Updated tests to explicitly include subject alt names test. Tested with

remote peer with > 64 subject alt names

Author: philipkershaw

ndg/httpsclient/https.py

@@ -48,7 +48,7 @@ class HTTPSConnection(HTTPConnection):
     @type default_ssl_method: int
     """
     default_port = HTTPS_PORT
-    default_ssl_method = SSL.SSLv23_METHOD
+    default_ssl_method = SSL.TLSv1_2_METHOD
 
     def __init__(self, host, port=None, strict=None,
                  timeout=socket._GLOBAL_DEFAULT_TIMEOUT, ssl_context=None):
@@ -100,6 +100,8 @@ class HTTPSContextHandler(AbstractHTTPHandler):
     '''
     https_request = AbstractHTTPHandler.do_request_
 
+    SSL_METHOD = SSL.TLSv1_2_METHOD
+    
     def __init__(self, ssl_context, debuglevel=0):
         """
         @param ssl_context:SSL context
@@ -116,7 +118,7 @@ def __init__(self, ssl_context, debuglevel=0):
                                 ssl_context)
             self.ssl_context = ssl_context
         else:
-            self.ssl_context = SSL.Context(SSL.TLSv1_METHOD)
+            self.ssl_context = SSL.Context(self.__class__.SSL_METHOD)
 
     def https_open(self, req):
         """Opens HTTPS request

ndg/httpsclient/test/__init__.py

@@ -16,12 +16,12 @@ class Constants(object):
     '''Convenience base class from which other unit tests can extend.  Its
     sets the generic data directory path'''
     PORT = 4443
+#     PORT = 443
     PORT2 = 4444
-    HOSTNAME = 'localhost'
+     HOSTNAME = 'localhost'
+#     HOSTNAME = 'files.pythonhosted.org'
     TEST_URI = 'https://%s:%d' % (HOSTNAME, PORT)
     TEST_URI2 = 'https://%s:%d' % (HOSTNAME, PORT2)
-#     TEST_URI = 'https://pypi.org'
-#     TEST_URI2 = 'https://www.google.co.uk'
 
     UNITTEST_DIR = os.path.dirname(os.path.abspath(__file__))
     CACERT_DIR = os.path.join(UNITTEST_DIR, 'pki', 'ca')

ndg/httpsclient/test/test_urllib2.py

@@ -21,6 +21,7 @@
 from OpenSSL import SSL
 from ndg.httpsclient.test import Constants
 from ndg.httpsclient.urllib2_build_opener import build_opener
+from ndg.httpsclient.ssl_peer_verification import ServerSSLCertVerification
 
 
 class Urllib2TestCase(unittest.TestCase):
@@ -36,21 +37,43 @@ def test02_open(self):
         self.assertTrue(res)
         print("res = %s" % res.read())
 
+    @unittest.skipIf(Constants.HOSTNAME != 'localhost', 'Skip non-local host')
     def test03_open_fails_unknown_loc(self):
         opener = build_opener()
         self.assertRaises(URLError_, opener.open, Constants.TEST_URI2)
 
     def test04_open_peer_cert_verification_fails(self):
         # Explicitly set empty CA directory to make verification fail
-        ctx = SSL.Context(SSL.TLSv1_METHOD)
+        ctx = SSL.Context(SSL.TLSv1_2_METHOD)
         verify_callback = lambda conn, x509, errnum, errdepth, preverify_ok: \
             preverify_ok 
 
         ctx.set_verify(SSL.VERIFY_PEER, verify_callback)
         ctx.load_verify_locations(None, './')
         opener = build_opener(ssl_context=ctx)
         self.assertRaises(SSL.Error, opener.open, Constants.TEST_URI)
-        
+      
+    def test05_open_with_subj_alt_names_verification(self):
+        ctx = SSL.Context(SSL.TLSv1_2_METHOD)
+                
+        # Set wildcard hostname for subject alternative name matching - 
+        # setting a minimum of two name components for hostname
+        split_hostname = Constants.HOSTNAME.split('.', 1)
+        if len(split_hostname) > 1:
+            _hostname = '*.' + split_hostname[-1]
+        else:
+            _hostname = Constants.HOSTNAME
+            
+        server_ssl_verify = ServerSSLCertVerification(hostname=_hostname)
+        verify_callback_ = server_ssl_verify.get_verify_server_cert_func()
+        ctx.set_verify(SSL.VERIFY_PEER, verify_callback_)
+        ctx.set_default_verify_paths()
+                    
+        opener = build_opener(ssl_context=ctx)
+        res = opener.open(Constants.TEST_URI)
+        self.assertTrue(res)
+        print("res = %s" % res.read())
+                  
 
 if __name__ == "__main__":
     unittest.main()