diff options
| author | Cory Benfield <lukasaoz@gmail.com> | 2015-08-31 10:05:40 +0100 |
|---|---|---|
| committer | Cory Benfield <lukasaoz@gmail.com> | 2015-08-31 10:05:40 +0100 |
| commit | 8181ebf8a92a20caabc2efe2025d3e796fe0fec7 (patch) | |
| tree | f36e8cf49b8749a6cd5ca6c2e8645baf41e109d1 | |
| parent | 681259e9e1ed393446474a3e468ed7ab39cf8c94 (diff) | |
| download | urllib3-8181ebf8a92a20caabc2efe2025d3e796fe0fec7.tar.gz | |
Fix various broken SSL tests.
| -rw-r--r-- | test/test_util.py | 4 | ||||
| -rw-r--r-- | test/with_dummyserver/test_https.py | 2 | ||||
| -rw-r--r-- | urllib3/util/ssl_.py | 16 |
3 files changed, 6 insertions, 16 deletions
diff --git a/test/test_util.py b/test/test_util.py index 4bc792de..fa59adab 100644 --- a/test/test_util.py +++ b/test/test_util.py @@ -393,7 +393,7 @@ class TestUtil(unittest.TestCase): ssl_wrap_socket(ssl_context=mock_context, ca_certs='/path/to/pem', sock=socket) mock_context.load_verify_locations.assert_called_once_with( - '/path/to/pem') + '/path/to/pem', None) def test_ssl_wrap_socket_loads_certificate_directories(self): socket = object() @@ -401,7 +401,7 @@ class TestUtil(unittest.TestCase): ssl_wrap_socket(ssl_context=mock_context, ca_cert_dir='/path/to/pems', sock=socket) mock_context.load_verify_locations.assert_called_once_with( - capath='/path/to/pems') + None, '/path/to/pems') def test_ssl_wrap_socket_with_no_sni(self): socket = object() diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py index 742fe7b8..2ba1665d 100644 --- a/test/with_dummyserver/test_https.py +++ b/test/with_dummyserver/test_https.py @@ -14,6 +14,7 @@ from dummyserver.server import (DEFAULT_CA, DEFAULT_CA_BAD, DEFAULT_CERTS, from test import ( onlyPy26OrOlder, + onlyPy27OrNewer, requires_network, TARPIT_HOST, clear_warnings, @@ -80,6 +81,7 @@ class TestHTTPS(HTTPSDummyServerTestCase): error = call[0][1] self.assertEqual(error, InsecurePlatformWarning) + @onlyPy27OrNewer def test_ca_dir_verified(self): https_pool = HTTPSConnectionPool(self.host, self.port, cert_reqs='CERT_REQUIRED', diff --git a/urllib3/util/ssl_.py b/urllib3/util/ssl_.py index b8922900..47b817e3 100644 --- a/urllib3/util/ssl_.py +++ b/urllib3/util/ssl_.py @@ -267,21 +267,9 @@ def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None, context = create_urllib3_context(ssl_version, cert_reqs, ciphers=ciphers) - if ca_certs: + if ca_certs or ca_cert_dir: try: - context.load_verify_locations(ca_certs) - except IOError as e: # Platform-specific: Python 2.6, 2.7, 3.2 - raise SSLError(e) - # Py33 raises FileNotFoundError which subclasses OSError - # These are not equivalent unless we check the errno attribute - except OSError as e: # Platform-specific: Python 3.3 and beyond - if e.errno == errno.ENOENT: - raise SSLError(e) - raise - - if ca_cert_dir: - try: - context.load_verify_locations(capath=ca_cert_dir) + context.load_verify_locations(ca_certs, ca_cert_dir) except IOError as e: # Platform-specific: Python 2.6, 2.7, 3.2 raise SSLError(e) # Py33 raises FileNotFoundError which subclasses OSError |