twisted.internet.ssl.Certificate.peerFromTransport can return invalid Certificates

[exarkun]

If there is no peer certificate, it creates a Certificate wrapped around None.

It should fail some other, better way.

[glyph]

It seems like there are 3 choices: return None, return a Deferred which fires when the cert is available, or raise an exception.

Right now I think I favor raising an exception.

[exarkun]

I like exceptions.

[glyph]

Ready for review in certerr-1976.

[jerub]

Sweet change. Nice and simple, correct docstrings that exist, etc.

I'm confused about the lack of an actual error message to go in twisted.internet.error.CertificateError. It seems all the python code I've ever written has had both an exception, and some kind of information about the exception that occurred. Here, CertificateError() is created without any message. This causes str(CertificateError()) to equal . I don't think I like that.

Please alter the implementation or usage of CertificateError so that str() isn't dangerously low on information.

[glyph]

(In [17837]) ssl.Certificate.peerFromTransport no longer returns invalid certificates.

This change fixes a defect where sometimes a transport without a certificate would raise exceptions, sometimes return an invalid Certificate object wrapped around None. This fixes that bug, as well as adding some test coverage for those constructors and the error reporting surrounding them.

Author: glyph

Reviewer: jerub

Fixes #1976