diff options
author | Quentin Pradet <quentin@pradet.me> | 2018-08-06 23:45:54 +0400 |
---|---|---|
committer | Seth M. Larson <SethMichaelLarson@users.noreply.github.com> | 2018-08-06 19:45:54 +0000 |
commit | a1c9e1fb64b28bae6239d3ff1db9748c3d2a1d3d (patch) | |
tree | e0afcca4232be3743473ad72ef615ee8d5433dc9 | |
parent | 62b607d03cb52a5d47b04249040078146da498e1 (diff) | |
download | urllib3-a1c9e1fb64b28bae6239d3ff1db9748c3d2a1d3d.tar.gz |
Revert "Fix test_client_no_intermediate on macOS 10.13+ (#1412)" (#1418)
* Revert "Fix test_client_no_intermediate on macOS 10.13+ (#1412)"
This reverts commit 6ef3c06249b7144838b6701c6e9adfa76650ccea. The test
was supposed to test a missing intermediate CA, but after that change it
was testing a missing root CA.
* Stop testing known bad test on macOS 10.13
macOS 10.13 (used by Travis) rejects serial numbers which are more than
36 bytes long, and those tests use certificates with 38 bytes serial
numbers.
-rw-r--r-- | dummyserver/certs/client_no_intermediate.key | 15 | ||||
-rw-r--r-- | dummyserver/certs/client_no_intermediate.pem | 31 | ||||
-rwxr-xr-x | dummyserver/server.py | 2 | ||||
-rw-r--r-- | test/with_dummyserver/test_https.py | 8 |
4 files changed, 25 insertions, 31 deletions
diff --git a/dummyserver/certs/client_no_intermediate.key b/dummyserver/certs/client_no_intermediate.key deleted file mode 100644 index 0e97c935..00000000 --- a/dummyserver/certs/client_no_intermediate.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDbMJ15vLE+shwXg7hI1sIANfk6aoYZxfrsJUd/aAah35a3cBBM -2IQOnww9QAc8X7y46oMxf4AxtZTGXK8+VVANj2aIO0nS9iwqCUy9SKIyMtoMo0Q1 -omWfeoWjXzWzzHg6NqpHF2QjPf3DpZwR2NlN4T4qtHNAzHolvgvIcFjbpwIDAQAB -AoGAcg4MA2qyeENJ5tp9rDlD3cQ4GbOQcBzbAsIrQBqrSNQFoxJHCRWpMcqFHeIR -YdMXasls1vbXiAZKkiVscu0Fp/GjYnilZZWSafzUfqMknDSqVGYy1SbIx+tUfYCB -WL8AZfo4WU8WO4Wd7hZZBVt01EzAwVK2+Ph6MGeE9GvbkCECQQD9IKAo9yMmXOSc -984ETYP2aYqQGQffgS01bvq9RinaN8a/KcBRYBkRhohOAxiaVCSfsx6m579+bbBd -fvagaMupAkEA3a1lTSIKVmxZQxXV8P6zmfio/JQlHcGb7qqF8XjrqxudaSGklID3 -AJHO9KImNPhRlhAVaRTtuTktjavaf8d+zwJBAOp36CNKGRMWBOWpXPn7W3tK9ADa -TsKng1r1e+kLLwVlmQHGCNDX9SCYv3WTxJxfyLTtVD1Cec0AiddxHb4klFECQCCx -7Fj+BkxM2rV8SPusdUzmUfY+22KSJa+D0xGUZh3sisDwx1dn1gZtevq117DEVzQs -1xuSjKVe+4sDp8xk3h0CQQDvV/UOlRo6iEJ/6tDE+7H7qnZHy/T6fQpb/4f5dJks -ZAQZmLvl3j2z3bBn1iPqlQAbj/nj2ZYnCPnsisxFt80x ------END RSA PRIVATE KEY----- diff --git a/dummyserver/certs/client_no_intermediate.pem b/dummyserver/certs/client_no_intermediate.pem index 9550c912..ab656c30 100644 --- a/dummyserver/certs/client_no_intermediate.pem +++ b/dummyserver/certs/client_no_intermediate.pem @@ -1,16 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICkTCCAfqgAwIBAgIUDLDBZ6juuvYU+E9pfmrNURc6L2MwDQYJKoZIhvcNAQEL -BQAwRDEbMBkGA1UECgwSdHJ1c3RtZSB2MC40LjArZGV2MSUwIwYDVQQLDBxUZXN0 -aW5nIENBICM0bDlhdGJuVXVVSHE1N0xZMCAXDTAwMDEwMTAwMDAwMFoYDzMwMDAw -MTAxMDAwMDAwWjBNMRswGQYDVQQKDBJ0cnVzdG1lIHYwLjQuMCtkZXYxLjAsBgNV -BAsMJVRlc3Rpbmcgc2VydmVyIGNlcnQgIzMyV1ZpZ280OW1aLW5VTlgwgZ8wDQYJ -KoZIhvcNAQEBBQADgY0AMIGJAoGBANswnXm8sT6yHBeDuEjWwgA1+TpqhhnF+uwl -R39oBqHflrdwEEzYhA6fDD1ABzxfvLjqgzF/gDG1lMZcrz5VUA2PZog7SdL2LCoJ -TL1IojIy2gyjRDWiZZ96haNfNbPMeDo2qkcXZCM9/cOlnBHY2U3hPiq0c0DMeiW+ -C8hwWNunAgMBAAGjdTBzMB0GA1UdDgQWBBTsLcyhlbfVEb/NUgc/9NX1tKZXBTAM -BgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFIuPegXSeMl95PNH0G20l2iNSaGXMCMG -A1UdEQEB/wQZMBeCFXRlc3QtaG9zdC5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsF -AAOBgQB9QqW3u19gbyEcdauQaizvrQ3TDy0/gZcSGRAz0qdgovGhydMy8TlyUTF+ -zdyVh+ige32jKbpRqJmTqk94jQsk8W+KPL3dLYrdIQKz0n38K9WwPW23CbtDxkKs -88S55zjCf87A9CaAFeOte3z3mGeb3uMoZ7PtiIQiDxNPeHgPNg== +MIIC/jCCAmegAwIBAgImFhgDOYh0mJSEggRYaDQ2VjgRdyAwkXmAV2KGITVEhiJw +UmBGKBgwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCRkkxDjAMBgNVBAgMBWR1 +bW15MQ4wDAYDVQQKDAVkdW1teTEOMAwGA1UECwwFZHVtbXkxETAPBgNVBAMMCFNu +YWtlT2lsMR8wHQYJKoZIhvcNAQkBFhBkdW1teUB0ZXN0LmxvY2FsMB4XDTE3MDUx +MjE4MzQyNloXDTIxMTIxOTE4MzQyNlowdzELMAkGA1UEBhMCRkkxDjAMBgNVBAgM +BWR1bW15MQ4wDAYDVQQKDAVkdW1teTEOMAwGA1UECwwFZHVtbXkxFzAVBgNVBAMM +DlNuYWtlT2lsQ2xpZW50MR8wHQYJKoZIhvcNAQkBFhBkdW1teUB0ZXN0LmxvY2Fs +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCadkbPLXPfA1bNjgL9F6+rVLs3 +uZdbXemHf1oKkT4q9uruZTQCTDFvvWHq32r6G8KV7MASariSz+bIgpx1euZEOmwu +cd+ULs0HMdfqorRa3MuUtKuIzYiQvCsv788VoNKjs+NNMIexO6p6S9E36ce2trze +BCmpYmi0WofO0bSwnwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf +Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUbe9reSw2 +C72JuGVpc+/L/O2hVjwwHwYDVR0jBBgwFoAUnltsnuh2mjtqqDWk2RNSwC7njHkw +DQYJKoZIhvcNAQELBQADgYEADlJp3uMKxgS2hgCK+JZV4qsXGuZ/rcHgq5qlrfg0 +i76+wwZ6fs3WQe+zNgXbJnRviM0VScSUBM8IuclyovFWLvs0Z0piELtZ7KPwrDVf +5S5ynJHnJSG+sj4N6v+tvtpGDb1S3ueLQm79MGXv9pmbaYBmUJ0YSEnrScWy90Bv +Tno= -----END CERTIFICATE----- diff --git a/dummyserver/server.py b/dummyserver/server.py index 3ba5124b..c7da0e98 100755 --- a/dummyserver/server.py +++ b/dummyserver/server.py @@ -44,7 +44,7 @@ DEFAULT_CLIENT_CERTS = { } DEFAULT_CLIENT_NO_INTERMEDIATE_CERTS = { 'certfile': os.path.join(CERTS_PATH, 'client_no_intermediate.pem'), - 'keyfile': os.path.join(CERTS_PATH, 'client_no_intermediate.key'), + 'keyfile': os.path.join(CERTS_PATH, 'client_intermediate.key'), } NO_SAN_CERTS = { 'certfile': os.path.join(CERTS_PATH, 'server.no_san.crt'), diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py index 8c9cd16c..7e8724c5 100644 --- a/test/with_dummyserver/test_https.py +++ b/test/with_dummyserver/test_https.py @@ -75,6 +75,9 @@ class TestHTTPS(HTTPSDummyServerTestCase): r = self._pool.request('GET', '/') self.assertEqual(r.status, 200, r.data) + # SecureTransport rejects >36 bytes serial numbers, see + # https://github.com/urllib3/urllib3/pull/1418 + @notSecureTransport def test_client_intermediate(self): client_cert, client_key, client_subject = ( DEFAULT_CLIENT_CERTS['certfile'], @@ -88,6 +91,9 @@ class TestHTTPS(HTTPSDummyServerTestCase): self.assertDictEqual(json.loads(r.data.decode('utf-8')), client_subject, r.data) + # SecureTransport rejects >36 bytes serial numbers, see + # https://github.com/urllib3/urllib3/pull/1418 + @notSecureTransport def test_client_no_intermediate(self): client_cert, client_key = ( DEFAULT_CLIENT_NO_INTERMEDIATE_CERTS['certfile'], @@ -188,7 +194,7 @@ class TestHTTPS(HTTPSDummyServerTestCase): self.assertEqual(error, InsecurePlatformWarning) @onlyPy279OrNewer - @notSecureTransport + @notSecureTransport # SecureTransport does not support cert directories def test_ca_dir_verified(self): https_pool = HTTPSConnectionPool(self.host, self.port, cert_reqs='CERT_REQUIRED', |