def test03_ssl_verification(self):
# SSL verification callback
# Ensure no relevant environment variables are set which might affect
# the result
try:
serverDN = os.environ.get(
MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME)
if serverDN is not None:
del os.environ[MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME]
serverName = os.environ.get(
MyProxyClient.MYPROXY_SERVER_ENVVARNAME)
if serverName is not None:
del os.environ[MyProxyClient.MYPROXY_SERVER_ENVVARNAME]
client = MyProxyClient()
connection = None
errorStatus = False
successStatus = True
errorDepth = 0
valid_peer_cert_str = open(self.__class__.HOSTCERT_FILEPATH).read()
valid_peer_cert = crypto.load_certificate(crypto.FILETYPE_PEM,
valid_peer_cert_str)
# This would normally be called implicitly during the SSL handshake
status = client.ssl_verification(connection, valid_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == successStatus)
expired_peer_cert_str = open(
self.__class__.EXPIREDCERT_FILEPATH).read()
expired_peer_cert = crypto.load_certificate(
crypto.FILETYPE_PEM, expired_peer_cert_str)
# Match based on full DN instead - this takes precedence over
# hostname match
client.serverDN = self.__class__.HOSTCERT_DN
status = client.ssl_verification(connection, valid_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == successStatus)
# Check for expired certificate
status = client.ssl_verification(connection, expired_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == errorStatus)
finally:
if serverDN is not None:
os.environ[
MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME] = serverDN
if serverName is not None:
os.environ[
MyProxyClient.MYPROXY_SERVER_ENVVARNAME] = serverName
def test03_ssl_verification(self):
# SSL verification callback
# Ensure no relevant environment variables are set which might affect
# the result
try:
serverDN = os.environ.get(
MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME)
if serverDN is not None:
del os.environ[MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME]
serverName = os.environ.get(MyProxyClient.MYPROXY_SERVER_ENVVARNAME)
if serverName is not None:
del os.environ[MyProxyClient.MYPROXY_SERVER_ENVVARNAME]
client = MyProxyClient()
connection = None
errorStatus = False
successStatus = True
errorDepth = 0
valid_peer_cert_str = open(self.__class__.HOSTCERT_FILEPATH).read()
valid_peer_cert = crypto.load_certificate(crypto.FILETYPE_PEM,
valid_peer_cert_str)
# This would normally be called implicitly during the SSL handshake
status = client.ssl_verification(connection, valid_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == successStatus)
expired_peer_cert_str = open(
self.__class__.EXPIREDCERT_FILEPATH).read()
expired_peer_cert = crypto.load_certificate(crypto.FILETYPE_PEM,
expired_peer_cert_str)
# Match based on full DN instead - this takes precedence over
# hostname match
client.serverDN = self.__class__.HOSTCERT_DN
status = client.ssl_verification(connection, valid_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == successStatus)
# Check for expired certificate
status = client.ssl_verification(connection, expired_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == errorStatus)
finally:
if serverDN is not None:
os.environ[MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME
] = serverDN
if serverName is not None:
os.environ[MyProxyClient.MYPROXY_SERVER_ENVVARNAME
] = serverName
