[Python-Dev] Other SSL issues in the tracker have been marked

Mon Aug 27 19:20:17 CEST 2007

Committed revision 57561.


On 8/27/07, Bill Janssen <janssen at parc.com> wrote:
> > Regardless, building a fixed test certificate and checking it in sounds like
> > the better option.  Then the openssl command in the test code can be turned
> > into a comment describing how the test data was pregenerated.
>
> Here's a patch that does that.
>
> Bill
>
> Index: Lib/test/keycert.pem
> ===================================================================
> --- Lib/test/keycert.pem        (revision 0)
> +++ Lib/test/keycert.pem        (revision 0)
> @@ -0,0 +1,32 @@
> +-----BEGIN RSA PRIVATE KEY-----
> +MIICXwIBAAKBgQC8ddrhm+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9L
> +opdJhTvbGfEj0DQs1IE8M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVH
> +fhi/VwovESJlaBOp+WMnfhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQAB
> +AoGBAK0FZpaKj6WnJZN0RqhhK+ggtBWwBnc0U/ozgKz2j1s3fsShYeiGtW6CK5nU
> +D1dZ5wzhbGThI7LiOXDvRucc9n7vUgi0alqPQ/PFodPxAN/eEYkmXQ7W2k7zwsDA
> +IUK0KUhktQbLu8qF/m8qM86ba9y9/9YkXuQbZ3COl5ahTZrhAkEA301P08RKv3KM
> +oXnGU2UHTuJ1MAD2hOrPxjD4/wxA/39EWG9bZczbJyggB4RHu0I3NOSFjAm3HQm0
> +ANOu5QK9owJBANgOeLfNNcF4pp+UikRFqxk5hULqRAWzVxVrWe85FlPm0VVmHbb/
> +loif7mqjU8o1jTd/LM7RD9f2usZyE2psaw8CQQCNLhkpX3KO5kKJmS9N7JMZSc4j
> +oog58yeYO8BBqKKzpug0LXuQultYv2K4veaIO04iL9VLe5z9S/Q1jaCHBBuXAkEA
> +z8gjGoi1AOp6PBBLZNsncCvcV/0aC+1se4HxTNo2+duKSDnbq+ljqOM+E7odU+Nq
> +ewvIWOG//e8fssd0mq3HywJBAJ8l/c8GVmrpFTx8r/nZ2Pyyjt3dH1widooDXYSV
> +q6Gbf41Llo5sYAtmxdndTLASuHKecacTgZVhy0FryZpLKrU=
> +-----END RSA PRIVATE KEY-----
> +-----BEGIN CERTIFICATE-----
> +MIICpzCCAhCgAwIBAgIJAP+qStv1cIGNMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD
> +VQQGEwJVUzERMA8GA1UECBMIRGVsYXdhcmUxEzARBgNVBAcTCldpbG1pbmd0b24x
> +IzAhBgNVBAoTGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9uMQwwCgYDVQQLEwNT
> +U0wxHzAdBgNVBAMTFnNvbWVtYWNoaW5lLnB5dGhvbi5vcmcwHhcNMDcwODI3MTY1
> +NDUwWhcNMTMwMjE2MTY1NDUwWjCBiTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCERl
> +bGF3YXJlMRMwEQYDVQQHEwpXaWxtaW5ndG9uMSMwIQYDVQQKExpQeXRob24gU29m
> +dHdhcmUgRm91bmRhdGlvbjEMMAoGA1UECxMDU1NMMR8wHQYDVQQDExZzb21lbWFj
> +aGluZS5weXRob24ub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ddrh
> +m+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9LopdJhTvbGfEj0DQs1IE8
> +M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVHfhi/VwovESJlaBOp+WMn
> +fhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQABoxUwEzARBglghkgBhvhC
> +AQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAF4Q5BVqmCOLv1n8je/Jw9K669VXb
> +08hyGzQhkemEBYQd6fzQ9A/1ZzHkJKb1P6yreOLSEh4KcxYPyrLRC1ll8nr5OlCx
> +CMhKkTnR6qBsdNV0XtdU2+N25hqW+Ma4ZeqsN/iiJVCGNOZGnvQuvCAGWF8+J/f/
> +iHkC6gGdBJhogs4=
> +-----END CERTIFICATE-----
> Index: Lib/test/test_ssl.py
> ===================================================================
> --- Lib/test/test_ssl.py        (revision 57559)
> +++ Lib/test/test_ssl.py        (working copy)
> @@ -22,7 +22,6 @@
>      skip_expected = True
>
>  CERTFILE = None
> -GMAIL_POP_CERTFILE = None
>
>
>  def handle_error(prefix):
> @@ -298,12 +297,15 @@
>  nsCertType = server
>  """
>
> -def create_cert_files():
> +def create_cert_files(hostname=None):
>
> +    """This is the routine that was run to create the certificate
> +    and private key contained in keycert.pem."""
> +
>      import tempfile, socket, os
>      d = tempfile.mkdtemp()
>      # now create a configuration file for the CA signing cert
> -    fqdn = socket.getfqdn()
> +    fqdn = hostname or socket.getfqdn()
>      crtfile = os.path.join(d, "cert.pem")
>      conffile = os.path.join(d, "ca.conf")
>      fp = open(conffile, "w")
> @@ -316,7 +318,7 @@
>                })
>      fp.close()
>      error = os.system(
> -        "openssl req -batch -new -x509 -days 10 -nodes -config %s "
> +        "openssl req -batch -new -x509 -days 2000 -nodes -config %s "
>          "-keyout \"%s\" -out \"%s\" > /dev/null < /dev/null 2>&1" %
>          (conffile, crtfile, crtfile))
>      # now we have a self-signed server cert in crtfile
> @@ -324,7 +326,8 @@
>      if (os.WEXITSTATUS(error) or
>          not os.path.exists(crtfile) or os.path.getsize(crtfile) == 0):
>          if test_support.verbose:
> -            sys.stdout.write("Unable to create certificate for test %d\n" % error)
> +            sys.stdout.write("Unable to create certificate for test, "
> +                             + "error status %d\n" % (error >> 8))
>          crtfile = None
>      elif test_support.verbose:
>          sys.stdout.write(open(crtfile, 'r').read() + '\n')
> @@ -336,7 +339,8 @@
>          raise test_support.TestSkipped("socket module has no ssl support")
>
>      global CERTFILE
> -    tdir, CERTFILE = create_cert_files()
> +    CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
> +                            "keycert.pem")
>      if not CERTFILE:
>          sys.__stdout__.write("Skipping test_ssl ConnectedTests; "
>                               "couldn't create a certificate.\n")
> @@ -362,8 +366,6 @@
>              # wait for it to stop
>              server.join()
>
> -    if tdir and os.path.isdir(tdir):
> -        shutil.rmtree(tdir)
>      test_support.threading_cleanup(*thread_info)
>
>  if __name__ == "__main__":
>


-- 
--Guido van Rossum (home page: http://www.python.org/~guido/)