Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compatibility for OpenSSL >= 1.0.1i #193

Merged
merged 3 commits into from
Apr 15, 2015
Merged

Compatibility for OpenSSL >= 1.0.1i #193

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fc18f7b
OpenSSL 1.0.2 Compatibility
mrjefftang Apr 15, 2015
9142391
Revert out has_expired fix
mrjefftang Apr 15, 2015
05fe9fa
Remove extra space
mrjefftang Apr 15, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions OpenSSL/crypto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from time import time
from time import time, strptime
from base64 import b16encode
from calendar import timegm
from functools import partial
from operator import __eq__, __ne__, __lt__, __le__, __gt__, __ge__
from warnings import warn as _warn
Expand Down Expand Up @@ -1161,10 +1162,10 @@ def has_expired(self):
:return: True if the certificate has expired, false otherwise
"""
now = int(time())
notAfter = _lib.X509_get_notAfter(self._x509)
return _lib.ASN1_UTCTIME_cmp_time_t(
_ffi.cast('ASN1_UTCTIME*', notAfter), now) < 0
notAfter = self.get_notAfter().decode('utf-8')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After a discussion with Paul I think we should not do that. pyOpenSSL should offer as little abstraction as necessary and since this bug has been fixed in 1.0.2a, we shouldn’t add baggage to our codebase.

notAfterSecs = timegm(strptime(notAfter, '%Y%m%d%H%M%SZ'))

return now > notAfterSecs

def _get_boundary_time(self, which):
return _get_asn1_time(which(self._x509))
Expand Down
15 changes: 13 additions & 2 deletions OpenSSL/test/test_crypto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1562,19 +1562,29 @@ def test_has_not_expired(self):
cert.gmtime_adj_notAfter(2)
self.assertFalse(cert.has_expired())

def test_root_has_not_expired(self):
"""
:py:obj:`X509Type.has_expired` returns :py:obj:`False` if the certificate's not-after
time is in the future.
"""
cert = load_certificate(FILETYPE_PEM, root_cert_pem)
self.assertFalse(cert.has_expired())


def test_digest(self):
"""
:py:obj:`X509.digest` returns a string giving ":"-separated hex-encoded words
of the digest of the certificate.
"""
cert = X509()
cert = load_certificate(FILETYPE_PEM, root_cert_pem)
self.assertEqual(
# This is MD5 instead of GOOD_DIGEST because the digest algorithm
# actually matters to the assertion (ie, another arbitrary, good
# digest will not product the same digest).
# Digest verified with the command:
# openssl x509 -in root_cert.pem -noout -fingerprint -md5
cert.digest("MD5"),
b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
b("19:B3:05:26:2B:F8:F2:FF:0B:8F:21:07:A8:28:B8:75"))


def _extcert(self, pkey, extensions):
Expand All @@ -1587,6 +1597,7 @@ def _extcert(self, pkey, extensions):
cert.set_notAfter(when)

cert.add_extensions(extensions)
cert.sign(pkey, 'sha1')
return load_certificate(
FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))

Expand Down