[tor-commits] [ooni-probe/master] Fix #8359. Report server public key in PEM format. There is a bug in
art at torproject.org
art at torproject.org
Tue Apr 30 13:01:43 UTC 2013
commit 96a1640e614eee8fa7f84837a84066e01261c622
Author: Isis Lovecruft <isis at torproject.org>
Date: Thu Feb 28 13:31:57 2013 +0000
Fix #8359. Report server public key in PEM format. There is a bug in
pyOpenSSL where the dumped public key begins with
'----- BEGIN PRIVATE KEY -----' due to the
OpenSSL.crypto.dump_privatekey() method hardcoding incorrect PEM headers,
which would need to be fixed in the upstream if we care enough.
---
nettests/experimental/tls_handshake.py | 30 +++++++++++++++++++++++-------
1 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/nettests/experimental/tls_handshake.py b/nettests/experimental/tls_handshake.py
index 34a917c..28c9990 100644
--- a/nettests/experimental/tls_handshake.py
+++ b/nettests/experimental/tls_handshake.py
@@ -32,8 +32,8 @@ import types
from ipaddr import IPAddress
from OpenSSL import SSL
-from OpenSSL.crypto import dump_certificate, FILETYPE_PEM
-from OpenSSL.crypto import X509Name
+from OpenSSL.crypto import dump_certificate, dump_privatekey
+from OpenSSL.crypto import X509Name, PKey, FILETYPE_PEM
from twisted.internet import defer
from twisted.python import usage
from twisted.python.failure import Failure
@@ -232,6 +232,22 @@ class TLSHandshakeTest(nettest.NetTestCase):
else:
log.debug("getX509Name: got None for ivar x509_name")
+ @staticmethod
+ def getPublicKey(key):
+ """
+ Get the PEM-encoded format of a host certificate's public key.
+
+ @param key: A :class:`OpenSSL.crypto.PKey` object.
+ """
+ try:
+ assert isinstance(key, PKey), \
+ "getPublicKey expects type OpenSSL.crypto.PKey for parameter key"
+ except AssertionError as ae:
+ log.err(ae)
+ else:
+ pubkey = dump_privatekey(FILETYPE_PEM, key)
+ return pubkey
+
def test_tlsv1_handshake(self):
"""xxx fill me in"""
@@ -570,12 +586,12 @@ class TLSHandshakeTest(nettest.NetTestCase):
server_cert_chain = self.getPeerCert(connection, get_chain=True)
s_cert = connection.get_peer_certificate()
- cert_subject = getX509Name(s_cert.get_subject(),
- get_components=True)
+ cert_subject = self.getX509Name(s_cert.get_subject(),
+ get_components=True)
cert_subj_hash = s_cert.subject_name_hash()
- cert_issuer = getX509Name(s_cert.get_issuer(),
- get_components=True)
- cert_public_key = s_cert.get_pubkey()
+ cert_issuer = self.getX509Name(s_cert.get_issuer(),
+ get_components=True)
+ cert_public_key = self.getPublicKey(s_cert.get_pubkey())
cert_serial_no = s_cert.get_serial_number()
cert_sig_algo = s_cert.get_signature_algorithm()
More information about the tor-commits
mailing list