"""Check AddTrust External CA Root

https://bugzilla.redhat.com/show_bug.cgi?id=1842174
"""
from __future__ import print_function

import socket
import ssl
import sys

try:
    from urllib2 import urlopen
except ImportError:
    from urllib.request import urlopen

X509_V_FLAG_TRUSTED_FIRST = 0x8000
URL = "https://addtrust-chain.demo.sslmate.com"

print(sys.version)
print(ssl.OPENSSL_VERSION)
print()

ctx = ssl.create_default_context()
assert ctx.verify_mode == ssl.CERT_REQUIRED
assert ctx.check_hostname == True

print("Try with default verify flags")
print("verify_flags", hex(ctx.verify_flags))
try:
    urlopen(URL, context=ctx)
except Exception as e:
    print("FAILED")
    print(e)
else:
    print("success")
print()

print("Try again with X509_V_FLAG_TRUSTED_FIRST")
ctx.verify_flags |= X509_V_FLAG_TRUSTED_FIRST
print("verify_flags", hex(ctx.verify_flags))
try:
    urlopen(URL, context=ctx)
except Exception as e:
    print("FAILED")
    print(e)
else:
    print("success")
print()