Simplify a few more branches to improve coverage (#500)
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 5eea271..3f97ccb 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -71,10 +71,7 @@
)
OP_SSLREF2_REUSE_CERT_TYPE_BUG = _lib.SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
OP_MICROSOFT_BIG_SSLV3_BUFFER = _lib.SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
-try:
- OP_MSIE_SSLV2_RSA_PADDING = _lib.SSL_OP_MSIE_SSLV2_RSA_PADDING
-except AttributeError:
- pass
+OP_MSIE_SSLV2_RSA_PADDING = _lib.SSL_OP_MSIE_SSLV2_RSA_PADDING
OP_SSLEAY_080_CLIENT_DH_BUG = _lib.SSL_OP_SSLEAY_080_CLIENT_DH_BUG
OP_TLS_D5_BUG = _lib.SSL_OP_TLS_D5_BUG
OP_TLS_BLOCK_PADDING_BUG = _lib.SSL_OP_TLS_BLOCK_PADDING_BUG
@@ -91,10 +88,7 @@
OP_NO_QUERY_MTU = _lib.SSL_OP_NO_QUERY_MTU
OP_COOKIE_EXCHANGE = _lib.SSL_OP_COOKIE_EXCHANGE
-try:
- OP_NO_TICKET = _lib.SSL_OP_NO_TICKET
-except AttributeError:
- pass
+OP_NO_TICKET = _lib.SSL_OP_NO_TICKET
OP_ALL = _lib.SSL_OP_ALL
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index 70ae3d2..869bbb4 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -201,20 +201,10 @@
rsa = _lib.RSA_new()
result = _lib.RSA_generate_key_ex(rsa, bits, exponent, _ffi.NULL)
- if result == 0:
- # TODO: The test for this case is commented out. Different
- # builds of OpenSSL appear to have different failure modes that
- # make it hard to test. Visual inspection of the OpenSSL
- # source reveals that a return value of 0 signals an error.
- # Manual testing on a particular build of OpenSSL suggests that
- # this is probably the appropriate way to handle those errors.
- _raise_current_error()
+ _openssl_assert(result == 1)
result = _lib.EVP_PKEY_assign_RSA(self._pkey, rsa)
- if not result:
- # TODO: It appears as though this can fail if an engine is in
- # use which does not support RSA.
- _raise_current_error()
+ _openssl_assert(result == 1)
elif type == TYPE_DSA:
dsa = _lib.DSA_new()
@@ -824,8 +814,7 @@
:return: ``None``
"""
set_result = _lib.X509_REQ_set_version(self._req, version)
- if not set_result:
- _raise_current_error()
+ _openssl_assert(set_result == 1)
def get_version(self):
"""
@@ -1037,8 +1026,7 @@
raise ValueError("No such digest method")
sign_result = _lib.X509_sign(self._x509, pkey._pkey, evp_md)
- if not sign_result:
- _raise_current_error()
+ _openssl_assert(sign_result > 0)
def get_signature_algorithm(self):
"""
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index 2febb95..5b2c48a 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -802,6 +802,9 @@
self.assertRaises(ValueError, key.generate_key, TYPE_RSA, -1)
self.assertRaises(ValueError, key.generate_key, TYPE_RSA, 0)
+ with pytest.raises(TypeError):
+ key.generate_key(TYPE_RSA, object())
+
# XXX RSA generation for small values of bits is fairly buggy in a wide
# range of OpenSSL versions. I need to figure out what the safe lower
# bound for a reasonable number of OpenSSL versions is and explicitly