Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 4bf75c670d73568f71c7399583824da5c0f225d7^! / . / OpenSSL / test / test_crypto.py
commit4bf75c670d73568f71c7399583824da5c0f225d7[log] [tgz]
authorJean-Paul Calderone <exarkun@twistedmatrix.com>Fri Aug 23 15:39:53 2013 -0400
committerJean-Paul Calderone <exarkun@twistedmatrix.com>Fri Aug 23 15:39:53 2013 -0400
treee52c14fbbfbc4fd52c79a9be9d1bf670efdb65ce
parent9ceb2f15c20ad49179b44997ed188db0e0879c98 [diff] [blame]
Split this big test up into the two important pieces and make a test for each
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index e65917e..8ac80c0 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py

@@ -267,7 +267,7 @@
 
 # certificate with NULL bytes in subjectAltName and common name
 
-nullbyte_san_PEM = b("""-----BEGIN CERTIFICATE-----
+nulbyteSubjectAltNamePEM = b("""-----BEGIN CERTIFICATE-----
 MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
 DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
 eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
@@ -887,6 +887,18 @@
             [(b("CN"), b("foo")), (b("OU"), b("bar"))])
 
 
+    def test_load_nul_byte_attribute(self):
+        """
+        An L{X509Name} from an L{X509} instance loaded from a file can have a
+        NUL byte in the value of one of its attributes.
+        """
+        cert = load_certificate(FILETYPE_PEM, nulbyteSubjectAltNamePEM)
+        subject = cert.get_subject()
+        self.assertEqual(
+            b("null.python.org\x00example.org"), subject.commonName)
+
+
+
 class _PKeyInteractionTestsMixin:
     """
     Tests which involve another thing and a PKey.
@@ -1412,34 +1424,24 @@
         self.assertRaises(IndexError, cert.get_extension, 4)
         self.assertRaises(TypeError, cert.get_extension, "hello")
 
-    def test_nullbyte_san(self):
+
+    def test_nullbyte_subjectAltName(self):
         """
-        Test correct handling of CN and SAN with NULL bytes
-
-        see CVE-2013-4073
+        The fields of a I{subjectAltName} extension on an X509 may contain NUL
+        bytes and this value is reflected in the string representation of the
+        extension object.
         """
-        cert = load_certificate(FILETYPE_PEM, nullbyte_san_PEM)
-        subject = cert.get_subject()
-        self.assertEqual(subject.CN, 'null.python.org\x00example.org')
-        issuer = cert.get_issuer()
-        self.assertEqual(issuer.CN, 'null.python.org\x00example.org')
-
-        ext = cert.get_extension(0)
-        self.assertEqual(ext.get_short_name(), b('basicConstraints'))
-
-        ext = cert.get_extension(1)
-        self.assertEqual(ext.get_short_name(), b('subjectKeyIdentifier'))
-
-        ext = cert.get_extension(2)
-        self.assertEqual(ext.get_short_name(), b('keyUsage'))
+        cert = load_certificate(FILETYPE_PEM, nulbyteSubjectAltNamePEM)
 
         ext = cert.get_extension(3)
         self.assertEqual(ext.get_short_name(), b('subjectAltName'))
-        self.assertEqual(str(ext), 
-            'DNS:altnull.python.org\x00example.com, '
-            'email:null@python.org\x00user@example.org, '
-            'URI:http://null.python.org\x00http://example.org, '
-            'IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1\n')
+        self.assertEqual(
+            b("DNS:altnull.python.org\x00example.com, "
+              "email:null@python.org\x00user@example.org, "
+              "URI:http://null.python.org\x00http://example.org, "
+              "IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1\n"),
+            b(str(ext)))
+
 
     def test_invalid_digest_algorithm(self):
         """