Commit Graph

107 Commits

Author SHA1 Message Date
Serhiy Storchaka
40348acc18
bpo-45229: Remove test_main in many tests (GH-28405)
Instead of explicitly enumerate test classes for run_unittest()
use the unittest ability to discover tests. This also makes these
tests discoverable and runnable with unittest.

load_tests() can be used for dynamic generating tests and adding
doctests. setUpModule(), tearDownModule() and addModuleCleanup()
can be used for running code before and after all module tests.
2021-09-19 15:27:33 +03:00
Irit Katriel
22e7effad5
bpo-44498: suppress DeprecationWarnings for asynchat, asyncore and smtpd in tests (GH-26905) 2021-06-25 00:20:40 +01:00
Christian Heimes
2875c603b2
bpo-43880: Show DeprecationWarnings for deprecated ssl module features (GH-25455)
* ssl.OP_NO_SSLv2
* ssl.OP_NO_SSLv3
* ssl.OP_NO_TLSv1
* ssl.OP_NO_TLSv1_1
* ssl.OP_NO_TLSv1_2
* ssl.OP_NO_TLSv1_3
* ssl.PROTOCOL_SSLv2
* ssl.PROTOCOL_SSLv3
* ssl.PROTOCOL_SSLv23 (alias for PROTOCOL_TLS)
* ssl.PROTOCOL_TLS
* ssl.PROTOCOL_TLSv1
* ssl.PROTOCOL_TLSv1_1
* ssl.PROTOCOL_TLSv1_2
* ssl.TLSVersion.SSLv3
* ssl.TLSVersion.TLSv1
* ssl.TLSVersion.TLSv1_1
* ssl.wrap_socket()
* ssl.RAND_pseudo_bytes()
* ssl.RAND_egd() (already removed since it's not supported by OpenSSL 1.1.1)
* ssl.SSLContext() without a protocol argument
* ssl.match_hostname()
* hashlib.pbkdf2_hmac() (pure Python implementation, fast OpenSSL
  function will stay)

Signed-off-by: Christian Heimes <christian@python.org>
2021-04-19 07:27:10 +02:00
Gregory P. Smith
0ab152c6b5
bpo-43285 Make ftplib not trust the PASV response. (GH-24838)
bpo-43285: Make ftplib not trust the PASV response.

The IPv4 address value returned from the server in response to the PASV command
should not be trusted.  This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the client network.

Instead of using the returned address, we use the IP address we're
already connected to.  This is the strategy other ftp clients adopted,
and matches the only strategy available for the modern IPv6 EPSV command
where the server response must return a port number and nothing else.

For the rare user who _wants_ this ugly behavior, set a `trust_server_pasv_ipv4_address`
attribute on your `ftplib.FTP` instance to True.
2021-03-15 11:39:31 -07:00
Christian Heimes
03c8ddd9e9
bpo-42413: socket.timeout is now an alias of TimeoutError (GH-23413)
Signed-off-by: Christian Heimes <christian@python.org>
2020-11-20 00:26:07 -08:00
Victor Stinner
fbf43f051e
bpo-41521: Rename blacklist parameter to not_exported (GH-21824)
Rename "blacklist" parameter of test.support.check__all__() to
"not_exported".
2020-08-17 07:20:40 +02:00
Hai Shi
4660597b51
bpo-40275: Use new test.support helper submodules in tests (GH-21448) 2020-08-03 18:49:18 +02:00
Hai Shi
e80697d687
bpo-40275: Adding threading_helper submodule in test.support (GH-20263) 2020-05-28 00:10:27 +02:00
Serhiy Storchaka
16994912c9
bpo-40275: Avoid importing socket in test.support (GH-19603)
* Move socket related functions from test.support to socket_helper.
* Import socket, nntplib and urllib.error lazily in transient_internet().
* Remove importing multiprocess.
2020-04-25 10:06:29 +03:00
Sebastian Pedersen
a1a0eb4a39
bpo-39380: Change ftplib encoding from latin-1 to utf-8 (GH-18048)
Add the encoding in ftplib.FTP and ftplib.FTP_TLS to the
constructor as keyword-only and change the default from "latin-1" to "utf-8"
to follow RFC 2640.
2020-04-14 01:07:56 +02:00
Dong-hee Na
a190e2ade1 bpo-39259: ftplib.FTP/FTP_TLS now reject timeout = 0 (GH-17959) 2020-01-13 20:34:34 +01:00
Victor Stinner
07871b256c
bpo-38614: Use test.support.LOOPBACK_TIMEOUT constant (GH-17554)
Replace hardcoded timeout constants in tests with LOOPBACK_TIMEOUT of
test.support, so it's easier to ajdust this timeout for all tests at
once.
2019-12-10 20:32:59 +01:00
Pablo Galindo
293dd23477
Remove binding of captured exceptions when not used to reduce the chances of creating cycles (GH-17246)
Capturing exceptions into names can lead to reference cycles though the __traceback__ attribute of the exceptions in some obscure cases that have been reported previously and fixed individually. As these variables are not used anyway, we can remove the binding to reduce the chances of creating reference cycles.

See for example GH-13135
2019-11-19 21:34:03 +00:00
Giampaolo Rodola
eb7e29f2a9
bpo-35934: Add socket.create_server() utility function (GH-11784) 2019-04-09 00:34:02 +02:00
Christian Heimes
1590c39336
bpo-34391: Fix ftplib test for TLS 1.3 (GH-8787)
Read from data socket to avoid "[SSL] shutdown while in init" exception
during shutdown of the dummy server.

Signed-off-by: Christian Heimes <christian@python.org>


<!-- issue-number: [bpo-34391](https://www.bugs.python.org/issue34391) -->
https://bugs.python.org/issue34391
<!-- /issue-number -->
2018-08-16 19:43:44 +02:00
Christian Heimes
529525fb5a
bpo-33618: Enable TLS 1.3 in tests (GH-7079)
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
https://github.com/openssl/openssl/pull/6340) is required.

Signed-off-by: Christian Heimes <christian@python.org>
2018-05-23 22:24:45 +02:00
Christian Heimes
05d9fe32a1
bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (#5663)
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes <christian@python.org>
2018-02-27 08:55:39 +01:00
Victor Stinner
51500f3745
bpo-32706: Skip test_ftplib.test_check_hostname() (#5422)
This test is unstable and currently prevents to make any new change
since the test always fails on Travis CI.

Skip the test to get more time to fix it.
2018-01-29 13:21:34 +01:00
Christian Heimes
61d478c71c
bpo-31399: Let OpenSSL verify hostname and IP address (#3462)
bpo-31399: Let OpenSSL verify hostname and IP

The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.

* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-27 15:51:38 +01:00
Christian Heimes
a170fa162d bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)
Replaces PROTOCOL_TLSv* and PROTOCOL_SSLv23 with PROTOCOL_TLS_CLIENT and
PROTOCOL_TLS_SERVER.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:27:30 +02:00
Victor Stinner
b157ce1e58 bpo-31234: Fix dangling thread in test_ftplib (#3544)
Clear also self.server_thread attribute in TestTimeouts.tearDown().
2017-09-13 06:43:58 -07:00
Victor Stinner
d403a29c00 bpo-31234: Fix dangling thread in test_ftp/poplib (#3540)
Explicitly clear the server attribute in test_ftplib and test_poplib
to prevent dangling thread.
2017-09-13 03:58:25 -07:00
Antoine Pitrou
a6a4dc816d bpo-31370: Remove support for threads-less builds (#3385)
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
2017-09-07 18:56:24 +02:00
Dong-hee Na
2b1e6e9696 bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal command (#1214) 2017-07-22 19:20:22 +02:00
Victor Stinner
73528640ff bpo-30818: test_ftplib calls asyncore.close_all() (#2514)
Always clear asyncore socket map using
asyncore.close_all(ignore_all=True) in tearDown() method.

This change should fix this warning:

Warning -- asyncore.socket_map was modified by test_ftplib
  Before: {}
  After:  {4: <test.test_ftplib.DummyTLS_FTPServer 127.0.0.1:0 at 0x805feccf0>}
2017-06-30 17:36:57 +02:00
Christian Heimes
d04863771b Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.

ssl.wrap_socket() is not marked as deprecated yet.
2016-09-10 23:23:33 +02:00
Martin Panter
19e69c5a20 Issue #23883: Add missing APIs to __all__; patch by Jacek Kołodziej 2015-11-14 12:46:42 +00:00
Benjamin Peterson
22293df016 merge 3.4 (#22935) 2014-12-05 22:11:33 -05:00
Benjamin Peterson
e32467cf6a allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935)
Patch by Kurt Roeckx.
2014-12-05 21:59:35 -05:00
Benjamin Peterson
f9284ae8ed merge 3.4 (#22921) 2014-11-23 17:06:39 -06:00
Benjamin Peterson
7243b574e5 don't require OpenSSL SNI to pass hostname to ssl functions (#22921)
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
Berker Peksag
8f791d358b Issue #6623: Remove deprecated Netrc class in the ftplib module.
Patch by Matt Chaput.
2014-11-01 10:45:57 +02:00
Charles-François Natali
6e20460dc6 Issue #21566: Make use of socket.listen() default backlog. 2014-07-23 19:28:13 +01:00
Serhiy Storchaka
d3e1207191 Issue #20555: Use specific asserts in urllib, httplib, ftplib, cgi, wsgiref tests. 2014-02-08 14:51:10 +02:00
Serhiy Storchaka
25d8aeac7c Issue #20555: Use specific asserts in urllib, httplib, ftplib, cgi, wsgiref tests. 2014-02-08 14:50:08 +02:00
Christian Heimes
b2a794d235 fixed test_ftplib 2013-12-15 19:50:13 +01:00
Christian Heimes
e7945d76ff test_ftplib: skip check_hostname test when SNI is not available 2013-12-15 19:38:22 +01:00
Christian Heimes
e5b5edfa2c Issue #19781: ftplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
2013-12-02 02:56:02 +01:00
Serhiy Storchaka
43767638a9 Issue #18702: All skipped tests now reported as skipped. 2013-11-03 21:31:38 +02:00
Serhiy Storchaka
7908068627 Issue #18702: All skipped tests now reported as skipped. 2013-11-03 21:31:18 +02:00
Serhiy Storchaka
2acc456c33 Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.
2013-10-20 17:02:10 +03:00
Serhiy Storchaka
c30b178cbc Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.
2013-10-20 16:58:27 +03:00
Benjamin Peterson
42686e45c1 merge 3.3 (#19118) 2013-09-29 10:51:08 -04:00
Benjamin Peterson
f8ab76039b remove duplicate test_mkd (closes #19118) 2013-09-29 10:51:00 -04:00
Antoine Pitrou
1e440cf5a2 Issue #18792: Use "127.0.0.1" or "::1" instead of "localhost" as much as possible, since "localhost" goes through a DNS lookup under recent Windows versions. 2013-08-22 00:39:46 +02:00
Antoine Pitrou
f6fbf56071 Issue #18792: Use "127.0.0.1" or "::1" instead of "localhost" as much as possible, since "localhost" goes through a DNS lookup under recent Windows versions. 2013-08-22 00:39:46 +02:00
Senthil Kumaran
07abe7aedb merge from 3.3
Increasing test coverage of ftplib. Patch by Muhammad Jehanzeb
2013-08-12 22:26:14 -07:00
Senthil Kumaran
0d53860e2c Increasing test coverage of ftplib. Patch by Muhammad Jehanzeb 2013-08-12 22:25:27 -07:00
Florent Xicluna
c2464bf5c6 test_ftplib: silence a BytesWarning when checking TypeError 2013-07-06 15:08:29 +02:00
Florent Xicluna
5f3fef37f6 test_ftplib: silence a BytesWarning when checking TypeError 2013-07-06 15:08:21 +02:00