diff options
Diffstat (limited to 'dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch')
-rw-r--r-- | dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch new file mode 100644 index 000000000000..048ede23786e --- /dev/null +++ b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch @@ -0,0 +1,84 @@ +From fc18f7bed12f58100c3a5eef3dbae29c9a26f18a Mon Sep 17 00:00:00 2001 +From: Jeff Tang <mrjefftang@users.noreply.github.com> +Date: Wed, 15 Apr 2015 17:42:33 -0400 +Subject: [PATCH] OpenSSL 1.0.2 Compatibility + +- Perform the time comparison in python to fix #192 +- Add root cert has_expired test +- Self sign test cert to fix issue in #149 +- Change test case to verify digest of a valid certficate +--- + OpenSSL/crypto.py | 9 +++++---- + OpenSSL/test/test_crypto.py | 15 +++++++++++++-- + 2 files changed, 18 insertions(+), 6 deletions(-) + +diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py +index c7bdabc..1b1058e 100644 +--- a/OpenSSL/crypto.py ++++ b/OpenSSL/crypto.py +@@ -1,5 +1,6 @@ +-from time import time ++from time import time, strptime + from base64 import b16encode ++from calendar import timegm + from functools import partial + from operator import __eq__, __ne__, __lt__, __le__, __gt__, __ge__ + from warnings import warn as _warn +@@ -1161,10 +1162,10 @@ def has_expired(self): + :return: True if the certificate has expired, false otherwise + """ + now = int(time()) +- notAfter = _lib.X509_get_notAfter(self._x509) +- return _lib.ASN1_UTCTIME_cmp_time_t( +- _ffi.cast('ASN1_UTCTIME*', notAfter), now) < 0 ++ notAfter = self.get_notAfter().decode('utf-8') ++ notAfterSecs = timegm(strptime(notAfter, '%Y%m%d%H%M%SZ')) + ++ return now > notAfterSecs + + def _get_boundary_time(self, which): + return _get_asn1_time(which(self._x509)) +diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py +index 73e9cc7..b817451 100644 +--- a/OpenSSL/test/test_crypto.py ++++ b/OpenSSL/test/test_crypto.py +@@ -1562,19 +1562,29 @@ def test_has_not_expired(self): + cert.gmtime_adj_notAfter(2) + self.assertFalse(cert.has_expired()) + ++ def test_root_has_not_expired(self): ++ """ ++ :py:obj:`X509Type.has_expired` returns :py:obj:`False` if the certificate's not-after ++ time is in the future. ++ """ ++ cert = load_certificate(FILETYPE_PEM, root_cert_pem) ++ self.assertFalse(cert.has_expired()) ++ + + def test_digest(self): + """ + :py:obj:`X509.digest` returns a string giving ":"-separated hex-encoded words + of the digest of the certificate. + """ +- cert = X509() ++ cert = load_certificate(FILETYPE_PEM, root_cert_pem) + self.assertEqual( + # This is MD5 instead of GOOD_DIGEST because the digest algorithm + # actually matters to the assertion (ie, another arbitrary, good + # digest will not product the same digest). ++ # Digest verified with the command: ++ # openssl x509 -in root_cert.pem -noout -fingerprint -md5 + cert.digest("MD5"), +- b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15")) ++ b("19:B3:05:26:2B:F8:F2:FF:0B:8F:21:07:A8:28:B8:75")) + + + def _extcert(self, pkey, extensions): +@@ -1587,6 +1597,7 @@ def _extcert(self, pkey, extensions): + cert.set_notAfter(when) + + cert.add_extensions(extensions) ++ cert.sign(pkey, 'sha1') + return load_certificate( + FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert)) + |