diff options
author | Jean-Paul Calderone <jean-paul@clusterhq.com> | 2015-01-19 07:09:27 -0500 |
---|---|---|
committer | Jean-Paul Calderone <jean-paul@clusterhq.com> | 2015-01-19 07:09:27 -0500 |
commit | 496f40dca9a47c0f1dfe0cd841256485708c8442 (patch) | |
tree | 6bce779d81a760ffcbb48bee01cfabf507a98653 | |
parent | 87e09b0908cddf59e21114e7920f90b174f793c4 (diff) | |
parent | 7cf3b47ef61479820e5bf779dea84fc2d09fae07 (diff) | |
download | pyopenssl-496f40dca9a47c0f1dfe0cd841256485708c8442.tar.gz |
Merge pull request #179 from exarkun/Context.check_privatekey
Fix a regression in Context.check_privatekey which caused it to always succeed.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | OpenSSL/SSL.py | 3 | ||||
-rw-r--r-- | OpenSSL/test/test_ssl.py | 37 | ||||
-rw-r--r-- | OpenSSL/test/util.py | 8 | ||||
-rwxr-xr-x | setup.py | 2 |
5 files changed, 50 insertions, 5 deletions
@@ -1,3 +1,8 @@ +2014-12-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey`` + causing it to always succeed - even if it should fail. + 2015-01-08 Paul Aurich <paul@darkrain42.org> * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py index b6c8076..2731d64 100644 --- a/OpenSSL/SSL.py +++ b/OpenSSL/SSL.py @@ -492,6 +492,9 @@ class Context(object): :return: None (raises an exception if something's wrong) """ + if not _lib.SSL_CTX_check_private_key(self._context): + _raise_current_error() + def load_client_ca(self, cafile): """ diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py index 79010fb..f098327 100644 --- a/OpenSSL/test/test_ssl.py +++ b/OpenSSL/test/test_ssl.py @@ -507,6 +507,43 @@ class ContextTests(TestCase, _LoopbackMixin): ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM)) + def test_check_privatekey_valid(self): + """ + :py:obj:`Context.check_privatekey` returns :py:obj:`None` if the + :py:obj:`Context` instance has been configured to use a matched key and + certificate pair. + """ + key = load_privatekey(FILETYPE_PEM, client_key_pem) + cert = load_certificate(FILETYPE_PEM, client_cert_pem) + context = Context(TLSv1_METHOD) + context.use_privatekey(key) + context.use_certificate(cert) + self.assertIs(None, context.check_privatekey()) + + + def test_check_privatekey_invalid(self): + """ + :py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the + :py:obj:`Context` instance has been configured to use a key and + certificate pair which don't relate to each other. + """ + key = load_privatekey(FILETYPE_PEM, client_key_pem) + cert = load_certificate(FILETYPE_PEM, server_cert_pem) + context = Context(TLSv1_METHOD) + context.use_privatekey(key) + context.use_certificate(cert) + self.assertRaises(Error, context.check_privatekey) + + + def test_check_privatekey_wrong_args(self): + """ + :py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called + with other than no arguments. + """ + context = Context(TLSv1_METHOD) + self.assertRaises(TypeError, context.check_privatekey, object()) + + def test_set_app_data_wrong_args(self): """ :py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than diff --git a/OpenSSL/test/util.py b/OpenSSL/test/util.py index 21bbdc4..4260eb0 100644 --- a/OpenSSL/test/util.py +++ b/OpenSSL/test/util.py @@ -227,7 +227,7 @@ class TestCase(TestCase): failIfIn = assertNotIn - def failUnlessIdentical(self, first, second, msg=None): + def assertIs(self, first, second, msg=None): """ Fail the test if :py:data:`first` is not :py:data:`second`. This is an obect-identity-equality test, not an object equality @@ -239,10 +239,10 @@ class TestCase(TestCase): if first is not second: raise self.failureException(msg or '%r is not %r' % (first, second)) return first - assertIdentical = failUnlessIdentical + assertIdentical = failUnlessIdentical = assertIs - def failIfIdentical(self, first, second, msg=None): + def assertIsNot(self, first, second, msg=None): """ Fail the test if :py:data:`first` is :py:data:`second`. This is an obect-identity-equality test, not an object equality @@ -254,7 +254,7 @@ class TestCase(TestCase): if first is second: raise self.failureException(msg or '%r is %r' % (first, second)) return first - assertNotIdentical = failIfIdentical + assertNotIdentical = failIfIdentical = assertIsNot def failUnlessRaises(self, exception, f, *args, **kwargs): @@ -34,7 +34,7 @@ setup(name='pyOpenSSL', version=__version__, maintainer_email = 'exarkun@twistedmatrix.com', url = 'https://github.com/pyca/pyopenssl', license = 'APL2', - install_requires=["cryptography>=0.5.4", "six>=1.5.2"], + install_requires=["cryptography>=0.7", "six>=1.5.2"], long_description = """\ High-level wrapper around a subset of the OpenSSL library, includes * SSL.Connection objects, wrapping the methods of Python's portable |