diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-01-21 12:24:02 -0600 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2019-01-21 12:24:02 -0600 |
commit | 7d5a3bfd55c7c9de71af877e773dce4554cf455b (patch) | |
tree | 8a58b2279c0ce53790e06f5e5c29ede75d46f91c /tests/test_crypto.py | |
parent | 37e6022e8a907ef52a3eba4c53edac8c32bedfc0 (diff) | |
download | pyopenssl-7d5a3bfd55c7c9de71af877e773dce4554cf455b.tar.gz |
Hypothetically fixes pyOpenSSL tests (#805)
* fix openssl CLI testing for 1.1.1
* various 1.1.1 related fixes
some of which are just admitting TLS 1.3 is fundamentally different and
pinning the tests to TLS 1.2
* flake8 fixes
* allow travis_infra env var through
* fix twisted
Diffstat (limited to 'tests/test_crypto.py')
-rw-r--r-- | tests/test_crypto.py | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/tests/test_crypto.py b/tests/test_crypto.py index eb4590d..ec632d9 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -3156,20 +3156,20 @@ class TestCRL(object): representing a serial number, a revoked reason, and certificate issuer information. """ - crl = self._get_crl() # PEM format - dumped_crl = crl.export( + dumped_crl = self._get_crl().export( self.cert, self.pkey, days=20, digest=b"sha256" ) - text = _runopenssl(dumped_crl, b"crl", b"-noout", b"-text") - - # These magic values are based on the way the CRL above was constructed - # and with what certificate it was exported. - text.index(b'Serial Number: 03AB') - text.index(b'Superseded') - text.index( - b'Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA' - ) + crl = x509.load_pem_x509_crl(dumped_crl, backend) + revoked = crl.get_revoked_certificate_by_serial_number(0x03AB) + assert revoked is not None + assert crl.issuer == x509.Name([ + x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u"US"), + x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, u"IL"), + x509.NameAttribute(x509.NameOID.LOCALITY_NAME, u"Chicago"), + x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Testing"), + x509.NameAttribute(x509.NameOID.COMMON_NAME, u"Testing Root CA"), + ]) def test_export_der(self): """ @@ -3180,17 +3180,19 @@ class TestCRL(object): crl = self._get_crl() # DER format - dumped_crl = crl.export( + dumped_crl = self._get_crl().export( self.cert, self.pkey, FILETYPE_ASN1, digest=b"md5" ) - text = _runopenssl( - dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER" - ) - text.index(b'Serial Number: 03AB') - text.index(b'Superseded') - text.index( - b'Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA' - ) + crl = x509.load_der_x509_crl(dumped_crl, backend) + revoked = crl.get_revoked_certificate_by_serial_number(0x03AB) + assert revoked is not None + assert crl.issuer == x509.Name([ + x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u"US"), + x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, u"IL"), + x509.NameAttribute(x509.NameOID.LOCALITY_NAME, u"Chicago"), + x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Testing"), + x509.NameAttribute(x509.NameOID.COMMON_NAME, u"Testing Root CA"), + ]) # Flaky because we compare the output of running commands which sometimes # varies by 1 second @@ -3207,7 +3209,8 @@ class TestCRL(object): self.cert, self.pkey, FILETYPE_ASN1, digest=b"md5" ) text = _runopenssl( - dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER" + dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER", + b"-nameopt", b"" ) # text format @@ -3778,7 +3781,7 @@ class EllipticCurveFactory(object): class TestEllipticCurveEquality(EqualityTestsMixin): """ - Tests `_EllipticCurve`\ 's implementation of ``==`` and ``!=``. + Tests `_EllipticCurve`'s implementation of ``==`` and ``!=``. """ curve_factory = EllipticCurveFactory() |