Fix SSL certificate CNAME checking

Currently, accessing a host via ip address will pass SSL verification; the CNAME is not checked as intended as part of verify_callback. 'preverify_ok is True' will always return false (int/bool comparison). preverify_ok will be 1 if preverification has passed. Fixes bug 1192229 Change-Id: Ib651548ab4289295a9b92ee039b2aff2d08aba5f
2013-06-18 15:34:45 +00:00
parent 8427208015
commit 822cd64c07
2 changed files with 8 additions and 6 deletions
@@ -125,7 +125,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
        self.assertEqual(cert.get_subject().commonName, '0.0.0.0')
        try:
            conn = http.VerifiedHTTPSConnection('0.0.0.0', 0)
-            conn.verify_callback(None, cert, 0, 0, True)
+            conn.verify_callback(None, cert, 0, 0, 1)
        except Exception:
            self.fail('Unexpected exception.')

@@ -140,13 +140,13 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
        self.assertEqual(cert.get_subject().commonName, '0.0.0.0')
        try:
            conn = http.VerifiedHTTPSConnection('alt1.example.com', 0)
-            conn.verify_callback(None, cert, 0, 0, True)
+            conn.verify_callback(None, cert, 0, 0, 1)
        except Exception:
            self.fail('Unexpected exception.')

        try:
            conn = http.VerifiedHTTPSConnection('alt2.example.com', 0)
-            conn.verify_callback(None, cert, 0, 0, True)
+            conn.verify_callback(None, cert, 0, 0, 1)
        except Exception:
            self.fail('Unexpected exception.')

@@ -165,7 +165,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
            self.fail('Failed to init VerifiedHTTPSConnection.')

        self.assertRaises(exc.SSLCertificateError,
-                          conn.verify_callback, None, cert, 0, 0, True)
+                          conn.verify_callback, None, cert, 0, 0, 1)

    def test_ssl_expired_cert(self):
        """
@@ -183,7 +183,7 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
            self.fail('Failed to init VerifiedHTTPSConnection.')

        self.assertRaises(exc.SSLCertificateError,
-                          conn.verify_callback, None, cert, 0, 0, True)
+                          conn.verify_callback, None, cert, 0, 0, 1)

    def test_ssl_broken_key_file(self):
        """