Committed revision 57561.
On 8/27/07, Bill Janssen <[EMAIL PROTECTED]> wrote:
> > Regardless, building a fixed test certificate and checking it in sounds like
> > the better option. Then the openssl command in the test code can be turned
> > into a comment describing how the test data was pregenerated.
>
> Here's a patch that does that.
>
> Bill
>
> Index: Lib/test/keycert.pem
> ===================================================================
> --- Lib/test/keycert.pem (revision 0)
> +++ Lib/test/keycert.pem (revision 0)
> @@ -0,0 +1,32 @@
> +-----BEGIN RSA PRIVATE KEY-----
> +MIICXwIBAAKBgQC8ddrhm+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9L
> +opdJhTvbGfEj0DQs1IE8M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVH
> +fhi/VwovESJlaBOp+WMnfhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQAB
> +AoGBAK0FZpaKj6WnJZN0RqhhK+ggtBWwBnc0U/ozgKz2j1s3fsShYeiGtW6CK5nU
> +D1dZ5wzhbGThI7LiOXDvRucc9n7vUgi0alqPQ/PFodPxAN/eEYkmXQ7W2k7zwsDA
> +IUK0KUhktQbLu8qF/m8qM86ba9y9/9YkXuQbZ3COl5ahTZrhAkEA301P08RKv3KM
> +oXnGU2UHTuJ1MAD2hOrPxjD4/wxA/39EWG9bZczbJyggB4RHu0I3NOSFjAm3HQm0
> +ANOu5QK9owJBANgOeLfNNcF4pp+UikRFqxk5hULqRAWzVxVrWe85FlPm0VVmHbb/
> +loif7mqjU8o1jTd/LM7RD9f2usZyE2psaw8CQQCNLhkpX3KO5kKJmS9N7JMZSc4j
> +oog58yeYO8BBqKKzpug0LXuQultYv2K4veaIO04iL9VLe5z9S/Q1jaCHBBuXAkEA
> +z8gjGoi1AOp6PBBLZNsncCvcV/0aC+1se4HxTNo2+duKSDnbq+ljqOM+E7odU+Nq
> +ewvIWOG//e8fssd0mq3HywJBAJ8l/c8GVmrpFTx8r/nZ2Pyyjt3dH1widooDXYSV
> +q6Gbf41Llo5sYAtmxdndTLASuHKecacTgZVhy0FryZpLKrU=
> +-----END RSA PRIVATE KEY-----
> +-----BEGIN CERTIFICATE-----
> +MIICpzCCAhCgAwIBAgIJAP+qStv1cIGNMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD
> +VQQGEwJVUzERMA8GA1UECBMIRGVsYXdhcmUxEzARBgNVBAcTCldpbG1pbmd0b24x
> +IzAhBgNVBAoTGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9uMQwwCgYDVQQLEwNT
> +U0wxHzAdBgNVBAMTFnNvbWVtYWNoaW5lLnB5dGhvbi5vcmcwHhcNMDcwODI3MTY1
> +NDUwWhcNMTMwMjE2MTY1NDUwWjCBiTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCERl
> +bGF3YXJlMRMwEQYDVQQHEwpXaWxtaW5ndG9uMSMwIQYDVQQKExpQeXRob24gU29m
> +dHdhcmUgRm91bmRhdGlvbjEMMAoGA1UECxMDU1NMMR8wHQYDVQQDExZzb21lbWFj
> +aGluZS5weXRob24ub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ddrh
> +m+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9LopdJhTvbGfEj0DQs1IE8
> +M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVHfhi/VwovESJlaBOp+WMn
> +fhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQABoxUwEzARBglghkgBhvhC
> +AQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAF4Q5BVqmCOLv1n8je/Jw9K669VXb
> +08hyGzQhkemEBYQd6fzQ9A/1ZzHkJKb1P6yreOLSEh4KcxYPyrLRC1ll8nr5OlCx
> +CMhKkTnR6qBsdNV0XtdU2+N25hqW+Ma4ZeqsN/iiJVCGNOZGnvQuvCAGWF8+J/f/
> +iHkC6gGdBJhogs4=
> +-----END CERTIFICATE-----
> Index: Lib/test/test_ssl.py
> ===================================================================
> --- Lib/test/test_ssl.py (revision 57559)
> +++ Lib/test/test_ssl.py (working copy)
> @@ -22,7 +22,6 @@
> skip_expected = True
>
> CERTFILE = None
> -GMAIL_POP_CERTFILE = None
>
>
> def handle_error(prefix):
> @@ -298,12 +297,15 @@
> nsCertType = server
> """
>
> -def create_cert_files():
> +def create_cert_files(hostname=None):
>
> + """This is the routine that was run to create the certificate
> + and private key contained in keycert.pem."""
> +
> import tempfile, socket, os
> d = tempfile.mkdtemp()
> # now create a configuration file for the CA signing cert
> - fqdn = socket.getfqdn()
> + fqdn = hostname or socket.getfqdn()
> crtfile = os.path.join(d, "cert.pem")
> conffile = os.path.join(d, "ca.conf")
> fp = open(conffile, "w")
> @@ -316,7 +318,7 @@
> })
> fp.close()
> error = os.system(
> - "openssl req -batch -new -x509 -days 10 -nodes -config %s "
> + "openssl req -batch -new -x509 -days 2000 -nodes -config %s "
> "-keyout \"%s\" -out \"%s\" > /dev/null < /dev/null 2>&1" %
> (conffile, crtfile, crtfile))
> # now we have a self-signed server cert in crtfile
> @@ -324,7 +326,8 @@
> if (os.WEXITSTATUS(error) or
> not os.path.exists(crtfile) or os.path.getsize(crtfile) == 0):
> if test_support.verbose:
> - sys.stdout.write("Unable to create certificate for test %d\n" %
> error)
> + sys.stdout.write("Unable to create certificate for test, "
> + + "error status %d\n" % (error >> 8))
> crtfile = None
> elif test_support.verbose:
> sys.stdout.write(open(crtfile, 'r').read() + '\n')
> @@ -336,7 +339,8 @@
> raise test_support.TestSkipped("socket module has no ssl support")
>
> global CERTFILE
> - tdir, CERTFILE = create_cert_files()
> + CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
> + "keycert.pem")
> if not CERTFILE:
> sys.__stdout__.write("Skipping test_ssl ConnectedTests; "
> "couldn't create a certificate.\n")
> @@ -362,8 +366,6 @@
> # wait for it to stop
> server.join()
>
> - if tdir and os.path.isdir(tdir):
> - shutil.rmtree(tdir)
> test_support.threading_cleanup(*thread_info)
>
> if __name__ == "__main__":
>
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
