Skip to content

Context.check_privatekey #179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Jan 19, 2015
Merged

Context.check_privatekey #179

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
932f5cc
Add tests for Context.check_privatekey.
exarkun Dec 11, 2014
a034492
Add the necessary SSL_CTX_check_private_key call and error handling.
exarkun Dec 11, 2014
0120907
Tentatively bump the required version of cryptography necessary for t…
exarkun Dec 11, 2014
5ab37af
ChangeLog
exarkun Dec 11, 2014
a358016
Perhaps this is a sensible way to declare a dependency on post-0.6.1 …
exarkun Dec 12, 2014
77b3d08
Give assertIs and assertIsNot their stdlib-preferred names.
exarkun Dec 13, 2014
25edfd4
merge master
exarkun Jan 18, 2015
7cf3b47
0.7 was released.
exarkun Jan 18, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions ChangeLog
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
2014-12-11 Jean-Paul Calderone <exarkun@twistedmatrix.com>

* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
causing it to always succeed - even if it should fail.

2015-01-08 Paul Aurich <paul@darkrain42.org>

* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
Expand Down
3 changes: 3 additions & 0 deletions OpenSSL/SSL.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -492,6 +492,9 @@ def check_privatekey(self):

:return: None (raises an exception if something's wrong)
"""
if not _lib.SSL_CTX_check_private_key(self._context):
_raise_current_error()


def load_client_ca(self, cafile):
"""
Expand Down
37 changes: 37 additions & 0 deletions OpenSSL/test/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -507,6 +507,43 @@ def test_use_certificate_file_long(self):
ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))


def test_check_privatekey_valid(self):
"""
:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the
:py:obj:`Context` instance has been configured to use a matched key and
certificate pair.
"""
key = load_privatekey(FILETYPE_PEM, client_key_pem)
cert = load_certificate(FILETYPE_PEM, client_cert_pem)
context = Context(TLSv1_METHOD)
context.use_privatekey(key)
context.use_certificate(cert)
self.assertIs(None, context.check_privatekey())


def test_check_privatekey_invalid(self):
"""
:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the
:py:obj:`Context` instance has been configured to use a key and
certificate pair which don't relate to each other.
"""
key = load_privatekey(FILETYPE_PEM, client_key_pem)
cert = load_certificate(FILETYPE_PEM, server_cert_pem)
context = Context(TLSv1_METHOD)
context.use_privatekey(key)
context.use_certificate(cert)
self.assertRaises(Error, context.check_privatekey)


def test_check_privatekey_wrong_args(self):
"""
:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called
with other than no arguments.
"""
context = Context(TLSv1_METHOD)
self.assertRaises(TypeError, context.check_privatekey, object())


def test_set_app_data_wrong_args(self):
"""
:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than
Expand Down
8 changes: 4 additions & 4 deletions OpenSSL/test/util.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ def assertNotIn(self, containee, container, msg=None):
failIfIn = assertNotIn


def failUnlessIdentical(self, first, second, msg=None):
def assertIs(self, first, second, msg=None):
"""
Fail the test if :py:data:`first` is not :py:data:`second`. This is an
obect-identity-equality test, not an object equality
Expand All @@ -239,10 +239,10 @@ def failUnlessIdentical(self, first, second, msg=None):
if first is not second:
raise self.failureException(msg or '%r is not %r' % (first, second))
return first
assertIdentical = failUnlessIdentical
assertIdentical = failUnlessIdentical = assertIs


def failIfIdentical(self, first, second, msg=None):
def assertIsNot(self, first, second, msg=None):
"""
Fail the test if :py:data:`first` is :py:data:`second`. This is an
obect-identity-equality test, not an object equality
Expand All @@ -254,7 +254,7 @@ def failIfIdentical(self, first, second, msg=None):
if first is second:
raise self.failureException(msg or '%r is %r' % (first, second))
return first
assertNotIdentical = failIfIdentical
assertNotIdentical = failIfIdentical = assertIsNot


def failUnlessRaises(self, exception, f, *args, **kwargs):
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
maintainer_email = 'exarkun@twistedmatrix.com',
url = 'https://github.com/pyca/pyopenssl',
license = 'APL2',
install_requires=["cryptography>=0.5.4", "six>=1.5.2"],
install_requires=["cryptography>=0.7", "six>=1.5.2"],
long_description = """\
High-level wrapper around a subset of the OpenSSL library, includes
* SSL.Connection objects, wrapping the methods of Python's portable
Expand Down