diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-11-26 11:13:31 -1000 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-12-15 15:49:48 -0600 |
| commit | 7638c3151ccbc17ff1adee0384b1fa10530cf87c (patch) | |
| tree | 6bdeee007fe53cee97da023f211cbcf9b4bd42b5 | |
| parent | 30c5ccdfb505e33dcdaa7f248c3479e3050a70da (diff) | |
| download | cryptography-7638c3151ccbc17ff1adee0384b1fa10530cf87c.tar.gz cryptography-7638c3151ccbc17ff1adee0384b1fa10530cf87c.tar.bz2 cryptography-7638c3151ccbc17ff1adee0384b1fa10530cf87c.zip | |
improve x509 load error handling
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 10 | ||||
| -rw-r--r-- | tests/test_x509.py | 8 |
2 files changed, 16 insertions, 2 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index ceb10cfc..19d149b5 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -682,14 +682,20 @@ class Backend(object): x509 = self._lib.PEM_read_bio_X509( mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL ) - assert x509 != self._ffi.NULL + if x509 == self._ffi.NULL: + self._consume_errors() + raise ValueError("Unable to load certificate") + x509 = self._ffi.gc(x509, self._lib.X509_free) return _X509Certificate(self, x509) def load_der_x509_certificate(self, data): mem_bio = self._bytes_to_bio(data) x509 = self._lib.d2i_X509_bio(mem_bio.bio, self._ffi.NULL) - assert x509 != self._ffi.NULL + if x509 == self._ffi.NULL: + self._consume_errors() + raise ValueError("Unable to load certificate") + x509 = self._ffi.gc(x509, self._lib.X509_free) return _X509Certificate(self, x509) diff --git a/tests/test_x509.py b/tests/test_x509.py index 0a120eba..1e1bde1d 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -103,3 +103,11 @@ class TestX509Certificate(object): ) ) assert cert.version == x509.X509Version.v1 + + def test_invalid_pem(self, backend): + with pytest.raises(ValueError): + x509.load_pem_x509_certificate(b"notacert", backend) + + def test_invalid_der(self, backend): + with pytest.raises(ValueError): + x509.load_der_x509_certificate(b"notacert", backend) |