Add the ability to set a custom verification time on X509Store (#567)

author: Thomas Sileo <tsileo@users.noreply.github.com> 2016-11-22 18:13:30 +0100
committer: Hynek Schlawack <hs@ox.cx> 2016-11-22 18:13:30 +0100
commit: e15e60a587efcddd61e391a8e5917291c98d554e (patch)
tree: 06ce1ac56ad303438193696b606411559af07a69 /tests/test_crypto.py
parent: 33675f90f18cb8e926fccb13a1e60e900d56f7ff (diff)
download: pyopenssl-git-e15e60a587efcddd61e391a8e5917291c98d554e.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index e75e3ad..e4cf496 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -3728,6 +3728,27 @@ class X509StoreContextTests(TestCase):
         store_ctx.set_store(store_good)
         self.assertEqual(store_ctx.verify_certificate(), None)
 
+    def test_verify_with_time(self):
+        """
+        `verify_certificate` raises error when the verification time is
+        set at notAfter.
+        """
+        store = X509Store()
+        store.add_cert(self.root_cert)
+        store.add_cert(self.intermediate_cert)
+
+        expire_time = self.intermediate_server_cert.get_notAfter()
+        expire_datetime = datetime.strptime(
+            expire_time.decode('utf-8'), '%Y%m%d%H%M%SZ'
+        )
+        store.set_time(expire_datetime)
+
+        store_ctx = X509StoreContext(store, self.intermediate_server_cert)
+        with pytest.raises(X509StoreContextError) as exc:
+            store_ctx.verify_certificate()
+
+        assert exc.value.args[0][2] == 'certificate has expired'
+
 
 class SignVerifyTests(TestCase):
     """
author	Thomas Sileo <tsileo@users.noreply.github.com>	2016-11-22 18:13:30 +0100
committer	Hynek Schlawack <hs@ox.cx>	2016-11-22 18:13:30 +0100
commit	e15e60a587efcddd61e391a8e5917291c98d554e (patch)
tree	06ce1ac56ad303438193696b606411559af07a69 /tests/test_crypto.py
parent	33675f90f18cb8e926fccb13a1e60e900d56f7ff (diff)
download	pyopenssl-git-e15e60a587efcddd61e391a8e5917291c98d554e.tar.gz