diff options
-rw-r--r-- | SWIG/_lib.i | 17 | ||||
-rw-r--r-- | tests/sample-p7.pem | 102 | ||||
-rw-r--r-- | tests/test_obj.py | 22 | ||||
-rw-r--r-- | tests/test_smime.py | 23 |
4 files changed, 162 insertions, 2 deletions
diff --git a/SWIG/_lib.i b/SWIG/_lib.i index 31e9512..c84b800 100644 --- a/SWIG/_lib.i +++ b/SWIG/_lib.i @@ -224,8 +224,21 @@ PyObject *m2_PyFile_Name(PyObject *pyfile) { #define m2_PyErr_Msg(type) m2_PyErr_Msg_Caller(type, (const char*) __FUNCTION__) static void m2_PyErr_Msg_Caller(PyObject *err_type, const char* caller) { - const char *err_msg; - if ((err_msg = ERR_reason_error_string(ERR_get_error())) != NULL) { + const char *err_reason; + const char *data; + int flags; + /* This max size of a (longer than ours) OpenSSL error string is hardcoded + * in OpenSSL's crypto/err/err_prn.c:ERR_print_errors_cb() */ + char err_msg[4096]; + unsigned long err_code = ERR_get_error_line_data(NULL, NULL, &data, &flags); + + if (err_code != 0) { + err_reason = ERR_reason_error_string(err_code); + if (data && (flags & ERR_TXT_STRING)) + snprintf(err_msg, sizeof(err_msg), "%s (%s)", err_reason, data); + else + snprintf(err_msg, sizeof(err_msg), "%s", err_reason); + PyErr_SetString(err_type, err_msg); } else { PyErr_Format(err_type, "Unknown error in function %s.", caller); diff --git a/tests/sample-p7.pem b/tests/sample-p7.pem new file mode 100644 index 0000000..46034f0 --- /dev/null +++ b/tests/sample-p7.pem @@ -0,0 +1,102 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----38FBD2321B4A76C8BE88AFD029CDED23" + +This is an S/MIME signed message + +------38FBD2321B4A76C8BE88AFD029CDED23 +This directory contains unit tests for M2Crypto.
+
+To run all tests, make sure you have installed setuptools and then issue the
+following command from the M2Crypto root directory:
+
+python setup.py test
+
+To run tests in a single file, for example test_ssl.py, do this:
+
+python setup.py test --test-suite=tests.test_ssl
+
+
+Look also in the demo directory for other samples.
+
+
+To create new test certificates:
+
+mkdir certs
+cd certs
+
+Making the CA. You may want to use a locally edited openssl.cnf to
+make sure that X509v3 Basic Constraints CA:TRUE gets set (by default
+it may be false). By default duration may only be just one year; should
+set this for at least 3 years.
+
+CA.sh -newca
+cp demoCA/cacert.pem ../ca.pem
+
+Making the server certificate and private key. make sure commonName
+field is localhost.
+
+CA.sh -newreq
+CA.sh -signreq
+cp newcert.pem ../server.pem
+openssl rsa <newkey.pem >>../server.pem
+
+Making the x509 certificate and key.
+
+CA.sh -newreq
+CA.sh -signreq
+cp newcert.pem ../x509.pem
+openssl rsa <newkey.pem >>../x509.pem
+openssl x509 -in ../x509.pem -out ../x509.der -outform DER
+
+Making the signer certificate. Make sure the email address is
+signer@example.com.
+
+CA.sh -newreq
+CA.sh -signreq
+cp newcert.pem ../signer.pem
+openssl rsa <newkey.pem >../signer_key.pem
+
+Making the recipient certificate. Make sure the email address is
+recipient@example.com.
+
+CA.sh -newreq
+CA.sh -signreq
+cp newcert.pem ../recipient.pem
+openssl rsa <newkey.pem >../recipient_key.pem
+
+
+Finally run the tests and edit for new values.
+ +------38FBD2321B4A76C8BE88AFD029CDED23 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEhQYJKoZIhvcNAQcCoIIEdjCCBHICAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJkMIICYDCCAcmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBPMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEChMITTJDcnlw +dG8xGDAWBgNVBAMTD0hlaWtraSBUb2l2b25lbjAeFw0xNTExMjYyMTMzMTJaFw0y +NTExMjMyMTMzMTJaMG8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MREwDwYDVQQKEwhNMkNyeXB0bzESMBAGA1UEAxMJUmVjaXBpZW50MSQwIgYJKoZI +hvcNAQkBFhVyZWNpcGllbnRAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAJaMhIx8GBrTwmJdDwilmD2LkUw0b80Vr1Ycffk2pgE8nGPPIGT6 +dySl4cv+j1rAqJAbmaMCakPv+TGseQH5zEYRfKrRh9+V1PGkesv8TC6LMyL1M/hT +augiSBiW8kk5/zOZA+U9wiJS8TOWILzRyCG7S3U9Kz1RTqoP1XNdZkS/AgMBAAGj +LDAqMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFON3U+KXkkZq9wvnavqx8PK9vXUMA0G +CSqGSIb3DQEBBQUAA4GBABCx3TS7lz4+2ODeapnJvoy3gMcdMNs6aNWk2QJ2K3Zi +AIYwWgYDZZK5AKRClF90xpRELowHVfPBbnoKF2ZW71Cvo1/x95dmKdO0FBM0eZaY +rVjbIOb8+nCsHCKQv3vD6uOKCr26SP/lyVCDGNkeYTDAx2zqM/7Q/Kga8Zuj3JEQ +MYIB5TCCAeECAQEwVDBPMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p +YTERMA8GA1UEChMITTJDcnlwdG8xGDAWBgNVBAMTD0hlaWtraSBUb2l2b25lbgIB +BDANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG +CSqGSIb3DQEJBTEPFw0xODA3MjMxODExNTNaMC8GCSqGSIb3DQEJBDEiBCAFNpRM +82d8yvtEyK+nEYuCf5KuyfnooeJYkzIbqUb2yDB5BgkqhkiG9w0BCQ8xbDBqMAsG +CWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMH +MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG +9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgEEVB6XZeD44cN+6qmj1LR5Jh6JLGnIQ +eQPGrI8Ygymc1dVDWC72872Xp3UTidhMnCyN36QNBZ7GL63tc2mCZ9rgWE24mvqx +cj5hCyXF240ty20igJe5BDaXHgzO0JGJPUtoOxNWrM40IhGxh9MSGlfioMOsuRD4 +gDf9hUfjCkvG + +------38FBD2321B4A76C8BE88AFD029CDED23-- + diff --git a/tests/test_obj.py b/tests/test_obj.py index 737511a..7748492 100644 --- a/tests/test_obj.py +++ b/tests/test_obj.py @@ -105,6 +105,28 @@ class ObjectsTestCase(unittest.TestCase): self.assertEqual(n.as_text(), n1.as_text(), n1.as_text()) + # Detailed OpenSSL error message is visible in Python error message: + def test_detailed_error_message(self): + from M2Crypto import SMIME, X509 + s = SMIME.SMIME() + x509 = X509.load_cert('tests/recipient.pem') + sk = X509.X509_Stack() + sk.push(x509) + s.set_x509_stack(sk) + + st = X509.X509_Store() + st.load_info('tests/recipient.pem') + s.set_x509_store(st) + + p7, data = SMIME.smime_load_pkcs7('tests/sample-p7.pem') + self.assertIsInstance(p7, SMIME.PKCS7, p7) + + try: + s.verify(p7, data) + except SMIME.PKCS7_Error as e: + self.assertRegexpMatches(str(e), + "unable to get local issuer certificate", + "Not received expected error message") def suite(): t_suite = unittest.TestSuite() diff --git a/tests/test_smime.py b/tests/test_smime.py index a0edca8..2d9b105 100644 --- a/tests/test_smime.py +++ b/tests/test_smime.py @@ -209,6 +209,29 @@ class SMIMETestCase(unittest.TestCase): with self.assertRaises(SMIME.PKCS7_Error): s.verify(p7) # Bad signer + # This test is not SMIME-specific - it tests that the additional OpenSSL + # error message is visible in Python error messages. + def test_detailed_error_message(self): + s = SMIME.SMIME() + x509 = X509.load_cert('tests/recipient.pem') + sk = X509.X509_Stack() + sk.push(x509) + s.set_x509_stack(sk) + + st = X509.X509_Store() + st.load_info('tests/recipient.pem') + s.set_x509_store(st) + + p7, data = SMIME.smime_load_pkcs7_bio(self.signed) + self.assertIsInstance(p7, SMIME.PKCS7, p7) + + try: + s.verify(p7, data) + except SMIME.PKCS7_Error as e: + self.assertRegexpMatches(str(e), + "unable to get local issuer certificate", + "Not received expected error message") + def test_encrypt(self): buf = BIO.MemoryBuffer(self.cleartext) s = SMIME.SMIME() |