Implement X509Req.verify
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index 736227b..23c533c 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py
@@ -594,6 +594,26 @@
1/0
+ def verify(self, pkey):
+ """
+ Verifies a certificate request using the supplied public key
+
+ :param key: a public key
+ :return: True if the signature is correct.
+
+ :raise OpenSSL.crypto.Error: If the signature is invalid or there is a
+ problem verifying the signature.
+ """
+ if not isinstance(pkey, PKey):
+ raise TypeError("pkey must be a PKey instance")
+
+ result = _api.X509_REQ_verify(self._req, pkey._pkey)
+ if result <= 0:
+ _raise_current_error(Error)
+
+ return result
+
+
X509ReqType = X509Req
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index 2ba06a6..7fb2d25 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py
@@ -1061,6 +1061,53 @@
self.assertRaises(TypeError, request.add_extensions, [], None)
+ def test_verify_wrong_args(self):
+ """
+ :py:obj:`X509Req.verify` raises :py:obj:`TypeError` if called with zero
+ arguments or more than one argument or if passed anything other than a
+ :py:obj:`PKey` instance as its single argument.
+ """
+ request = X509Req()
+ self.assertRaises(TypeError, request.verify)
+ self.assertRaises(TypeError, request.verify, object())
+ self.assertRaises(TypeError, request.verify, PKey(), object())
+
+
+ def test_verify_uninitialized_key(self):
+ """
+ :py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if called
+ with a :py:obj:`OpenSSL.crypto.PKey` which contains no key data.
+ """
+ request = X509Req()
+ pkey = PKey()
+ self.assertRaises(Error, request.verify, pkey)
+
+
+ def test_verify_wrong_key(self):
+ """
+ :py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if called
+ with a :py:obj:`OpenSSL.crypto.PKey` which does not represent the public
+ part of the key which signed the request.
+ """
+ request = X509Req()
+ pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ request.sign(pkey, b"SHA1")
+ another_pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
+ self.assertRaises(Error, request.verify, another_pkey)
+
+
+ def test_verify_success(self):
+ """
+ :py:obj:`X509Req.verify` returns :py:obj:`True` if called with a
+ :py:obj:`OpenSSL.crypto.PKey` which represents the public part ofthe key
+ which signed the request.
+ """
+ request = X509Req()
+ pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ request.sign(pkey, b"SHA1")
+ self.assertEqual(True, request.verify(pkey))
+
+
class X509Tests(TestCase, _PKeyInteractionTestsMixin):
"""