Browse files

Don't mask invalid hostname certificate errors. PYTHON-478

  • Loading branch information...
1 parent 9dc5e7a commit 4b7cc70f7fb5da3419c6917e626cc4dabd761229 @rozza rozza committed Feb 28, 2013
Showing with 26 additions and 20 deletions.
  1. +2 −5 pymongo/pool.py
  2. +24 −15 test/test_ssl.py
View
7 pymongo/pool.py
@@ -250,11 +250,8 @@ def connect(self, pair):
ca_certs=self.ssl_ca_certs,
cert_reqs=self.ssl_cert_reqs)
if self.ssl_cert_reqs:
- try:
- match_hostname(sock.getpeercert(), hostname)
- except CertificateError, e:
- raise ConnectionFailure("SSL certificate validation "
- "failed: %s" % e)
+ match_hostname(sock.getpeercert(), hostname)
+
except ssl.SSLError:
sock.close()
raise ConnectionFailure("SSL handshake failed. MongoDB may "
View
39 test/test_ssl.py
@@ -87,7 +87,7 @@ def is_server_resolvable():
SERVER_IS_RESOLVABLE = is_server_resolvable()
-class TestNoSSLModule(unittest.TestCase):
+class TestClientSSL(unittest.TestCase):
def test_no_ssl_module(self):
# Test that ConfigurationError is raised if the ssl
@@ -109,20 +109,6 @@ def test_no_ssl_module(self):
self.assertRaises(ConfigurationError,
MongoReplicaSetClient, ssl_certfile=CLIENT_PEM)
-
-class TestSSL(unittest.TestCase):
-
- def setUp(self):
- if not HAS_SSL:
- raise SkipTest("The ssl module is not available.")
-
- if sys.version.startswith('3.0'):
- raise SkipTest("Python 3.0.x has problems "
- "with SSL and socket timeouts.")
-
- if not SIMPLE_SSL:
- raise SkipTest("No simple mongod available over SSL")
-
def test_config_ssl(self):
"""Tests various ssl configurations"""
self.assertRaises(ConfigurationError, MongoClient, ssl='foo')
@@ -187,6 +173,20 @@ def test_config_ssl(self):
ssl_keyfile=CLIENT_PEM,
ssl_certfile=CLIENT_PEM)
+
+class TestSSL(unittest.TestCase):
+
+ def setUp(self):
+ if not HAS_SSL:
+ raise SkipTest("The ssl module is not available.")
+
+ if sys.version.startswith('3.0'):
+ raise SkipTest("Python 3.0.x has problems "
+ "with SSL and socket timeouts.")
+
+ if not SIMPLE_SSL:
+ raise SkipTest("No simple mongod available over SSL")
+
def test_simple_ssl(self):
# Expects the server to be running with ssl and with
# no --sslPEMKeyFile or with --sslWeakCertificateValidation
@@ -279,6 +279,10 @@ def test_cert_ssl_validation(self):
ssl_ca_certs=CA_PEM)
response = client.admin.command('ismaster')
if 'setName' in response:
+ if response['primary'].split(":")[0] != 'server':
+ raise SkipTest("No hosts in the replicaset for 'server'. "
+ "Cannot validate hostname in the certificate")
+
client = MongoReplicaSetClient('server',
replicaSet=response['setName'],
w=len(response['hosts']),
@@ -314,8 +318,13 @@ def test_cert_ssl_validation_optional(self):
ssl_certfile=CLIENT_PEM,
ssl_cert_reqs=ssl.CERT_OPTIONAL,
ssl_ca_certs=CA_PEM)
+
response = client.admin.command('ismaster')
if 'setName' in response:
+ if response['primary'].split(":")[0] != 'server':
+ raise SkipTest("No hosts in the replicaset for 'server'. "
+ "Cannot validate hostname in the certificate")
+
client = MongoReplicaSetClient('server',
replicaSet=response['setName'],
w=len(response['hosts']),

0 comments on commit 4b7cc70

Please sign in to comment.