diff options
| author | Jean-Paul Calderone <exarkun@divmod.com> | 2011-09-13 15:24:38 -0400 |
|---|---|---|
| committer | Jean-Paul Calderone <exarkun@divmod.com> | 2011-09-13 15:24:38 -0400 |
| commit | c7293bccb98f09b9d5dfcf5963b935faefe91895 (patch) | |
| tree | f465b3216994fdee84fb2cb27aeefce5af43faac /OpenSSL | |
| parent | 54d99bc73ef61acde9ad89a905718e523ddf89e7 (diff) | |
| download | pyopenssl-c7293bccb98f09b9d5dfcf5963b935faefe91895.tar.gz | |
Correctly handle errors from X509_CRL_sign
Diffstat (limited to 'OpenSSL')
| -rw-r--r-- | OpenSSL/crypto/crl.c | 14 | ||||
| -rw-r--r-- | OpenSSL/test/test_crypto.py | 9 |
2 files changed, 19 insertions, 4 deletions
diff --git a/OpenSSL/crypto/crl.c b/OpenSSL/crypto/crl.c index 6a14bce..614a606 100644 --- a/OpenSSL/crypto/crl.c +++ b/OpenSSL/crypto/crl.c @@ -131,13 +131,13 @@ crypto_CRL_export(crypto_CRLObj *self, PyObject *args, PyObject *keywds) { ASN1_TIME *tmptm; crypto_X509Obj *x509; static char *kwlist[] = {"cert", "key", "type", "days", NULL}; - + if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist, - &crypto_X509_Type, &x509, + &crypto_X509_Type, &x509, &crypto_PKey_Type, &key, &type, &days)) { return NULL; } - + bio = BIO_new(BIO_s_mem()); tmptm = ASN1_TIME_new(); if (!tmptm) { @@ -149,7 +149,13 @@ crypto_CRL_export(crypto_CRLObj *self, PyObject *args, PyObject *keywds) { X509_CRL_set_nextUpdate(self->crl, tmptm); ASN1_TIME_free(tmptm); X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509)); - X509_CRL_sign(self->crl, key->pkey, EVP_md5()); + + if (!X509_CRL_sign(self->crl, key->pkey, EVP_md5())) { + exception_from_error_queue(crypto_Error); + BIO_free(bio); + return NULL; + } + switch (type) { case X509_FILETYPE_PEM: ret = PEM_write_bio_X509_CRL(bio, self->crl); diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py index b8c7ab1..56638e8 100644 --- a/OpenSSL/test/test_crypto.py +++ b/OpenSSL/test/test_crypto.py @@ -2515,6 +2515,15 @@ class CRLTests(TestCase): self.assertEqual(text, dumped_text) + def test_export_invalid(self): + """ + If :py:obj:`CRL.export` is used with an uninitialized :py:obj:`X509` + instance, :py:obj:`ValueError` is raised. + """ + crl = CRL() + self.assertRaises(Error, crl.export, X509(), PKey()) + + def test_add_revoked_keyword(self): """ :py:obj:`OpenSSL.CRL.add_revoked` accepts its single argument as the |