Ticket #6288: remove-asserts-6288-v2.patch

File remove-asserts-6288-v2.patch, 11.2 KB (added by Hynek Schlawack, 9 years ago)
  • twisted/internet/_sslverify.py

    # Bazaar merge directive format 2 (Bazaar 0.90)
    # revision_id: hs@ox.cx-20130202161952-tfjjeagecv1lrusg
    # target_branch: file:///Users/hynek/Projects/Twisted/trunk/
    # testament_sha1: a16a9869fd991a579f5e0d796092a3eb0480e002
    # timestamp: 2013-02-02 17:20:05 +0100
    # base_revision_id: svn-v4:bbbe8e31-12d6-0310-92fd-\
    #   ac37d47ddeeb:trunk:37018
    # 
    # Begin patch
    === modified file 'twisted/internet/_sslverify.py'
     
    657657        @param method: The SSL protocol to use, one of SSLv23_METHOD,
    658658        SSLv2_METHOD, SSLv3_METHOD, TLSv1_METHOD.  Defaults to TLSv1_METHOD.
    659659
    660         @param verify: If True, verify certificates received from the peer and
    661         fail the handshake if verification fails.  Otherwise, allow anonymous
    662         sessions and sessions with certificates which fail validation.  By
    663         default this is False.
     660        @param verify: If C{True}, verify certificates received from the peer
     661            and fail the handshake if verification fails.  Otherwise, allow
     662            anonymous sessions and sessions with certificates which fail
     663            validation.  By default this is C{False}.
    664664
    665665        @param caCerts: List of certificate authority certificate objects to
    666666            use to verify the peer's certificate.  Only used if verify is
    667             C{True}, and if verify is C{True}, this must be specified.  Since
    668             verify is C{False} by default, this is C{None} by default.
     667            C{True} and will be ignored otherwise.  Since verify is C{False} by
     668            default, this is C{None} by default.
    669669
    670670        @type caCerts: C{list} of L{OpenSSL.crypto.X509}
    671671
     
    696696        ticket extensions in the hello.
    697697        """
    698698
    699         assert (privateKey is None) == (certificate is None), "Specify neither or both of privateKey and certificate"
     699        if (privateKey is None) != (certificate is None):
     700            raise ValueError(
     701                "Specify neither or both of privateKey and certificate")
    700702        self.privateKey = privateKey
    701703        self.certificate = certificate
    702704        if method is not None:
    703705            self.method = method
    704706
     707        if verify and not caCerts:
     708            raise ValueError("Specify client CA certificate information if and"
     709                             " only if enabling certificate verification")
    705710        self.verify = verify
    706         assert ((verify and caCerts) or
    707                 (not verify)), "Specify client CA certificate information if and only if enabling certificate verification"
    708711
    709712        self.caCerts = caCerts
    710713        self.verifyDepth = verifyDepth
  • twisted/test/test_sslverify.py

    === modified file 'twisted/test/test_sslverify.py'
     
    137137        self.cKey, self.cCert = makeCertificate(
    138138            O=b"Client Test Certificate",
    139139            CN=b"client")
     140        self.caCert1 = makeCertificate(
     141            O=b"CA Test Certificate 1",
     142            CN=b"ca1")[1]
     143        self.caCert2 = makeCertificate(
     144            O=b"CA Test Certificate",
     145            CN=b"ca2")[1]
     146        self.caCerts = [self.caCert1, self.caCert2]
     147
    140148
    141149    def tearDown(self):
    142150        if self.serverPort is not None:
     
    174182        self.clientConn = reactor.connectSSL('127.0.0.1',
    175183                self.serverPort.getHost().port, clientFactory, clientCertOpts)
    176184
     185
     186    def test_constructorWithOnlyPrivateKey(self):
     187        """
     188        C{privateKey} and C{certificate} make only sense if both are set.
     189        """
     190        self.assertRaises(
     191            ValueError,
     192            sslverify.OpenSSLCertificateOptions, privateKey=self.sKey
     193        )
     194
     195
     196    def test_constructorWithOnlyCertificate(self):
     197        """
     198        C{privateKey} and C{certificate} make only sense if both are set.
     199        """
     200        self.assertRaises(
     201            ValueError,
     202            sslverify.OpenSSLCertificateOptions, certificate=self.sCert
     203        )
     204
     205
     206    def test_constructorWithCertificateAndPrivateKey(self):
     207        """
     208        Specifying C{privateKey} and C{certificate} initializes correctly.
     209        """
     210        opts = sslverify.OpenSSLCertificateOptions(privateKey=self.sKey,
     211                                                   certificate=self.sCert)
     212        self.assertEqual(opts.privateKey, self.sKey)
     213        self.assertEqual(opts.certificate, self.sCert)
     214
     215
     216    def test_constructorDoesNotAllowVerifyWithoutCACerts(self):
     217        """
     218        C{verify} must not be C{True} without specifying C{caCerts}.
     219        """
     220        self.assertRaises(
     221            ValueError,
     222            sslverify.OpenSSLCertificateOptions,
     223            privateKey=self.sKey, certificate=self.sCert, verify=True
     224        )
     225
     226
     227    def test_constructorAllowsCACertsWithoutVerify(self):
     228        """
     229        It's currently a NOP, but valid.
     230        """
     231        opts = sslverify.OpenSSLCertificateOptions(privateKey=self.sKey,
     232                                                   certificate=self.sCert,
     233                                                   caCerts=self.caCerts)
     234        self.assertFalse(opts.verify)
     235        self.assertEqual(self.caCerts, opts.caCerts)
     236
     237
     238    def test_constructorWithVerifyAndCACerts(self):
     239        """
     240        Specifying C{verify} and C{caCerts} initializes correctly.
     241        """
     242        opts = sslverify.OpenSSLCertificateOptions(privateKey=self.sKey,
     243                                                   certificate=self.sCert,
     244                                                   verify=True,
     245                                                   caCerts=self.caCerts)
     246        self.assertTrue(opts.verify)
     247        self.assertEqual(self.caCerts, opts.caCerts)
     248
     249
    177250    def test_abbreviatingDistinguishedNames(self):
    178251        """
    179252        Check that abbreviations used in certificates correctly map to