Fix Failing tests with openssl >= 1.1.0
keystoneclient.tests.unit.test_cms.CMSTest.test_cms_verify keystoneclient.tests.unit.test_cms.CMSTest.test_cms_verify_token_no_files failing with: Command 'openssl' returned non-zero exit status 1 I think its OpenSSL >= 1.1 bug, which returns wrong exit code (1 instead of 2) if input file not exists. Change-Id: I776596487f305c759b88c0d4c604571c33c6ef70 Closes-Bug: #1646858
This commit is contained in:
Ondřej Kobližek
committed by
Steve Martinelli
Steve Martinelli
parent
a2bd23c0dd
commit
7917e03652
@@ -42,9 +42,10 @@ DEFAULT_TOKEN_DIGEST_ALGORITHM = 'sha256'
|
|||||||
|
|
||||||
|
|
||||||
# The openssl cms command exits with these status codes.
|
# The openssl cms command exits with these status codes.
|
||||||
# See https://www.openssl.org/docs/apps/cms.html#EXIT_CODES
|
# See https://www.openssl.org/docs/man1.1.0/apps/cms.html#EXIT-CODES
|
||||||
class OpensslCmsExitStatus(object):
|
class OpensslCmsExitStatus(object):
|
||||||
SUCCESS = 0
|
SUCCESS = 0
|
||||||
|
COMMAND_OPTIONS_PARSING_ERROR = 1
|
||||||
INPUT_FILE_READ_ERROR = 2
|
INPUT_FILE_READ_ERROR = 2
|
||||||
CREATE_CMS_READ_MIME_ERROR = 3
|
CREATE_CMS_READ_MIME_ERROR = 3
|
||||||
|
|
||||||
@@ -180,21 +181,31 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name,
|
|||||||
# Do not log errors, as some happen in the positive thread
|
# Do not log errors, as some happen in the positive thread
|
||||||
# instead, catch them in the calling code and log them there.
|
# instead, catch them in the calling code and log them there.
|
||||||
|
|
||||||
# When invoke the openssl with not exist file, return code 2
|
# When invoke the openssl >= 1.1.0 with not exist file, return code should
|
||||||
# and error msg will be returned.
|
# be 2 instead of 1 and error msg will be returned.
|
||||||
# You can get more from
|
# You can get more from
|
||||||
# http://www.openssl.org/docs/apps/cms.html#EXIT_CODES
|
# https://www.openssl.org/docs/man1.1.0/apps/cms.html#EXIT-CODES
|
||||||
#
|
#
|
||||||
# $ openssl cms -verify -certfile not_exist_file -CAfile
|
# $ openssl cms -verify -certfile not_exist_file -CAfile
|
||||||
# not_exist_file -inform PEM -nosmimecap -nodetach
|
# not_exist_file -inform PEM -nosmimecap -nodetach
|
||||||
# -nocerts -noattr
|
# -nocerts -noattr
|
||||||
|
# openssl < 1.1.0 returns
|
||||||
# Error opening certificate file not_exist_file
|
# Error opening certificate file not_exist_file
|
||||||
|
# openssl >= 1.1.0 returns
|
||||||
|
# cms: Cannot open input file not_exist_file, No such file or directory
|
||||||
#
|
#
|
||||||
if retcode == OpensslCmsExitStatus.INPUT_FILE_READ_ERROR:
|
if retcode == OpensslCmsExitStatus.INPUT_FILE_READ_ERROR:
|
||||||
if err.startswith('Error reading S/MIME message'):
|
if err.startswith('Error reading S/MIME message'):
|
||||||
raise exceptions.CMSError(err)
|
raise exceptions.CMSError(err)
|
||||||
else:
|
else:
|
||||||
raise exceptions.CertificateConfigError(err)
|
raise exceptions.CertificateConfigError(err)
|
||||||
|
# workaround for OpenSSL >= 1.1.0,
|
||||||
|
# should return OpensslCmsExitStatus.INPUT_FILE_READ_ERROR
|
||||||
|
elif retcode == OpensslCmsExitStatus.COMMAND_OPTIONS_PARSING_ERROR:
|
||||||
|
if err.startswith('cms: Cannot open input file'):
|
||||||
|
raise exceptions.CertificateConfigError(err)
|
||||||
|
else:
|
||||||
|
raise subprocess.CalledProcessError(retcode, 'openssl', output=err)
|
||||||
elif retcode != OpensslCmsExitStatus.SUCCESS:
|
elif retcode != OpensslCmsExitStatus.SUCCESS:
|
||||||
raise subprocess.CalledProcessError(retcode, 'openssl', output=err)
|
raise subprocess.CalledProcessError(retcode, 'openssl', output=err)
|
||||||
return output
|
return output
|
||||||
|
|||||||
Reference in New Issue
Block a user