From 58a02f107eb0e43a631eb9b99a18c5c13ccec4f0 Mon Sep 17 00:00:00 2001 From: Steve Kamerman Date: Wed, 8 Nov 2017 22:42:52 -0500 Subject: [PATCH 1/3] Removed '-verify 0' - to disable verification, exclude -verify entirely --- test/test_ssl/test_dhparam.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_ssl/test_dhparam.py b/test/test_ssl/test_dhparam.py index 67b11fa..fd60217 100644 --- a/test/test_ssl/test_dhparam.py +++ b/test/test_ssl/test_dhparam.py @@ -89,5 +89,5 @@ def test_web5_dhparam_is_used(docker_compose): host = "%s:443" % sut_container.attrs["NetworkSettings"]["IPAddress"] r = subprocess.check_output( - "echo '' | openssl s_client -verify 0 -connect %s -cipher 'EDH' | grep 'Server Temp Key'" % host, shell=True) + "echo '' | openssl s_client -connect %s -cipher 'EDH' | grep 'Server Temp Key'" % host, shell=True) assert "Server Temp Key: DH, 2048 bits\n" == r From ebd1485b09ad2ab70bdf4a13d4e39152fc1fda27 Mon Sep 17 00:00:00 2001 From: Steve Kamerman Date: Wed, 8 Nov 2017 22:53:44 -0500 Subject: [PATCH 2/3] Catch SSLError instead of CertificateError --- .../wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/test_ssl/wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py b/test/test_ssl/wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py index db18809..12b04c7 100644 --- a/test/test_ssl/wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py +++ b/test/test_ssl/wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py @@ -1,6 +1,5 @@ import pytest -from backports.ssl_match_hostname import CertificateError - +from requests.exceptions import SSLError @pytest.mark.parametrize("subdomain,should_redirect_to_https", [ (1, True), @@ -23,9 +22,10 @@ def test_https_get_served(docker_compose, nginxproxy, subdomain): def test_web3_https_is_500_and_SSL_validation_fails(docker_compose, nginxproxy): - with pytest.raises(CertificateError) as excinfo: + with pytest.raises(SSLError) as excinfo: nginxproxy.get("https://3.web.nginx-proxy.tld/port") assert """hostname '3.web.nginx-proxy.tld' doesn't match 'nginx-proxy.tld'""" in str(excinfo.value) + r = nginxproxy.get("https://3.web.nginx-proxy.tld/port", verify=False) assert r.status_code == 500 From 612bf72ceb3157a0ebad12b2dd09ad2874b24013 Mon Sep 17 00:00:00 2001 From: Steve Kamerman Date: Wed, 8 Nov 2017 23:19:13 -0500 Subject: [PATCH 3/3] Support old and new versions of requests --- .../wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/test_ssl/wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py b/test/test_ssl/wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py index 12b04c7..de4b298 100644 --- a/test/test_ssl/wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py +++ b/test/test_ssl/wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py @@ -1,6 +1,8 @@ import pytest +from backports.ssl_match_hostname import CertificateError from requests.exceptions import SSLError + @pytest.mark.parametrize("subdomain,should_redirect_to_https", [ (1, True), (2, True), @@ -22,10 +24,9 @@ def test_https_get_served(docker_compose, nginxproxy, subdomain): def test_web3_https_is_500_and_SSL_validation_fails(docker_compose, nginxproxy): - with pytest.raises(SSLError) as excinfo: + with pytest.raises( (CertificateError, SSLError) ) as excinfo: nginxproxy.get("https://3.web.nginx-proxy.tld/port") assert """hostname '3.web.nginx-proxy.tld' doesn't match 'nginx-proxy.tld'""" in str(excinfo.value) - r = nginxproxy.get("https://3.web.nginx-proxy.tld/port", verify=False) assert r.status_code == 500