1 files changed, 59 insertions, 0 deletions

diff --git a/tests/multi_net/sslcontext_check_hostname_error.py b/tests/multi_net/sslcontext_check_hostname_error.py
new file mode 100644
index 0000000000..94bd472767
--- /dev/null
+++ b/tests/multi_net/sslcontext_check_hostname_error.py
@@ -0,0 +1,59 @@
+# Test creating an SSL connection when server_hostname is required but not specified.
+
+try:
+    import os
+    import socket
+    import ssl
+except ImportError:
+    print("SKIP")
+    raise SystemExit
+
+PORT = 8000
+
+# These are test certificates. See tests/README.md for details.
+cert = cafile = "multi_net/rsa_cert.der"
+key = "multi_net/rsa_key.der"
+
+try:
+    os.stat(cafile)
+    os.stat(key)
+except OSError:
+    print("SKIP")
+    raise SystemExit
+
+
+# Server
+def instance0():
+    multitest.globals(IP=multitest.get_network_ip())
+    s = socket.socket()
+    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1])
+    s.listen(1)
+    multitest.next()
+    s2, _ = s.accept()
+    server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+    server_ctx.load_cert_chain(cert, key)
+    multitest.broadcast("ready")
+    try:
+        s2 = server_ctx.wrap_socket(s2, server_side=True)
+    except Exception as e:
+        print(e)
+    s.close()
+
+
+# Client
+def instance1():
+    multitest.next()
+    s = socket.socket()
+    s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
+    client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+    client_ctx.verify_mode = ssl.CERT_REQUIRED
+    client_ctx.load_verify_locations(cafile=cafile)
+    # The client will reject the SSL connection so wait until the server is ready
+    # so that it can see the rejection (otherwise it sees a closed socket).
+    multitest.wait("ready")
+    try:
+        s = client_ctx.wrap_socket(s)
+    except Exception as e:
+        print(e)
+    s.close()