merge master
diff --git a/ChangeLog b/ChangeLog
index b73a144..c22aaae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2014-05-05 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/SSL.py: Fix a regression in which the first argument of
+ the "verify" callback was incorrectly a ``Context`` instance
+ instead of the ``Connection`` instance.
+ * OpenSSL/test/test_ssl.py: Add a test for the value passed as the
+ first argument of the "verify" callback.
+
2014-04-19 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index 58553d6..7b1cbc1 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -166,7 +166,7 @@
class _VerifyHelper(object):
- def __init__(self, connection, callback):
+ def __init__(self, callback):
self._problems = []
@wraps(callback)
@@ -176,6 +176,10 @@
error_number = _lib.X509_STORE_CTX_get_error(store_ctx)
error_depth = _lib.X509_STORE_CTX_get_error_depth(store_ctx)
+ index = _lib.SSL_get_ex_data_X509_STORE_CTX_idx()
+ ssl = _lib.X509_STORE_CTX_get_ex_data(store_ctx, index)
+ connection = Connection._reverse_mapping[ssl]
+
try:
result = callback(connection, cert, error_number, error_depth, ok)
except Exception as e:
@@ -547,7 +551,7 @@
if not callable(callback):
raise TypeError("callback must be callable")
- self._verify_helper = _VerifyHelper(self, callback)
+ self._verify_helper = _VerifyHelper(callback)
self._verify_callback = self._verify_helper.callback
_lib.SSL_CTX_set_verify(self._context, mode, self._verify_callback)
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index 1d18fd0..b30bed4 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -279,6 +279,19 @@
write.bio_write(dirty)
+ def _handshakeInMemory(self, client_conn, server_conn):
+ client_conn.set_connect_state()
+ server_conn.set_accept_state()
+
+ for conn in [client_conn, server_conn]:
+ try:
+ conn.do_handshake()
+ except WantReadError:
+ pass
+
+ self._interactInMemory(client_conn, server_conn)
+
+
class VersionTests(TestCase):
"""
@@ -983,6 +996,34 @@
pass
+ def test_set_verify_callback_connection_argument(self):
+ """
+ The first argument passed to the verify callback is the
+ :py:class:`Connection` instance for which verification is taking place.
+ """
+ serverContext = Context(TLSv1_METHOD)
+ serverContext.use_privatekey(
+ load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))
+ serverContext.use_certificate(
+ load_certificate(FILETYPE_PEM, cleartextCertificatePEM))
+ serverConnection = Connection(serverContext, None)
+
+ class VerifyCallback(object):
+ def callback(self, connection, *args):
+ self.connection = connection
+ return 1
+
+ verify = VerifyCallback()
+ clientContext = Context(TLSv1_METHOD)
+ clientContext.set_verify(VERIFY_PEER, verify.callback)
+ clientConnection = Connection(clientContext, None)
+ clientConnection.set_connect_state()
+
+ self._handshakeInMemory(clientConnection, serverConnection)
+
+ self.assertIdentical(verify.connection, clientConnection)
+
+
def test_set_verify_callback_exception(self):
"""
If the verify callback passed to :py:obj:`Context.set_verify` raises an