[tor-commits] [ooni-probe/master] Fix #8358. Add correct formatting and parsing of OpenSSL.crypto.X509Name

art at torproject.org art at torproject.org
Tue Apr 30 13:01:43 UTC 2013


commit 2a474c23522bc3accc76754dd4f5f7c3a7f4f4a8
Author: Isis Lovecruft <isis at torproject.org>
Date:   Thu Feb 28 13:08:05 2013 +0000

    Fix #8358. Add correct formatting and parsing of OpenSSL.crypto.X509Name
    objects and their fields to reports.
---
 nettests/experimental/tls_handshake.py |   37 ++++++++++++++++++++++++++++++-
 1 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/nettests/experimental/tls_handshake.py b/nettests/experimental/tls_handshake.py
index d990a5b..5dcc107 100644
--- a/nettests/experimental/tls_handshake.py
+++ b/nettests/experimental/tls_handshake.py
@@ -200,6 +200,37 @@ class TLSHandshakeTest(nettest.NetTestCase):
                 cert_chain.append(pem_cert)
             return cert_chain
 
+    @staticmethod
+    def getX509Name(certificate, get_components=False):
+        """
+        Get the DER encoded form of the Name portions of and X509 certificate.
+
+        @param certificate: A :class:`OpenSSL.crypto.X509Name` object.
+        @param get_components: A boolean. If True, returns a list of tuples of
+                               the (name, value)s of each Name field in the
+                               :param:`certificate`. If False, returns the DER
+                               encoded form of the Name fields of the
+                               :param:`certificate`.
+        """
+        x509_name = None
+
+        try:
+            assert isinstance(certificate, crypto.X509Name), \
+                "getX509Name takes OpenSSL.crypto.X509Name as first argument!"
+            x509_name = crypto.X509Name(certificate)
+        except AssertionError as ae:
+            log.err(ae)
+        except Exception as exc:
+            log.exception(exc)
+
+        if not x509_name is None:
+            if not get_components:
+                return x509_name.der()
+            else:
+                return x509_name.get_components()
+        else:
+            log.debug("getX509Name: got None for ivar x509_name")
+
     def test_tlsv1_handshake(self):
         """xxx fill me in"""
 
@@ -538,9 +569,11 @@ class TLSHandshakeTest(nettest.NetTestCase):
             server_cert_chain = self.getPeerCert(connection, get_chain=True)
 
             s_cert          = connection.get_peer_certificate()
-            cert_subject    = s_cert.get_subject()
+            cert_subject    = getX509Name(s_cert.get_subject(),
+                                          get_components=True)
             cert_subj_hash  = s_cert.subject_name_hash()
-            cert_issuer     = s_cert.get_issuer()
+            cert_issuer     = getX509Name(s_cert.get_issuer(),
+                                          get_components=True)
             cert_public_key = s_cert.get_pubkey()
             cert_serial_no  = s_cert.get_serial_number()
             cert_sig_algo   = s_cert.get_signature_algorithm()





More information about the tor-commits mailing list