From f332674ce1fb0780a887406c0076b88cc7ea8ad9 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sun, 19 Apr 2015 10:43:16 +1200
Subject: [PATCH] 100% unit tests

- Add SANs to pathod SSLConfig
- Fix tricky SSL establishment error test. Lets see if it's platform portable.
---
 libpathod/pathod.py | 19 ++++++++++++++-----
 test/test_pathoc.py |  5 ++++-
 test/test_pathod.py | 10 ++++------
 3 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/libpathod/pathod.py b/libpathod/pathod.py
index 1506e7435..457bdf61c 100644
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@@ -22,9 +22,15 @@ class PathodError(Exception):
 
 
 class SSLOptions:
-    def __init__(self, confdir=CONFDIR, cn=None, not_after_connect=None,
-                 request_client_cert=False, sslversion=tcp.SSLv23_METHOD,
-                 ciphers=None, certs=None):
+    def __init__(self,
+                 confdir=CONFDIR,
+                 cn=None,
+                 sans=(),
+                 not_after_connect=None,
+                 request_client_cert=False,
+                 sslversion=tcp.SSLv23_METHOD,
+                 ciphers=None,
+                 certs=None):
         self.confdir = confdir
         self.cn = cn
         self.certstore = certutils.CertStore.from_store(
@@ -37,13 +43,14 @@ class SSLOptions:
         self.request_client_cert = request_client_cert
         self.ciphers = ciphers
         self.sslversion = sslversion
+        self.sans = sans
 
     def get_cert(self, name):
         if self.cn:
             name = self.cn
         elif not name:
             name = DEFAULT_CERT_DOMAIN
-        return self.certstore.get_cert(name, [])
+        return self.certstore.get_cert(name, self.sans)
 
 
 class PathodHandler(tcp.BaseHandler):
@@ -51,7 +58,9 @@ class PathodHandler(tcp.BaseHandler):
     sni = None
 
     def info(self, s):
-        logger.info("%s:%s: %s" % (self.address.host, self.address.port, str(s)))
+        logger.info(
+            "%s:%s: %s" % (self.address.host, self.address.port, str(s))
+        )
 
     def handle_sni(self, connection):
         self.sni = connection.get_servername()
diff --git a/test/test_pathoc.py b/test/test_pathoc.py
index 23b42994f..ca67ff1f0 100644
--- a/test/test_pathoc.py
+++ b/test/test_pathoc.py
@@ -78,7 +78,10 @@ class _TestDaemon:
 
 class TestDaemonSSL(_TestDaemon):
     ssl = True
-    ssloptions = pathod.SSLOptions(request_client_cert=True)
+    ssloptions = pathod.SSLOptions(
+        request_client_cert=True,
+        sans = ["test1.com", "test2.com"]
+    )
 
     def test_sni(self):
         c = pathoc.Pathoc(
diff --git a/test/test_pathod.py b/test/test_pathod.py
index c966222f1..3638960ef 100644
--- a/test/test_pathod.py
+++ b/test/test_pathod.py
@@ -206,16 +206,14 @@ class TestDaemon(CommonTests):
 
 class TestDaemonSSL(CommonTests):
     ssl = True
-    def _test_ssl_conn_failure(self):
+
+    def test_ssl_conn_failure(self):
         c = tcp.TCPClient(("localhost", self.d.port))
         c.rbufsize = 0
         c.wbufsize = 0
         c.connect()
-        try:
-            while 1:
-                c.wfile.write("\r\n\r\n\r\n")
-        except:
-            pass
+        c.wfile.write("\0\0\0\0")
+        tutils.raises(tcp.NetLibError, c.convert_to_ssl)
         l = self.d.last_log()
         assert l["type"] == "error"
         assert "SSL" in l["msg"]