diff options
author | Stephen Holsapple <sholsapp@gmail.com> | 2015-02-09 19:19:44 -0800 |
---|---|---|
committer | Stephen Holsapple <sholsapp@gmail.com> | 2015-02-09 19:19:44 -0800 |
commit | 1f713eb84f76b55cfb7b1c21b23388eca9753ec1 (patch) | |
tree | 3d5c775f745e5fb16e8116f63563674988bff1ab | |
parent | 08ffaa641b8ac19ddaae6472688f5a65844c8473 (diff) | |
download | pyopenssl-1f713eb84f76b55cfb7b1c21b23388eca9753ec1.tar.gz |
Trust return value in context error
The function X509_STORE_CTX_get_current_cert seems to always return a
certificate. After reviewing upstream OpenSSL package, it seems they do
no error checking on this function either, so I think this approach
should be safe.
Worst case scenario, for a case I think is impossible, we'll get a
AttributeError or TypeError.
-rw-r--r-- | OpenSSL/crypto.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py index 395f273..c3d4c9b 100644 --- a/OpenSSL/crypto.py +++ b/OpenSSL/crypto.py @@ -1439,11 +1439,12 @@ class X509StoreContext(object): _native(_ffi.string(_lib.X509_verify_cert_error_string( _lib.X509_STORE_CTX_get_error(self._store_ctx)))), ] + # A context error should always be associated with a certificate, so we + # expect this call to never return :class:`None`. _x509 = _lib.X509_STORE_CTX_get_current_cert(self._store_ctx) - if _x509 != _ffi.NULL: - _cert = _lib.X509_dup(_x509) - pycert = X509.__new__(X509) - pycert._x509 = _ffi.gc(_cert, _lib.X509_free) + _cert = _lib.X509_dup(_x509) + pycert = X509.__new__(X509) + pycert._x509 = _ffi.gc(_cert, _lib.X509_free) return X509StoreContextError(errors, pycert) |