Set verify callback argument

ChangeLog

@@ -1,3 +1,11 @@
+2014-05-05  Jean-Paul Calderone  <exarkun@twistedmatrix.com>
+
+	* OpenSSL/SSL.py: Fix a regression in which the first argument of
+	  the "verify" callback was incorrectly passed a ``Context`` instance
+	  instead of the ``Connection`` instance.
+	* OpenSSL/test/test_ssl.py: Add a test for the value passed as the
+	  first argument of the "verify" callback.
+
 2014-04-19  Jean-Paul Calderone  <exarkun@twistedmatrix.com>
 
 	* OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew

OpenSSL/SSL.py

@@ -166,7 +166,7 @@ class SysCallError(Error):
 
 
 class _VerifyHelper(object):
-    def __init__(self, connection, callback):
+    def __init__(self, callback):
         self._problems = []
 
         @wraps(callback)
@@ -176,6 +176,10 @@ def wrapper(ok, store_ctx):
             error_number = _lib.X509_STORE_CTX_get_error(store_ctx)
             error_depth = _lib.X509_STORE_CTX_get_error_depth(store_ctx)
 
+            index = _lib.SSL_get_ex_data_X509_STORE_CTX_idx()
+            ssl = _lib.X509_STORE_CTX_get_ex_data(store_ctx, index)
+            connection = Connection._reverse_mapping[ssl]
+
             try:
                 result = callback(connection, cert, error_number, error_depth, ok)
             except Exception as e:
@@ -547,7 +551,7 @@ def set_verify(self, mode, callback):
         if not callable(callback):
             raise TypeError("callback must be callable")
 
-        self._verify_helper = _VerifyHelper(self, callback)
+        self._verify_helper = _VerifyHelper(callback)
         self._verify_callback = self._verify_helper.callback
         _lib.SSL_CTX_set_verify(self._context, mode, self._verify_callback)
 

OpenSSL/test/test_ssl.py

@@ -279,6 +279,23 @@ def _interactInMemory(self, client_conn, server_conn):
                         write.bio_write(dirty)
 
 
+    def _handshakeInMemory(self, client_conn, server_conn):
+        """
+        Perform the TLS handshake between two :py:class:`Connection` instances
+        connected to each other via memory BIOs.
+        """
+        client_conn.set_connect_state()
+        server_conn.set_accept_state()
+
+        for conn in [client_conn, server_conn]:
+            try:
+                conn.do_handshake()
+            except WantReadError:
+                pass
+
+        self._interactInMemory(client_conn, server_conn)
+
+
 
 class VersionTests(TestCase):
     """
@@ -983,6 +1000,34 @@ def _handshake_test(self, serverContext, clientContext):
                     pass
 
 
+    def test_set_verify_callback_connection_argument(self):
+        """
+        The first argument passed to the verify callback is the
+        :py:class:`Connection` instance for which verification is taking place.
+        """
+        serverContext = Context(TLSv1_METHOD)
+        serverContext.use_privatekey(
+            load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))
+        serverContext.use_certificate(
+            load_certificate(FILETYPE_PEM, cleartextCertificatePEM))
+        serverConnection = Connection(serverContext, None)
+
+        class VerifyCallback(object):
+            def callback(self, connection, *args):
+                self.connection = connection
+                return 1
+
+        verify = VerifyCallback()
+        clientContext = Context(TLSv1_METHOD)
+        clientContext.set_verify(VERIFY_PEER, verify.callback)
+        clientConnection = Connection(clientContext, None)
+        clientConnection.set_connect_state()
+
+        self._handshakeInMemory(clientConnection, serverConnection)
+
+        self.assertIdentical(verify.connection, clientConnection)
+
+
     def test_set_verify_callback_exception(self):
         """
         If the verify callback passed to :py:obj:`Context.set_verify` raises an

setup.py

@@ -34,7 +34,7 @@
       maintainer_email = 'exarkun@twistedmatrix.com',
       url = 'https://github.com/pyca/pyopenssl',
       license = 'APL2',
-      install_requires=["cryptography>=0.3", "six>=1.5.2"],
+      install_requires=["cryptography>=0.4", "six>=1.5.2"],
       long_description = """\
 High-level wrapper around a subset of the OpenSSL library, includes
  * SSL.Connection objects, wrapping the methods of Python's portable