=================================== FAILURES ===================================

1. =================================== FAILURES ===================================
2. ____________________ TestContext.test_add_extra_chain_cert _____________________
3.  
4. self = <tests.test_ssl.TestContext object at 0x7ffff14b2150>
5. tmpdir = local('/build/pytest-of-nixbld/pytest-0/test_add_extra_chain_cert0')
6.  
7. def test_add_extra_chain_cert(self, tmpdir):
8. """
9. `Context.add_extra_chain_cert` accepts an `X509`
10. instance to add to the certificate chain.
11.  
12. See `_create_certificate_chain` for the details of the
13. certificate chain tested.
14.  
15. The chain is tested by starting a server with scert and connecting
16. to it with a client which trusts cacert and requires verification to
17. succeed.
18. """
19. chain = _create_certificate_chain()
20. [(cakey, cacert), (ikey, icert), (skey, scert)] = chain
21.  
22. # Dump the CA certificate to a file because that's the only way to load
23. # it as a trusted CA in the client context.
24. for cert, name in [(cacert, 'ca.pem'),
25. (icert, 'i.pem'),
26. (scert, 's.pem')]:
27. with tmpdir.join(name).open('w') as f:
28. f.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))
29.  
30. for key, name in [(cakey, 'ca.key'),
31. (ikey, 'i.key'),
32. (skey, 's.key')]:
33. with tmpdir.join(name).open('w') as f:
34. f.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))
35.  
36. # Create the server context
37. serverContext = Context(TLSv1_METHOD)
38. serverContext.use_privatekey(skey)
39. serverContext.use_certificate(scert)
40. # The client already has cacert, we only need to give them icert.
41. serverContext.add_extra_chain_cert(icert)
42.  
43. # Create the client
44. clientContext = Context(TLSv1_METHOD)
45. clientContext.set_verify(
46. VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)
47. clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))
48.  
49. # Try it out.
50. > self._handshake_test(serverContext, clientContext)
51.  
52. tests/test_ssl.py:1370:
53. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
54. tests/test_ssl.py:1248: in _handshake_test
55. s.do_handshake()
56. /nix/store/44f3hqpyi391pq9srzkfdzjd9kzh3g4f-python2.7-pyOpenSSL-18.0.0/lib/python2.7/site-packages/OpenSSL/SSL.py:1907: in do_handshake
57. self._raise_ssl_error(self._ssl, result)
58. /nix/store/44f3hqpyi391pq9srzkfdzjd9kzh3g4f-python2.7-pyOpenSSL-18.0.0/lib/python2.7/site-packages/OpenSSL/SSL.py:1639: in _raise_ssl_error
59. _raise_current_error()
60. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
61.  
62. exception_type = <class 'OpenSSL.SSL.Error'>
63.  
64. def exception_from_error_queue(exception_type):
65. """
66. Convert an OpenSSL library failure into a Python exception.
67.  
68. When a call to the native OpenSSL library fails, this is usually signalled
69. by the return value, and an error code is stored in an error queue
70. associated with the current thread. The err library provides functions to
71. obtain these error codes and textual error messages.
72. """
73. errors = []
74.  
75. while True:
76. error = lib.ERR_get_error()
77. if error == 0:
78. break
79. errors.append((
80. text(lib.ERR_lib_error_string(error)),
81. text(lib.ERR_func_error_string(error)),
82. text(lib.ERR_reason_error_string(error))))
83.  
84. > raise exception_type(errors)
85. E Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
86.  
87. /nix/store/44f3hqpyi391pq9srzkfdzjd9kzh3g4f-python2.7-pyOpenSSL-18.0.0/lib/python2.7/site-packages/OpenSSL/_util.py:54: Error
88. ______________ TestContext.test_use_certificate_chain_file_bytes _______________