Message128473
| Author |
pitrou |
| Recipients |
djc, giampaolo.rodola, pitrou |
| Date |
2011年02月12日.23:54:02 |
| SpamBayes Score |
2.7551932e-09 |
| Marked as misclassified |
No |
| Message-id |
<1297554839.3723.55.camel@localhost.localdomain> |
| In-reply-to |
<1297539378.32.0.0271916571431.issue10084@psf.upfronthosting.co.za> |
| Content |
First comments:
- secure_connection() should be named ssl_something() like other
methods. ssl_start() perhaps?
- in ssl_shutdown():
+ elif err.args[0] == ssl.SSL_ERROR_SSL:
+ pass
SSL_ERROR_SSL doesn't exist. Perhaps you mean ssl.SSL_ERROR_EOF?
- in send(), you should handle SSL_ERROR_WANT_READ and
SSL_ERROR_WANT_WRITE as in recv(). Also:
+ if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
+ return 0
lacks a self.handle_close()?
- in recv(), you have "return ''" where it should be "return b''"
- in test_ssl_established(), I think it would be nice if you used e.g.
getpeercert() to check that we really are in SSL mode. Also, you could
make certificate checking mandatory using e.g.:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ssl_context.verify_mode = ssl.CERT_REQUIRED
cert_path = os.path.join(os.path.dirname(__file__), "keycert.pem")
ssl_context.load_cert_chain(cert_path)
ssl_context.load_verify_locations(cert_path)
- in addition to test_handle_read() and test_handle_write(), there
should be a test where a server and a client really send data to each
other, and receive at all
(also, I'm not sure why these tests can't be shared with non-SSL test
classes)
- test_create_socket() and test_bind() don't seem to test anything
SSL-related |
|