Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =================================== FAILURES ===================================
- ____________________ TestContext.test_add_extra_chain_cert _____________________
- self = <tests.test_ssl.TestContext object at 0x7ffff14b2150>
- tmpdir = local('/build/pytest-of-nixbld/pytest-0/test_add_extra_chain_cert0')
- def test_add_extra_chain_cert(self, tmpdir):
- """
- `Context.add_extra_chain_cert` accepts an `X509`
- instance to add to the certificate chain.
- See `_create_certificate_chain` for the details of the
- certificate chain tested.
- The chain is tested by starting a server with scert and connecting
- to it with a client which trusts cacert and requires verification to
- succeed.
- """
- chain = _create_certificate_chain()
- [(cakey, cacert), (ikey, icert), (skey, scert)] = chain
- # Dump the CA certificate to a file because that's the only way to load
- # it as a trusted CA in the client context.
- for cert, name in [(cacert, 'ca.pem'),
- (icert, 'i.pem'),
- (scert, 's.pem')]:
- with tmpdir.join(name).open('w') as f:
- f.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))
- for key, name in [(cakey, 'ca.key'),
- (ikey, 'i.key'),
- (skey, 's.key')]:
- with tmpdir.join(name).open('w') as f:
- f.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))
- # Create the server context
- serverContext = Context(TLSv1_METHOD)
- serverContext.use_privatekey(skey)
- serverContext.use_certificate(scert)
- # The client already has cacert, we only need to give them icert.
- serverContext.add_extra_chain_cert(icert)
- # Create the client
- clientContext = Context(TLSv1_METHOD)
- clientContext.set_verify(
- VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)
- clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))
- # Try it out.
- > self._handshake_test(serverContext, clientContext)
- tests/test_ssl.py:1370:
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- tests/test_ssl.py:1248: in _handshake_test
- s.do_handshake()
- /nix/store/44f3hqpyi391pq9srzkfdzjd9kzh3g4f-python2.7-pyOpenSSL-18.0.0/lib/python2.7/site-packages/OpenSSL/SSL.py:1907: in do_handshake
- self._raise_ssl_error(self._ssl, result)
- /nix/store/44f3hqpyi391pq9srzkfdzjd9kzh3g4f-python2.7-pyOpenSSL-18.0.0/lib/python2.7/site-packages/OpenSSL/SSL.py:1639: in _raise_ssl_error
- _raise_current_error()
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- exception_type = <class 'OpenSSL.SSL.Error'>
- def exception_from_error_queue(exception_type):
- """
- Convert an OpenSSL library failure into a Python exception.
- When a call to the native OpenSSL library fails, this is usually signalled
- by the return value, and an error code is stored in an error queue
- associated with the current thread. The err library provides functions to
- obtain these error codes and textual error messages.
- """
- errors = []
- while True:
- error = lib.ERR_get_error()
- if error == 0:
- break
- errors.append((
- text(lib.ERR_lib_error_string(error)),
- text(lib.ERR_func_error_string(error)),
- text(lib.ERR_reason_error_string(error))))
- > raise exception_type(errors)
- E Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
- /nix/store/44f3hqpyi391pq9srzkfdzjd9kzh3g4f-python2.7-pyOpenSSL-18.0.0/lib/python2.7/site-packages/OpenSSL/_util.py:54: Error
- ______________ TestContext.test_use_certificate_chain_file_bytes _______________
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement