diff options
author | Ondřej Kobližek <koblizeko@gmail.com> | 2016-12-02 16:26:05 +0100 |
---|---|---|
committer | Steve Martinelli <s.martinelli@gmail.com> | 2016-12-04 05:03:57 +0000 |
commit | 7917e03652dbd100aa38808157d64f7607ecc0a6 (patch) | |
tree | 00c382dc793d8cf19159fcf34f7ac8987789dc6a /keystoneclient/common | |
parent | a2bd23c0dd9ca7ccfcd01640c500e9059a766128 (diff) | |
download | python-keystoneclient-7917e03652dbd100aa38808157d64f7607ecc0a6.tar.gz |
Fix Failing tests with openssl >= 1.1.0
keystoneclient.tests.unit.test_cms.CMSTest.test_cms_verify
keystoneclient.tests.unit.test_cms.CMSTest.test_cms_verify_token_no_files
failing with: Command 'openssl' returned non-zero exit status 1
I think its OpenSSL >= 1.1 bug, which returns wrong exit code (1 instead of
2) if input file not exists.
Change-Id: I776596487f305c759b88c0d4c604571c33c6ef70
Closes-Bug: #1646858
Diffstat (limited to 'keystoneclient/common')
-rw-r--r-- | keystoneclient/common/cms.py | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py index 16e32c6..fb30602 100644 --- a/keystoneclient/common/cms.py +++ b/keystoneclient/common/cms.py @@ -42,9 +42,10 @@ DEFAULT_TOKEN_DIGEST_ALGORITHM = 'sha256' # The openssl cms command exits with these status codes. -# See https://www.openssl.org/docs/apps/cms.html#EXIT_CODES +# See https://www.openssl.org/docs/man1.1.0/apps/cms.html#EXIT-CODES class OpensslCmsExitStatus(object): SUCCESS = 0 + COMMAND_OPTIONS_PARSING_ERROR = 1 INPUT_FILE_READ_ERROR = 2 CREATE_CMS_READ_MIME_ERROR = 3 @@ -180,21 +181,31 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name, # Do not log errors, as some happen in the positive thread # instead, catch them in the calling code and log them there. - # When invoke the openssl with not exist file, return code 2 - # and error msg will be returned. + # When invoke the openssl >= 1.1.0 with not exist file, return code should + # be 2 instead of 1 and error msg will be returned. # You can get more from - # http://www.openssl.org/docs/apps/cms.html#EXIT_CODES + # https://www.openssl.org/docs/man1.1.0/apps/cms.html#EXIT-CODES # # $ openssl cms -verify -certfile not_exist_file -CAfile # not_exist_file -inform PEM -nosmimecap -nodetach # -nocerts -noattr + # openssl < 1.1.0 returns # Error opening certificate file not_exist_file + # openssl >= 1.1.0 returns + # cms: Cannot open input file not_exist_file, No such file or directory # if retcode == OpensslCmsExitStatus.INPUT_FILE_READ_ERROR: if err.startswith('Error reading S/MIME message'): raise exceptions.CMSError(err) else: raise exceptions.CertificateConfigError(err) + # workaround for OpenSSL >= 1.1.0, + # should return OpensslCmsExitStatus.INPUT_FILE_READ_ERROR + elif retcode == OpensslCmsExitStatus.COMMAND_OPTIONS_PARSING_ERROR: + if err.startswith('cms: Cannot open input file'): + raise exceptions.CertificateConfigError(err) + else: + raise subprocess.CalledProcessError(retcode, 'openssl', output=err) elif retcode != OpensslCmsExitStatus.SUCCESS: raise subprocess.CalledProcessError(retcode, 'openssl', output=err) return output |