Ticket #6288: remove-asserts-6288.patch

File remove-asserts-6288.patch, 6.9 KB (added by Hynek Schlawack, 9 years ago)
  • twisted/internet/_sslverify.py

    # Bazaar merge directive format 2 (Bazaar 0.90)
    # revision_id: hs@ox.cx-20130131093050-oj7fiwa0a3dzkppc
    # target_branch: file:///Users/hynek/Projects/Twisted/trunk/
    # testament_sha1: 2eb7c9b6eae2ba0bb1f5665c1246dc7ebdabc256
    # timestamp: 2013-01-31 10:32:11 +0100
    # base_revision_id: svn-v4:bbbe8e31-12d6-0310-92fd-\
    #   ac37d47ddeeb:trunk:37018
    # 
    # Begin patch
    === modified file 'twisted/internet/_sslverify.py'
     
    696696        ticket extensions in the hello.
    697697        """
    698698
    699         assert (privateKey is None) == (certificate is None), "Specify neither or both of privateKey and certificate"
     699        if (privateKey is None) != (certificate is None):
     700            raise ValueError(
     701                "Specify neither or both of privateKey and certificate")
    700702        self.privateKey = privateKey
    701703        self.certificate = certificate
    702704        if method is not None:
    703705            self.method = method
    704706
     707        if any((caCerts, verify)) and not all((caCerts, verify)):
     708            raise ValueError(
     709                "Specify client CA certificate information if and only if "
     710                "enabling certificate verification and vice versa")
    705711        self.verify = verify
    706         assert ((verify and caCerts) or
    707                 (not verify)), "Specify client CA certificate information if and only if enabling certificate verification"
    708712
    709713        self.caCerts = caCerts
    710714        self.verifyDepth = verifyDepth
     
    753757                verifyFlags |= SSL.VERIFY_FAIL_IF_NO_PEER_CERT
    754758            if self.verifyOnce:
    755759                verifyFlags |= SSL.VERIFY_CLIENT_ONCE
    756             if self.caCerts:
    757                 store = ctx.get_cert_store()
    758                 for cert in self.caCerts:
    759                     store.add_cert(cert)
     760            store = ctx.get_cert_store()
     761            for cert in self.caCerts:
     762                store.add_cert(cert)
    760763
    761764        # It'd be nice if pyOpenSSL let us pass None here for this behavior (as
    762765        # the underlying OpenSSL API call allows NULL to be passed).  It
  • twisted/test/test_sslverify.py

    === modified file 'twisted/test/test_sslverify.py'
     
    174174        self.clientConn = reactor.connectSSL('127.0.0.1',
    175175                self.serverPort.getHost().port, clientFactory, clientCertOpts)
    176176
     177
     178    def test_constructorEnforcesNeitherOrBothPrivateKeyAndCertificate(self):
     179        """
     180        C{privateKey} and C{certificate} make only sense if both are set.
     181        """
     182        self.assertRaises(
     183            ValueError,
     184            sslverify.OpenSSLCertificateOptions, privateKey=self.sKey
     185        )
     186        self.assertRaises(
     187            ValueError,
     188            sslverify.OpenSSLCertificateOptions, certificate=self.sCert
     189        )
     190        sslverify.OpenSSLCertificateOptions(privateKey=self.sKey,
     191                                            certificate=self.sCert)
     192
     193
     194    def test_constructorEnforcesNeitherOrBothCaCertsAndVerify(self):
     195        """
     196        C{caCerts} and C{verify} are required to be specified neither or both.
     197        """
     198        fakeCACerts = [self.sCert, self.cCert]
     199        self.assertRaises(
     200            ValueError,
     201            sslverify.OpenSSLCertificateOptions,
     202            privateKey=self.sKey, certificate=self.sCert, verify=True
     203        )
     204        self.assertRaises(
     205            ValueError,
     206            sslverify.OpenSSLCertificateOptions,
     207            privateKey=self.sKey, certificate=self.sCert, caCerts=fakeCACerts
     208        )
     209        sslverify.OpenSSLCertificateOptions(privateKey=self.sKey,
     210                                            certificate=self.sCert,
     211                                            verify=True,
     212                                            caCerts=fakeCACerts)
     213
     214
    177215    def test_abbreviatingDistinguishedNames(self):
    178216        """
    179217        Check that abbreviations used in certificates correctly map to