Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.

author: Antoine Pitrou <solipsis@pitrou.net> 2013-12-28 17:26:33 +0100
committer: Antoine Pitrou <solipsis@pitrou.net> 2013-12-28 17:26:33 +0100
commit: 3e86ba4e321d20931648d110e1be12643cb8ff04 (patch)
tree: f01df34824605fa2b79dabd905d983ee0d22b44c /Lib/test/test_ssl.py
parent: ecff5e51a5c65037103c23c937a02184050b7117 (diff)
download: cpython-git-3e86ba4e321d20931648d110e1be12643cb8ff04.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index f3b5695a1c..104a1edc6c 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -493,6 +493,18 @@ class BasicSocketTests(unittest.TestCase):
             support.gc_collect()
         self.assertIn(r, str(cm.warning.args[0]))
 
+    def test_unsupported_dtls(self):
+        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+        self.addCleanup(s.close)
+        with self.assertRaises(NotImplementedError) as cx:
+            ssl.wrap_socket(s, cert_reqs=ssl.CERT_NONE)
+        self.assertEqual(str(cx.exception), "only stream sockets are supported")
+        ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+        with self.assertRaises(NotImplementedError) as cx:
+            ctx.wrap_socket(s)
+        self.assertEqual(str(cx.exception), "only stream sockets are supported")
+
+
 class ContextTests(unittest.TestCase):
 
     @skip_if_broken_ubuntu_ssl
author	Antoine Pitrou <solipsis@pitrou.net>	2013-12-28 17:26:33 +0100
committer	Antoine Pitrou <solipsis@pitrou.net>	2013-12-28 17:26:33 +0100
commit	3e86ba4e321d20931648d110e1be12643cb8ff04 (patch)
tree	f01df34824605fa2b79dabd905d983ee0d22b44c /Lib/test/test_ssl.py
parent	ecff5e51a5c65037103c23c937a02184050b7117 (diff)
download	cpython-git-3e86ba4e321d20931648d110e1be12643cb8ff04.tar.gz