Prevent _PassphraseHelper.raise_if_problem() from eating exceptions (#581)
* Modify tests to detect empty crypto.Errors from load_privatekey
This reproduces #119 and #456.
* Prevent _PassphraseHelper.raise_if_problem() from eating exceptions.
This resolves #119, resolves #456.
`_PassphraseHelper.raise_if_problem()` always flushes the OpenSSL
exception queue, but does not always raise an exception. In some cases,
other code attempts to raise an error from OpenSSL after
`raise_if_problem()` has flushed the queue, thus causing an empty
exception to be raised (i.e. `raise Error([])`).
This commit modifies `_PassphraseHelper.raise_if_problem` to flush the
OpenSSL error queue only if it has en exception to raise. Subsequent
code that detects an error should now be able to raise an non-empty
exception.
* Add CHANGELOG entry for #581.
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index 6b55702..8d644de 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -2595,9 +2595,10 @@
:py:obj:`load_privatekey` raises :py:obj:`OpenSSL.crypto.Error` when it
is passed an encrypted PEM and an incorrect passphrase.
"""
- self.assertRaises(
+ exc = self.assertRaises(
Error,
load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, b"quack")
+ self.assertNotEqual(exc.args[0], [])
def test_load_privatekey_passphraseWrongType(self):
"""
@@ -2642,10 +2643,11 @@
def cb(*a):
called.append(None)
return b"quack"
- self.assertRaises(
+ exc = self.assertRaises(
Error,
load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, cb)
self.assertTrue(called)
+ self.assertNotEqual(exc.args[0], [])
def test_load_privatekey_passphraseCallback(self):
"""