Fix Failing tests with openssl >= 1.1.0

keystoneclient.tests.unit.test_cms.CMSTest.test_cms_verify keystoneclient.tests.unit.test_cms.CMSTest.test_cms_verify_token_no_files failing with: Command 'openssl' returned non-zero exit status 1 I think its OpenSSL >= 1.1 bug, which returns wrong exit code (1 instead of 2) if input file not exists. Change-Id: I776596487f305c759b88c0d4c604571c33c6ef70 Closes-Bug: #1646858
author: Ondřej Kobližek <koblizeko@gmail.com> 2016-12-02 16:26:05 +0100
committer: Steve Martinelli <s.martinelli@gmail.com> 2016-12-04 05:03:57 +0000
commit: 7917e03652dbd100aa38808157d64f7607ecc0a6 (patch)
tree: 00c382dc793d8cf19159fcf34f7ac8987789dc6a /keystoneclient
parent: a2bd23c0dd9ca7ccfcd01640c500e9059a766128 (diff)
download: python-keystoneclient-7917e03652dbd100aa38808157d64f7607ecc0a6.tar.gz
1 files changed, 15 insertions, 4 deletions
diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
index 16e32c6..fb30602 100644
--- a/keystoneclient/common/cms.py
+++ b/keystoneclient/common/cms.py
@@ -42,9 +42,10 @@ DEFAULT_TOKEN_DIGEST_ALGORITHM = 'sha256'
 
 
 # The openssl cms command exits with these status codes.
-# See https://www.openssl.org/docs/apps/cms.html#EXIT_CODES
+# See https://www.openssl.org/docs/man1.1.0/apps/cms.html#EXIT-CODES
 class OpensslCmsExitStatus(object):
     SUCCESS = 0
+    COMMAND_OPTIONS_PARSING_ERROR = 1
     INPUT_FILE_READ_ERROR = 2
     CREATE_CMS_READ_MIME_ERROR = 3
 
@@ -180,21 +181,31 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name,
     # Do not log errors, as some happen in the positive thread
     # instead, catch them in the calling code and log them there.
 
-    # When invoke the openssl with not exist file, return code 2
-    # and error msg will be returned.
+    # When invoke the openssl >= 1.1.0 with not exist file, return code should
+    # be 2 instead of 1 and error msg will be returned.
     # You can get more from
-    # http://www.openssl.org/docs/apps/cms.html#EXIT_CODES
+    # https://www.openssl.org/docs/man1.1.0/apps/cms.html#EXIT-CODES
     #
     # $ openssl cms -verify -certfile not_exist_file -CAfile
     #       not_exist_file -inform PEM -nosmimecap -nodetach
     #       -nocerts -noattr
+    # openssl < 1.1.0 returns
     # Error opening certificate file not_exist_file
+    # openssl >= 1.1.0 returns
+    # cms: Cannot open input file not_exist_file, No such file or directory
     #
     if retcode == OpensslCmsExitStatus.INPUT_FILE_READ_ERROR:
         if err.startswith('Error reading S/MIME message'):
             raise exceptions.CMSError(err)
         else:
             raise exceptions.CertificateConfigError(err)
+    # workaround for OpenSSL >= 1.1.0,
+    # should return OpensslCmsExitStatus.INPUT_FILE_READ_ERROR
+    elif retcode == OpensslCmsExitStatus.COMMAND_OPTIONS_PARSING_ERROR:
+        if err.startswith('cms: Cannot open input file'):
+            raise exceptions.CertificateConfigError(err)
+        else:
+            raise subprocess.CalledProcessError(retcode, 'openssl', output=err)
     elif retcode != OpensslCmsExitStatus.SUCCESS:
         raise subprocess.CalledProcessError(retcode, 'openssl', output=err)
     return output
author	Ondřej Kobližek <koblizeko@gmail.com>	2016-12-02 16:26:05 +0100
committer	Steve Martinelli <s.martinelli@gmail.com>	2016-12-04 05:03:57 +0000
commit	7917e03652dbd100aa38808157d64f7607ecc0a6 (patch)
tree	00c382dc793d8cf19159fcf34f7ac8987789dc6a /keystoneclient
parent	a2bd23c0dd9ca7ccfcd01640c500e9059a766128 (diff)
download	python-keystoneclient-7917e03652dbd100aa38808157d64f7607ecc0a6.tar.gz