1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
This test tries connecting to an external server which is not supported
in the build environment. See discussion at:
https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00650.html
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index ee849fd..60048b8 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -1180,40 +1180,6 @@ class ContextTests(TestCase, _LoopbackMixin):
TypeError, context.load_verify_locations, None, None, None
)
- @pytest.mark.skipif(
- platform == "win32",
- reason="set_default_verify_paths appears not to work on Windows. "
- "See LP#404343 and LP#404344."
- )
- def test_set_default_verify_paths(self):
- """
- :py:obj:`Context.set_default_verify_paths` causes the
- platform-specific CA certificate locations to be used for
- verification purposes.
- """
- # Testing this requires a server with a certificate signed by one
- # of the CAs in the platform CA location. Getting one of those
- # costs money. Fortunately (or unfortunately, depending on your
- # perspective), it's easy to think of a public server on the
- # internet which has such a certificate. Connecting to the network
- # in a unit test is bad, but it's the only way I can think of to
- # really test this. -exarkun
-
- # Arg, verisign.com doesn't speak anything newer than TLS 1.0
- context = Context(SSLv23_METHOD)
- context.set_default_verify_paths()
- context.set_verify(
- VERIFY_PEER,
- lambda conn, cert, errno, depth, preverify_ok: preverify_ok)
-
- client = socket()
- client.connect(("encrypted.google.com", 443))
- clientSSL = Connection(context, client)
- clientSSL.set_connect_state()
- clientSSL.do_handshake()
- clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")
- self.assertTrue(clientSSL.recv(1024))
-
def test_set_default_verify_paths_signature(self):
"""
:py:obj:`Context.set_default_verify_paths` takes no arguments and
|