Test wildcard certificates
12606 5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	21	check(_verifycert(cert('*.example.com'), 'www.example.com'),
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	22	None)
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	23	check(_verifycert(cert('*.example.com'), 'example.com'),
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	24	'certificate is for *.example.com')
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	25	check(_verifycert(cert('*.example.com'), 'w.w.example.com'),
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	26	'certificate is for *.example.com')
12592 f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	27
13249 75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	28	# Test subjectAltName
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	29	san_cert = {'subject': ((('commonName', 'example.com'),),),
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	30	'subjectAltName': (('DNS', '*.example.net'),
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	31	('DNS', 'example.net'))}
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	32	check(_verifycert(san_cert, 'example.net'),
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	33	None)
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	34	check(_verifycert(san_cert, 'foo.example.net'),
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	35	None)
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	36	# subject is only checked when subjectAltName is empty
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	37	check(_verifycert(san_cert, 'example.com'),
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	38	'certificate is for *.example.net, example.net')
75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	39
12592 f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	40	# Avoid some pitfalls
12606 5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	41	check(_verifycert(cert('*.foo'), 'foo'),
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	42	'certificate is for *.foo')
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	43	check(_verifycert(cert('*o'), 'foo'),
5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	44	'certificate is for *o')
12592 f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	45
12742 6ab4a7d3c179 url: validity (notBefore/notAfter) is checked by OpenSSL (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: 12738 diff changeset	46	check(_verifycert({'subject': ()},
12606 5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	47	'example.com'),
13249 75d0c38a0bca url: check subjectAltName when verifying ssl certificate Yuya Nishihara <yuya@tcha.org> parents: 13248 diff changeset	48	'no commonName or subjectAltName found in certificate')
12592 f2937d6492c5 url: verify correctness of https server certificates (issue2407) Mads Kiilerich <mads@kiilerich.com> parents: diff changeset	49	check(_verifycert(None, 'example.com'),
12606 5c8353692123 test-url: refactor with shorter lines Martin Geisler <mg@aragost.com> parents: 12592 diff changeset	50	'no certificate received')
13248 00411a4fa1bb url: fix UnicodeDecodeError on certificate verification error Yuya Nishihara <yuya@tcha.org> parents: 12865 diff changeset	51
00411a4fa1bb url: fix UnicodeDecodeError on certificate verification error Yuya Nishihara <yuya@tcha.org> parents: 12865 diff changeset	52	# Unicode (IDN) certname isn't supported
00411a4fa1bb url: fix UnicodeDecodeError on certificate verification error Yuya Nishihara <yuya@tcha.org> parents: 12865 diff changeset	53	check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
00411a4fa1bb url: fix UnicodeDecodeError on certificate verification error Yuya Nishihara <yuya@tcha.org> parents: 12865 diff changeset	54	'IDN in certificate not supported')

author	Matt Mackall <mpm@selenic.com>
	Fri, 15 Apr 2011 23:45:41 -0500
branch	stable
changeset 13940	b7b26e54e37a
parent 13249	75d0c38a0bca
child 13770	4e8f2310f310
permissions	-rw-r--r--