Trust return value in context error The function X509_STORE_CTX_get_current_cert seems to always return a certificate. After reviewing upstream OpenSSL package, it seems they do no error checking on this function either, so I think this approach should be safe. Worst case scenario, for a case I think is impossible, we'll get a AttributeError or TypeError.

commit: 1f713eb84f76b55cfb7b1c21b23388eca9753ec1 [log] [tgz]
author: Stephen Holsapple <sholsapp@gmail.com> Mon Feb 09 19:19:44 2015 -0800
committer: Stephen Holsapple <sholsapp@gmail.com> Mon Feb 09 19:19:44 2015 -0800
tree: 3d5c775f745e5fb16e8116f63563674988bff1ab
parent: 08ffaa641b8ac19ddaae6472688f5a65844c8473 [diff] [blame]
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index 395f273..c3d4c9b 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py

@@ -1439,11 +1439,12 @@
             _native(_ffi.string(_lib.X509_verify_cert_error_string(
                         _lib.X509_STORE_CTX_get_error(self._store_ctx)))),
         ]
+        # A context error should always be associated with a certificate, so we
+        # expect this call to never return :class:`None`.
         _x509 = _lib.X509_STORE_CTX_get_current_cert(self._store_ctx)
-        if _x509 != _ffi.NULL:
-          _cert = _lib.X509_dup(_x509)
-          pycert = X509.__new__(X509)
-          pycert._x509 = _ffi.gc(_cert, _lib.X509_free)
+        _cert = _lib.X509_dup(_x509)
+        pycert = X509.__new__(X509)
+        pycert._x509 = _ffi.gc(_cert, _lib.X509_free)
         return X509StoreContextError(errors, pycert)
commit	1f713eb84f76b55cfb7b1c21b23388eca9753ec1	[log] [tgz]
author	Stephen Holsapple <sholsapp@gmail.com>	Mon Feb 09 19:19:44 2015 -0800
committer	Stephen Holsapple <sholsapp@gmail.com>	Mon Feb 09 19:19:44 2015 -0800
tree	3d5c775f745e5fb16e8116f63563674988bff1ab
parent	08ffaa641b8ac19ddaae6472688f5a65844c8473 [diff] [blame]