* Added new test to test_urllib2 test04_open_peer_cert_verification_f…

…ails - checks for failure through missing CA verification chain. git-svn-id: http://proj.badc.rl.ac.uk/svn/ndg-security/trunk/ndg_httpsclient@8016 051b1e3e-aa0c-0410-b6c2-bfbade6052be
Gu1 · Feb 14, 2012 · 6e5e18f · 6e5e18f
1 parent 0e3c1d9
commit 6e5e18f
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/ndg/httpsclient/test/test_urllib2.py b/ndg/httpsclient/test/test_urllib2.py
@@ -12,6 +12,7 @@
 from urllib2 import URLError
 import unittest
 
+from OpenSSL import SSL
 from ndg.httpsclient.test import Constants
 from ndg.httpsclient.urllib2_build_opener import build_opener
 
@@ -29,10 +30,21 @@ def test02_open(self):
         self.assert_(res)
         print("res = %s" % res.read())
 
-    def test03_open_fails(self):
+    def test03_open_fails_unknown_loc(self):
         opener = build_opener()
         self.failUnlessRaises(URLError, opener.open, Constants.TEST_URI2)
 
-
+    def test04_open_peer_cert_verification_fails(self):
+        # Explicitly set empty CA directory to make verification fail
+        ctx = SSL.Context(SSL.SSLv3_METHOD)
+        verify_callback = lambda conn, x509, errnum, errdepth, preverify_ok: \
+            preverify_ok 
+
+        ctx.set_verify(SSL.VERIFY_PEER, verify_callback)
+        ctx.load_verify_locations(None, './')
+        opener = build_opener(ssl_context=ctx)
+        self.failUnlessRaises(SSL.Error, opener.open, Constants.TEST_URI)
+
+
 if __name__ == "__main__":
     unittest.main()