From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Thu, 15 Nov 2018 16:54:21 +0000 (+0100)
Subject: pytests: import test_tls_cert_expired (test17)
X-Git-Tag: v3.2.0~18^2~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25b6197e0f31785bd576bfe39c76d860a87b3bb8;p=thirdparty%2Fknot-resolver.git

pytests: import test_tls_cert_expired (test17)
---

diff --git a/tests/pytests/test_tls_certs.py b/tests/pytests/test_tls_certs.py
index 8c4f455d1..1eec53db5 100644
--- a/tests/pytests/test_tls_certs.py
+++ b/tests/pytests/test_tls_certs.py
@@ -32,3 +32,12 @@ def test_tls_cert_hostname_mismatch(kresd_tt, sock_family):
 
     with pytest.raises(ssl.CertificateError):
         ssock.connect(dest)
+
+
+def test_tls_cert_expired(kresd_tt_expired, sock_family):
+    sock, dest = kresd_tt_expired.stream_socket(sock_family, tls=True)
+    ctx = utils.make_ssl_context(verify_location=kresd_tt_expired.tls_cert_path)
+    ssock = ctx.wrap_socket(sock, server_hostname='transport-test-server.com')
+
+    with pytest.raises(ssl.SSLError):
+        ssock.connect(dest)