diff options
author | Jenkins <jenkins@review.openstack.org> | 2013-07-22 21:50:07 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2013-07-22 21:50:07 +0000 |
commit | 49a120726690bb434d57e9c39fcf0aad3af8ed9e (patch) | |
tree | 304b52df6d8c41a7273f61d28bc25da004c568bb | |
parent | 093064caa8335e5190170bf6b1d6af60841485cd (diff) | |
parent | 822cd64c0718b46a065abbb8709f6b466d12e708 (diff) | |
download | python-glanceclient-49a120726690bb434d57e9c39fcf0aad3af8ed9e.tar.gz |
Merge "Fix SSL certificate CNAME checking"
-rw-r--r-- | glanceclient/common/http.py | 4 | ||||
-rw-r--r-- | tests/test_ssl.py | 10 |
2 files changed, 8 insertions, 6 deletions
diff --git a/glanceclient/common/http.py b/glanceclient/common/http.py index c534d0f..d69e4d9 100644 --- a/glanceclient/common/http.py +++ b/glanceclient/common/http.py @@ -343,11 +343,13 @@ class VerifiedHTTPSConnection(HTTPSConnection): def verify_callback(self, connection, x509, errnum, depth, preverify_ok): + # NOTE(leaman): preverify_ok may be a non-boolean type + preverify_ok = bool(preverify_ok) if x509.has_expired(): msg = "SSL Certificate expired on '%s'" % x509.get_notAfter() raise exc.SSLCertificateError(msg) - if depth == 0 and preverify_ok is True: + if depth == 0 and preverify_ok: # We verify that the host matches against the last # certificate in the chain return self.host_matches_cert(self.host, x509) diff --git a/tests/test_ssl.py b/tests/test_ssl.py index 60e1188..cc41f89 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -125,7 +125,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase): self.assertEqual(cert.get_subject().commonName, '0.0.0.0') try: conn = http.VerifiedHTTPSConnection('0.0.0.0', 0) - conn.verify_callback(None, cert, 0, 0, True) + conn.verify_callback(None, cert, 0, 0, 1) except Exception: self.fail('Unexpected exception.') @@ -140,13 +140,13 @@ class TestVerifiedHTTPSConnection(testtools.TestCase): self.assertEqual(cert.get_subject().commonName, '0.0.0.0') try: conn = http.VerifiedHTTPSConnection('alt1.example.com', 0) - conn.verify_callback(None, cert, 0, 0, True) + conn.verify_callback(None, cert, 0, 0, 1) except Exception: self.fail('Unexpected exception.') try: conn = http.VerifiedHTTPSConnection('alt2.example.com', 0) - conn.verify_callback(None, cert, 0, 0, True) + conn.verify_callback(None, cert, 0, 0, 1) except Exception: self.fail('Unexpected exception.') @@ -165,7 +165,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase): self.fail('Failed to init VerifiedHTTPSConnection.') self.assertRaises(exc.SSLCertificateError, - conn.verify_callback, None, cert, 0, 0, True) + conn.verify_callback, None, cert, 0, 0, 1) def test_ssl_expired_cert(self): """ @@ -183,7 +183,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase): self.fail('Failed to init VerifiedHTTPSConnection.') self.assertRaises(exc.SSLCertificateError, - conn.verify_callback, None, cert, 0, 0, True) + conn.verify_callback, None, cert, 0, 0, 1) def test_ssl_broken_key_file(self): """ |