summaryrefslogtreecommitdiff
path: root/Lib/test/test_ssl.py
diff options
context:
space:
mode:
Diffstat (limited to 'Lib/test/test_ssl.py')
-rw-r--r--Lib/test/test_ssl.py10
1 files changed, 5 insertions, 5 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 73d3e3bbcd..2ea284a663 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -55,7 +55,6 @@ CAPATH = data_file("capath")
BYTES_CAPATH = os.fsencode(CAPATH)
CAFILE_NEURONIO = data_file("capath", "4e1295a3.0")
CAFILE_CACERT = data_file("capath", "5ed36f99.0")
-WRONG_CERT = data_file("wrongcert.pem")
CERTFILE_INFO = {
'issuer': ((('countryName', 'XY'),),
@@ -118,7 +117,7 @@ BADKEY = data_file("badkey.pem")
NOKIACERT = data_file("nokia.pem")
NULLBYTECERT = data_file("nullbytecert.pem")
-DHFILE = data_file("dh1024.pem")
+DHFILE = data_file("ffdh3072.pem")
BYTES_DHFILE = os.fsencode(DHFILE)
# Not defined in all versions of OpenSSL
@@ -2825,8 +2824,8 @@ class ThreadedTests(unittest.TestCase):
connect to it with a wrong client certificate fails.
"""
client_context, server_context, hostname = testing_context()
- # load client cert
- client_context.load_cert_chain(WRONG_CERT)
+ # load client cert that is not signed by trusted CA
+ client_context.load_cert_chain(CERTFILE)
# require TLS client authentication
server_context.verify_mode = ssl.CERT_REQUIRED
# TLS 1.3 has different handshake
@@ -2858,7 +2857,8 @@ class ThreadedTests(unittest.TestCase):
@unittest.skipUnless(ssl.HAS_TLSv1_3, "Test needs TLS 1.3")
def test_wrong_cert_tls13(self):
client_context, server_context, hostname = testing_context()
- client_context.load_cert_chain(WRONG_CERT)
+ # load client cert that is not signed by trusted CA
+ client_context.load_cert_chain(CERTFILE)
server_context.verify_mode = ssl.CERT_REQUIRED
server_context.minimum_version = ssl.TLSVersion.TLSv1_3
client_context.minimum_version = ssl.TLSVersion.TLSv1_3
View Lorry Controller Status