diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-11-30 20:55:25 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-11-30 07:55:25 -0500 |
commit | e73818600065821d588af475b024f4eb518c3509 (patch) | |
tree | 8133b415490c43308be803927c0c51515b46af89 /tests | |
parent | f724786613f90eb6e6ea26f4dbe17a1cda238d1e (diff) | |
download | pyopenssl-git-e73818600065821d588af475b024f4eb518c3509.tar.gz |
fix a memory leak and a potential UAF and also #722 (#723)
* fix a memory leak and a potential UAF and also #722
* sanity check
* bump cryptography minimum version, add changelog
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test_ssl.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/test_ssl.py b/tests/test_ssl.py index 03f9abd..76d8c4d 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -1279,6 +1279,31 @@ class TestContext(object): assert verify.connection is clientConnection + def test_x509_in_verify_works(self): + """ + We had a bug where the X509 cert instantiated in the callback wrapper + didn't __init__ so it was missing objects needed when calling + get_subject. This test sets up a handshake where we call get_subject + on the cert provided to the verify callback. + """ + serverContext = Context(TLSv1_METHOD) + serverContext.use_privatekey( + load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)) + serverContext.use_certificate( + load_certificate(FILETYPE_PEM, cleartextCertificatePEM)) + serverConnection = Connection(serverContext, None) + + def verify_cb_get_subject(conn, cert, errnum, depth, ok): + assert cert.get_subject() + return 1 + + clientContext = Context(TLSv1_METHOD) + clientContext.set_verify(VERIFY_PEER, verify_cb_get_subject) + clientConnection = Connection(clientContext, None) + clientConnection.set_connect_state() + + handshake_in_memory(clientConnection, serverConnection) + def test_set_verify_callback_exception(self): """ If the verify callback passed to `Context.set_verify` raises an |