# HG changeset patch # User Binjih Lin # Date 1484352805 28800 # Node ID 8b703bbe2bbaf1b024e376d5738e0911b850d1b9 # Parent 0d6f61408e8956f4a9f2df0b9ca095817b94298e 23185078 Upgrade PyOpenSSL to 16.2.0 diff -r 0d6f61408e89 -r 8b703bbe2bba components/python/pyopenssl/Makefile --- a/components/python/pyopenssl/Makefile Sat Jan 14 13:51:41 2017 -0800 +++ b/components/python/pyopenssl/Makefile Fri Jan 13 16:13:25 2017 -0800 @@ -20,21 +20,20 @@ # # -# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved. # include ../../../make-rules/shared-macros.mk COMPONENT_NAME= pyOpenSSL -COMPONENT_VERSION= 0.13 +COMPONENT_VERSION= 16.2.0 COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz -COMPONENT_ARCHIVE_HASH= \ - sha256:21e12b03abaa0e04ecc8cd9c251598f71bae11c9f385304234e4ea5618c6163b +COMPONENT_ARCHIVE_HASH= sha256:7779a3bbb74e79db234af6a08775568c6769b5821faecf6e2f4143edb227516e COMPONENT_ARCHIVE_URL= $(call pypi_url) COMPONENT_PROJECT_URL= https://launchpad.net/pyopenssl COMPONENT_BUGDB= python-mod/pyopenssl -TPNO= 9207 +TPNO= 32834 include $(WS_MAKE_RULES)/prep.mk include $(WS_MAKE_RULES)/setup.py.mk @@ -42,21 +41,25 @@ ASLR_MODE = $(ASLR_NOT_APPLICABLE) -COMPONENT_TEST_DIR = $(COMPONENT_SRC)/OpenSSL/test -# The .so files are under ./OpenSSL/64 not ./64/OpenSSL so the -# $(PYTHON_VENDOR_PACKAGES) variable for 64bit Python is wrong. -# Everything works fine if we just add the 32bit path. -COMPONENT_TEST_ENV += PYTHONPATH=$(PROTO_DIR)$(PYTHON_VENDOR_PACKAGES.32) -COMPONENT_TEST_CMD = $(SHELL) -COMPONENT_TEST_ARGS = $(COMPONENT_DIR)/files/runtests +# Temporary measure before cryptography gets to official machines. +# Can be removed after cryptography 1.6 has been installed on all machines. +# Bug ID: 25394619 +CRYPTOGRAPHY = $(WS_COMPONENTS)/python/cryptography/build/prototype/$(MACH)/$(PYTHON_LIB) + +COMPONENT_PRE_TEST_ACTION = $(CP) -r $(COMPONENT_SRC)/tests $(@D) +# In tests/test_crypto.py::FunctionTests::test_dump_certificate, the serial number line +# outputs the same hex as the key, so this is a false error. +# In tests/test_ssl.py::ConnectionTests::test_set_seesion_wrong_method, This test doesn't +# work for our version of OpenSSL, which is 1.0.2j; this test only supports OpenSSL 1.0.0 +COMPONENT_TEST_DIR = $(@D) +COMPONENT_TEST_ENV += PYTHONPATH=$(CRYPTOGRAPHY):$(PROTO_DIR)$(PYTHON_VENDOR_PACKAGES):$(PYTHON_VENDOR_PACKAGES) +# Some tests require unicode characters, otherwise ~17 tests will fail +COMPONENT_TEST_ENV += LC_ALL=en_US.UTF-8 +COMPONENT_TEST_CMD = py.test-$(PYTHON_VERSION) +COMPONENT_TEST_ARGS = --result-log=$(COMPONENT_TEST_OUTPUT) COMPONENT_TEST_MASTER = $(COMPONENT_TEST_RESULTS_DIR)/results-all.master -# Using nawk for easier test results processing and stripping out the -# random portions (like time to complete the tests). -COMPONENT_TEST_TRANSFORMER = $(NAWK) -COMPONENT_TEST_TRANSFORMS = "'/^Running / { print }; /^ERROR: / { print }; /^FAIL: / { print }; /^Ran / { sub(\" tests in .+s\", \" tests in\"); print }; /^FAILED / { print }; /^OK / { print };'" - build: $(BUILD_32_and_64) install: $(INSTALL_32_and_64) @@ -65,6 +68,5 @@ system-test: $(SYSTEM_TESTS_NOT_IMPLEMENTED) - REQUIRED_PACKAGES += library/security/openssl REQUIRED_PACKAGES += system/library diff -r 0d6f61408e89 -r 8b703bbe2bba components/python/pyopenssl/files/runtests --- a/components/python/pyopenssl/files/runtests Sat Jan 14 13:51:41 2017 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,7 +0,0 @@ -#!/bin/sh -# Script to run all the pyopenssl test scripts. -for f in crypto rand ssl; do - echo Running test_$f - python test_$f.py -done - diff -r 0d6f61408e89 -r 8b703bbe2bba components/python/pyopenssl/patches/0_no-zip_safe.patch --- a/components/python/pyopenssl/patches/0_no-zip_safe.patch Sat Jan 14 13:51:41 2017 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,10 +0,0 @@ ---- pyOpenSSL-0.11/setup.py.orig Mon Feb 14 23:17:02 2011 -+++ pyOpenSSL-0.11/setup.py Mon Feb 14 23:17:31 2011 -@@ -203,7 +203,6 @@ - 'OpenSSL.test.test_crypto', - 'OpenSSL.test.test_rand', - 'OpenSSL.test.test_ssl'], -- zip_safe = False, - cmdclass = {"build_ext": BuildExtension}, - description = 'Python wrapper module around the OpenSSL library', - author = 'Martin Sjögren, AB Strakt', diff -r 0d6f61408e89 -r 8b703bbe2bba components/python/pyopenssl/patches/1_CVE-2013-4073.patch --- a/components/python/pyopenssl/patches/1_CVE-2013-4073.patch Sat Jan 14 13:51:41 2017 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,201 +0,0 @@ -# -# This patch contains the fixes for CVE-2013-4073 (NULL bytes in subjectAltName -# not correctly interpreted). -# The patch was taken from: -# https://code.launchpad.net/~heimes/pyopenssl/pyopenssl/+merge/179673 -# and modified to fit the the 0.13 release code (original fix was based off tip -# code in pyopenssl repo). -# ---- pyOpenSSL-0.13/ChangeLog 2011-09-02 08:46:13.000000000 -0700 -+++ pyOpenSSL-0.13/ChangeLog 2013-08-26 14:40:43.941191227 -0700 -@@ -1,3 +1,9 @@ -+2013-08-11 Christian Heimes -+ -+ * OpenSSL/crypto/x509ext.c: Fix handling of NULL bytes inside -+ subjectAltName general names, CVE-2013-4073. -+ * OpenSSL/crypto/x509.c: Fix memory leak in get_extension(). -+ - 2011-09-02 Jean-Paul Calderone - - * Release 0.13 ---- pyOpenSSL-0.13/OpenSSL/crypto/x509.c 2011-09-02 08:46:13.000000000 -0700 -+++ pyOpenSSL-0.13/OpenSSL/crypto/x509.c 2013-08-26 14:41:34.379545946 -0700 -@@ -756,6 +756,7 @@ - - extobj = PyObject_New(crypto_X509ExtensionObj, &crypto_X509Extension_Type); - extobj->x509_extension = X509_EXTENSION_dup(ext); -+ extobj->dealloc = 1; - - return (PyObject*)extobj; - } ---- pyOpenSSL-0.13/OpenSSL/crypto/x509ext.c 2011-09-02 08:46:13.000000000 -0700 -+++ pyOpenSSL-0.13/OpenSSL/crypto/x509ext.c 2013-08-26 14:53:08.501972021 -0700 -@@ -236,6 +236,75 @@ - PyObject_Del(self); - } - -+ -+/* Special handling of subjectAltName, see CVE-2013-4073 */ -+ -+int -+crypto_X509Extension_str_san(crypto_X509ExtensionObj *self, BIO *bio) -+{ -+ GENERAL_NAMES *names; -+ const X509V3_EXT_METHOD *method = NULL; -+ long i, length, num; -+ const unsigned char *p; -+ -+ method = X509V3_EXT_get(self->x509_extension); -+ if (method == NULL) { -+ return -1; -+ } -+ -+ p = self->x509_extension->value->data; -+ length = self->x509_extension->value->length; -+ if (method->it) { -+ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, -+ ASN1_ITEM_ptr(method->it))); -+ } -+ else { -+ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); -+ } -+ if (names == NULL) { -+ return -1; -+ } -+ -+ num = sk_GENERAL_NAME_num(names); -+ for (i = 0; i < num; i++) { -+ GENERAL_NAME *name; -+ ASN1_STRING *as; -+ name = sk_GENERAL_NAME_value(names, i); -+ switch (name->type) { -+ case GEN_EMAIL: -+ BIO_puts(bio, "email:"); -+ as = name->d.rfc822Name; -+ BIO_write(bio, ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ break; -+ case GEN_DNS: -+ BIO_puts(bio, "DNS:"); -+ as = name->d.dNSName; -+ BIO_write(bio, ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ break; -+ case GEN_URI: -+ BIO_puts(bio, "URI:"); -+ as = name->d.uniformResourceIdentifier; -+ BIO_write(bio, ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ break; -+ default: -+ /* use builtin print for GEN_OTHERNAME, GEN_X400, -+ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID -+ */ -+ GENERAL_NAME_print(bio, name); -+ } -+ /* trailing ', ' except for last element */ -+ if (i < (num - 1)) { -+ BIO_puts(bio, ", "); -+ } -+ } -+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); -+ -+ return 0; -+} -+ - /* - * Print a nice text representation of the certificate request. - */ -@@ -247,7 +316,14 @@ - PyObject *str; - BIO *bio = BIO_new(BIO_s_mem()); - -- if (!X509V3_EXT_print(bio, self->x509_extension, 0, 0)) -+ if (OBJ_obj2nid(self->x509_extension->object) == NID_subject_alt_name) { -+ if (crypto_X509Extension_str_san(self, bio) == -1) { -+ BIO_free(bio); -+ exception_from_error_queue(crypto_Error); -+ return NULL; -+ } -+ } -+ else if (!X509V3_EXT_print(bio, self->x509_extension, 0, 0)) - { - BIO_free(bio); - exception_from_error_queue(crypto_Error); ---- pyOpenSSL-0.13/OpenSSL/test/test_crypto.py 2011-09-02 08:46:13.000000000 -0700 -+++ pyOpenSSL-0.13/OpenSSL/test/test_crypto.py 2013-08-26 14:57:06.933614387 -0700 -@@ -265,6 +265,37 @@ - -----END RSA PRIVATE KEY----- - """) - -+# certificate with NULL bytes in subjectAltName and common name -+ -+nullbyte_san_PEM = b("""-----BEGIN CERTIFICATE----- -+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx -+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ -+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg -+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y -+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw -+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI -+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv -+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt -+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq -+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j -+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P -+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv -+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA -+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL -+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV -+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E -+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu -+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251 -+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA -+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9 -+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j -+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk -+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx -+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW -+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ= -+-----END CERTIFICATE-----""") -+ - - class X509ExtTests(TestCase): - """ -@@ -1382,6 +1413,36 @@ - self.assertRaises(TypeError, cert.get_extension, "hello") - - -+ def test_nullbyte_san(self): -+ """ -+ Test correct handling of CN and SAN with NULL bytes -+ -+ see CVE-2013-4073 -+ """ -+ cert = load_certificate(FILETYPE_PEM, nullbyte_san_PEM) -+ subject = cert.get_subject() -+ self.assertEqual(subject.CN, 'null.python.org\x00example.org') -+ issuer = cert.get_issuer() -+ self.assertEqual(issuer.CN, 'null.python.org\x00example.org') -+ -+ ext = cert.get_extension(0) -+ self.assertEqual(ext.get_short_name(), b('basicConstraints')) -+ -+ ext = cert.get_extension(1) -+ self.assertEqual(ext.get_short_name(), b('subjectKeyIdentifier')) -+ -+ ext = cert.get_extension(2) -+ self.assertEqual(ext.get_short_name(), b('keyUsage')) -+ -+ ext = cert.get_extension(3) -+ self.assertEqual(ext.get_short_name(), b('subjectAltName')) -+ self.assertEqual(str(ext), -+ 'DNS:altnull.python.org\x00example.com, ' -+ 'email:null@python.org\x00user@example.org, ' -+ 'URI:http://null.python.org\x00http://example.org, ' -+ 'IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1\n') -+ -+ - def test_invalid_digest_algorithm(self): - """ - L{X509.digest} raises L{ValueError} if called with an unrecognized hash diff -r 0d6f61408e89 -r 8b703bbe2bba components/python/pyopenssl/patches/1_test.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/python/pyopenssl/patches/1_test.patch Fri Jan 13 16:13:25 2017 -0800 @@ -0,0 +1,17 @@ +This patch disables the test set default verify paths, which tries to connect +to an external server. This tries to connect using s_client, which does +not work within OWAN, even if proxy vaeriables are set. + +--- pyOpenSSL-16.2.0/tests/test_ssl.py.~1~ 2016-10-15 06:15:43.000000000 +0000 ++++ pyOpenSSL-16.2.0/tests/test_ssl.py 2017-01-13 15:51:01.552602423 +0000 +@@ -1183,6 +1183,10 @@ + reason="set_default_verify_paths appears not to work on Windows. " + "See LP#404343 and LP#404344." + ) ++ @pytest.mark.skipif( ++ True, ++ reason="This test doesn't work within OWAN, even with proxy set" ++ ) + def test_set_default_verify_paths(self): + """ + :py:obj:`Context.set_default_verify_paths` causes the diff -r 0d6f61408e89 -r 8b703bbe2bba components/python/pyopenssl/patches/2_tests.patch --- a/components/python/pyopenssl/patches/2_tests.patch Sat Jan 14 13:51:41 2017 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,41 +0,0 @@ -# -# This patch disables two tests which either don't work or might not work if -# your network is not setup in a certain way. -# -# The FILETYPE_TEXT dumping mechanism does not print the serial version of -# the certificate so this test fails. Not sure if that test always fails or -# only on Solaris. Since the output of FILETYPE_TEXT does not really look like -# a commited interface anyway the test is disabled. -# -# The test_set_default_verify_paths() test case tries to connect to -# versign.com using s_client. This does not seem to work within OWAN, even if -# your proxy variables are set. Furthermore, it's probably not a good idea to -# contact external servers for a test case anyway. -# ---- pyOpenSSL-0.13/OpenSSL/test/test_crypto.py 2013-08-26 14:57:06.933614387 -0700 -+++ pyOpenSSL-0.13/OpenSSL/test/test_crypto.py 2013-08-26 15:04:14.951459483 -0700 -@@ -2165,9 +2165,10 @@ - cert2 = load_certificate(FILETYPE_ASN1, dumped_der) - dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2) - self.assertEqual(dumped_pem2, cleartextCertificatePEM) -- dumped_text = dump_certificate(FILETYPE_TEXT, cert) -- good_text = _runopenssl(dumped_pem, "x509", "-noout", "-text") -- self.assertEqual(dumped_text, good_text) -+ # FILETYPE_TEXT does not seem to work in Solaris. -+ #dumped_text = dump_certificate(FILETYPE_TEXT, cert) -+ #good_text = _runopenssl(dumped_pem, "x509", "-noout", "-text") -+ #self.assertEqual(dumped_text, good_text) - - - def test_dump_privatekey(self): ---- pyOpenSSL-0.13/OpenSSL/test/test_ssl.py 2011-09-02 08:46:13.000000000 -0700 -+++ pyOpenSSL-0.13/OpenSSL/test/test_ssl.py 2013-08-26 15:04:14.950915143 -0700 -@@ -648,6 +648,8 @@ - if platform == "win32": - "set_default_verify_paths appears not to work on Windows. " - "See LP#404343 and LP#404344." -+ if True: -+ "Test connects to external server, skip" - else: - def test_set_default_verify_paths(self): - """ diff -r 0d6f61408e89 -r 8b703bbe2bba components/python/pyopenssl/patches/3_add_if.patch --- a/components/python/pyopenssl/patches/3_add_if.patch Sat Jan 14 13:51:41 2017 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,316 +0,0 @@ -# -# This patch adds a few more interfaces to OpenSSL functions required for IPS. -# The additional interfaces are: -# pyOpenSSL -> OpenSSL -# crypto.CRL.verify() X509_CRL_verify() -# crypto.CRL.get_issuer() X509_CRL_get_issuer() -# crypto.CRL.get_next_update() X509_CRL_get_nextUpdate() -# crypto.X509.verify() X509_verify() -# crypto.X509.check_ca() X509_check_ca() -# -# The patch also adds test cases to the pyOpenSSL test suite for the added -# functions. -# ---- pyOpenSSL-0.13/OpenSSL/crypto/crl.c 2013-08-26 15:04:14.949389722 -0700 -+++ pyOpenSSL-0.13/OpenSSL/crypto/crl.c 2013-08-26 15:05:00.183031221 -0700 -@@ -180,6 +180,84 @@ - return buffer; - } - -+static char crypto_CRL_verify_doc[] = "\n\ -+Verifies the CRL using the supplied public key\n\ -+\n\ -+@param key: a public key\n\ -+@type key: L{PKey}\n\ -+@return: True if the signature is correct.\n\ -+@raise OpenSSL.crypto.Error: If the signature is invalid or there is a\n\ -+ problem verifying the signature.\n\ -+"; -+ -+PyObject * -+crypto_CRL_verify(crypto_CRLObj *self, PyObject *args) -+{ -+ PyObject *obj; -+ crypto_PKeyObj *key; -+ int answer; -+ -+ if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &obj)) { -+ return NULL; -+ } -+ -+ key = (crypto_PKeyObj *)obj; -+ -+ if ((answer = X509_CRL_verify(self->crl, key->pkey)) <= 0) { -+ exception_from_error_queue(crypto_Error); -+ return NULL; -+ } -+ -+ return PyLong_FromLong(answer); -+} -+ -+static char crypto_CRL_get_issuer_doc[] = "\n\ -+Create an X509Name object for the issuer of the certificate\n\ -+\n\ -+@return: An X509Name object\n\ -+"; -+ -+static PyObject * -+crypto_CRL_get_issuer(crypto_CRLObj *self, PyObject *args) -+{ -+ crypto_X509NameObj *pyname; -+ X509_NAME *name; -+ -+ if (!PyArg_ParseTuple(args, ":get_issuer")) -+ return NULL; -+ -+ name = X509_CRL_get_issuer(self->crl); -+ pyname = crypto_X509Name_New(name, 0); -+ if (pyname != NULL) -+ { -+ pyname->parent_cert = (PyObject *)self; -+ Py_INCREF(self); -+ } -+ return (PyObject *)pyname; -+} -+ -+static char crypto_CRL_get_nextUpdate_doc[] = "\n\ -+Retrieve the time stamp for when the CRL gets its next update\n\ -+\n\ -+@return: A string giving the timestamp, in the format:\n\ -+\n\ -+ YYYYMMDDhhmmssZ\n\ -+ YYYYMMDDhhmmss+hhmm\n\ -+ YYYYMMDDhhmmss-hhmm\n\ -+ or None if there is no value set.\n\ -+"; -+ -+static PyObject* -+crypto_CRL_get_nextUpdate(crypto_CRLObj *self, PyObject *args) -+{ -+ /* -+ * X509_CRL_get_nextUpdate returns a borrowed reference. -+ */ -+ return _get_asn1_time( -+ ":get_nextUpdate", X509_CRL_get_nextUpdate(self->crl), args); -+} -+ -+ - crypto_CRLObj * - crypto_CRL_New(X509_CRL *crl) { - crypto_CRLObj *self; -@@ -205,6 +283,9 @@ - ADD_KW_METHOD(add_revoked), - ADD_METHOD(get_revoked), - ADD_KW_METHOD(export), -+ ADD_KW_METHOD(verify), -+ ADD_KW_METHOD(get_issuer), -+ ADD_KW_METHOD(get_nextUpdate), - { NULL, NULL } - }; - #undef ADD_METHOD ---- pyOpenSSL-0.13/OpenSSL/crypto/x509.c 2013-08-26 15:04:14.943271276 -0700 -+++ pyOpenSSL-0.13/OpenSSL/crypto/x509.c 2013-08-26 15:05:00.183501160 -0700 -@@ -761,6 +761,57 @@ - return (PyObject*)extobj; - } - -+static char crypto_X509_verify_doc[] = "\n\ -+Verifies the certificate using the supplied public key\n\ -+\n\ -+@param key: a public key\n\ -+@type key: L{PKey}\n\ -+@return: True if the signature is correct.\n\ -+@raise OpenSSL.crypto.Error: If the signature is invalid or there is a\n\ -+ problem verifying the signature.\n\ -+"; -+ -+PyObject * -+crypto_X509_verify(crypto_X509Obj *self, PyObject *args) -+{ -+ PyObject *obj; -+ crypto_PKeyObj *key; -+ int answer; -+ -+ if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &obj)) { -+ return NULL; -+ } -+ -+ key = (crypto_PKeyObj *)obj; -+ -+ if ((answer = X509_verify(self->x509, key->pkey)) <= 0) { -+ exception_from_error_queue(crypto_Error); -+ return NULL; -+ } -+ -+ return PyLong_FromLong(answer); -+} -+ -+ -+static char crypto_X509_check_ca_doc[] = "\n\ -+Checks if the certificate is a CA\n\ -+\n\ -+@return: 0 if not a CA, >0 if a CA\n\ -+"; -+ -+PyObject * -+crypto_X509_check_ca(crypto_X509Obj *self, PyObject *args) -+{ -+ int answer; -+ -+ if (!PyArg_ParseTuple(args, ":check_ca")) -+ return NULL; -+ -+ answer = X509_check_ca(self->x509); -+ -+ return PyLong_FromLong(answer); -+} -+ - /* - * ADD_METHOD(name) expands to a correct PyMethodDef declaration - * { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS } -@@ -794,6 +845,8 @@ - ADD_METHOD(add_extensions), - ADD_METHOD(get_extension), - ADD_METHOD(get_extension_count), -+ ADD_METHOD(verify), -+ ADD_METHOD(check_ca), - { NULL, NULL } - }; - #undef ADD_METHOD ---- pyOpenSSL-0.13/OpenSSL/test/test_crypto.py 2013-08-26 15:04:14.951459483 -0700 -+++ pyOpenSSL-0.13/OpenSSL/test/test_crypto.py 2013-08-26 15:14:40.335995703 -0700 -@@ -1090,6 +1090,18 @@ - WpOdIpB8KksUTCzV591Nr1wd - -----END CERTIFICATE----- - """ -+ def setUp(self): -+ # create new CA -+ self.ca_key = PKey() -+ self.ca_key.generate_key(TYPE_RSA, 384) -+ -+ self.ca = X509() -+ self.ca.get_subject().commonName = "Yoda root CA" -+ self.ca.set_issuer(self.ca.get_subject()) -+ self.ca.set_pubkey(self.ca_key) -+ self.ca.sign(self.ca_key, "sha1") -+ -+ - def signable(self): - """ - Create and return a new L{X509}. -@@ -1620,6 +1632,51 @@ - self.assertRaises(ValueError, cert.get_signature_algorithm) - - -+ def test_key_verify(self): -+ """ -+ L{X509.verify} succeeds when passed a valid CA key, raises -+ L{OpenSSL.crypto.Error} otherwise. -+ """ -+ key = PKey() -+ key.generate_key(TYPE_RSA, 384) -+ req = X509Req() -+ req.get_subject().commonName = "Master Luke" -+ req.set_pubkey(key) -+ req.sign(key, "sha1") -+ cert = X509() -+ cert.set_subject(req.get_subject()) -+ cert.set_pubkey(key) -+ cert.set_issuer(self.ca.get_subject()) -+ cert.sign(self.ca_key, "sha1") -+ -+ self.assertTrue(cert.verify(self.ca_key)) -+ self.assertRaises(Error, cert.verify, key) -+ -+ -+ def test_is_ca(self): -+ """ -+ L{X509.check_ca} returns a value >0 if certificate is a CA, returns 0 -+ if not. -+ """ -+ res = self.ca.check_ca() -+ self.assertTrue(res > 0) -+ -+ # Try with a non-ca cert -+ key = PKey() -+ key.generate_key(TYPE_RSA, 384) -+ req = X509Req() -+ req.get_subject().commonName = "Master Luke" -+ req.set_pubkey(key) -+ req.sign(key, "sha1") -+ cert = X509() -+ cert.set_subject(req.get_subject()) -+ cert.set_pubkey(key) -+ cert.set_issuer(self.ca.get_subject()) -+ cert.sign(self.ca_key, "sha1") -+ res = cert.check_ca() -+ self.assertEqual(res, 0) -+ -+ - - class PKCS12Tests(TestCase): - """ -@@ -2521,6 +2578,18 @@ - cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM) - pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) - -+ def setUp(self): -+ # create new CA -+ self.ca_key = PKey() -+ self.ca_key.generate_key(TYPE_RSA, 384) -+ -+ self.ca = X509() -+ self.ca.get_subject().commonName = "Yoda root CA" -+ self.ca.set_issuer(self.ca.get_subject()) -+ self.ca.set_pubkey(self.ca_key) -+ self.ca.sign(self.ca_key, "sha1") -+ -+ - def test_construction(self): - """ - Confirm we can create L{OpenSSL.crypto.CRL}. Check -@@ -2712,6 +2781,44 @@ - self.assertRaises(Error, load_crl, FILETYPE_PEM, "hello, world") - - -+ def test_crl_verify(self): -+ """ -+ Test that L{OpenSSL.CRL.verify} correctly verifies CRL with the -+ pubkey of the issuing CA, raises L{OpenSSL.crypto.Error} in case of -+ bogus key. -+ """ -+ s = CRL().export(self.ca, self.ca_key) -+ crl = load_crl(FILETYPE_PEM, s) -+ res = crl.verify(self.ca_key) -+ self.assertTrue(res) -+ -+ boguskey = PKey() -+ boguskey.generate_key(TYPE_RSA, 384) -+ self.assertRaises(Error, crl.verify, boguskey) -+ -+ -+ def test_crl_get_issuer(self): -+ """ -+ Test that L{OpenSSL.CRL.get_issuer} returns a L{OpenSSL.X509Name} object -+ with the correct issuer information. -+ """ -+ s = CRL().export(self.ca, self.ca_key) -+ crl = load_crl(FILETYPE_PEM, s) -+ issuer = crl.get_issuer() -+ self.assertTrue(isinstance(issuer, X509Name)) -+ self.assertTrue(issuer.commonName == self.ca.get_subject().commonName) -+ -+ -+ def test_crl_get_nextUpdate(self): -+ """ -+ Test that L{OpenSSL.CRL.get_nextUpdate} returns the correct date and -+ time of next update. -+ """ -+ crl = load_crl(FILETYPE_PEM, crlData) -+ self.assertEqual(crl.get_nextUpdate(), "20120927024152Z") -+ -+ -+ - class SignVerifyTests(TestCase): - """ - Tests for L{OpenSSL.crypto.sign} and L{OpenSSL.crypto.verify}. diff -r 0d6f61408e89 -r 8b703bbe2bba components/python/pyopenssl/pyopenssl-PYVER.p5m --- a/components/python/pyopenssl/pyopenssl-PYVER.p5m Sat Jan 14 13:51:41 2017 -0800 +++ b/components/python/pyopenssl/pyopenssl-PYVER.p5m Fri Jan 13 16:13:25 2017 -0800 @@ -20,7 +20,7 @@ # # -# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved. # set name=pkg.fmri \ @@ -38,21 +38,18 @@ set name=org.opensolaris.arc-caseid value=PSARC/2009/176 set name=org.opensolaris.consolidation value=$(CONSOLIDATION) # -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/64/SSL.so -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/64/crypto.so -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/64/rand.so -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/SSL.so +file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/SSL.py file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/__init__.py -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/crypto.so -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/rand.so -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/test/__init__.py -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/test/test_crypto.py -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/test/test_rand.py -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/test/test_ssl.py -file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/test/util.py +file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/_util.py +file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/crypto.py +file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/rand.py file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/tsafe.py file path=usr/lib/python$(PYVER)/vendor-packages/OpenSSL/version.py -file path=usr/lib/python$(PYVER)/vendor-packages/pyOpenSSL-$(COMPONENT_VERSION)-py$(PYVER).egg-info +file path=usr/lib/python$(PYVER)/vendor-packages/pyOpenSSL-$(COMPONENT_VERSION)-py$(PYVER).egg-info/PKG-INFO +file path=usr/lib/python$(PYVER)/vendor-packages/pyOpenSSL-$(COMPONENT_VERSION)-py$(PYVER).egg-info/SOURCES.txt +file path=usr/lib/python$(PYVER)/vendor-packages/pyOpenSSL-$(COMPONENT_VERSION)-py$(PYVER).egg-info/dependency_links.txt +file path=usr/lib/python$(PYVER)/vendor-packages/pyOpenSSL-$(COMPONENT_VERSION)-py$(PYVER).egg-info/requires.txt +file path=usr/lib/python$(PYVER)/vendor-packages/pyOpenSSL-$(COMPONENT_VERSION)-py$(PYVER).egg-info/top_level.txt # license LICENSE license=Apache2 diff -r 0d6f61408e89 -r 8b703bbe2bba components/python/pyopenssl/test/results-all.master --- a/components/python/pyopenssl/test/results-all.master Sat Jan 14 13:51:41 2017 -0800 +++ b/components/python/pyopenssl/test/results-all.master Fri Jan 13 16:13:25 2017 -0800 @@ -1,10 +1,616 @@ -Running test_crypto -ERROR: test_extension_count (__main__.X509Tests) -ERROR: test_get_extension (__main__.X509Tests) -FAIL: test_der (__main__.X509NameTests) -FAIL: test_digest (__main__.X509Tests) -Ran 168 tests in -FAILED (failures=2, errors=2) -Running test_rand -Ran 15 tests in -Running test_ssl +. lib/OpenSSL/SSL.py::pep8 +. lib/OpenSSL/SSL.py::pyflakes +. lib/OpenSSL/__init__.py::pep8 +. lib/OpenSSL/__init__.py::pyflakes +. lib/OpenSSL/_util.py::pep8 +. lib/OpenSSL/_util.py::pyflakes +. lib/OpenSSL/crypto.py::pep8 +. lib/OpenSSL/crypto.py::pyflakes +. lib/OpenSSL/rand.py::pep8 +. lib/OpenSSL/rand.py::pyflakes +. lib/OpenSSL/tsafe.py::pep8 +. lib/OpenSSL/tsafe.py::pyflakes +. lib/OpenSSL/version.py::pep8 +. lib/OpenSSL/version.py::pyflakes +. tests/__init__.py::pep8 +. tests/__init__.py::pyflakes +. tests/conftest.py::pep8 +. tests/conftest.py::pyflakes +. tests/memdbg.py::pep8 +. tests/memdbg.py::pyflakes +. tests/test_crypto.py::pep8 +. tests/test_crypto.py::pyflakes +. tests/test_crypto.py::X509ExtTests::test_construction +. tests/test_crypto.py::X509ExtTests::test_get_critical +. tests/test_crypto.py::X509ExtTests::test_get_data +. tests/test_crypto.py::X509ExtTests::test_get_data_wrong_args +. tests/test_crypto.py::X509ExtTests::test_get_short_name +. tests/test_crypto.py::X509ExtTests::test_invalid_extension +. tests/test_crypto.py::X509ExtTests::test_invalid_issuer +. tests/test_crypto.py::X509ExtTests::test_invalid_subject +. tests/test_crypto.py::X509ExtTests::test_issuer +. tests/test_crypto.py::X509ExtTests::test_missing_issuer +. tests/test_crypto.py::X509ExtTests::test_missing_subject +. tests/test_crypto.py::X509ExtTests::test_str +. tests/test_crypto.py::X509ExtTests::test_subject +. tests/test_crypto.py::X509ExtTests::test_type +. tests/test_crypto.py::X509ExtTests::test_unused_issuer +. tests/test_crypto.py::X509ExtTests::test_unused_subject +. tests/test_crypto.py::TestPKey::()::test_convert_from_cryptography_private_key +. tests/test_crypto.py::TestPKey::()::test_convert_from_cryptography_public_key +. tests/test_crypto.py::TestPKey::()::test_convert_from_cryptography_unsupported_type +. tests/test_crypto.py::TestPKey::()::test_convert_public_pkey_to_cryptography_key +. tests/test_crypto.py::TestPKey::()::test_convert_private_pkey_to_cryptography_key +. tests/test_crypto.py::PKeyTests::test_check_public_key +. tests/test_crypto.py::PKeyTests::test_check_wrong_args +. tests/test_crypto.py::PKeyTests::test_construction +. tests/test_crypto.py::PKeyTests::test_dsaGeneration +. tests/test_crypto.py::PKeyTests::test_failedGeneration +. tests/test_crypto.py::PKeyTests::test_inconsistentKey +. tests/test_crypto.py::PKeyTests::test_pregeneration +. tests/test_crypto.py::PKeyTests::test_regeneration +. tests/test_crypto.py::PKeyTests::test_rsaGeneration +. tests/test_crypto.py::PKeyTests::test_type +. tests/test_crypto.py::X509NameTests::test_attributes +. tests/test_crypto.py::X509NameTests::test_comparison +. tests/test_crypto.py::X509NameTests::test_copy +. tests/test_crypto.py::X509NameTests::test_der +. tests/test_crypto.py::X509NameTests::test_get_components +. tests/test_crypto.py::X509NameTests::test_hash +. tests/test_crypto.py::X509NameTests::test_load_nul_byte_attribute +. tests/test_crypto.py::X509NameTests::test_onlyStringAttributes +. tests/test_crypto.py::X509NameTests::test_repr +. tests/test_crypto.py::X509NameTests::test_setAttributeFailure +. tests/test_crypto.py::X509NameTests::test_setInvalidAttribute +. tests/test_crypto.py::X509NameTests::test_type +. tests/test_crypto.py::X509ReqTests::test_add_extensions +. tests/test_crypto.py::X509ReqTests::test_add_extensions_wrong_args +. tests/test_crypto.py::X509ReqTests::test_construction +. tests/test_crypto.py::X509ReqTests::test_get_extensions +. tests/test_crypto.py::X509ReqTests::test_get_subject +. tests/test_crypto.py::X509ReqTests::test_get_subject_wrong_args +. tests/test_crypto.py::X509ReqTests::test_sign +. tests/test_crypto.py::X509ReqTests::test_signWithPublicKey +. tests/test_crypto.py::X509ReqTests::test_signWithUngenerated +. tests/test_crypto.py::X509ReqTests::test_signWithUnknownDigest +. tests/test_crypto.py::X509ReqTests::test_type +. tests/test_crypto.py::X509ReqTests::test_verify_success +. tests/test_crypto.py::X509ReqTests::test_verify_uninitialized_key +. tests/test_crypto.py::X509ReqTests::test_verify_wrong_args +. tests/test_crypto.py::X509ReqTests::test_verify_wrong_key +. tests/test_crypto.py::X509ReqTests::test_version +. tests/test_crypto.py::X509ReqTests::test_version_wrong_args +. tests/test_crypto.py::X509Tests::test_construction +. tests/test_crypto.py::X509Tests::test_digest +. tests/test_crypto.py::X509Tests::test_extension_count +. tests/test_crypto.py::X509Tests::test_get_extension +. tests/test_crypto.py::X509Tests::test_get_issuer +. tests/test_crypto.py::X509Tests::test_get_issuer_wrong_args +. tests/test_crypto.py::X509Tests::test_get_notAfter +. tests/test_crypto.py::X509Tests::test_get_notBefore +. tests/test_crypto.py::X509Tests::test_get_pubkey_uninitialized +. tests/test_crypto.py::X509Tests::test_get_serial_number_wrong_args +. tests/test_crypto.py::X509Tests::test_get_signature_algorithm +. tests/test_crypto.py::X509Tests::test_get_subject +. tests/test_crypto.py::X509Tests::test_get_subject_wrong_args +. tests/test_crypto.py::X509Tests::test_get_undefined_signature_algorithm +. tests/test_crypto.py::X509Tests::test_get_version_wrong_args +. tests/test_crypto.py::X509Tests::test_gmtime_adj_notAfter +. tests/test_crypto.py::X509Tests::test_gmtime_adj_notAfter_wrong_args +. tests/test_crypto.py::X509Tests::test_gmtime_adj_notBefore +. tests/test_crypto.py::X509Tests::test_gmtime_adj_notBefore_wrong_args +. tests/test_crypto.py::X509Tests::test_has_expired +. tests/test_crypto.py::X509Tests::test_has_expired_wrong_args +. tests/test_crypto.py::X509Tests::test_has_not_expired +. tests/test_crypto.py::X509Tests::test_invalid_digest_algorithm +. tests/test_crypto.py::X509Tests::test_nullbyte_subjectAltName +. tests/test_crypto.py::X509Tests::test_root_has_not_expired +. tests/test_crypto.py::X509Tests::test_serial_number +. tests/test_crypto.py::X509Tests::test_set_issuer +. tests/test_crypto.py::X509Tests::test_set_issuer_wrong_args +. tests/test_crypto.py::X509Tests::test_set_notAfter +. tests/test_crypto.py::X509Tests::test_set_notBefore +. tests/test_crypto.py::X509Tests::test_set_pubkey_wrong_type +. tests/test_crypto.py::X509Tests::test_set_subject +. tests/test_crypto.py::X509Tests::test_set_subject_wrong_args +. tests/test_crypto.py::X509Tests::test_set_version_wrong_args +. tests/test_crypto.py::X509Tests::test_sign +. tests/test_crypto.py::X509Tests::test_signWithPublicKey +. tests/test_crypto.py::X509Tests::test_signWithUngenerated +. tests/test_crypto.py::X509Tests::test_signWithUnknownDigest +. tests/test_crypto.py::X509Tests::test_sign_bad_pubkey_type +. tests/test_crypto.py::X509Tests::test_subject_name_hash +. tests/test_crypto.py::X509Tests::test_subject_name_hash_wrong_args +. tests/test_crypto.py::X509Tests::test_type +. tests/test_crypto.py::X509Tests::test_version +. tests/test_crypto.py::X509StoreTests::test_add_cert +. tests/test_crypto.py::X509StoreTests::test_add_cert_rejects_duplicate +. tests/test_crypto.py::X509StoreTests::test_add_cert_wrong_args +. tests/test_crypto.py::X509StoreTests::test_type +. tests/test_crypto.py::PKCS12Tests::test_cert_only +. tests/test_crypto.py::PKCS12Tests::test_empty_construction +. tests/test_crypto.py::PKCS12Tests::test_export_without_args +. tests/test_crypto.py::PKCS12Tests::test_export_without_bytes +. tests/test_crypto.py::PKCS12Tests::test_export_without_mac +. tests/test_crypto.py::PKCS12Tests::test_friendly_name +. tests/test_crypto.py::PKCS12Tests::test_key_cert_mismatch +. tests/test_crypto.py::PKCS12Tests::test_key_only +. tests/test_crypto.py::PKCS12Tests::test_load_pkcs12 +. tests/test_crypto.py::PKCS12Tests::test_load_pkcs12_empty_passphrase_load_empty +. tests/test_crypto.py::PKCS12Tests::test_load_pkcs12_empty_passphrase_load_null +. tests/test_crypto.py::PKCS12Tests::test_load_pkcs12_garbage +. tests/test_crypto.py::PKCS12Tests::test_load_pkcs12_no_passphrase +. tests/test_crypto.py::PKCS12Tests::test_load_pkcs12_null_passphrase_load_empty +. tests/test_crypto.py::PKCS12Tests::test_load_pkcs12_null_passphrase_load_null +. tests/test_crypto.py::PKCS12Tests::test_load_pkcs12_text_passphrase +. tests/test_crypto.py::PKCS12Tests::test_load_without_mac +. tests/test_crypto.py::PKCS12Tests::test_removing_ca_cert +. tests/test_crypto.py::PKCS12Tests::test_replace +. tests/test_crypto.py::PKCS12Tests::test_type +. tests/test_crypto.py::PKCS12Tests::test_type_errors +. tests/test_crypto.py::PKCS12Tests::test_various_empty_passphrases +. tests/test_crypto.py::PKCS12Tests::test_zero_len_list_for_ca +. tests/test_crypto.py::TestLoadPublicKey::()::test_loading_works +. tests/test_crypto.py::TestLoadPublicKey::()::test_invalid_type +. tests/test_crypto.py::TestLoadPublicKey::()::test_invalid_key_format +. tests/test_crypto.py::TestLoadPublicKey::()::test_tolerates_unicode_strings +F tests/test_crypto.py::FunctionTests::test_dump_certificate + self = + + def test_dump_certificate(self): + """ + :py:obj:`dump_certificate` writes PEM, DER, and text. + """ + pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM + cert = load_certificate(FILETYPE_PEM, pemData) + dumped_pem = dump_certificate(FILETYPE_PEM, cert) + self.assertEqual(dumped_pem, cleartextCertificatePEM) + dumped_der = dump_certificate(FILETYPE_ASN1, cert) + good_der = _runopenssl(dumped_pem, b"x509", b"-outform", b"DER") + self.assertEqual(dumped_der, good_der) + cert2 = load_certificate(FILETYPE_ASN1, dumped_der) + dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2) + self.assertEqual(dumped_pem2, cleartextCertificatePEM) + dumped_text = dump_certificate(FILETYPE_TEXT, cert) + good_text = _runopenssl( + dumped_pem, b"x509", b"-noout", b"-text", b"-nameopt", b"") + > self.assertEqual(dumped_text, good_text) + E AssertionError: 'Certificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 3d:0c:c4:e0:c6:de:b9:f4\n Signature Algorithm: sha1WithRSAEncryption\n Issuer: C=US, ST=IL, L=Chicago, O=Testing, CN=Testing Root CA\n Validity\n Not Before: Mar 25 12:36:58 2009 GMT\n Not After : Jun 11 12:36:58 2017 GMT\n Subject: C=US, ST=IL, L=Chicago, O=Testing, CN=Testing Root CA\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n Public-Key: (1024 bit)\n Modulus:\n 00:f9:9a:42:e9:8b:ba:ba:44:e7:6e:ee:48:41:dd:\n 2f:5a:6a:70:34:66:5b:3b:be:f7:c6:3a:60:7c:d3:\n fc:9e:ca:58:46:a6:c8:c0:8d:67:a7:d1:5b:52:42:\n 47:bf:36:51:0f:1a:d3:b7:f2:db:15:ec:2b:2e:16:\n 74:a6:b1:c8:6f:02:71:ab:70:99:7b:e9:bd:14:38:\n e1:d4:80:34:c8:a1:1c:42:e9:00:d4:dd:c9:5a:7a:\n 0c:2c:ac:10:3e:b0:91:01:6e:ac:79:45:d5:db:21:\n 11:a2:70:f1:bf:f2:a4:38:66:6d:52:28:e8:28:b5:\n c6:f0:89:aa:2b:db:2c:59:db\n Exponent: 65537 (0x10001)\n X509v3 extensions:\n X509v3 Subject Key Identifier: \n 83:55:77:2D:5E:21:F1:49:0C:09:24:E7:54:09:12:8D:C8:7E:04:AE\n X509v3 Authority Key Identifier: \n keyid:83:55:77:2D:5E:21:F1:49:0C:09:24:E7:54:09:12:8D:C8:7E:04:AE\n DirName:/C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA\n serial:3D:0C:C4:E0:C6:DE:B9:F4\n\n X509v3 Basic Constraints: \n CA:TRUE\n Signature Algorithm: sha1WithRSAEncryption\n 61:82:0d:ac:cc:24:6a:16:34:1a:5c:d3:7b:ba:fa:c9:9c:f7:\n 97:44:79:a7:76:2a:56:57:04:04:ce:74:54:f5:55:eb:18:df:\n e9:d4:3a:a6:61:12:14:c6:94:33:22:86:48:1a:66:7c:e8:22:\n af:d4:6a:68:9d:7a:09:38:86:2a:ec:09:3f:d1:fb:ab:ec:28:\n 00:31:35:37:01:8d:47:99:8e:5c:a4:08:95:b2:e6:88:d2:84:\n 67:ed:5c:82:98:c3:f9:e3:55:b2:8c:5e:bb:dc:f3:7a:a6:4d:\n d1:a5:dd:30:0c:d1:fc:50:22:9a:a0:72:09:45:2e:f7:84:06:\n 0c:e7\n' != 'Certificate:\n Data:\n Version: 3 (0x2)\n Serial Number: 4399107405722335732 (0x3d0cc4e0c6deb9f4)\n Signature Algorithm: sha1WithRSAEncryption\n Issuer: C=US, ST=IL, L=Chicago, O=Testing, CN=Testing Root CA\n Validity\n Not Before: Mar 25 12:36:58 2009 GMT\n Not After : Jun 11 12:36:58 2017 GMT\n Subject: C=US, ST=IL, L=Chicago, O=Testing, CN=Testing Root CA\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n Public-Key: (1024 bit)\n Modulus:\n 00:f9:9a:42:e9:8b:ba:ba:44:e7:6e:ee:48:41:dd:\n 2f:5a:6a:70:34:66:5b:3b:be:f7:c6:3a:60:7c:d3:\n fc:9e:ca:58:46:a6:c8:c0:8d:67:a7:d1:5b:52:42:\n 47:bf:36:51:0f:1a:d3:b7:f2:db:15:ec:2b:2e:16:\n 74:a6:b1:c8:6f:02:71:ab:70:99:7b:e9:bd:14:38:\n e1:d4:80:34:c8:a1:1c:42:e9:00:d4:dd:c9:5a:7a:\n 0c:2c:ac:10:3e:b0:91:01:6e:ac:79:45:d5:db:21:\n 11:a2:70:f1:bf:f2:a4:38:66:6d:52:28:e8:28:b5:\n c6:f0:89:aa:2b:db:2c:59:db\n Exponent: 65537 (0x10001)\n X509v3 extensions:\n X509v3 Subject Key Identifier: \n 83:55:77:2D:5E:21:F1:49:0C:09:24:E7:54:09:12:8D:C8:7E:04:AE\n X509v3 Authority Key Identifier: \n keyid:83:55:77:2D:5E:21:F1:49:0C:09:24:E7:54:09:12:8D:C8:7E:04:AE\n DirName:/C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA\n serial:3D:0C:C4:E0:C6:DE:B9:F4\n\n X509v3 Basic Constraints: \n CA:TRUE\n Signature Algorithm: sha1WithRSAEncryption\n 61:82:0d:ac:cc:24:6a:16:34:1a:5c:d3:7b:ba:fa:c9:9c:f7:\n 97:44:79:a7:76:2a:56:57:04:04:ce:74:54:f5:55:eb:18:df:\n e9:d4:3a:a6:61:12:14:c6:94:33:22:86:48:1a:66:7c:e8:22:\n af:d4:6a:68:9d:7a:09:38:86:2a:ec:09:3f:d1:fb:ab:ec:28:\n 00:31:35:37:01:8d:47:99:8e:5c:a4:08:95:b2:e6:88:d2:84:\n 67:ed:5c:82:98:c3:f9:e3:55:b2:8c:5e:bb:dc:f3:7a:a6:4d:\n d1:a5:dd:30:0c:d1:fc:50:22:9a:a0:72:09:45:2e:f7:84:06:\n 0c:e7\n' + + tests/test_crypto.py:2781: AssertionError +. tests/test_crypto.py::FunctionTests::test_dump_certificate_bad_type +. tests/test_crypto.py::FunctionTests::test_dump_certificate_request +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_asn1 +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_invalid_filetype +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_invalid_passphrase_type +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_passphrase +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_passphraseCallback +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_passphraseCallbackLength +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_passphraseWrongType +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_passphrase_exception +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_pem +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_text +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_unknown_cipher +. tests/test_crypto.py::FunctionTests::test_dump_privatekey_wrong_args +. tests/test_crypto.py::FunctionTests::test_dump_publickey_asn1 +. tests/test_crypto.py::FunctionTests::test_dump_publickey_invalid_type +. tests/test_crypto.py::FunctionTests::test_dump_publickey_pem +. tests/test_crypto.py::FunctionTests::test_load_pkcs7_data_asn1 +. tests/test_crypto.py::FunctionTests::test_load_pkcs7_data_invalid +. tests/test_crypto.py::FunctionTests::test_load_pkcs7_data_pem +. tests/test_crypto.py::FunctionTests::test_load_pkcs7_type_invalid +. tests/test_crypto.py::FunctionTests::test_load_privatekey_invalid_format +. tests/test_crypto.py::FunctionTests::test_load_privatekey_invalid_passphrase_type +. tests/test_crypto.py::FunctionTests::test_load_privatekey_passphrase +. tests/test_crypto.py::FunctionTests::test_load_privatekey_passphraseCallback +. tests/test_crypto.py::FunctionTests::test_load_privatekey_passphraseCallbackLength +. tests/test_crypto.py::FunctionTests::test_load_privatekey_passphraseWrongType +. tests/test_crypto.py::FunctionTests::test_load_privatekey_passphrase_exception +. tests/test_crypto.py::FunctionTests::test_load_privatekey_passphrase_wrong_return_type +. tests/test_crypto.py::FunctionTests::test_load_privatekey_wrongPassphrase +. tests/test_crypto.py::FunctionTests::test_load_privatekey_wrongPassphraseCallback +. tests/test_crypto.py::FunctionTests::test_load_privatekey_wrong_args +. tests/test_crypto.py::LoadCertificateTests::test_badFileType +. tests/test_crypto.py::LoadCertificateTests::test_bad_certificate +. tests/test_crypto.py::PKCS7Tests::test_attribute +. tests/test_crypto.py::PKCS7Tests::test_get_type_name +. tests/test_crypto.py::PKCS7Tests::test_get_type_name_wrong_args +. tests/test_crypto.py::PKCS7Tests::test_type +. tests/test_crypto.py::PKCS7Tests::test_type_is_data +. tests/test_crypto.py::PKCS7Tests::test_type_is_data_wrong_args +. tests/test_crypto.py::PKCS7Tests::test_type_is_enveloped +. tests/test_crypto.py::PKCS7Tests::test_type_is_enveloped_wrong_args +. tests/test_crypto.py::PKCS7Tests::test_type_is_signed +. tests/test_crypto.py::PKCS7Tests::test_type_is_signedAndEnveloped +. tests/test_crypto.py::PKCS7Tests::test_type_is_signedAndEnveloped_wrong_args +. tests/test_crypto.py::PKCS7Tests::test_type_is_signed_wrong_args +. tests/test_crypto.py::NetscapeSPKITests::test_b64_encode +. tests/test_crypto.py::NetscapeSPKITests::test_construction +. tests/test_crypto.py::NetscapeSPKITests::test_invalid_attribute +. tests/test_crypto.py::NetscapeSPKITests::test_sign +. tests/test_crypto.py::NetscapeSPKITests::test_signWithPublicKey +. tests/test_crypto.py::NetscapeSPKITests::test_signWithUngenerated +. tests/test_crypto.py::NetscapeSPKITests::test_signWithUnknownDigest +. tests/test_crypto.py::NetscapeSPKITests::test_type +. tests/test_crypto.py::TestRevoked::()::test_ignores_unsupported_revoked_cert_extension_get_reason +. tests/test_crypto.py::TestRevoked::()::test_ignores_unsupported_revoked_cert_extension_set_new_reason +. tests/test_crypto.py::RevokedTests::test_construction +. tests/test_crypto.py::RevokedTests::test_construction_wrong_args +. tests/test_crypto.py::RevokedTests::test_date +. tests/test_crypto.py::RevokedTests::test_get_reason_wrong_arguments +. tests/test_crypto.py::RevokedTests::test_reason +. tests/test_crypto.py::RevokedTests::test_serial +. tests/test_crypto.py::RevokedTests::test_set_reason_wrong_arguments +. tests/test_crypto.py::CRLTests::test_add_revoked_keyword +. tests/test_crypto.py::CRLTests::test_add_revoked_wrong_args +. tests/test_crypto.py::CRLTests::test_construction +. tests/test_crypto.py::CRLTests::test_construction_wrong_args +. tests/test_crypto.py::CRLTests::test_dump_crl +. tests/test_crypto.py::CRLTests::test_export_custom_digest +. tests/test_crypto.py::CRLTests::test_export_default_digest +. tests/test_crypto.py::CRLTests::test_export_der +. tests/test_crypto.py::CRLTests::test_export_invalid +. tests/test_crypto.py::CRLTests::test_export_md5_digest +. tests/test_crypto.py::CRLTests::test_export_pem +. tests/test_crypto.py::CRLTests::test_export_text +. tests/test_crypto.py::CRLTests::test_export_unknown_digest +. tests/test_crypto.py::CRLTests::test_export_unknown_filetype +. tests/test_crypto.py::CRLTests::test_export_wrong_args +. tests/test_crypto.py::CRLTests::test_get_issuer +. tests/test_crypto.py::CRLTests::test_get_revoked +. tests/test_crypto.py::CRLTests::test_get_revoked_wrong_args +. tests/test_crypto.py::CRLTests::test_load_crl +. tests/test_crypto.py::CRLTests::test_load_crl_bad_data +. tests/test_crypto.py::CRLTests::test_load_crl_bad_filetype +. tests/test_crypto.py::CRLTests::test_load_crl_wrong_args +. tests/test_crypto.py::CRLTests::test_verify_with_missing_crl +. tests/test_crypto.py::CRLTests::test_verify_with_revoked +. tests/test_crypto.py::X509StoreContextTests::test_invalid_chain_no_intermediate +. tests/test_crypto.py::X509StoreContextTests::test_invalid_chain_no_root +. tests/test_crypto.py::X509StoreContextTests::test_modification_pre_verify +. tests/test_crypto.py::X509StoreContextTests::test_reuse +. tests/test_crypto.py::X509StoreContextTests::test_trusted_self_signed +. tests/test_crypto.py::X509StoreContextTests::test_untrusted_self_signed +. tests/test_crypto.py::X509StoreContextTests::test_valid +. tests/test_crypto.py::SignVerifyTests::test_sign_nulls +. tests/test_crypto.py::SignVerifyTests::test_sign_verify +. tests/test_crypto.py::SignVerifyTests::test_sign_verify_with_text +. tests/test_crypto.py::SignVerifyTests::test_sign_with_large_key +. tests/test_crypto.py::EllipticCurveTests::test_a_curve +. tests/test_crypto.py::EllipticCurveTests::test_not_a_curve +. tests/test_crypto.py::EllipticCurveTests::test_repr +. tests/test_crypto.py::EllipticCurveTests::test_set +. tests/test_crypto.py::EllipticCurveTests::test_some_curves +. tests/test_crypto.py::EllipticCurveTests::test_to_EC_KEY +. tests/test_crypto.py::EllipticCurveEqualityTests::test_anotherTypeEq +. tests/test_crypto.py::EllipticCurveEqualityTests::test_anotherTypeNe +. tests/test_crypto.py::EllipticCurveEqualityTests::test_delegateNe +. tests/test_crypto.py::EllipticCurveEqualityTests::test_delegatedEq +. tests/test_crypto.py::EllipticCurveEqualityTests::test_differentEq +. tests/test_crypto.py::EllipticCurveEqualityTests::test_differentNe +. tests/test_crypto.py::EllipticCurveEqualityTests::test_identicalEq +. tests/test_crypto.py::EllipticCurveEqualityTests::test_identicalNe +. tests/test_crypto.py::EllipticCurveEqualityTests::test_sameEq +. tests/test_crypto.py::EllipticCurveEqualityTests::test_sameNe +. tests/test_crypto.py::EllipticCurveHashTests::test_contains +. tests/test_crypto.py::EllipticCurveHashTests::test_does_not_contain +. tests/test_rand.py::pep8 +. tests/test_rand.py::pyflakes +. tests/test_rand.py::RandTests::test_add +. tests/test_rand.py::RandTests::test_add_wrong_args +. tests/test_rand.py::RandTests::test_bytes +. tests/test_rand.py::RandTests::test_bytes_paths +. tests/test_rand.py::RandTests::test_bytes_wrong_args +. tests/test_rand.py::RandTests::test_cleanup +. tests/test_rand.py::RandTests::test_cleanup_wrong_args +. tests/test_rand.py::RandTests::test_egd_warning +. tests/test_rand.py::RandTests::test_egd_wrong_args +. tests/test_rand.py::RandTests::test_insufficientMemory +. tests/test_rand.py::RandTests::test_load_file_wrong_args +. tests/test_rand.py::RandTests::test_seed +. tests/test_rand.py::RandTests::test_seed_wrong_args +. tests/test_rand.py::RandTests::test_status +. tests/test_rand.py::RandTests::test_status_wrong_args +. tests/test_rand.py::RandTests::test_unicode_paths +. tests/test_rand.py::RandTests::test_write_file_wrong_args +. tests/test_ssl.py::pep8 +. tests/test_ssl.py::pyflakes +. tests/test_ssl.py::VersionTests::test_OPENSSL_VERSION_NUMBER +. tests/test_ssl.py::VersionTests::test_SSLeay_version +. tests/test_ssl.py::TestContext::()::test_set_cipher_list[0hello world:AES128-SHA] +. tests/test_ssl.py::TestContext::()::test_set_cipher_list[1hello world:AES128-SHA] +. tests/test_ssl.py::TestContext::()::test_set_cipher_list_wrong_args[cipher_list0-TypeError] +. tests/test_ssl.py::TestContext::()::test_set_cipher_list_wrong_args[imaginary-cipher-Error] +. tests/test_ssl.py::TestContext::()::test_load_client_ca +. tests/test_ssl.py::TestContext::()::test_load_client_ca_invalid +. tests/test_ssl.py::TestContext::()::test_load_client_ca_unicode +. tests/test_ssl.py::TestContext::()::test_set_session_id +. tests/test_ssl.py::TestContext::()::test_set_session_id_fail +. tests/test_ssl.py::TestContext::()::test_set_session_id_unicode +. tests/test_ssl.py::ContextTests::test_add_extra_chain_cert +. tests/test_ssl.py::ContextTests::test_add_extra_chain_cert_invalid_cert +. tests/test_ssl.py::ContextTests::test_app_data +. tests/test_ssl.py::ContextTests::test_check_privatekey_invalid +. tests/test_ssl.py::ContextTests::test_check_privatekey_valid +. tests/test_ssl.py::ContextTests::test_check_privatekey_wrong_args +. tests/test_ssl.py::ContextTests::test_get_app_data_wrong_args +. tests/test_ssl.py::ContextTests::test_get_cert_store +. tests/test_ssl.py::ContextTests::test_get_session_cache_mode_wrong_args +. tests/test_ssl.py::ContextTests::test_get_timeout_wrong_args +. tests/test_ssl.py::ContextTests::test_get_verify_depth_wrong_args +. tests/test_ssl.py::ContextTests::test_get_verify_mode_wrong_args +. tests/test_ssl.py::ContextTests::test_load_tmp_dh_bytes +. tests/test_ssl.py::ContextTests::test_load_tmp_dh_missing_file +. tests/test_ssl.py::ContextTests::test_load_tmp_dh_unicode +. tests/test_ssl.py::ContextTests::test_load_tmp_dh_wrong_args +. tests/test_ssl.py::ContextTests::test_load_verify_bytes_cafile +. tests/test_ssl.py::ContextTests::test_load_verify_directory_bytes_capath +. tests/test_ssl.py::ContextTests::test_load_verify_directory_unicode_capath +. tests/test_ssl.py::ContextTests::test_load_verify_invalid_file +. tests/test_ssl.py::ContextTests::test_load_verify_locations_wrong_args +. tests/test_ssl.py::ContextTests::test_load_verify_unicode_cafile +. tests/test_ssl.py::ContextTests::test_method +. tests/test_ssl.py::ContextTests::test_method_long +. tests/test_ssl.py::ContextTests::test_passwd_callback_exception +. tests/test_ssl.py::ContextTests::test_passwd_callback_false +. tests/test_ssl.py::ContextTests::test_passwd_callback_non_string +. tests/test_ssl.py::ContextTests::test_passwd_callback_too_long +. tests/test_ssl.py::ContextTests::test_session_cache_mode +. tests/test_ssl.py::ContextTests::test_session_cache_mode_long +. tests/test_ssl.py::ContextTests::test_set_app_data_wrong_args +s tests/test_ssl.py::ContextTests::test_set_default_verify_paths + Skipped: This test doesn't work within OWAN, even with proxy set +. tests/test_ssl.py::ContextTests::test_set_default_verify_paths_signature +. tests/test_ssl.py::ContextTests::test_set_info_callback +. tests/test_ssl.py::ContextTests::test_set_mode +. tests/test_ssl.py::ContextTests::test_set_mode_long +. tests/test_ssl.py::ContextTests::test_set_mode_wrong_args +. tests/test_ssl.py::ContextTests::test_set_options +. tests/test_ssl.py::ContextTests::test_set_options_long +. tests/test_ssl.py::ContextTests::test_set_options_wrong_args +. tests/test_ssl.py::ContextTests::test_set_passwd_cb +. tests/test_ssl.py::ContextTests::test_set_passwd_cb_wrong_args +. tests/test_ssl.py::ContextTests::test_set_session_cache_mode_wrong_args +. tests/test_ssl.py::ContextTests::test_set_timeout_wrong_args +. tests/test_ssl.py::ContextTests::test_set_tmp_ecdh +. tests/test_ssl.py::ContextTests::test_set_verify_callback_connection_argument +. tests/test_ssl.py::ContextTests::test_set_verify_callback_exception +. tests/test_ssl.py::ContextTests::test_set_verify_depth_wrong_args +. tests/test_ssl.py::ContextTests::test_set_verify_mode +. tests/test_ssl.py::ContextTests::test_set_verify_mode_long +. tests/test_ssl.py::ContextTests::test_timeout +. tests/test_ssl.py::ContextTests::test_timeout_long +. tests/test_ssl.py::ContextTests::test_type +. tests/test_ssl.py::ContextTests::test_use_certificate +. tests/test_ssl.py::ContextTests::test_use_certificate_chain_file_bytes +. tests/test_ssl.py::ContextTests::test_use_certificate_chain_file_unicode +. tests/test_ssl.py::ContextTests::test_use_certificate_chain_file_wrong_args +. tests/test_ssl.py::ContextTests::test_use_certificate_file_bytes +. tests/test_ssl.py::ContextTests::test_use_certificate_file_long +. tests/test_ssl.py::ContextTests::test_use_certificate_file_missing +. tests/test_ssl.py::ContextTests::test_use_certificate_file_unicode +. tests/test_ssl.py::ContextTests::test_use_certificate_file_wrong_args +. tests/test_ssl.py::ContextTests::test_use_certificate_uninitialized +. tests/test_ssl.py::ContextTests::test_use_certificate_wrong_args +. tests/test_ssl.py::ContextTests::test_use_privatekey +. tests/test_ssl.py::ContextTests::test_use_privatekey_file_bytes +. tests/test_ssl.py::ContextTests::test_use_privatekey_file_long +. tests/test_ssl.py::ContextTests::test_use_privatekey_file_missing +. tests/test_ssl.py::ContextTests::test_use_privatekey_file_unicode +. tests/test_ssl.py::ContextTests::test_verify_depth +. tests/test_ssl.py::ContextTests::test_verify_depth_long +. tests/test_ssl.py::ServerNameCallbackTests::test_no_servername +. tests/test_ssl.py::ServerNameCallbackTests::test_old_callback_forgotten +. tests/test_ssl.py::ServerNameCallbackTests::test_servername +. tests/test_ssl.py::ServerNameCallbackTests::test_wrong_args +. tests/test_ssl.py::NextProtoNegotiationTests::test_npn_advertise_error +. tests/test_ssl.py::NextProtoNegotiationTests::test_npn_client_fail +. tests/test_ssl.py::NextProtoNegotiationTests::test_npn_select_error +. tests/test_ssl.py::NextProtoNegotiationTests::test_npn_success +. tests/test_ssl.py::ApplicationLayerProtoNegotiationTests::test_alpn_callback_exception +. tests/test_ssl.py::ApplicationLayerProtoNegotiationTests::test_alpn_no_server +. tests/test_ssl.py::ApplicationLayerProtoNegotiationTests::test_alpn_server_fail +. tests/test_ssl.py::ApplicationLayerProtoNegotiationTests::test_alpn_set_on_connection +. tests/test_ssl.py::ApplicationLayerProtoNegotiationTests::test_alpn_success +. tests/test_ssl.py::SessionTests::test_construction +. tests/test_ssl.py::SessionTests::test_construction_wrong_args +. tests/test_ssl.py::ConnectionTests::test_accept +. tests/test_ssl.py::ConnectionTests::test_accept_wrong_args +. tests/test_ssl.py::ConnectionTests::test_app_data +. tests/test_ssl.py::ConnectionTests::test_app_data_wrong_args +. tests/test_ssl.py::ConnectionTests::test_client_get_session +. tests/test_ssl.py::ConnectionTests::test_client_set_session +. tests/test_ssl.py::ConnectionTests::test_connect +. tests/test_ssl.py::ConnectionTests::test_connect_ex +. tests/test_ssl.py::ConnectionTests::test_connect_refused +. tests/test_ssl.py::ConnectionTests::test_connect_wrong_args +. tests/test_ssl.py::ConnectionTests::test_connection_undefined_attr +. tests/test_ssl.py::ConnectionTests::test_get_cipher_bits +. tests/test_ssl.py::ConnectionTests::test_get_cipher_bits_before_connect +. tests/test_ssl.py::ConnectionTests::test_get_cipher_name +. tests/test_ssl.py::ConnectionTests::test_get_cipher_name_before_connect +. tests/test_ssl.py::ConnectionTests::test_get_cipher_version +. tests/test_ssl.py::ConnectionTests::test_get_cipher_version_before_connect +. tests/test_ssl.py::ConnectionTests::test_get_context +. tests/test_ssl.py::ConnectionTests::test_get_context_wrong_args +. tests/test_ssl.py::ConnectionTests::test_get_finished +. tests/test_ssl.py::ConnectionTests::test_get_finished_before_connect +. tests/test_ssl.py::ConnectionTests::test_get_peer_cert_chain +. tests/test_ssl.py::ConnectionTests::test_get_peer_cert_chain_none +. tests/test_ssl.py::ConnectionTests::test_get_peer_cert_chain_wrong_args +. tests/test_ssl.py::ConnectionTests::test_get_peer_finished +. tests/test_ssl.py::ConnectionTests::test_get_peer_finished_before_connect +. tests/test_ssl.py::ConnectionTests::test_get_protocol_version +. tests/test_ssl.py::ConnectionTests::test_get_protocol_version_name +. tests/test_ssl.py::ConnectionTests::test_get_servername_wrong_args +. tests/test_ssl.py::ConnectionTests::test_get_session_unconnected +. tests/test_ssl.py::ConnectionTests::test_get_session_wrong_args +. tests/test_ssl.py::ConnectionTests::test_makefile +. tests/test_ssl.py::ConnectionTests::test_peek +. tests/test_ssl.py::ConnectionTests::test_pending +. tests/test_ssl.py::ConnectionTests::test_pending_wrong_args +. tests/test_ssl.py::ConnectionTests::test_server_get_session +. tests/test_ssl.py::ConnectionTests::test_set_context +. tests/test_ssl.py::ConnectionTests::test_set_context_wrong_args +. tests/test_ssl.py::ConnectionTests::test_set_session_wrong_args +F tests/test_ssl.py::ConnectionTests::test_set_session_wrong_method + self = + + def test_set_session_wrong_method(self): + """ + If :py:obj:`Connection.set_session` is passed a :py:class:`Session` + instance associated with a context using a different SSL method than + the :py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is + raised. + """ + # Make this work on both OpenSSL 1.0.0, which doesn't support TLSv1.2 + # and also on OpenSSL 1.1.0 which doesn't support SSLv3. (SSL_ST_INIT + # is a way to check for 1.1.0) + if SSL_ST_INIT is not None: + v1 = TLSv1_METHOD + v2 = SSLv3_METHOD + else: + v1 = TLSv1_2_METHOD + v2 = TLSv1_METHOD + + key = load_privatekey(FILETYPE_PEM, server_key_pem) + cert = load_certificate(FILETYPE_PEM, server_cert_pem) + ctx = Context(v1) + ctx.use_privatekey(key) + ctx.use_certificate(cert) + ctx.set_session_id("unity-test") + + def makeServer(socket): + server = Connection(ctx, socket) + server.set_accept_state() + return server + + def makeOriginalClient(socket): + client = Connection(Context(v1), socket) + client.set_connect_state() + return client + + originalServer, originalClient = self._loopback( + serverFactory=makeServer, clientFactory=makeOriginalClient) + originalSession = originalClient.get_session() + + def makeClient(socket): + # Intentionally use a different, incompatible method here. + client = Connection(Context(v2), socket) + client.set_connect_state() + client.set_session(originalSession) + return client + + self.assertRaises( + Error, + > self._loopback, clientFactory=makeClient, serverFactory=makeServer) + + tests/test_ssl.py:2689: + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + tests/util.py:283: in failUnlessRaises + f(*args, **kwargs) + tests/test_ssl.py:251: in _loopback + client = clientFactory(client) + tests/test_ssl.py:2682: in makeClient + client = Connection(Context(v2), socket) + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + + self = , method = 2 + + def __init__(self, method): + """ + :param method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or + TLSv1_METHOD. + """ + if not isinstance(method, integer_types): + raise TypeError("method must be an integer") + + try: + method_func = self._methods[method] + except KeyError: + > raise ValueError("No such protocol") + E ValueError: No such protocol + + ../prototype/i386/usr/lib/python2.7/vendor-packages/OpenSSL/SSL.py:468: ValueError +. tests/test_ssl.py::ConnectionTests::test_set_shutdown +. tests/test_ssl.py::ConnectionTests::test_set_shutdown_long +. tests/test_ssl.py::ConnectionTests::test_set_tlsext_host_name_wrong_args +. tests/test_ssl.py::ConnectionTests::test_shutdown +. tests/test_ssl.py::ConnectionTests::test_shutdown_closed +. tests/test_ssl.py::ConnectionTests::test_shutdown_truncated +. tests/test_ssl.py::ConnectionTests::test_shutdown_wrong_args +. tests/test_ssl.py::ConnectionTests::test_state_string +. tests/test_ssl.py::ConnectionTests::test_tls_finished_message_symmetry +. tests/test_ssl.py::ConnectionTests::test_type +. tests/test_ssl.py::ConnectionTests::test_wantWriteError +. tests/test_ssl.py::ConnectionGetCipherListTests::test_result +. tests/test_ssl.py::ConnectionGetCipherListTests::test_wrong_args +. tests/test_ssl.py::ConnectionSendTests::test_short_buffer +. tests/test_ssl.py::ConnectionSendTests::test_short_bytes +. tests/test_ssl.py::ConnectionSendTests::test_short_memoryview +. tests/test_ssl.py::ConnectionSendTests::test_text +. tests/test_ssl.py::ConnectionSendTests::test_wrong_args +. tests/test_ssl.py::ConnectionRecvIntoTests::test_bytearray_doesnt_overfill +. tests/test_ssl.py::ConnectionRecvIntoTests::test_bytearray_no_length +. tests/test_ssl.py::ConnectionRecvIntoTests::test_bytearray_really_doesnt_overfill +. tests/test_ssl.py::ConnectionRecvIntoTests::test_bytearray_respects_length +. tests/test_ssl.py::ConnectionRecvIntoTests::test_memoryview_doesnt_overfill +. tests/test_ssl.py::ConnectionRecvIntoTests::test_memoryview_no_length +. tests/test_ssl.py::ConnectionRecvIntoTests::test_memoryview_really_doesnt_overfill +. tests/test_ssl.py::ConnectionRecvIntoTests::test_memoryview_respects_length +. tests/test_ssl.py::ConnectionRecvIntoTests::test_peek +. tests/test_ssl.py::ConnectionSendallTests::test_closed +. tests/test_ssl.py::ConnectionSendallTests::test_long +. tests/test_ssl.py::ConnectionSendallTests::test_short +. tests/test_ssl.py::ConnectionSendallTests::test_short_buffers +. tests/test_ssl.py::ConnectionSendallTests::test_short_memoryview +. tests/test_ssl.py::ConnectionSendallTests::test_text +. tests/test_ssl.py::ConnectionSendallTests::test_wrong_args +. tests/test_ssl.py::ConnectionRenegotiateTests::test_renegotiate +. tests/test_ssl.py::ConnectionRenegotiateTests::test_renegotiate_wrong_args +. tests/test_ssl.py::ConnectionRenegotiateTests::test_total_renegotiations +. tests/test_ssl.py::ConnectionRenegotiateTests::test_total_renegotiations_wrong_args +. tests/test_ssl.py::ErrorTests::test_type +. tests/test_ssl.py::ConstantsTests::test_op_cookie_exchange +. tests/test_ssl.py::ConstantsTests::test_op_no_compression +. tests/test_ssl.py::ConstantsTests::test_op_no_query_mtu +. tests/test_ssl.py::ConstantsTests::test_op_no_ticket +. tests/test_ssl.py::ConstantsTests::test_sess_cache_both +. tests/test_ssl.py::ConstantsTests::test_sess_cache_client +. tests/test_ssl.py::ConstantsTests::test_sess_cache_no_auto_clear +. tests/test_ssl.py::ConstantsTests::test_sess_cache_no_internal +. tests/test_ssl.py::ConstantsTests::test_sess_cache_no_internal_lookup +. tests/test_ssl.py::ConstantsTests::test_sess_cache_no_internal_store +. tests/test_ssl.py::ConstantsTests::test_sess_cache_off +. tests/test_ssl.py::ConstantsTests::test_sess_cache_server +. tests/test_ssl.py::MemoryBIOTests::test_add_client_ca_errors +. tests/test_ssl.py::MemoryBIOTests::test_memoryConnect +. tests/test_ssl.py::MemoryBIOTests::test_multiple_add_client_ca +. tests/test_ssl.py::MemoryBIOTests::test_mutated_ca_list +. tests/test_ssl.py::MemoryBIOTests::test_one_add_client_ca +. tests/test_ssl.py::MemoryBIOTests::test_outgoingOverflow +. tests/test_ssl.py::MemoryBIOTests::test_reset_ca_list +. tests/test_ssl.py::MemoryBIOTests::test_set_after_add_client_ca +. tests/test_ssl.py::MemoryBIOTests::test_set_and_add_client_ca +. tests/test_ssl.py::MemoryBIOTests::test_set_client_ca_list_errors +. tests/test_ssl.py::MemoryBIOTests::test_set_empty_ca_list +. tests/test_ssl.py::MemoryBIOTests::test_set_multiple_ca_list +. tests/test_ssl.py::MemoryBIOTests::test_set_one_ca_list +. tests/test_ssl.py::MemoryBIOTests::test_shutdown +. tests/test_ssl.py::MemoryBIOTests::test_socketConnect +. tests/test_ssl.py::MemoryBIOTests::test_socketOverridesMemory +. tests/test_ssl.py::MemoryBIOTests::test_unexpectedEndOfFile +. tests/test_ssl.py::ConnectionBIOTests::test_buffer_size +. tests/test_ssl.py::ConnectionBIOTests::test_buffer_size_long +. tests/test_ssl.py::ConnectionBIOTests::test_wantReadError +. tests/test_ssl.py::InfoConstantTests::test_integers +. tests/test_ssl.py::TestRequires::()::test_available +. tests/test_ssl.py::TestRequires::()::test_unavailable +. tests/test_tsafe.py::pep8 +. tests/test_tsafe.py::pyflakes +. tests/test_tsafe.py::ConnectionTest::test_instantiation +. tests/test_util.py::pep8 +. tests/test_util.py::pyflakes +. tests/test_util.py::ErrorTests::test_exception_from_error_queue_nonexistent_reason +. tests/util.py::pep8 +. tests/util.py::pyflakes