Re: [Python-Dev] Other SSL issues in the tracker have been marked
nope, not on many package based distributions. libssl0.9.8, libssl-dev and openssl are all separate packages (with appropriate dependencies). /usr/bin/openssl comes from the openssl package. Regardless, building a fixed test certificate and checking it in sounds like the better option. Then the openssl command in the test code can be turned into a comment describing how the test data was pregenerated. On 8/27/07, Bill Janssen <janssen@parc.com> wrote:
apt-get install openssl will fix that on those systems. on windows you're unlikely to ever have an openssl binary present and available to execute.
Well, if you have OpenSSL in the first place, you'll have the binary, won't you? But I agree it's unlikely to be on your path. As for Ubuntu and Debian, I checked the packaging, and they both put the "openssl" binary in /usr/bin, so it's unlikely to be a path problem.
We could just build a fixed certificate and check it in, as the test_socket_ssl test does. That way we wouldn't have to futz with trying to run openssl.
Bill
Regardless, building a fixed test certificate and checking it in sounds like the better option. Then the openssl command in the test code can be turned into a comment describing how the test data was pregenerated.
Here's a patch that does that. Bill Index: Lib/test/keycert.pem =================================================================== --- Lib/test/keycert.pem (revision 0) +++ Lib/test/keycert.pem (revision 0) @@ -0,0 +1,32 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXwIBAAKBgQC8ddrhm+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9L +opdJhTvbGfEj0DQs1IE8M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVH +fhi/VwovESJlaBOp+WMnfhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQAB +AoGBAK0FZpaKj6WnJZN0RqhhK+ggtBWwBnc0U/ozgKz2j1s3fsShYeiGtW6CK5nU +D1dZ5wzhbGThI7LiOXDvRucc9n7vUgi0alqPQ/PFodPxAN/eEYkmXQ7W2k7zwsDA +IUK0KUhktQbLu8qF/m8qM86ba9y9/9YkXuQbZ3COl5ahTZrhAkEA301P08RKv3KM +oXnGU2UHTuJ1MAD2hOrPxjD4/wxA/39EWG9bZczbJyggB4RHu0I3NOSFjAm3HQm0 +ANOu5QK9owJBANgOeLfNNcF4pp+UikRFqxk5hULqRAWzVxVrWe85FlPm0VVmHbb/ +loif7mqjU8o1jTd/LM7RD9f2usZyE2psaw8CQQCNLhkpX3KO5kKJmS9N7JMZSc4j +oog58yeYO8BBqKKzpug0LXuQultYv2K4veaIO04iL9VLe5z9S/Q1jaCHBBuXAkEA +z8gjGoi1AOp6PBBLZNsncCvcV/0aC+1se4HxTNo2+duKSDnbq+ljqOM+E7odU+Nq +ewvIWOG//e8fssd0mq3HywJBAJ8l/c8GVmrpFTx8r/nZ2Pyyjt3dH1widooDXYSV +q6Gbf41Llo5sYAtmxdndTLASuHKecacTgZVhy0FryZpLKrU= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIJAP+qStv1cIGNMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVUzERMA8GA1UECBMIRGVsYXdhcmUxEzARBgNVBAcTCldpbG1pbmd0b24x +IzAhBgNVBAoTGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9uMQwwCgYDVQQLEwNT +U0wxHzAdBgNVBAMTFnNvbWVtYWNoaW5lLnB5dGhvbi5vcmcwHhcNMDcwODI3MTY1 +NDUwWhcNMTMwMjE2MTY1NDUwWjCBiTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCERl +bGF3YXJlMRMwEQYDVQQHEwpXaWxtaW5ndG9uMSMwIQYDVQQKExpQeXRob24gU29m +dHdhcmUgRm91bmRhdGlvbjEMMAoGA1UECxMDU1NMMR8wHQYDVQQDExZzb21lbWFj +aGluZS5weXRob24ub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ddrh +m+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9LopdJhTvbGfEj0DQs1IE8 +M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVHfhi/VwovESJlaBOp+WMn +fhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQABoxUwEzARBglghkgBhvhC +AQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAF4Q5BVqmCOLv1n8je/Jw9K669VXb +08hyGzQhkemEBYQd6fzQ9A/1ZzHkJKb1P6yreOLSEh4KcxYPyrLRC1ll8nr5OlCx +CMhKkTnR6qBsdNV0XtdU2+N25hqW+Ma4ZeqsN/iiJVCGNOZGnvQuvCAGWF8+J/f/ +iHkC6gGdBJhogs4= +-----END CERTIFICATE----- Index: Lib/test/test_ssl.py =================================================================== --- Lib/test/test_ssl.py (revision 57559) +++ Lib/test/test_ssl.py (working copy) @@ -22,7 +22,6 @@ skip_expected = True CERTFILE = None -GMAIL_POP_CERTFILE = None def handle_error(prefix): @@ -298,12 +297,15 @@ nsCertType = server """ -def create_cert_files(): +def create_cert_files(hostname=None): + """This is the routine that was run to create the certificate + and private key contained in keycert.pem.""" + import tempfile, socket, os d = tempfile.mkdtemp() # now create a configuration file for the CA signing cert - fqdn = socket.getfqdn() + fqdn = hostname or socket.getfqdn() crtfile = os.path.join(d, "cert.pem") conffile = os.path.join(d, "ca.conf") fp = open(conffile, "w") @@ -316,7 +318,7 @@ }) fp.close() error = os.system( - "openssl req -batch -new -x509 -days 10 -nodes -config %s " + "openssl req -batch -new -x509 -days 2000 -nodes -config %s " "-keyout \"%s\" -out \"%s\" > /dev/null < /dev/null 2>&1" % (conffile, crtfile, crtfile)) # now we have a self-signed server cert in crtfile @@ -324,7 +326,8 @@ if (os.WEXITSTATUS(error) or not os.path.exists(crtfile) or os.path.getsize(crtfile) == 0): if test_support.verbose: - sys.stdout.write("Unable to create certificate for test %d\n" % error) + sys.stdout.write("Unable to create certificate for test, " + + "error status %d\n" % (error >> 8)) crtfile = None elif test_support.verbose: sys.stdout.write(open(crtfile, 'r').read() + '\n') @@ -336,7 +339,8 @@ raise test_support.TestSkipped("socket module has no ssl support") global CERTFILE - tdir, CERTFILE = create_cert_files() + CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, + "keycert.pem") if not CERTFILE: sys.__stdout__.write("Skipping test_ssl ConnectedTests; " "couldn't create a certificate.\n") @@ -362,8 +366,6 @@ # wait for it to stop server.join() - if tdir and os.path.isdir(tdir): - shutil.rmtree(tdir) test_support.threading_cleanup(*thread_info) if __name__ == "__main__":
participants (2)
-
Bill Janssen -
Gregory P. Smith