Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch')
-rw-r--r--dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch84
1 files changed, 84 insertions, 0 deletions
diff --git a/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch
new file mode 100644
index 000000000000..048ede23786e
--- /dev/null
+++ b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch
@@ -0,0 +1,84 @@
+From fc18f7bed12f58100c3a5eef3dbae29c9a26f18a Mon Sep 17 00:00:00 2001
+From: Jeff Tang <mrjefftang@users.noreply.github.com>
+Date: Wed, 15 Apr 2015 17:42:33 -0400
+Subject: [PATCH] OpenSSL 1.0.2 Compatibility
+
+- Perform the time comparison in python to fix #192
+- Add root cert has_expired test
+- Self sign test cert to fix issue in #149
+- Change test case to verify digest of a valid certficate
+---
+ OpenSSL/crypto.py | 9 +++++----
+ OpenSSL/test/test_crypto.py | 15 +++++++++++++--
+ 2 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
+index c7bdabc..1b1058e 100644
+--- a/OpenSSL/crypto.py
++++ b/OpenSSL/crypto.py
+@@ -1,5 +1,6 @@
+-from time import time
++from time import time, strptime
+ from base64 import b16encode
++from calendar import timegm
+ from functools import partial
+ from operator import __eq__, __ne__, __lt__, __le__, __gt__, __ge__
+ from warnings import warn as _warn
+@@ -1161,10 +1162,10 @@ def has_expired(self):
+ :return: True if the certificate has expired, false otherwise
+ """
+ now = int(time())
+- notAfter = _lib.X509_get_notAfter(self._x509)
+- return _lib.ASN1_UTCTIME_cmp_time_t(
+- _ffi.cast('ASN1_UTCTIME*', notAfter), now) < 0
++ notAfter = self.get_notAfter().decode('utf-8')
++ notAfterSecs = timegm(strptime(notAfter, '%Y%m%d%H%M%SZ'))
+
++ return now > notAfterSecs
+
+ def _get_boundary_time(self, which):
+ return _get_asn1_time(which(self._x509))
+diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
+index 73e9cc7..b817451 100644
+--- a/OpenSSL/test/test_crypto.py
++++ b/OpenSSL/test/test_crypto.py
+@@ -1562,19 +1562,29 @@ def test_has_not_expired(self):
+ cert.gmtime_adj_notAfter(2)
+ self.assertFalse(cert.has_expired())
+
++ def test_root_has_not_expired(self):
++ """
++ :py:obj:`X509Type.has_expired` returns :py:obj:`False` if the certificate's not-after
++ time is in the future.
++ """
++ cert = load_certificate(FILETYPE_PEM, root_cert_pem)
++ self.assertFalse(cert.has_expired())
++
+
+ def test_digest(self):
+ """
+ :py:obj:`X509.digest` returns a string giving ":"-separated hex-encoded words
+ of the digest of the certificate.
+ """
+- cert = X509()
++ cert = load_certificate(FILETYPE_PEM, root_cert_pem)
+ self.assertEqual(
+ # This is MD5 instead of GOOD_DIGEST because the digest algorithm
+ # actually matters to the assertion (ie, another arbitrary, good
+ # digest will not product the same digest).
++ # Digest verified with the command:
++ # openssl x509 -in root_cert.pem -noout -fingerprint -md5
+ cert.digest("MD5"),
+- b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
++ b("19:B3:05:26:2B:F8:F2:FF:0B:8F:21:07:A8:28:B8:75"))
+
+
+ def _extcert(self, pkey, extensions):
+@@ -1587,6 +1597,7 @@ def _extcert(self, pkey, extensions):
+ cert.set_notAfter(when)
+
+ cert.add_extensions(extensions)
++ cert.sign(pkey, 'sha1')
+ return load_certificate(
+ FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))
+