cheroot.test.test_ssl module#

Tests for TLS support.

class cheroot.test.test_ssl.HelloWorldGateway(req)#

Bases: Gateway_10

Gateway responding with Hello World to root URI.

respond()#: Respond with dummy content via HTTP.

class cheroot.test.test_ssl.PasswordCallbackHelper(adapter: Adapter)#

Bases: object

Collects helper methods for mocking password callback.

get_password()#: Provide correct password on first call, wrong on other calls.

verify_twice_callback(max_length, _verify_twice, userdata)#: Establish a mock callback for testing two-factor password prompt.

cheroot.test.test_ssl._thread_except_hook(exceptions, args)#: Append uncaught exception args in threads to exceptions.

cheroot.test.test_ssl.ca()#: Provide a certificate authority via fixture.

cheroot.test.test_ssl.dummy_adapter(monkeypatch)#: Provide a dummy SSL adapter instance.

cheroot.test.test_ssl.get_key_password()#

Return a predefined password string.

It is to be used for decrypting private keys.

cheroot.test.test_ssl.make_tls_http_server(bind_addr, ssl_adapter, request)#: Create and start an HTTP server bound to bind_addr.

cheroot.test.test_ssl.private_key_password()#: Provide hardcoded password for private key.

cheroot.test.test_ssl.test_bind_deprecated_call(dummy_adapter)#: Test deprecated bind() method issues warning and returns socket.

cheroot.test.test_ssl.test_builtin_adapter_with_false_key_password(tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, adapter_type)#: Check that builtin ssl-adapter initialization fails when wrong private key password given.

cheroot.test.test_ssl.test_http_over_https_check_socket_errors(exception, mocker)#: Test _ensure_peer_speaks_https() handles socket errors gracefully.

cheroot.test.test_ssl.test_http_over_https_error(http_request_timeout, tls_http_server, adapter_type, ca, ip_addr, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path)#: Ensure that connecting over HTTP to HTTPS port is handled.

cheroot.test.test_ssl.test_http_over_https_no_data(mocker)#: Test _ensure_peer_speaks_https() handles empty peek correctly.

cheroot.test.test_ssl.test_http_over_https_ssl_handshake(mocker, tls_http_server, adapter_type, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path)#

Test NoSSLError raised when SSL handshake catches HTTP.

Normally the early probe _ensure_peer_speaks_https() will detect a client attempting to speak HTTP on a TLS port but if this times out or fails for some reason, SSL should raise an error at the time of the handshake. Here we test the error is caught and triggers the emission of a 400 Bad Request.

cheroot.test.test_ssl.test_https_over_http_error(http_server, ip_addr)#: Ensure that connecting over HTTPS to HTTP port is handled.

cheroot.test.test_ssl.test_openssl_adapter_verify_twice_callback(tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, adapter_type, mocker)#: Check that two-time password verification fails with correct error.

cheroot.test.test_ssl.test_openssl_adapter_with_false_key_password(tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, adapter_type, false_password, expected_warn)#: Check that server init fails when wrong private key password given.

cheroot.test.test_ssl.test_prepare_socket_emits_deprecation_warning(dummy_adapter)#

Test prepare_socket() deprecated argument triggers a warning.

ssl_adapter has been deprecated in prepare_socket().

cheroot.test.test_ssl.test_send_bad_request_socket_errors(mocker, error, raising_expectation)#: Test socket error handling when sending 400 Bad Request.

cheroot.test.test_ssl.test_ssl_adapter_with_none_key_password(tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, private_key_password, adapter_type, mocker)#: Check that TLS-adapters prompt for password when set as None.

cheroot.test.test_ssl.test_ssl_adapters(http_request_timeout, tls_http_server, adapter_type, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path, tls_ca_certificate_pem_path)#: Test ability to connect to server via HTTPS using adapters.

cheroot.test.test_ssl.test_ssl_adapters_with_private_key_password(http_request_timeout, private_key_password, tls_http_server, tls_ca_certificate_pem_path, tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, tls_certificate_private_key_pem_path, adapter_type, encrypted_key, transform_password_arg)#: Check server decrypts private TLS keys with password as bytes or str.

cheroot.test.test_ssl.test_ssl_env(thread_exceptions, recwarn, mocker, http_request_timeout, tls_http_server, adapter_type, ca, tls_verify_mode, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path, tls_ca_certificate_pem_path, use_client_cert)#: Test the SSL environment generated by the SSL adapters.

cheroot.test.test_ssl.test_tls_client_auth(http_request_timeout, mocker, tls_http_server, adapter_type, ca, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path, tls_ca_certificate_pem_path, is_trusted_cert, tls_client_identity, tls_verify_mode)#: Verify that client TLS certificate auth works correctly.

cheroot.test.test_ssl.thread_exceptions()#

Provide a list of uncaught exceptions from threads via a fixture.

Only catches exceptions on Python 3.8+. The list contains: (type, str(value), str(traceback))

cheroot.test.test_ssl.tls_ca_certificate_pem_path(ca)#: Provide a certificate authority certificate file via fixture.

cheroot.test.test_ssl.tls_certificate(ca)#: Provide a leaf certificate via fixture.

cheroot.test.test_ssl.tls_certificate_chain_pem_path(tls_certificate)#: Provide a certificate chain PEM file path via fixture.

cheroot.test.test_ssl.tls_certificate_passwd_private_key_pem_path(tls_certificate, private_key_password, tmp_path)#: Return a certificate private key PEM file path.

cheroot.test.test_ssl.tls_certificate_private_key_pem_path(tls_certificate)#: Provide a certificate private key PEM file path via fixture.

cheroot.test.test_ssl.tls_http_server(request)#: Provision a server creator as a fixture.