commit c89288d28281e17dee02400ab03d4e5b1f32864f Author: Isis Lovecruft isis@torproject.org Date: Mon Apr 22 00:35:17 2013 +0000
Fix bug where conflicting SSL context choices was not explained to the user. --- nettests/experimental/tls_handshake.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/nettests/experimental/tls_handshake.py b/nettests/experimental/tls_handshake.py index 1ac3661..89a9bd9 100644 --- a/nettests/experimental/tls_handshake.py +++ b/nettests/experimental/tls_handshake.py @@ -152,13 +152,23 @@ class HandshakeTest(nettest.NetTestCase): if options['host']: self.host = options['host']
+ ## If no context was chosen, explain our default to the user: + if not (options['ssl2'] or options['ssl3'] or options['tls1']): + try: raise SSLContextError('NO_CONTEXT') + except SSLContextError as sce: log.err(sce.message) else: - try: - raise NoSSLContextError( - "No SSL/TLS context chosen! Defaulting to TLSv1...") - except NoSSLContextError, ncse: - log.err(ncse.message) - self.context = SSL.Context(SSL.TLSv1_METHOD) + ## If incompatible contexts were chosen, inform the user: + if options['tls1'] and (options['ssl2'] or options['ssl3']): + try: raise SSLContextError('INCOMPATIBLE') + except SSLContextError as sce: log.err(sce.message) + finally: log.msg('Defaulting to testing only TLSv1.') + elif options['ssl2']: + if not options['ssl3']: + self.context = SSL.Context(SSL.SSLv2_METHOD) + else: + self.context = SSL.Context(SSL.SSLv23_METHOD) + elif options['ssl3']: + self.context = SSL.Context(SSL.SSLv3_METHOD)
if not options['ciphersuite']: self.ciphers = firefox_ciphers