From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Thu, 15 Nov 2018 16:52:00 +0000 (+0100)
Subject: pytests: import test_tls_cert_hostname_mismatch (test16)
X-Git-Tag: v3.2.0~18^2~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1036a969547ce32803f2055068a784b67ec4e6f7;p=thirdparty%2Fknot-resolver.git

pytests: import test_tls_cert_hostname_mismatch (test16)
---

diff --git a/tests/pytests/test_tls_certs.py b/tests/pytests/test_tls_certs.py
index 18d7d9477..8c4f455d1 100644
--- a/tests/pytests/test_tls_certs.py
+++ b/tests/pytests/test_tls_certs.py
@@ -1,5 +1,9 @@
 """Tests with TLS certificates"""
 
+import ssl
+
+import pytest
+
 import utils
 
 
@@ -19,3 +23,12 @@ def test_tls_selfsigned_cert(kresd_tt, sock_family):
     ssock.connect(dest)
 
     utils.ping_alive(ssock)
+
+
+def test_tls_cert_hostname_mismatch(kresd_tt, sock_family):
+    sock, dest = kresd_tt.stream_socket(sock_family, tls=True)
+    ctx = utils.make_ssl_context(verify_location=kresd_tt.tls_cert_path)
+    ssock = ctx.wrap_socket(sock, server_hostname='wrong-host-name')
+
+    with pytest.raises(ssl.CertificateError):
+        ssock.connect(dest)