Ticket #2061: chained-certs-2061-feedback-1.patch

File chained-certs-2061-feedback-1.patch, 2.2 KB (added by Hynek Schlawack, 8 years ago)

Incorporate feedback

  • twisted/internet/_sslverify.py

    diff --git a/twisted/internet/_sslverify.py b/twisted/internet/_sslverify.py
    index 20119fa..da9e080 100644
    a b class OpenSSLCertificateOptions(object): 
    626626    A factory for SSL context objects for both SSL servers and clients.
    627627    """
    628628
     629    # Factory for creating contexts.  Configurable for testability.
    629630    _contextFactory = SSL.Context
    630631    _context = None
    631632    # Older versions of PyOpenSSL didn't provide OP_ALL.  Fudge it here, just in case.
  • twisted/test/test_sslverify.py

    diff --git a/twisted/test/test_sslverify.py b/twisted/test/test_sslverify.py
    index df906d5..69d3856 100644
    a b class WritingProtocol(protocol.Protocol): 
    121121
    122122class FakeContext:
    123123    """
    124     Introspectable fake of an OpenSSL.SSL.Context.
     124    Fake of an C{OpenSSL.SSL.Context}.
     125
     126    Saves call arguments for later introspection.
    125127    """
     128    _options = 0
    126129
    127130    def __init__(self, method):
    128131        self._method = method
    129132        self._extraCertChain = []
    130133
    131134    def set_options(self, options):
    132         pass
     135        self._options |= options
    133136
    134137    def use_certificate(self, certificate):
    135138        self._certificate = certificate
    class OpenSSLOptions(unittest.TestCase): 
    325328
    326329
    327330    def test_extraChainFilesAreAddedIfSupplied(self):
     331        """
     332        C{extraCertChain} is respected when creating contexts.
     333        """
    328334        opts = sslverify.OpenSSLCertificateOptions(
    329335            privateKey=self.sKey,
    330336            certificate=self.sCert,
    class OpenSSLOptions(unittest.TestCase): 
    337343        self.assertEqual(self.extraCertChain, ctx._extraCertChain)
    338344
    339345
     346    def test_extraChainDoesNotBreakPyOpenSSL(self):
     347        """
     348        C{extraCertChain} doesn't break C{OpenSSL.SSL.Context} creation.
     349        """
     350        opts = sslverify.OpenSSLCertificateOptions(
     351            privateKey=self.sKey,
     352            certificate=self.sCert,
     353            extraCertChain=self.extraCertChain,
     354        )
     355        ctx = opts.getContext()
     356        self.assertIsInstance(ctx, SSL.Context)
     357
     358
    340359    def test_abbreviatingDistinguishedNames(self):
    341360        """
    342361        Check that abbreviations used in certificates correctly map to