diff options
author | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2014-05-06 09:01:07 -0400 |
---|---|---|
committer | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2014-05-06 09:01:07 -0400 |
commit | 06ddbf309a878ddd25934127d8ec8652538e5b47 (patch) | |
tree | 4c42a901f0515d193958eb336f358fde760971f1 | |
parent | 238fb74dc95828a8e9fb0369460f1096663f3b78 (diff) | |
parent | 774230a95d8bb18819251c78d53481cf3f1850b1 (diff) | |
download | pyopenssl-06ddbf309a878ddd25934127d8ec8652538e5b47.tar.gz |
Merge pull request #88 from exarkun/set_verify-callback-argument
Fix a regression in which the first argument of the "verify" callback was incorrectly passed a `Context` instance instead of the `Connection` instance.
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | OpenSSL/SSL.py | 8 | ||||
-rw-r--r-- | OpenSSL/test/test_ssl.py | 45 | ||||
-rwxr-xr-x | setup.py | 2 |
4 files changed, 60 insertions, 3 deletions
@@ -1,3 +1,11 @@ +2014-05-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/SSL.py: Fix a regression in which the first argument of + the "verify" callback was incorrectly passed a ``Context`` instance + instead of the ``Connection`` instance. + * OpenSSL/test/test_ssl.py: Add a test for the value passed as the + first argument of the "verify" callback. + 2014-04-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py index 58553d6..7b1cbc1 100644 --- a/OpenSSL/SSL.py +++ b/OpenSSL/SSL.py @@ -166,7 +166,7 @@ class SysCallError(Error): class _VerifyHelper(object): - def __init__(self, connection, callback): + def __init__(self, callback): self._problems = [] @wraps(callback) @@ -176,6 +176,10 @@ class _VerifyHelper(object): error_number = _lib.X509_STORE_CTX_get_error(store_ctx) error_depth = _lib.X509_STORE_CTX_get_error_depth(store_ctx) + index = _lib.SSL_get_ex_data_X509_STORE_CTX_idx() + ssl = _lib.X509_STORE_CTX_get_ex_data(store_ctx, index) + connection = Connection._reverse_mapping[ssl] + try: result = callback(connection, cert, error_number, error_depth, ok) except Exception as e: @@ -547,7 +551,7 @@ class Context(object): if not callable(callback): raise TypeError("callback must be callable") - self._verify_helper = _VerifyHelper(self, callback) + self._verify_helper = _VerifyHelper(callback) self._verify_callback = self._verify_helper.callback _lib.SSL_CTX_set_verify(self._context, mode, self._verify_callback) diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py index 1d18fd0..6409b8e 100644 --- a/OpenSSL/test/test_ssl.py +++ b/OpenSSL/test/test_ssl.py @@ -279,6 +279,23 @@ class _LoopbackMixin: write.bio_write(dirty) + def _handshakeInMemory(self, client_conn, server_conn): + """ + Perform the TLS handshake between two :py:class:`Connection` instances + connected to each other via memory BIOs. + """ + client_conn.set_connect_state() + server_conn.set_accept_state() + + for conn in [client_conn, server_conn]: + try: + conn.do_handshake() + except WantReadError: + pass + + self._interactInMemory(client_conn, server_conn) + + class VersionTests(TestCase): """ @@ -983,6 +1000,34 @@ class ContextTests(TestCase, _LoopbackMixin): pass + def test_set_verify_callback_connection_argument(self): + """ + The first argument passed to the verify callback is the + :py:class:`Connection` instance for which verification is taking place. + """ + serverContext = Context(TLSv1_METHOD) + serverContext.use_privatekey( + load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)) + serverContext.use_certificate( + load_certificate(FILETYPE_PEM, cleartextCertificatePEM)) + serverConnection = Connection(serverContext, None) + + class VerifyCallback(object): + def callback(self, connection, *args): + self.connection = connection + return 1 + + verify = VerifyCallback() + clientContext = Context(TLSv1_METHOD) + clientContext.set_verify(VERIFY_PEER, verify.callback) + clientConnection = Connection(clientContext, None) + clientConnection.set_connect_state() + + self._handshakeInMemory(clientConnection, serverConnection) + + self.assertIdentical(verify.connection, clientConnection) + + def test_set_verify_callback_exception(self): """ If the verify callback passed to :py:obj:`Context.set_verify` raises an @@ -34,7 +34,7 @@ setup(name='pyOpenSSL', version=__version__, maintainer_email = 'exarkun@twistedmatrix.com', url = 'https://github.com/pyca/pyopenssl', license = 'APL2', - install_requires=["cryptography>=0.3", "six>=1.5.2"], + install_requires=["cryptography>=0.4", "six>=1.5.2"], long_description = """\ High-level wrapper around a subset of the OpenSSL library, includes * SSL.Connection objects, wrapping the methods of Python's portable |