diff options
| -rw-r--r-- | .appveyor.yml | 11 | ||||
| -rw-r--r-- | netlib/certffi.py | 41 | ||||
| -rw-r--r-- | netlib/certutils.py | 6 | ||||
| -rw-r--r-- | setup.py | 33 | ||||
| -rw-r--r-- | test/test_certutils.py | 20 | ||||
| -rw-r--r-- | test/test_tcp.py | 38 |
6 files changed, 16 insertions, 133 deletions
diff --git a/.appveyor.yml b/.appveyor.yml new file mode 100644 index 00000000..4e690c06 --- /dev/null +++ b/.appveyor.yml @@ -0,0 +1,11 @@ +version: '{build}' +shallow_clone: true +environment: + matrix: + - PYTHON: "C:\\Python27" +install: + - "%PYTHON%\\Scripts\\pip install --src . -r requirements.txt" + - "%PYTHON%\\python -c \"from OpenSSL import SSL; print(SSL.SSLeay_version(SSL.SSLEAY_VERSION))\"" +build: off # Not a C# project +test_script: + - "%PYTHON%\\Scripts\\nosetests"
\ No newline at end of file diff --git a/netlib/certffi.py b/netlib/certffi.py deleted file mode 100644 index 451f4493..00000000 --- a/netlib/certffi.py +++ /dev/null @@ -1,41 +0,0 @@ -from __future__ import (absolute_import, print_function, division) -from cffi import FFI -import OpenSSL - -xffi = FFI() -xffi.cdef(""" - struct rsa_meth_st { - int flags; - ...; - }; - struct rsa_st { - int pad; - long version; - struct rsa_meth_st *meth; - ...; - }; -""") -xffi.verify( - """#include <openssl/rsa.h>""", - extra_compile_args=['-w'] -) - - -def handle(privkey): - new = xffi.new("struct rsa_st*") - newbuf = xffi.buffer(new) - rsa = OpenSSL.SSL._lib.EVP_PKEY_get1_RSA(privkey._pkey) - oldbuf = OpenSSL.SSL._ffi.buffer(rsa) - newbuf[:] = oldbuf[:] - return new - - -def set_flags(privkey, val): - hdl = handle(privkey) - hdl.meth.flags = val - return privkey - - -def get_flags(privkey): - hdl = handle(privkey) - return hdl.meth.flags diff --git a/netlib/certutils.py b/netlib/certutils.py index c6f0e628..c699af00 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -333,12 +333,6 @@ class CertStore(object): return entry.cert, entry.privatekey, entry.chain_file - def gen_pkey(self, cert_): - # FIXME: We should do something with cert here? - from . import certffi - certffi.set_flags(self.default_privatekey, 1) - return self.default_privatekey - class _GeneralName(univ.Choice): # We are only interested in dNSNames. We use a default handler to ignore @@ -1,5 +1,3 @@ -from distutils.command.build import build -from setuptools.command.install import install from setuptools import setup, find_packages from codecs import open import os @@ -15,25 +13,6 @@ here = os.path.abspath(os.path.dirname(__file__)) with open(os.path.join(here, 'README.mkd'), encoding='utf-8') as f: long_description = f.read() - -def get_ext_modules(): - from netlib import certffi - return [certffi.xffi.verifier.get_extension()] - - -class CFFIBuild(build): - - def finalize_options(self): - self.distribution.ext_modules = get_ext_modules() - build.finalize_options(self) - - -class CFFIInstall(install): - - def finalize_options(self): - self.distribution.ext_modules = get_ext_modules() - install.finalize_options(self) - setup( name="netlib", version=version.VERSION, @@ -62,16 +41,12 @@ setup( include_package_data=True, zip_safe=False, install_requires=[ - "cffi", "pyasn1>=0.1.7", "pyOpenSSL>=0.15.1", "cryptography>=0.9", "passlib>=1.6.2", "hpack>=1.0.1", - "certifi"], - setup_requires=[ - "cffi", - "pyOpenSSL>=0.15.1", + "certifi" ], extras_require={ 'dev': [ @@ -84,9 +59,7 @@ setup( "wheel>=0.24.0", "pathod>=%s, <%s" % (version.MINORVERSION, - version.NEXT_MINORVERSION)]}, - cmdclass={ - "build": CFFIBuild, - "install": CFFIInstall, + version.NEXT_MINORVERSION) + ] }, ) diff --git a/test/test_certutils.py b/test/test_certutils.py index e079ec40..50df36ae 100644 --- a/test/test_certutils.py +++ b/test/test_certutils.py @@ -1,5 +1,5 @@ import os -from netlib import certutils, certffi +from netlib import certutils import tutils # class TestDNTree: @@ -92,24 +92,6 @@ class TestCertStore: ret = ca1.get_cert("foo.com", []) assert ret[0].serial == dc[0].serial - def test_gen_pkey(self): - try: - with tutils.tmpdir() as d: - ca1 = certutils.CertStore.from_store( - os.path.join( - d, - "ca1"), - "test") - ca2 = certutils.CertStore.from_store( - os.path.join( - d, - "ca2"), - "test") - cert = ca1.get_cert("foo.com", []) - assert certffi.get_flags(ca2.gen_pkey(cert[0])) == 1 - finally: - certffi.set_flags(ca2.default_privatekey, 0) - class TestDummyCert: diff --git a/test/test_tcp.py b/test/test_tcp.py index 52398ef3..8a3299b6 100644 --- a/test/test_tcp.py +++ b/test/test_tcp.py @@ -10,7 +10,7 @@ import mock from OpenSSL import SSL import OpenSSL -from netlib import tcp, certutils, certffi +from netlib import tcp, certutils from . import tutils, tservers @@ -566,42 +566,6 @@ class TestDHParams(tservers.ServerTestBase): assert os.path.exists(filename) -class TestPrivkeyGen(tservers.ServerTestBase): - - class handler(tcp.BaseHandler): - - def handle(self): - with tutils.tmpdir() as d: - ca1 = certutils.CertStore.from_store(d, "test2") - ca2 = certutils.CertStore.from_store(d, "test3") - cert, _, _ = ca1.get_cert("foo.com", []) - key = ca2.gen_pkey(cert) - self.convert_to_ssl(cert, key) - - def test_privkey(self): - c = tcp.TCPClient(("127.0.0.1", self.port)) - c.connect() - tutils.raises("bad record mac", c.convert_to_ssl) - - -class TestPrivkeyGenNoFlags(tservers.ServerTestBase): - - class handler(tcp.BaseHandler): - - def handle(self): - with tutils.tmpdir() as d: - ca1 = certutils.CertStore.from_store(d, "test2") - ca2 = certutils.CertStore.from_store(d, "test3") - cert, _, _ = ca1.get_cert("foo.com", []) - certffi.set_flags(ca2.default_privatekey, 0) - self.convert_to_ssl(cert, ca2.default_privatekey) - - def test_privkey(self): - c = tcp.TCPClient(("127.0.0.1", self.port)) - c.connect() - tutils.raises("sslv3 alert handshake failure", c.convert_to_ssl) - - class TestTCPClient: def test_conerr(self): |