[tor-commits] [ooni-probe/master] Fix #8358. Add correct formatting and parsing of OpenSSL.crypto.X509Name
art at torproject.org
art at torproject.org
Tue Apr 30 13:01:43 UTC 2013
commit 2a474c23522bc3accc76754dd4f5f7c3a7f4f4a8
Author: Isis Lovecruft <isis at torproject.org>
Date: Thu Feb 28 13:08:05 2013 +0000
Fix #8358. Add correct formatting and parsing of OpenSSL.crypto.X509Name
objects and their fields to reports.
---
nettests/experimental/tls_handshake.py | 37 ++++++++++++++++++++++++++++++-
1 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/nettests/experimental/tls_handshake.py b/nettests/experimental/tls_handshake.py
index d990a5b..5dcc107 100644
--- a/nettests/experimental/tls_handshake.py
+++ b/nettests/experimental/tls_handshake.py
@@ -200,6 +200,37 @@ class TLSHandshakeTest(nettest.NetTestCase):
cert_chain.append(pem_cert)
return cert_chain
+ @staticmethod
+ def getX509Name(certificate, get_components=False):
+ """
+ Get the DER encoded form of the Name portions of and X509 certificate.
+
+ @param certificate: A :class:`OpenSSL.crypto.X509Name` object.
+ @param get_components: A boolean. If True, returns a list of tuples of
+ the (name, value)s of each Name field in the
+ :param:`certificate`. If False, returns the DER
+ encoded form of the Name fields of the
+ :param:`certificate`.
+ """
+ x509_name = None
+
+ try:
+ assert isinstance(certificate, crypto.X509Name), \
+ "getX509Name takes OpenSSL.crypto.X509Name as first argument!"
+ x509_name = crypto.X509Name(certificate)
+ except AssertionError as ae:
+ log.err(ae)
+ except Exception as exc:
+ log.exception(exc)
+
+ if not x509_name is None:
+ if not get_components:
+ return x509_name.der()
+ else:
+ return x509_name.get_components()
+ else:
+ log.debug("getX509Name: got None for ivar x509_name")
+
def test_tlsv1_handshake(self):
"""xxx fill me in"""
@@ -538,9 +569,11 @@ class TLSHandshakeTest(nettest.NetTestCase):
server_cert_chain = self.getPeerCert(connection, get_chain=True)
s_cert = connection.get_peer_certificate()
- cert_subject = s_cert.get_subject()
+ cert_subject = getX509Name(s_cert.get_subject(),
+ get_components=True)
cert_subj_hash = s_cert.subject_name_hash()
- cert_issuer = s_cert.get_issuer()
+ cert_issuer = getX509Name(s_cert.get_issuer(),
+ get_components=True)
cert_public_key = s_cert.get_pubkey()
cert_serial_no = s_cert.get_serial_number()
cert_sig_algo = s_cert.get_signature_algorithm()
More information about the tor-commits
mailing list