Skip to content

Commit dfbe523

Browse files
tirantiran
committed
Add test for secure TLS default
Now test that the default value for cert validation is DEMAND. See: python-ldap#169 Signed-off-by: Christian Heimes <cheimes@redhat.com>
1 parent 22c3ccf commit dfbe523

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

Tests/t_cext.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -826,10 +826,28 @@ def test_tls_ext(self):
826826
l.set_option(_ldap.OPT_X_TLS_NEWCTX, 0)
827827
l.start_tls_s()
828828

829+
@requires_tls()
830+
def test_tls_require_cert(self):
831+
# libldap defaults to secure cert validation
832+
# see libraries/libldap/init.c
833+
# gopts->ldo_tls_require_cert = LDAP_OPT_X_TLS_DEMAND;
834+
835+
self.assertEqual(
836+
_ldap.get_option(_ldap.OPT_X_TLS_REQUIRE_CERT),
837+
_ldap.OPT_X_TLS_DEMAND
838+
)
839+
l = self._open_conn(bind=False)
840+
self.assertEqual(
841+
l.get_option(_ldap.OPT_X_TLS_REQUIRE_CERT),
842+
_ldap.OPT_X_TLS_DEMAND
843+
)
844+
829845
@requires_tls()
830846
def test_tls_ext_noca(self):
831847
l = self._open_conn(bind=False)
832848
l.set_option(_ldap.OPT_PROTOCOL_VERSION, _ldap.VERSION3)
849+
# fails because libldap defaults to secure cert validation but
850+
# the test CA is not installed as trust anchor.
833851
with self.assertRaises(_ldap.CONNECT_ERROR) as e:
834852
l.start_tls_s()
835853
# known resaons:

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy