Merge pull request #88 from exarkun/set_verify-callback-argument

Fix a regression in which the first argument of the "verify" callback was incorrectly passed a `Context` instance instead of the `Connection` instance.
author: Jean-Paul Calderone <exarkun@twistedmatrix.com> 2014-05-06 09:01:07 -0400
committer: Jean-Paul Calderone <exarkun@twistedmatrix.com> 2014-05-06 09:01:07 -0400
commit: 06ddbf309a878ddd25934127d8ec8652538e5b47 (patch)
tree: 4c42a901f0515d193958eb336f358fde760971f1
parent: 238fb74dc95828a8e9fb0369460f1096663f3b78 (diff)
parent: 774230a95d8bb18819251c78d53481cf3f1850b1 (diff)
download: pyopenssl-06ddbf309a878ddd25934127d8ec8652538e5b47.tar.gz
4 files changed, 60 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index b73a144..9ad9317 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2014-05-05  Jean-Paul Calderone  <exarkun@twistedmatrix.com>
+
+	* OpenSSL/SSL.py: Fix a regression in which the first argument of
+	  the "verify" callback was incorrectly passed a ``Context`` instance
+	  instead of the ``Connection`` instance.
+	* OpenSSL/test/test_ssl.py: Add a test for the value passed as the
+	  first argument of the "verify" callback.
+
 2014-04-19  Jean-Paul Calderone  <exarkun@twistedmatrix.com>
 
 	* OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index 58553d6..7b1cbc1 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -166,7 +166,7 @@ class SysCallError(Error):
 
 
 class _VerifyHelper(object):
-    def __init__(self, connection, callback):
+    def __init__(self, callback):
         self._problems = []
 
         @wraps(callback)
@@ -176,6 +176,10 @@ class _VerifyHelper(object):
             error_number = _lib.X509_STORE_CTX_get_error(store_ctx)
             error_depth = _lib.X509_STORE_CTX_get_error_depth(store_ctx)
 
+            index = _lib.SSL_get_ex_data_X509_STORE_CTX_idx()
+            ssl = _lib.X509_STORE_CTX_get_ex_data(store_ctx, index)
+            connection = Connection._reverse_mapping[ssl]
+
             try:
                 result = callback(connection, cert, error_number, error_depth, ok)
             except Exception as e:
@@ -547,7 +551,7 @@ class Context(object):
         if not callable(callback):
             raise TypeError("callback must be callable")
 
-        self._verify_helper = _VerifyHelper(self, callback)
+        self._verify_helper = _VerifyHelper(callback)
         self._verify_callback = self._verify_helper.callback
         _lib.SSL_CTX_set_verify(self._context, mode, self._verify_callback)
 
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index 1d18fd0..6409b8e 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -279,6 +279,23 @@ class _LoopbackMixin:
                         write.bio_write(dirty)
 
 
+    def _handshakeInMemory(self, client_conn, server_conn):
+        """
+        Perform the TLS handshake between two :py:class:`Connection` instances
+        connected to each other via memory BIOs.
+        """
+        client_conn.set_connect_state()
+        server_conn.set_accept_state()
+
+        for conn in [client_conn, server_conn]:
+            try:
+                conn.do_handshake()
+            except WantReadError:
+                pass
+
+        self._interactInMemory(client_conn, server_conn)
+
+
 
 class VersionTests(TestCase):
     """
@@ -983,6 +1000,34 @@ class ContextTests(TestCase, _LoopbackMixin):
                     pass
 
 
+    def test_set_verify_callback_connection_argument(self):
+        """
+        The first argument passed to the verify callback is the
+        :py:class:`Connection` instance for which verification is taking place.
+        """
+        serverContext = Context(TLSv1_METHOD)
+        serverContext.use_privatekey(
+            load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))
+        serverContext.use_certificate(
+            load_certificate(FILETYPE_PEM, cleartextCertificatePEM))
+        serverConnection = Connection(serverContext, None)
+
+        class VerifyCallback(object):
+            def callback(self, connection, *args):
+                self.connection = connection
+                return 1
+
+        verify = VerifyCallback()
+        clientContext = Context(TLSv1_METHOD)
+        clientContext.set_verify(VERIFY_PEER, verify.callback)
+        clientConnection = Connection(clientContext, None)
+        clientConnection.set_connect_state()
+
+        self._handshakeInMemory(clientConnection, serverConnection)
+
+        self.assertIdentical(verify.connection, clientConnection)
+
+
     def test_set_verify_callback_exception(self):
         """
         If the verify callback passed to :py:obj:`Context.set_verify` raises an
diff --git a/setup.py b/setup.py
index f12714d..3d3fe04 100755
--- a/setup.py
+++ b/setup.py
@@ -34,7 +34,7 @@ setup(name='pyOpenSSL', version=__version__,
       maintainer_email = 'exarkun@twistedmatrix.com',
       url = 'https://github.com/pyca/pyopenssl',
       license = 'APL2',
-      install_requires=["cryptography>=0.3", "six>=1.5.2"],
+      install_requires=["cryptography>=0.4", "six>=1.5.2"],
       long_description = """\
 High-level wrapper around a subset of the OpenSSL library, includes
  * SSL.Connection objects, wrapping the methods of Python's portable
author	Jean-Paul Calderone <exarkun@twistedmatrix.com>	2014-05-06 09:01:07 -0400
committer	Jean-Paul Calderone <exarkun@twistedmatrix.com>	2014-05-06 09:01:07 -0400
commit	06ddbf309a878ddd25934127d8ec8652538e5b47 (patch)
tree	4c42a901f0515d193958eb336f358fde760971f1
parent	238fb74dc95828a8e9fb0369460f1096663f3b78 (diff)
parent	774230a95d8bb18819251c78d53481cf3f1850b1 (diff)
download	pyopenssl-06ddbf309a878ddd25934127d8ec8652538e5b47.tar.gz