aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/Lib/test/test_ssl.py
diff options
context:
space:
mode:
Diffstat (limited to 'Lib/test/test_ssl.py')
-rw-r--r--Lib/test/test_ssl.py35
1 files changed, 35 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 6ec010d13f9..9c415bd7d1c 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -103,6 +103,7 @@ CRLFILE = data_file("revocation.crl")
# Two keys and certs signed by the same CA (for SNI tests)
SIGNED_CERTFILE = data_file("keycert3.pem")
+SINGED_CERTFILE_ONLY = data_file("cert3.pem")
SIGNED_CERTFILE_HOSTNAME = 'localhost'
SIGNED_CERTFILE_INFO = {
@@ -4720,6 +4721,40 @@ class TestPostHandshakeAuth(unittest.TestCase):
ssl.PEM_cert_to_DER_cert(pem), der
)
+ def test_certificate_chain(self):
+ client_context, server_context, hostname = testing_context(
+ server_chain=False
+ )
+ server = ThreadedEchoServer(context=server_context, chatty=False)
+
+ with open(SIGNING_CA) as f:
+ expected_ca_cert = ssl.PEM_cert_to_DER_cert(f.read())
+
+ with open(SINGED_CERTFILE_ONLY) as f:
+ expected_ee_cert = ssl.PEM_cert_to_DER_cert(f.read())
+
+ with server:
+ with client_context.wrap_socket(
+ socket.socket(),
+ server_hostname=hostname
+ ) as s:
+ s.connect((HOST, server.port))
+ vc = s.get_verified_chain()
+ self.assertEqual(len(vc), 2)
+
+ ee, ca = vc
+ self.assertIsInstance(ee, bytes)
+ self.assertIsInstance(ca, bytes)
+ self.assertEqual(expected_ca_cert, ca)
+ self.assertEqual(expected_ee_cert, ee)
+
+ uvc = s.get_unverified_chain()
+ self.assertEqual(len(uvc), 1)
+ self.assertIsInstance(uvc[0], bytes)
+
+ self.assertEqual(ee, uvc[0])
+ self.assertNotEqual(ee, ca)
+
def test_internal_chain_server(self):
client_context, server_context, hostname = testing_context()
client_context.load_cert_chain(SIGNED_CERTFILE)
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-04 16:01:21 +0000