This repository was archived by the owner on Oct 8, 2025. It is now read-only.
This repository was archived by the owner on Oct 8, 2025. It is now read-only.
Tests fail with Python 3.13 on Fedora 41 #1545
Description
% python3 -m pytest --user=nobody test/test_tls_sni.py
================================================================================================================ test session starts ================================================================================================================
platform linux -- Python 3.13.0, pytest-8.3.3, pluggy-1.5.0 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /home/thresh/unit/pkg/rpm/rpmbuild/BUILD/unit-1.35.0-build/unit-1.35.0/test
configfile: pytest.ini
collected 9 items
test/test_tls_sni.py::test_tls_sni FAILEDPath to unit.log:
/tmp/unit-test-jkwyc001/unit.log
2025/01/23 03:39:31 [warn] 93772#93772 Unit is running unprivileged, then it cannot use arbitrary user and group.
2025/01/23 03:39:31 [info] 93772#93772 unit 1.35.0 started
2025/01/23 03:39:31 [info] 93773#93773 discovery started
2025/01/23 03:39:31 [notice] 93773#93773 no modules matching: "/home/thresh/unit/pkg/rpm/rpmbuild/BUILD/unit-1.35.0-build/unit-1.35.0/build/lib/unit/modules/*.unit.so" found
2025/01/23 03:39:31 [info] 93772#93772 controller started
2025/01/23 03:39:31 [notice] 93772#93772 process 93773 exited with code 0
2025/01/23 03:39:31 [info] 93775#93775 router started
2025/01/23 03:39:31 [info] 93775#93775 OpenSSL 3.2.2 4 Jun 2024, 30200020
2025/01/23 03:39:31 [error] 93775#93776 *23 SSL_do_handshake(32) failed (1046: ssl/tls alert certificate unknown) (OpenSSL: error:0A000416:SSL routines::ssl/tls alert certificate unknown:SSL alert number 46)
test/test_tls_sni.py::test_tls_sni_no_hostname FAILEDPath to unit.log:
/tmp/unit-test-jkwyc001/unit.log
2025/01/23 03:39:32 [error] 93775#93776 *32 SSL_do_handshake(32) failed (1046: ssl/tls alert certificate unknown) (OpenSSL: error:0A000416:SSL routines::ssl/tls alert certificate unknown:SSL alert number 46)
test/test_tls_sni.py::test_tls_sni_upper_case FAILEDPath to unit.log:
/tmp/unit-test-jkwyc001/unit.log
2025/01/23 03:39:32 [error] 93775#93776 *41 SSL_do_handshake(32) failed (1046: ssl/tls alert certificate unknown) (OpenSSL: error:0A000416:SSL routines::ssl/tls alert certificate unknown:SSL alert number 46)
test/test_tls_sni.py::test_tls_sni_only_bundle FAILEDPath to unit.log:
/tmp/unit-test-jkwyc001/unit.log
2025/01/23 03:39:32 [error] 93775#93776 *50 SSL_do_handshake(32) failed (1046: ssl/tls alert certificate unknown) (OpenSSL: error:0A000416:SSL routines::ssl/tls alert certificate unknown:SSL alert number 46)
test/test_tls_sni.py::test_tls_sni_wildcard FAILEDPath to unit.log:
/tmp/unit-test-jkwyc001/unit.log
2025/01/23 03:39:32 [error] 93775#93776 *59 SSL_do_handshake(32) failed (1046: ssl/tls alert certificate unknown) (OpenSSL: error:0A000416:SSL routines::ssl/tls alert certificate unknown:SSL alert number 46)
test/test_tls_sni.py::test_tls_sni_duplicated_bundle FAILEDPath to unit.log:
/tmp/unit-test-jkwyc001/unit.log
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "localhost.com" in certificate "localhost.com", identical name appears in "localhost.com"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "alt2.localhost.com" in certificate "localhost.com", identical name appears in "localhost.com"
2025/01/23 03:39:33 [error] 93775#93777 *68 SSL_do_handshake(32) failed (1046: ssl/tls alert certificate unknown) (OpenSSL: error:0A000416:SSL routines::ssl/tls alert certificate unknown:SSL alert number 46)
test/test_tls_sni.py::test_tls_sni_same_alt FAILEDPath to unit.log:
/tmp/unit-test-jkwyc001/unit.log
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "s" in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "a" in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "m" in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "e" in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "." in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "l" in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "t" in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "n" in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "c" in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [warn] 93775#93775 ignored duplicate name "o" in certificate "example", identical name appears in "localhost"
2025/01/23 03:39:33 [error] 93775#93777 *77 SSL_do_handshake(32) failed (1046: ssl/tls alert certificate unknown) (OpenSSL: error:0A000416:SSL routines::ssl/tls alert certificate unknown:SSL alert number 46)
test/test_tls_sni.py::test_tls_sni_empty_cn FAILEDPath to unit.log:
/tmp/unit-test-jkwyc001/unit.log
2025/01/23 03:39:33 [error] 93775#93776 *86 SSL_do_handshake(32) failed (1046: ssl/tls alert certificate unknown) (OpenSSL: error:0A000416:SSL routines::ssl/tls alert certificate unknown:SSL alert number 46)
test/test_tls_sni.py::test_tls_sni_invalid PASSED
===================================================================================================================== FAILURES ======================================================================================================================
___________________________________________________________________________________________________________________ test_tls_sni ____________________________________________________________________________________________________________________
def test_tls_sni():
bundles = {
"default": {"subj": "default", "alt_names": ["default"]},
"localhost.com": {
"subj": "localhost.com",
"alt_names": ["alt1.localhost.com"],
},
"example.com": {
"subj": "example.com",
"alt_names": ["alt1.example.com", "alt2.example.com"],
},
}
ctx = config_bundles(bundles)
add_tls(["default", "localhost.com", "example.com"])
> check_cert('alt1.localhost.com', bundles['localhost.com']['subj'], ctx)
test/test_tls_sni.py:166:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test/test_tls_sni.py:33: in check_cert
resp, sock = client.get_ssl(
test/unit/applications/tls.py:51: in get_ssl
return self.get(wrapper=context.wrap_socket, **kwargs)
test/unit/http.py:165: in get
return self.http('GET', **kwargs)
test/unit/http.py:51: in http
sock.connect(connect_args)
/usr/lib64/python3.13/ssl.py:1405: in connect
self._real_connect(addr, False)
/usr/lib64/python3.13/ssl.py:1396: in _real_connect
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket fd=5, family=2, type=1, proto=0, laddr=('127.0.0.1', 55034), raddr=('127.0.0.1', 8080)>, block = False
@_sslcopydoc
def do_handshake(self, block=False):
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
/usr/lib64/python3.13/ssl.py:1372: SSLCertVerificationError
_____________________________________________________________________________________________________________ test_tls_sni_no_hostname ______________________________________________________________________________________________________________
def test_tls_sni_no_hostname():
bundles = {
"localhost.com": {"subj": "localhost.com", "alt_names": []},
"example.com": {
"subj": "example.com",
"alt_names": ["example.com"],
},
}
ctx = config_bundles(bundles)
add_tls(["localhost.com", "example.com"])
> resp, sock = client.get_ssl(
headers={'Content-Length': '0', 'Connection': 'close'},
start=True,
context=ctx,
)
test/test_tls_sni.py:182:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test/unit/applications/tls.py:51: in get_ssl
return self.get(wrapper=context.wrap_socket, **kwargs)
test/unit/http.py:165: in get
return self.http('GET', **kwargs)
test/unit/http.py:51: in http
sock.connect(connect_args)
/usr/lib64/python3.13/ssl.py:1405: in connect
self._real_connect(addr, False)
/usr/lib64/python3.13/ssl.py:1396: in _real_connect
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket fd=6, family=2, type=1, proto=0, laddr=('127.0.0.1', 55044), raddr=('127.0.0.1', 8080)>, block = False
@_sslcopydoc
def do_handshake(self, block=False):
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
/usr/lib64/python3.13/ssl.py:1372: SSLCertVerificationError
______________________________________________________________________________________________________________ test_tls_sni_upper_case ______________________________________________________________________________________________________________
def test_tls_sni_upper_case():
bundles = {
"localhost.com": {"subj": "LOCALHOST.COM", "alt_names": []},
"example.com": {
"subj": "example.com",
"alt_names": ["ALT1.EXAMPLE.COM", "*.ALT2.EXAMPLE.COM"],
},
}
ctx = config_bundles(bundles)
add_tls(["localhost.com", "example.com"])
> check_cert('localhost.com', bundles['localhost.com']['subj'], ctx)
test/test_tls_sni.py:205:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test/test_tls_sni.py:33: in check_cert
resp, sock = client.get_ssl(
test/unit/applications/tls.py:51: in get_ssl
return self.get(wrapper=context.wrap_socket, **kwargs)
test/unit/http.py:165: in get
return self.http('GET', **kwargs)
test/unit/http.py:51: in http
sock.connect(connect_args)
/usr/lib64/python3.13/ssl.py:1405: in connect
self._real_connect(addr, False)
/usr/lib64/python3.13/ssl.py:1396: in _real_connect
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket fd=7, family=2, type=1, proto=0, laddr=('127.0.0.1', 55052), raddr=('127.0.0.1', 8080)>, block = False
@_sslcopydoc
def do_handshake(self, block=False):
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
/usr/lib64/python3.13/ssl.py:1372: SSLCertVerificationError
_____________________________________________________________________________________________________________ test_tls_sni_only_bundle ______________________________________________________________________________________________________________
def test_tls_sni_only_bundle():
bundles = {
"localhost.com": {
"subj": "localhost.com",
"alt_names": ["alt1.localhost.com", "alt2.localhost.com"],
}
}
ctx = config_bundles(bundles)
add_tls(["localhost.com"])
> check_cert('domain.com', bundles['localhost.com']['subj'], ctx)
test/test_tls_sni.py:222:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test/test_tls_sni.py:33: in check_cert
resp, sock = client.get_ssl(
test/unit/applications/tls.py:51: in get_ssl
return self.get(wrapper=context.wrap_socket, **kwargs)
test/unit/http.py:165: in get
return self.http('GET', **kwargs)
test/unit/http.py:51: in http
sock.connect(connect_args)
/usr/lib64/python3.13/ssl.py:1405: in connect
self._real_connect(addr, False)
/usr/lib64/python3.13/ssl.py:1396: in _real_connect
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket fd=5, family=2, type=1, proto=0, laddr=('127.0.0.1', 55058), raddr=('127.0.0.1', 8080)>, block = False
@_sslcopydoc
def do_handshake(self, block=False):
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
/usr/lib64/python3.13/ssl.py:1372: SSLCertVerificationError
_______________________________________________________________________________________________________________ test_tls_sni_wildcard _______________________________________________________________________________________________________________
def test_tls_sni_wildcard():
bundles = {
"localhost.com": {"subj": "localhost.com", "alt_names": []},
"example.com": {
"subj": "example.com",
"alt_names": ["*.example.com", "*.alt.example.com"],
},
}
ctx = config_bundles(bundles)
add_tls(["localhost.com", "example.com"])
> check_cert('example.com', bundles['localhost.com']['subj'], ctx)
test/test_tls_sni.py:237:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test/test_tls_sni.py:33: in check_cert
resp, sock = client.get_ssl(
test/unit/applications/tls.py:51: in get_ssl
return self.get(wrapper=context.wrap_socket, **kwargs)
test/unit/http.py:165: in get
return self.http('GET', **kwargs)
test/unit/http.py:51: in http
sock.connect(connect_args)
/usr/lib64/python3.13/ssl.py:1405: in connect
self._real_connect(addr, False)
/usr/lib64/python3.13/ssl.py:1396: in _real_connect
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket fd=6, family=2, type=1, proto=0, laddr=('127.0.0.1', 55064), raddr=('127.0.0.1', 8080)>, block = False
@_sslcopydoc
def do_handshake(self, block=False):
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
/usr/lib64/python3.13/ssl.py:1372: SSLCertVerificationError
__________________________________________________________________________________________________________ test_tls_sni_duplicated_bundle ___________________________________________________________________________________________________________
def test_tls_sni_duplicated_bundle():
bundles = {
"localhost.com": {
"subj": "localhost.com",
"alt_names": ["localhost.com", "alt2.localhost.com"],
}
}
ctx = config_bundles(bundles)
add_tls(["localhost.com", "localhost.com"])
> check_cert('localhost.com', bundles['localhost.com']['subj'], ctx)
test/test_tls_sni.py:254:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test/test_tls_sni.py:33: in check_cert
resp, sock = client.get_ssl(
test/unit/applications/tls.py:51: in get_ssl
return self.get(wrapper=context.wrap_socket, **kwargs)
test/unit/http.py:165: in get
return self.http('GET', **kwargs)
test/unit/http.py:51: in http
sock.connect(connect_args)
/usr/lib64/python3.13/ssl.py:1405: in connect
self._real_connect(addr, False)
/usr/lib64/python3.13/ssl.py:1396: in _real_connect
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket fd=8, family=2, type=1, proto=0, laddr=('127.0.0.1', 55068), raddr=('127.0.0.1', 8080)>, block = False
@_sslcopydoc
def do_handshake(self, block=False):
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
/usr/lib64/python3.13/ssl.py:1372: SSLCertVerificationError
_______________________________________________________________________________________________________________ test_tls_sni_same_alt _______________________________________________________________________________________________________________
def test_tls_sni_same_alt():
bundles = {
"localhost": {"subj": "subj1", "alt_names": "same.altname.com"},
"example": {"subj": "subj2", "alt_names": "same.altname.com"},
}
ctx = config_bundles(bundles)
add_tls(["localhost", "example"])
> check_cert('localhost', bundles['localhost']['subj'], ctx)
test/test_tls_sni.py:266:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test/test_tls_sni.py:33: in check_cert
resp, sock = client.get_ssl(
test/unit/applications/tls.py:51: in get_ssl
return self.get(wrapper=context.wrap_socket, **kwargs)
test/unit/http.py:165: in get
return self.http('GET', **kwargs)
test/unit/http.py:51: in http
sock.connect(connect_args)
/usr/lib64/python3.13/ssl.py:1405: in connect
self._real_connect(addr, False)
/usr/lib64/python3.13/ssl.py:1396: in _real_connect
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket fd=9, family=2, type=1, proto=0, laddr=('127.0.0.1', 55082), raddr=('127.0.0.1', 8080)>, block = False
@_sslcopydoc
def do_handshake(self, block=False):
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
/usr/lib64/python3.13/ssl.py:1372: SSLCertVerificationError
_______________________________________________________________________________________________________________ test_tls_sni_empty_cn _______________________________________________________________________________________________________________
def test_tls_sni_empty_cn():
bundles = {"localhost": {"alt_names": ["alt.localhost.com"]}}
ctx = config_bundles(bundles)
add_tls(["localhost"])
> resp, sock = client.get_ssl(
headers={
'Host': 'domain.com',
'Content-Length': '0',
'Connection': 'close',
},
start=True,
context=ctx,
)
test/test_tls_sni.py:275:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test/unit/applications/tls.py:51: in get_ssl
return self.get(wrapper=context.wrap_socket, **kwargs)
test/unit/http.py:165: in get
return self.http('GET', **kwargs)
test/unit/http.py:51: in http
sock.connect(connect_args)
/usr/lib64/python3.13/ssl.py:1405: in connect
self._real_connect(addr, False)
/usr/lib64/python3.13/ssl.py:1396: in _real_connect
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket fd=5, family=2, type=1, proto=0, laddr=('127.0.0.1', 55086), raddr=('127.0.0.1', 8080)>, block = False
@_sslcopydoc
def do_handshake(self, block=False):
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Subject name empty (_ssl.c:1020)
/usr/lib64/python3.13/ssl.py:1372: SSLCertVerificationError
============================================================================================================== short test summary info ==============================================================================================================
FAILED test/test_tls_sni.py::test_tls_sni - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
FAILED test/test_tls_sni.py::test_tls_sni_no_hostname - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
FAILED test/test_tls_sni.py::test_tls_sni_upper_case - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
FAILED test/test_tls_sni.py::test_tls_sni_only_bundle - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
FAILED test/test_tls_sni.py::test_tls_sni_wildcard - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
FAILED test/test_tls_sni.py::test_tls_sni_duplicated_bundle - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
FAILED test/test_tls_sni.py::test_tls_sni_same_alt - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)
FAILED test/test_tls_sni.py::test_tls_sni_empty_cn - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Subject name empty (_ssl.c:1020)
============================================================================================================ 8 failed, 1 passed in 2.47s ============================================================================================================