ó ð|ýJc@s~dZddlmZddlmZddlmZddlmZddlm Z ddl m Z m Z m Z mZmZmZddlmZmZmZmZmZmZdd lmZmZmZmZdd lmZmZmZdd lmZm Z m!Z!dd l"m#Z#dd l$m%Z%m&Z&ddl$m'Z'm(Z(m)Z)m*Z*m+Z+yddlm,Z,Wne-k r‡e.Z,nXyddlm/Z/Wne-k rµe.Z/nXyddlm0Z0Wne-k rãe.Z0nXd„Z1de#fd„ƒYZ2de#fd„ƒYZ3de#fd„ƒYZ4de#fd„ƒYZ5d„Z6de#fd„ƒYZ7e8dkrze ƒndS( s Unit tests for L{OpenSSL.SSL}. iÿÿÿÿ(tplatform(tsocket(tmakedirs(tjoin(tmain(tTYPE_RSAt FILETYPE_PEMtPKeytdump_privatekeytload_certificatetload_privatekey(t WantReadErrortContextt ContextTypet ConnectiontConnectionTypetError(t SSLv2_METHODt SSLv3_METHODt SSLv23_METHODt TLSv1_METHOD(t OP_NO_SSLv2t OP_NO_SSLv3tOP_SINGLE_DH_USE(t VERIFY_PEERtVERIFY_FAIL_IF_NO_PEER_CERTtVERIFY_CLIENT_ONCE(tTestCase(tcleartextCertificatePEMtcleartextPrivateKeyPEM(tclient_cert_pemtclient_key_pemtserver_cert_pemtserver_key_pemt root_cert_pem(tOP_NO_QUERY_MTU(tOP_COOKIE_EXCHANGE(t OP_NO_TICKETcCsçtƒ}|jdƒ|jdƒtƒ}|jtƒ|jd|jƒdfƒ|jtƒ|jƒd}|j dƒ|j dƒdks›t ‚|j dƒ|j dƒdksÃt ‚|jtƒ|jtƒ||fS( sQ Establish and return a pair of network sockets connected to each other. tiis 127.0.0.1txity(R&i( Rtbindtlistent setblockingtFalset connect_ext getsocknametTruetaccepttsendtrecvtAssertionError(tporttclienttserver((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt socket_pair#s          t ContextTestscBs’eZdZd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z d „Z e dkrln d „Z d „Zd„Zd„ZRS(s0 Unit tests for L{OpenSSL.SSL.Context}. cCsQx$ttttgD]}t|ƒqW|jttdƒ|jttdƒdS(sŒ L{Context} can be instantiated with one of L{SSLv2_METHOD}, L{SSLv3_METHOD}, L{SSLv23_METHOD}, or L{TLSv1_METHOD}. R&i N(RRRRR t assertRaisest TypeErrort ValueError(tselftmeth((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_methodEscCs'|jttƒ|jtdtƒdS(s‡ L{Context} and L{ContextType} refer to the same type object and can be used to create instances of that type. R N(tassertIdenticalR R tassertConsistentTypeR(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_typePscCsLtƒ}|jtdƒttƒ}|j|ƒ|jt|jdƒdS(sU L{Context.use_privatekey} takes an L{OpenSSL.crypto.PKey} instance. i€R&N(Rt generate_keyRR Rtuse_privatekeyR9R:(R<tkeytctx((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_use_privatekeyYs    cs tƒ}|jtdƒ|jƒ}t|dƒ}d‰|jtt|dˆƒƒ|jƒg‰‡‡fd†}t t ƒ}|j |ƒ|j |ƒ|j tˆƒdƒ|j tˆddtƒƒ|j tˆddtƒƒ|jˆddd ƒd S( s L{Context.set_passwd_cb} accepts a callable which will be invoked when a private key is loaded from an encrypted PEM. i€twtfoobartblowfishcsˆj|||fƒˆS(N(tappend(tmaxlentverifytextra(t calledWitht passphrase(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytpassphraseCallbackrsiiiN(RRBRtmktemptfiletwriteRRtcloseR Rt set_passwd_cbtuse_privatekey_filet assertTruetlent isinstancetintt assertEqualtNone(R<RDtpemFiletfObjRPtcontext((RNROsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_passwd_cbds       csøtƒ\}}tttƒ|ƒ}|jƒg‰‡fd†}ttƒ}|j|ƒ|jttt ƒƒ|j t tt ƒƒt||ƒ}|j ƒxCˆsæx6||fD](}y|jƒWq·tk rÞq·Xq·Wq¤W|jˆƒdS(sž L{Context.set_info_callback} accepts a callable which will be invoked when certain information about an SSL connection is available. csˆj|||fƒdS(N(RJ(tconntwheretret(tcalled(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytinfo‰sN(R7RR Rtset_connect_statetset_info_callbacktuse_certificateR RRRCR Rtset_accept_statet do_handshakeR RW(R<R6R5t clientSSLReR_t serverSSLtssl((RdsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_info_callback~s(       c Gstƒ\}}ttƒ}|j|Œ|jtd„ƒt||ƒ}|jƒttƒ}|jt t t ƒƒ|j t t tƒƒt||ƒ}|jƒxMtdƒD]?}x6||fD](} y| jƒWqÅtk rìqÅXqÅWq²W|jƒ} |j| jƒjdƒdS(NcSs|S(N((Ratcertterrnotdeptht preverify_ok((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt©sisTesting Root CA(R7R Rtload_verify_locationst set_verifyRRRfRhR RRRCR RRitrangeRjR tget_peer_certificateR[t get_subjecttCN( R<targsR6R5t clientContextRkt serverContextRltiRmRo((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_load_verify_locations_test s.         cCsC|jƒ}t|dƒ}|jtƒ|jƒ|j|ƒdS(sŠ L{Context.load_verify_locations} accepts a file name and uses the certificates within for verification purposes. RGN(RQRRRSRRTR~(R<tcafileR^((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_fileÆs    cCs,ttƒ}|jt|j|jƒƒdS(sm L{Context.load_verify_locations} raises L{Error} when passed a non-existent cafile. N(R RR9RRtRQ(R<R{((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_invalid_fileÓs cCs_|jƒ}t|ƒt|dƒ}t|dƒ}|jtƒ|jƒ|jd|ƒdS(s L{Context.load_verify_locations} accepts a directory name and uses the certificates within for verification purposes. s c7adac82.0RGN( RQRRRRRSRRTR~R\(R<tcapathRR^((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_directoryÝs    tdarwintwin32cCs‰ttƒ}|jƒ|jtd„ƒtƒ}|jdƒt||ƒ}|jƒ|j ƒ|j dƒ|j |j dƒƒdS(s¥ L{Context.set_default_verify_paths} causes the platform-specific CA certificate locations to be used for verification purposes. cSs|S(N((RaRoRpRqRr((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRsss verisign.comi»sGET / HTTP/1.0 iN(s verisign.comi»( R Rtset_default_verify_pathsRuRRtconnectRRfRjR1RWR2(R<R_R5Rk((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_default_verify_pathsòs        cCsRttƒ}|jt|jdƒ|jt|jdƒ|jt|jdƒdS(sv L{Context.set_default_verify_paths} takes no arguments and raises L{TypeError} if given any. iR&N(R RR9R:R†R\(R<R_((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt'test_set_default_verify_paths_signatures cCs[ttƒ}|jt|jƒ|jt|jtƒƒ|jt|jtƒtƒƒdS(s½ L{Context.add_extra_chain_cert} raises L{TypeError} if called with other than one argument or if called with an object which is not an instance of L{X509}. N(R RR9R:tadd_extra_chain_certtobject(R<R_((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt&test_add_extra_chain_cert_invalid_certs cCs&ttƒ}|jtttƒƒdS(sv L{Context.add_extra_chain_cert} accepts an L{X509} instance to add to the certificate chain. N(R RRŠR RR(R<R_((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_add_extra_chain_cert%s (sdarwinswin32(t__name__t __module__t__doc__R>RARFR`RnR~R€RRƒRRˆR‰RŒR(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR8As   " &    tConnectionTestscBseZdZd„ZRS(s3 Unit tests for L{OpenSSL.SSL.Connection}. cCs6|jttƒttƒ}|jtd|dƒdS(s L{Connection} and L{ConnectionType} refer to the same type object and can be used to create instances of that type. RN(R?RRR RR@R\(R<RE((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRA5s (RŽRRRA(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR‘1st ErrorTestscBseZdZd„ZRS(s. Unit tests for L{OpenSSL.SSL.Error}. cCs-|jtttƒƒ|jtjdƒdS(s0 L{Error} is an exception type. RN(RWt issubclassRt ExceptionR[RŽ(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRADs(RŽRRRA(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR’@stConstantsTestscBsVeZdZedk r$d„Znedk r<d„Znedk rTd„Z nRS(sð Tests for the values of constants exposed in L{OpenSSL.SSL}. These are values defined by OpenSSL intended only to be used as flags to OpenSSL APIs. The only assertions it seems can be made about them is their values. cCs|jtdƒdS(s The value of L{OpenSSL.SSL.OP_NO_QUERY_MTU} is 0x1000, the value of I{SSL_OP_NO_QUERY_MTU} defined by I{openssl/ssl.h}. iN(R[R#(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_no_query_mtuWscCs|jtdƒdS(s£ The value of L{OpenSSL.SSL.OP_COOKIE_EXCHANGE} is 0x2000, the value of I{SSL_OP_COOKIE_EXCHANGE} defined by I{openssl/ssl.h}. i N(R[R$(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_cookie_exchangebscCs|jtdƒdS(s— The value of L{OpenSSL.SSL.OP_NO_TICKET} is 0x4000, the value of I{SSL_OP_NO_TICKET} defined by I{openssl/ssl.h}. i@N(R[R%(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_no_ticketmsN( RŽRRR#R\R–R$R—R%R˜(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR•Ms    cCs|S(N((RaRoterrnumRqtok((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt verify_cbxstMemoryBIOTestscBsÂeZdZd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z d „Z d „Z d „Z d „Zd „Zd„Zd„Zd„Zd„Zd„Zd„Zd„ZRS(sA Tests for L{OpenSSL.SSL.Connection} using a memory BIO. cCs®ttƒ}|jttBtBƒ|jttBt Bt ƒ|j ƒ}|j t ttƒƒ|jtttƒƒ|jƒ|jtttƒƒt||ƒ}|jƒ|S(sc Create a new server-side SSL L{Connection} object wrapped around C{sock}. (R Rt set_optionsRRRRuRRRR›tget_cert_storeRCR RR!RhR R tcheck_privatekeytadd_certR"RRi(R<tsockt server_ctxt server_storet server_conn((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_servers    cCs®ttƒ}|jttBtBƒ|jttBt Bt ƒ|j ƒ}|j t ttƒƒ|jtttƒƒ|jƒ|jtttƒƒt||ƒ}|jƒ|S(sc Create a new client-side SSL L{Connection} object wrapped around C{sock}. (R RRRRRRuRRRR›RžRCR RRRhR RRŸR R"RRf(R<R¡t client_ctxt client_storet client_conn((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_client•s    cCs¿t}x²|rºt}xŸ||f||fgD]…\}}y|jdƒ}Wntk r`n X||fSxEtr²y|jdƒ}Wntk r›PqnXt}|j|ƒqnWq.Wq WdS(s Try to read application bytes from each of the two L{Connection} objects. Copy bytes back and forth between their send/receive buffers for as long as there is anything to copy. When there is nothing more to copy, return C{None}. If one of them actually manages to deliver some application bytes, return a two-tuple of the connection from which the bytes were read and the bytes themselves. iiiNi(R/R,R2R tbio_readt bio_write(R<R¨R¤twrotetreadRStbytestdirty((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt _loopback©s"       cCs°|jdƒ}|jdƒ}|j|jƒdƒ|j|jƒdƒ|j|jƒdƒ|j|j||ƒdƒ|j|jƒdƒ|j|jƒdƒ|j|jƒdƒ|j |jƒ|jƒƒ|j |jƒ|jƒƒ|j |jƒ|jƒƒ|j |jƒ|jƒƒd}|j |ƒ|j |j||ƒ||fƒ|j |ddd…ƒ|j |j||ƒ||ddd…fƒdS(s Two L{Connection}s which use memory BIOs can be manually connected by reading from the output of each and writing those bytes to the input of the other and in this way establish a connection and exchange application-level bytes with each other. sOne if by land, two if by sea.Niÿÿÿÿ( R¥R\R©R?t master_keyt client_randomt server_randomR°tassertNotIdenticalt assertEqualstassertNotEqualsRS(R<R¤R¨timportant_message((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_memoryConnectØs,  c Csútƒ\}}|j|ƒ}|j|ƒ}t}xO|s„t}x<||fD].}y|jƒWqOtk r|t}qOXqOWq6Wd}|j|ƒ|jdƒ}|j ||ƒ|ddd…}|j|ƒ|jdƒ}|j ||ƒdS(s³ Just like L{test_memoryConnect} but with an actual socket. This is primarily to rule out the memory BIO code as the source of any problems encountered while passing data over a L{Connection} (if this test fails, there must be a problem outside the memory BIO code, as no memory BIO is involved here). Even though this isn't a memory BIO test, it's convenient to have it here. s,Help me Obi Wan Kenobi, you're my only hope.iNiÿÿÿÿ( R7R©R¥R,R/RjR R1R2R[( R<R6R5R¨R¤t establishedRmR·tmsg((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_socketConnects&     cCsgttƒ}tƒ}t||ƒ}|jt|jdƒ|jt|jdƒ|jt|jƒdS(s” Test that L{OpenSSL.SSL.bio_read} and L{OpenSSL.SSL.bio_write} don't work on L{OpenSSL.SSL.Connection}() that use sockets. idtfooN( R RRRR9R:RªR«t bio_shutdown(R<R_R5Rk((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_socketOverridesMemory,s   cCsœ|jdƒ}|jdƒ}|j||ƒd}|jd|ƒ}|j||kƒ|j||ƒ\}}|j||ƒ|jt|ƒ|ƒdS(s  If more bytes than can be written to the memory BIO are passed to L{Connection.send} at once, the number of bytes which were written is returned and that many bytes from the beginning of the input can be read from the other end of the connection. iiR'Ni€( R¥R\R©R°R1RWR?RµRX(R<R6R5tsizetsenttreceivertreceived((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_outgoingOverflow9scCsH|jdƒ}|jƒ|jt|jdƒ}|j|jtƒdS(s{ L{Connection.bio_shutdown} signals the end of the data stream from which the L{Connection} reads. iN(R¥R\R½R9RR2Rµt __class__(R<R6te((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_shutdownTs cCsÎ|jdƒ}|jdƒ}|j|jƒgƒ|j|jƒgƒ|jƒ}||ƒ}|j|jƒgƒ|j|jƒ|ƒ|j||ƒ|j|jƒ|ƒ|j|jƒ|ƒdS(s Verify the return value of the C{get_client_ca_list} method for server and client connections. @param func: A function which will be called with the server context before the client and server are connected to each other. This function should specify a list of CAs for the server to send to the client and return that same list. The list will be used to verify that C{get_client_ca_list} returns the proper value at various times. N(R¥R\R©R[tget_client_ca_listt get_contextR°(R<tfuncR6R5REtexpected((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_check_client_ca_listas   cCsXttƒ}|jt|jdƒ|jt|jdgƒ|j|jgƒdƒdS(s L{Context.set_client_ca_list} raises a L{TypeError} if called with a non-list or a list that contains objects other than X509Names. tspamN(R RR9R:tset_client_ca_listR?R\(R<RE((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_client_ca_list_errorsys cCsd„}|j|ƒdS(s If passed an empty list, L{Context.set_client_ca_list} configures the context to send no CA names to the client and, on both the server and client sides, L{Connection.get_client_ca_list} returns an empty list after the connection is set up. cSs|jgƒgS(N(RÍ(RE((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytno_ca‹s N(RË(R<RÏ((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_empty_ca_list„s cs;tttƒ}|jƒ‰‡fd†}|j|ƒdS(sK If passed a list containing a single X509Name, L{Context.set_client_ca_list} configures the context to send that CA name to the client and, on both the server and client sides, L{Connection.get_client_ca_list} returns a list containing that X509Name after the connection is set up. cs|jˆgƒˆgS(N(RÍ(RE(tcadesc(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt single_ca›sN(R RR"RxRË(R<tcacertRÒ((RÑsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_one_ca_list‘s csYtttƒ}tttƒ}|jƒ‰|jƒ‰‡‡fd†}|j|ƒdS(sW If passed a list containing multiple X509Name objects, L{Context.set_client_ca_list} configures the context to send those CA names to the client and, on both the server and client sides, L{Connection.get_client_ca_list} returns a list containing those X509Names after the connection is set up. csˆˆg}|j|ƒ|S(N(RÍ(REtL(tcldesctsedesc(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt multiple_ca¯s  N(R RR RxRË(R<tsecerttclcertRØ((RÖR×sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_multiple_ca_list¡s   cswtttƒ}tttƒ}tttƒ}|jƒ‰|jƒ‰|jƒ‰‡‡‡fd†}|j|ƒdS(s¿ If called multiple times, only the X509Names passed to the final call of L{Context.set_client_ca_list} are used to configure the CA names sent to the client. cs*|jˆˆgƒ|jˆgƒˆgS(N(RÍ(RE(RÑRÖR×(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt changed_caÄsN(R RR"R RxRË(R<RÓRÙRÚRÜ((RÑRÖR×sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_reset_ca_list¶s   csYtttƒ}tttƒ}|jƒ‰|jƒ‰‡‡fd†}|j|ƒdS(sª If the list passed to L{Context.set_client_ca_list} is mutated afterwards, this does not affect the list of CA names sent to the client. cs-ˆg}|jˆgƒ|jˆƒˆgS(N(RÍRJ(RERÕ(RÑR×(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt mutated_ca×s  N(R RR"R RxRË(R<RÓRÙRÞ((RÑR×sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_mutated_ca_listËs   cCsattƒ}tttƒ}|jt|jƒ|jt|jdƒ|jt|j||ƒdS(s• L{Context.add_client_ca} raises L{TypeError} if called with a non-X509 object or with a number of arguments other than one. RÌN(R RR RR"R9R:t add_client_ca(R<RERÓ((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_add_client_ca_errorsßs  cs>tttƒ‰ˆjƒ‰‡‡fd†}|j|ƒdS(s~ A certificate's subject can be added as a CA to be sent to the client with L{Context.add_client_ca}. cs|jˆƒˆgS(N(Rà(RE(RÓRÑ(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRÒòs N(R RR"RxRË(R<RÒ((RÓRÑsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_one_add_client_caës cs_tttƒ‰tttƒ‰ˆjƒ‰ˆjƒ‰‡‡‡‡fd†}|j|ƒdS(s… Multiple CA names can be sent to the client by calling L{Context.add_client_ca} with multiple X509 objects. cs$|jˆƒ|jˆƒˆˆgS(N(Rà(RE(RÓRÑRÙR×(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRØs  N(R RR"R RxRË(R<RØ((RÓRÑRÙR×sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_multiple_add_client_caøs   csztttƒ}tttƒ}tttƒ‰|jƒ‰|jƒ‰ˆjƒ‰‡‡‡‡fd†}|j|ƒdS(sÐ A call to L{Context.set_client_ca_list} followed by a call to L{Context.add_client_ca} results in using the CA names from the first call and the CA name from the second call. cs-|jˆˆgƒ|jˆƒˆˆˆgS(N(RÍRà(RE(RÑRÚRÖR×(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytmixed_set_add_cas N(R RR"R RxRË(R<RÓRÙRä((RÑRÚRÖR×sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_and_add_client_ca s   csztttƒ}tttƒ‰tttƒ‰|jƒ‰ˆjƒ‰ˆjƒ}‡‡‡‡fd†}|j|ƒdS(sÐ A call to L{Context.set_client_ca_list} after a call to L{Context.add_client_ca} replaces the CA name specified by the former call with the names specified by the latter cal. cs4|jˆƒ|jˆgƒ|jˆƒˆˆgS(N(RàRÍ(RE(RÑRÚRÙR×(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytset_replaces_add_ca-s  N(R RR"R RxRË(R<RÓRÖRæ((RÑRÚRÙR×sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_after_add_client_cas   (RŽRRR¥R©R°R¸R»R¾RÃRÆRËRÎRÐRÔRÛRÝRßRáRâRãRåRç(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRœ{s*   / + )        t__main__N(9RtsysRRtosRtos.pathRtunittestRtOpenSSL.cryptoRRRRR R t OpenSSL.SSLR R R RRRRRRRRRRRRRtOpenSSL.test.utilRtOpenSSL.test.test_cryptoRRRRR R!R"R#t ImportErrorR\R$R%R7R8R‘R’R•R›RœRŽ(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytsF.."(       ð + ÿ¼