author | Augie Fackler <durin42@gmail.com> |
Tue, 12 Oct 2010 11:02:45 -0500 | |
changeset 12725 | 24f16c2c6d41 |
parent 12724 | 66e7ba85585b |
child 12738 | e9733f96b38b |
permissions | -rw-r--r-- |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
1 |
#!/usr/bin/env python |
12725
24f16c2c6d41
test-url: skip test when ssl module is unavailable
Augie Fackler <durin42@gmail.com>
parents:
12724
diff
changeset
|
2 |
import sys |
24f16c2c6d41
test-url: skip test when ssl module is unavailable
Augie Fackler <durin42@gmail.com>
parents:
12724
diff
changeset
|
3 |
try: |
24f16c2c6d41
test-url: skip test when ssl module is unavailable
Augie Fackler <durin42@gmail.com>
parents:
12724
diff
changeset
|
4 |
import ssl |
24f16c2c6d41
test-url: skip test when ssl module is unavailable
Augie Fackler <durin42@gmail.com>
parents:
12724
diff
changeset
|
5 |
except ImportError: |
24f16c2c6d41
test-url: skip test when ssl module is unavailable
Augie Fackler <durin42@gmail.com>
parents:
12724
diff
changeset
|
6 |
sys.exit(80) |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
7 |
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
8 |
def check(a, b): |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
9 |
if a != b: |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
10 |
print (a, b) |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
11 |
|
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
12 |
def cert(cn): |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
13 |
return dict(subject=((('commonName', cn),),)) |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
14 |
|
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
15 |
from mercurial.url import _verifycert |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
16 |
|
12724
66e7ba85585b
test-url: remove trailing whitespace
Augie Fackler <durin42@gmail.com>
parents:
12606
diff
changeset
|
17 |
# Test non-wildcard certificates |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
18 |
check(_verifycert(cert('example.com'), 'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
19 |
None) |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
20 |
check(_verifycert(cert('example.com'), 'www.example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
21 |
'certificate is for example.com') |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
22 |
check(_verifycert(cert('www.example.com'), 'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
23 |
'certificate is for www.example.com') |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
24 |
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
25 |
# Test wildcard certificates |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
26 |
check(_verifycert(cert('*.example.com'), 'www.example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
27 |
None) |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
28 |
check(_verifycert(cert('*.example.com'), 'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
29 |
'certificate is for *.example.com') |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
30 |
check(_verifycert(cert('*.example.com'), 'w.w.example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
31 |
'certificate is for *.example.com') |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
32 |
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
33 |
# Avoid some pitfalls |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
34 |
check(_verifycert(cert('*.foo'), 'foo'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
35 |
'certificate is for *.foo') |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
36 |
check(_verifycert(cert('*o'), 'foo'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
37 |
'certificate is for *o') |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
38 |
|
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
39 |
import time |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
40 |
lastyear = time.gmtime().tm_year - 1 |
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
41 |
nextyear = time.gmtime().tm_year + 1 |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
42 |
check(_verifycert({'notAfter': 'May 9 00:00:00 %s GMT' % lastyear}, |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
43 |
'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
44 |
'certificate expired May 9 00:00:00 %s GMT' % lastyear) |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
45 |
check(_verifycert({'notBefore': 'May 9 00:00:00 %s GMT' % nextyear}, |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
46 |
'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
47 |
'certificate not valid before May 9 00:00:00 %s GMT' % nextyear) |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
48 |
check(_verifycert({'notAfter': 'Sep 29 15:29:48 %s GMT' % nextyear, |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
49 |
'subject': ()}, |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
50 |
'example.com'), |
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
51 |
'no commonName found in certificate') |
12592
f2937d6492c5
url: verify correctness of https server certificates (issue2407)
Mads Kiilerich <mads@kiilerich.com>
parents:
diff
changeset
|
52 |
check(_verifycert(None, 'example.com'), |
12606
5c8353692123
test-url: refactor with shorter lines
Martin Geisler <mg@aragost.com>
parents:
12592
diff
changeset
|
53 |
'no certificate received') |