txaws-dev team mailing list archive
-
txaws-dev team
-
Mailing list archive
-
Message #00126
[Merge] lp:~ahasenack/txaws/no-local-dir-for-ca-lookup into lp:txaws
Andreas Hasenack has proposed merging lp:~ahasenack/txaws/no-local-dir-for-ca-lookup into lp:txaws.
Requested reviews:
txAWS Committers (txaws-dev)
Related bugs:
Bug #1072793 in txAWS: "get_ca_certs() includes current directory"
https://bugs.launchpad.net/txaws/+bug/1072793
For more details, see:
https://code.launchpad.net/~ahasenack/txaws/no-local-dir-for-ca-lookup/+merge/131949
This branch changes get_ca_certs() so that it does not accidentally include the current directory when looking for *.pem CA files to load.
--
https://code.launchpad.net/~ahasenack/txaws/no-local-dir-for-ca-lookup/+merge/131949
Your team txAWS Committers is requested to review the proposed merge of lp:~ahasenack/txaws/no-local-dir-for-ca-lookup into lp:txaws.
=== modified file 'txaws/client/ssl.py'
--- txaws/client/ssl.py 2012-01-26 23:05:01 +0000
+++ txaws/client/ssl.py 2012-10-29 16:22:23 +0000
@@ -16,11 +16,11 @@
# Multiple defaults are supported; just add more paths, separated by colons.
if sys.platform == "darwin":
- DEFAULT_CERTS_PATH = "/System/Library/OpenSSL/certs/:"
+ DEFAULT_CERTS_PATH = "/System/Library/OpenSSL/certs/"
# XXX Windows users can file a bug to add theirs, since we don't know what
# the right path is
else:
- DEFAULT_CERTS_PATH = "/etc/ssl/certs/:"
+ DEFAULT_CERTS_PATH = "/etc/ssl/certs/"
class VerifyingContextFactory(CertificateOptions):
@@ -99,6 +99,8 @@
cert_paths = os.getenv("TXAWS_CERTS_PATH", DEFAULT_CERTS_PATH).split(":")
certificate_authority_map = {}
for path in cert_paths:
+ if not path:
+ continue
for cert_file_name in glob(os.path.join(path, "*.pem")):
# There might be some dead symlinks in there, so let's make sure
# it's real.
=== modified file 'txaws/client/tests/test_ssl.py'
--- txaws/client/tests/test_ssl.py 2012-02-09 22:07:20 +0000
+++ txaws/client/tests/test_ssl.py 2012-10-29 16:22:23 +0000
@@ -169,6 +169,7 @@
self.two_certs_dir = tempfile.mkdtemp()
self.cert2 = self._write_pem(cert2, self.two_certs_dir, "cert2.pem")
self.cert3 = self._write_pem(cert3, self.two_certs_dir, "cert3.pem")
+ self.curdir = os.getcwd()
def tearDown(self):
super(CertsFilesTestCase, self).tearDown()
@@ -178,6 +179,7 @@
os.removedirs(self.no_certs_dir)
os.removedirs(self.one_cert_dir)
os.removedirs(self.two_certs_dir)
+ os.chdir(self.curdir)
def _write_pem(self, cert, dir, filename):
data = dump_certificate(FILETYPE_PEM, cert[1])
@@ -213,3 +215,8 @@
self.no_certs_dir, self.one_cert_dir)
certs = ssl.get_ca_certs()
self.assertEqual(len(certs), 1)
+
+ def test_get_ca_certs_no_current_dir(self):
+ os.environ["TXAWS_CERTS_PATH"] = "%s:" % self.no_certs_dir
+ os.chdir(self.one_cert_dir)
+ self.assertRaises(exception.CertsNotFoundError, ssl.get_ca_certs)