* Added new test to test_urllib2 test04_open_peer_cert_verification_fails - checks for failure through missing CA verification chain.

git-svn-id: http://proj.badc.rl.ac.uk/svn/ndg-security/trunk/ndg_httpsclient@8016 051b1e3e-aa0c-0410-b6c2-bfbade6052be

ndg/httpsclient/test/test_urllib2.py

@@ -12,6 +12,7 @@ __revision__ = '$Id$'
 from urllib2 import URLError
 import unittest
 
+from OpenSSL import SSL
 from ndg.httpsclient.test import Constants
 from ndg.httpsclient.urllib2_build_opener import build_opener
 
@@ -29,10 +30,21 @@ class Urllib2TestCase(unittest.TestCase):
         self.assert_(res)
         print("res = %s" % res.read())
 
-    def test03_open_fails(self):
+    def test03_open_fails_unknown_loc(self):
         opener = build_opener()
         self.failUnlessRaises(URLError, opener.open, Constants.TEST_URI2)
         
-
+    def test04_open_peer_cert_verification_fails(self):
+        # Explicitly set empty CA directory to make verification fail
+        ctx = SSL.Context(SSL.SSLv3_METHOD)
+        verify_callback = lambda conn, x509, errnum, errdepth, preverify_ok: \
+            preverify_ok 
+            
+        ctx.set_verify(SSL.VERIFY_PEER, verify_callback)
+        ctx.load_verify_locations(None, './')
+        opener = build_opener(ssl_context=ctx)
+        self.failUnlessRaises(SSL.Error, opener.open, Constants.TEST_URI)
+        
+        
 if __name__ == "__main__":
     unittest.main()