Merge "Fix SSL certificate CNAME checking"

author: Jenkins <jenkins@review.openstack.org> 2013-07-22 21:50:07 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-07-22 21:50:07 +0000
commit: 49a120726690bb434d57e9c39fcf0aad3af8ed9e (patch)
tree: 304b52df6d8c41a7273f61d28bc25da004c568bb
parent: 093064caa8335e5190170bf6b1d6af60841485cd (diff)
parent: 822cd64c0718b46a065abbb8709f6b466d12e708 (diff)
download: python-glanceclient-49a120726690bb434d57e9c39fcf0aad3af8ed9e.tar.gz
2 files changed, 8 insertions, 6 deletions
diff --git a/glanceclient/common/http.py b/glanceclient/common/http.py
index c534d0f..d69e4d9 100644
--- a/glanceclient/common/http.py
+++ b/glanceclient/common/http.py
@@ -343,11 +343,13 @@ class VerifiedHTTPSConnection(HTTPSConnection):
 
     def verify_callback(self, connection, x509, errnum,
                         depth, preverify_ok):
+        # NOTE(leaman): preverify_ok may be a non-boolean type
+        preverify_ok = bool(preverify_ok)
         if x509.has_expired():
             msg = "SSL Certificate expired on '%s'" % x509.get_notAfter()
             raise exc.SSLCertificateError(msg)
 
-        if depth == 0 and preverify_ok is True:
+        if depth == 0 and preverify_ok:
             # We verify that the host matches against the last
             # certificate in the chain
             return self.host_matches_cert(self.host, x509)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 60e1188..cc41f89 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -125,7 +125,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
         self.assertEqual(cert.get_subject().commonName, '0.0.0.0')
         try:
             conn = http.VerifiedHTTPSConnection('0.0.0.0', 0)
-            conn.verify_callback(None, cert, 0, 0, True)
+            conn.verify_callback(None, cert, 0, 0, 1)
         except Exception:
             self.fail('Unexpected exception.')
 
@@ -140,13 +140,13 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
         self.assertEqual(cert.get_subject().commonName, '0.0.0.0')
         try:
             conn = http.VerifiedHTTPSConnection('alt1.example.com', 0)
-            conn.verify_callback(None, cert, 0, 0, True)
+            conn.verify_callback(None, cert, 0, 0, 1)
         except Exception:
             self.fail('Unexpected exception.')
 
         try:
             conn = http.VerifiedHTTPSConnection('alt2.example.com', 0)
-            conn.verify_callback(None, cert, 0, 0, True)
+            conn.verify_callback(None, cert, 0, 0, 1)
         except Exception:
             self.fail('Unexpected exception.')
 
@@ -165,7 +165,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
             self.fail('Failed to init VerifiedHTTPSConnection.')
 
         self.assertRaises(exc.SSLCertificateError,
-                          conn.verify_callback, None, cert, 0, 0, True)
+                          conn.verify_callback, None, cert, 0, 0, 1)
 
     def test_ssl_expired_cert(self):
         """
@@ -183,7 +183,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
             self.fail('Failed to init VerifiedHTTPSConnection.')
 
         self.assertRaises(exc.SSLCertificateError,
-                          conn.verify_callback, None, cert, 0, 0, True)
+                          conn.verify_callback, None, cert, 0, 0, 1)
 
     def test_ssl_broken_key_file(self):
         """
author	Jenkins <jenkins@review.openstack.org>	2013-07-22 21:50:07 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-07-22 21:50:07 +0000
commit	49a120726690bb434d57e9c39fcf0aad3af8ed9e (patch)
tree	304b52df6d8c41a7273f61d28bc25da004c568bb
parent	093064caa8335e5190170bf6b1d6af60841485cd (diff)
parent	822cd64c0718b46a065abbb8709f6b466d12e708 (diff)
download	python-glanceclient-49a120726690bb434d57e9c39fcf0aad3af8ed9e.tar.gz