merge master
diff --git a/ChangeLog b/ChangeLog
index 4019c27..482bae4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-11 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
+ causing it to always succeed - even if it should fail.
+
2015-01-08 Paul Aurich <paul@darkrain42.org>
* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index b6c8076..2731d64 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -492,6 +492,9 @@
:return: None (raises an exception if something's wrong)
"""
+ if not _lib.SSL_CTX_check_private_key(self._context):
+ _raise_current_error()
+
def load_client_ca(self, cafile):
"""
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index 79010fb..f098327 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -507,6 +507,43 @@
ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))
+ def test_check_privatekey_valid(self):
+ """
+ :py:obj:`Context.check_privatekey` returns :py:obj:`None` if the
+ :py:obj:`Context` instance has been configured to use a matched key and
+ certificate pair.
+ """
+ key = load_privatekey(FILETYPE_PEM, client_key_pem)
+ cert = load_certificate(FILETYPE_PEM, client_cert_pem)
+ context = Context(TLSv1_METHOD)
+ context.use_privatekey(key)
+ context.use_certificate(cert)
+ self.assertIs(None, context.check_privatekey())
+
+
+ def test_check_privatekey_invalid(self):
+ """
+ :py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the
+ :py:obj:`Context` instance has been configured to use a key and
+ certificate pair which don't relate to each other.
+ """
+ key = load_privatekey(FILETYPE_PEM, client_key_pem)
+ cert = load_certificate(FILETYPE_PEM, server_cert_pem)
+ context = Context(TLSv1_METHOD)
+ context.use_privatekey(key)
+ context.use_certificate(cert)
+ self.assertRaises(Error, context.check_privatekey)
+
+
+ def test_check_privatekey_wrong_args(self):
+ """
+ :py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called
+ with other than no arguments.
+ """
+ context = Context(TLSv1_METHOD)
+ self.assertRaises(TypeError, context.check_privatekey, object())
+
+
def test_set_app_data_wrong_args(self):
"""
:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than
diff --git a/OpenSSL/test/util.py b/OpenSSL/test/util.py
index 21bbdc4..4260eb0 100644
--- a/OpenSSL/test/util.py
+++ b/OpenSSL/test/util.py
@@ -227,7 +227,7 @@
failIfIn = assertNotIn
- def failUnlessIdentical(self, first, second, msg=None):
+ def assertIs(self, first, second, msg=None):
"""
Fail the test if :py:data:`first` is not :py:data:`second`. This is an
obect-identity-equality test, not an object equality
@@ -239,10 +239,10 @@
if first is not second:
raise self.failureException(msg or '%r is not %r' % (first, second))
return first
- assertIdentical = failUnlessIdentical
+ assertIdentical = failUnlessIdentical = assertIs
- def failIfIdentical(self, first, second, msg=None):
+ def assertIsNot(self, first, second, msg=None):
"""
Fail the test if :py:data:`first` is :py:data:`second`. This is an
obect-identity-equality test, not an object equality
@@ -254,7 +254,7 @@
if first is second:
raise self.failureException(msg or '%r is %r' % (first, second))
return first
- assertNotIdentical = failIfIdentical
+ assertNotIdentical = failIfIdentical = assertIsNot
def failUnlessRaises(self, exception, f, *args, **kwargs):
diff --git a/setup.py b/setup.py
index 1450630..8d9d12a 100755
--- a/setup.py
+++ b/setup.py
@@ -34,7 +34,7 @@
maintainer_email = 'exarkun@twistedmatrix.com',
url = 'https://github.com/pyca/pyopenssl',
license = 'APL2',
- install_requires=["cryptography>=0.5.4", "six>=1.5.2"],
+ install_requires=["cryptography>=0.7.dev0", "six>=1.5.2"],
long_description = """\
High-level wrapper around a subset of the OpenSSL library, includes
* SSL.Connection objects, wrapping the methods of Python's portable