Merge "Fix SSL certificate CNAME checking"

2013-07-22 21:50:07 +00:00
parent 093064caa8 822cd64c07
commit 49a1207266
2 changed files with 8 additions and 6 deletions
--- a/glanceclient/common/http.py
+++ b/glanceclient/common/http.py
@@ -343,11 +343,13 @@ class VerifiedHTTPSConnection(HTTPSConnection):

    def verify_callback(self, connection, x509, errnum,
                        depth, preverify_ok):
+        # NOTE(leaman): preverify_ok may be a non-boolean type
+        preverify_ok = bool(preverify_ok)
        if x509.has_expired():
            msg = "SSL Certificate expired on '%s'" % x509.get_notAfter()
            raise exc.SSLCertificateError(msg)

-        if depth == 0 and preverify_ok is True:
+        if depth == 0 and preverify_ok:
            # We verify that the host matches against the last
            # certificate in the chain
            return self.host_matches_cert(self.host, x509)
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -125,7 +125,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
        self.assertEqual(cert.get_subject().commonName, '0.0.0.0')
        try:
            conn = http.VerifiedHTTPSConnection('0.0.0.0', 0)
-            conn.verify_callback(None, cert, 0, 0, True)
+            conn.verify_callback(None, cert, 0, 0, 1)
        except Exception:
            self.fail('Unexpected exception.')

@@ -140,13 +140,13 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
        self.assertEqual(cert.get_subject().commonName, '0.0.0.0')
        try:
            conn = http.VerifiedHTTPSConnection('alt1.example.com', 0)
-            conn.verify_callback(None, cert, 0, 0, True)
+            conn.verify_callback(None, cert, 0, 0, 1)
        except Exception:
            self.fail('Unexpected exception.')

        try:
            conn = http.VerifiedHTTPSConnection('alt2.example.com', 0)
-            conn.verify_callback(None, cert, 0, 0, True)
+            conn.verify_callback(None, cert, 0, 0, 1)
        except Exception:
            self.fail('Unexpected exception.')

@@ -165,7 +165,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
            self.fail('Failed to init VerifiedHTTPSConnection.')

        self.assertRaises(exc.SSLCertificateError,
-                          conn.verify_callback, None, cert, 0, 0, True)
+                          conn.verify_callback, None, cert, 0, 0, 1)

    def test_ssl_expired_cert(self):
        """
@@ -183,7 +183,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
            self.fail('Failed to init VerifiedHTTPSConnection.')

        self.assertRaises(exc.SSLCertificateError,
-                          conn.verify_callback, None, cert, 0, 0, True)
+                          conn.verify_callback, None, cert, 0, 0, 1)

    def test_ssl_broken_key_file(self):
        """