Merge pull request #2451 from ogayot/python3.10

tests: replace use of ssl.wrap_socket that throws warnings in Python …

test/broker/08-ssl-bridge.py

@@ -34,7 +34,9 @@ publish_packet = mosq_test.gen_publish("bridge/ssl/test", qos=0, payload="messag
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt", keyfile="../ssl/server.key", certfile="../ssl/server.crt", server_side=True)
+context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
+context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
+ssock = context.wrap_socket(sock, server_side=True)
 ssock.settimeout(20)
 ssock.bind(('', port1))
 ssock.listen(5)

test/broker/08-ssl-connect-cert-auth-crl.py

@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
 
 try:
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
+    context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
+    context.load_cert_chain(certfile="../ssl/client.crt", keyfile="../ssl/client.key")
+    ssock = context.wrap_socket(sock, server_hostname="localhost")
     ssock.settimeout(20)
     ssock.connect(("localhost", port1))
 

test/broker/08-ssl-connect-cert-auth-expired.py

@@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
 
 try:
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client-expired.crt", keyfile="../ssl/client-expired.key", cert_reqs=ssl.CERT_REQUIRED)
+    context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
+    context.load_cert_chain(certfile="../ssl/client-expired.crt", keyfile="../ssl/client-expired.key")
+    ssock = context.wrap_socket(sock, server_hostname="localhost")
     ssock.settimeout(20)
     try:
         ssock.connect(("localhost", port1))

test/broker/08-ssl-connect-cert-auth-revoked.py

@@ -30,7 +30,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
 
 try:
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client-revoked.crt", keyfile="../ssl/client-revoked.key", cert_reqs=ssl.CERT_REQUIRED)
+    context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
+    context.load_cert_chain(certfile="../ssl/client-revoked.crt", keyfile="../ssl/client-revoked.key")
+    ssock = context.wrap_socket(sock, server_hostname="localhost")
     ssock.settimeout(20)
     try:
         ssock.connect(("localhost", port1))

test/broker/08-ssl-connect-cert-auth-without.py

@@ -28,7 +28,8 @@ connect_packet = mosq_test.gen_connect("connect-cert-test", keepalive=keepalive)
 broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True)
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", cert_reqs=ssl.CERT_REQUIRED)
+context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+ssock = context.wrap_socket(sock, server_hostname="localhost")
 ssock.settimeout(20)
 try:
     ssock.connect(("localhost", port1))

test/broker/08-ssl-connect-cert-auth.py

@@ -32,7 +32,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
 
 try:
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
+    context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
+    context.load_cert_chain(certfile="../ssl/client.crt", keyfile="../ssl/client.key")
+    ssock = context.wrap_socket(sock, server_hostname="localhost")
     ssock.settimeout(20)
     ssock.connect(("localhost", port1))
 

test/broker/08-ssl-connect-identity.py

@@ -33,7 +33,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
 
 try:
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
+    context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
+    context.load_cert_chain(certfile="../ssl/client.crt", keyfile="../ssl/client.key")
+    ssock = context.wrap_socket(sock, server_hostname="localhost")
     ssock.settimeout(20)
     ssock.connect(("localhost", port1))
 

test/broker/08-ssl-connect-no-auth-wrong-ca.py

@@ -29,7 +29,8 @@ connack_packet = mosq_test.gen_connack(rc=0)
 broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True)
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-alt-ca.crt", cert_reqs=ssl.CERT_REQUIRED)
+context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-alt-ca.crt")
+ssock = context.wrap_socket(sock, server_hostname="localhost")
 ssock.settimeout(20)
 try:
     ssock.connect(("localhost", port1))

test/broker/08-ssl-connect-no-auth.py

@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
 
 try:
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", cert_reqs=ssl.CERT_REQUIRED)
+    context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
+    ssock = context.wrap_socket(sock, server_hostname="localhost")
     ssock.settimeout(20)
     ssock.connect(("localhost", port1))
 

test/broker/08-ssl-connect-no-identity.py

@@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
 
 try:
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", cert_reqs=ssl.CERT_REQUIRED)
+    context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
+    ssock = context.wrap_socket(sock, server_hostname="localhost")
     ssock.settimeout(20)
     ssock.connect(("localhost", port1))
 

test/broker/08-ssl-hup-disconnect.py

@@ -43,7 +43,9 @@ def do_test(option):
 
     try:
         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
+        context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
+        context.load_cert_chain(certfile="../ssl/client.crt", keyfile="../ssl/client.key")
+        ssock = context.wrap_socket(sock, server_hostname="localhost")
         ssock.settimeout(20)
         ssock.connect(("localhost", port))
         mosq_test.do_send_receive(ssock, connect_packet, connack_packet, "connack")

test/lib/08-ssl-connect-cert-auth-enc.py

@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_disconnect()
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt",
-        keyfile="../ssl/server.key", certfile="../ssl/server.crt",
-        server_side=True, cert_reqs=ssl.CERT_REQUIRED)
+context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
+context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
+context.verify_mode = ssl.CERT_REQUIRED
+ssock = context.wrap_socket(sock, server_side=True)
 ssock.settimeout(10)
 ssock.bind(('', port))
 ssock.listen(5)

test/lib/08-ssl-connect-cert-auth.py

@@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_disconnect()
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt",
-        keyfile="../ssl/server.key", certfile="../ssl/server.crt",
-        server_side=True, cert_reqs=ssl.CERT_REQUIRED)
+context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
+context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
+context.verify_mode = ssl.CERT_REQUIRED
+ssock = context.wrap_socket(sock, server_side=True)
 ssock.settimeout(10)
 ssock.bind(('', port))
 ssock.listen(5)

test/lib/08-ssl-connect-no-auth.py

@@ -25,7 +25,9 @@ disconnect_packet = mosq_test.gen_disconnect()
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt", keyfile="../ssl/server.key", certfile="../ssl/server.crt", server_side=True)
+context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
+context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
+ssock = context.wrap_socket(sock, server_side=True)
 ssock.settimeout(10)
 ssock.bind(('', port))
 ssock.listen(5)

test/lib/08-ssl-fake-cacert.py

@@ -10,9 +10,10 @@ if sys.version < '2.7':
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt",
-        keyfile="../ssl/server.key", certfile="../ssl/server.crt",
-        server_side=True, cert_reqs=ssl.CERT_REQUIRED)
+context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
+context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
+context.verify_mode = ssl.CERT_REQUIRED
+ssock = context.wrap_socket(sock, server_side=True)
 ssock.settimeout(10)
 ssock.bind(('', port))
 ssock.listen(5)