← Back to team overview

txaws-dev team mailing list archive

[Merge] lp:~ahasenack/txaws/no-local-dir-for-ca-lookup into lp:txaws

 

Andreas Hasenack has proposed merging lp:~ahasenack/txaws/no-local-dir-for-ca-lookup into lp:txaws.

Requested reviews:
  txAWS Committers (txaws-dev)
Related bugs:
  Bug #1072793 in txAWS: "get_ca_certs() includes current directory"
  https://bugs.launchpad.net/txaws/+bug/1072793

For more details, see:
https://code.launchpad.net/~ahasenack/txaws/no-local-dir-for-ca-lookup/+merge/131949

This branch changes get_ca_certs() so that it does not accidentally include the current directory when looking for *.pem CA files to load.
-- 
https://code.launchpad.net/~ahasenack/txaws/no-local-dir-for-ca-lookup/+merge/131949
Your team txAWS Committers is requested to review the proposed merge of lp:~ahasenack/txaws/no-local-dir-for-ca-lookup into lp:txaws.
=== modified file 'txaws/client/ssl.py'
--- txaws/client/ssl.py	2012-01-26 23:05:01 +0000
+++ txaws/client/ssl.py	2012-10-29 16:22:23 +0000
@@ -16,11 +16,11 @@
 
 # Multiple defaults are supported; just add more paths, separated by colons.
 if sys.platform == "darwin":
-    DEFAULT_CERTS_PATH = "/System/Library/OpenSSL/certs/:"
+    DEFAULT_CERTS_PATH = "/System/Library/OpenSSL/certs/"
 # XXX Windows users can file a bug to add theirs, since we don't know what
 # the right path is
 else:
-    DEFAULT_CERTS_PATH = "/etc/ssl/certs/:"
+    DEFAULT_CERTS_PATH = "/etc/ssl/certs/"
 
 
 class VerifyingContextFactory(CertificateOptions):
@@ -99,6 +99,8 @@
     cert_paths = os.getenv("TXAWS_CERTS_PATH", DEFAULT_CERTS_PATH).split(":")
     certificate_authority_map = {}
     for path in cert_paths:
+        if not path:
+            continue
         for cert_file_name in glob(os.path.join(path, "*.pem")):
             # There might be some dead symlinks in there, so let's make sure
             # it's real.

=== modified file 'txaws/client/tests/test_ssl.py'
--- txaws/client/tests/test_ssl.py	2012-02-09 22:07:20 +0000
+++ txaws/client/tests/test_ssl.py	2012-10-29 16:22:23 +0000
@@ -169,6 +169,7 @@
         self.two_certs_dir = tempfile.mkdtemp()
         self.cert2 = self._write_pem(cert2, self.two_certs_dir, "cert2.pem")
         self.cert3 = self._write_pem(cert3, self.two_certs_dir, "cert3.pem")
+        self.curdir = os.getcwd()
 
     def tearDown(self):
         super(CertsFilesTestCase, self).tearDown()
@@ -178,6 +179,7 @@
         os.removedirs(self.no_certs_dir)
         os.removedirs(self.one_cert_dir)
         os.removedirs(self.two_certs_dir)
+        os.chdir(self.curdir)
 
     def _write_pem(self, cert, dir, filename):
         data = dump_certificate(FILETYPE_PEM, cert[1])
@@ -213,3 +215,8 @@
             self.no_certs_dir, self.one_cert_dir)
         certs = ssl.get_ca_certs()
         self.assertEqual(len(certs), 1)
+
+    def test_get_ca_certs_no_current_dir(self):
+        os.environ["TXAWS_CERTS_PATH"] = "%s:" % self.no_certs_dir
+        os.chdir(self.one_cert_dir)
+        self.assertRaises(exception.CertsNotFoundError, ssl.get_ca_certs)