Change method to property

4 files changed, 15 insertions, 17 deletions

diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 568eb405..3b14567e 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -761,14 +761,11 @@ X.509 CSR (Certificate Signing Request) Object
         key embedded in the CSR). This data may be used to validate the CSR
         signature.
 
-    .. method:: verify()
+    .. attribute:: is_signature_valid
 
         .. versionadded:: 1.3
 
-        :raises cryptography.exceptions.InvalidSignature: If the signature does
-            not validate.
-
-        Verifies the CSR signature.
+        Returns True if the CSR signature is correct, False otherwise.
 
 X.509 Certificate Revocation List Builder
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 18274aa1..c71f8d92 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function
 import operator
 
 from cryptography import utils, x509
-from cryptography.exceptions import UnsupportedAlgorithm, InvalidSignature
+from cryptography.exceptions import UnsupportedAlgorithm
 from cryptography.hazmat.backends.openssl.decode_asn1 import (
     _CERTIFICATE_EXTENSION_PARSER, _CRL_EXTENSION_PARSER,
     _CSR_EXTENSION_PARSER, _REVOKED_CERTIFICATE_EXTENSION_PARSER,
@@ -363,7 +363,8 @@ class _CertificateSigningRequest(object):
     def signature(self):
         return _asn1_string_to_bytes(self._backend, self._x509_req.signature)
 
-    def verify(self):
+    @property
+    def is_signature_valid(self):
         pkey = self._backend._lib.X509_REQ_get_pubkey(self._x509_req)
         self._backend.openssl_assert(pkey != self._backend._ffi.NULL)
         pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free)
@@ -371,4 +372,6 @@ class _CertificateSigningRequest(object):
 
         if res != 1:
             self._backend._consume_errors()
-            raise InvalidSignature
+            return False
+
+        return True
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index d24070d5..4a22ed02 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -288,8 +288,8 @@ class CertificateSigningRequest(object):
         2986.
         """
 
-    @abc.abstractmethod
-    def verify(self):
+    @abc.abstractproperty
+    def is_signature_valid(self):
         """
         Verifies signature of signing request.
         """
diff --git a/tests/test_x509.py b/tests/test_x509.py
index fde0755e..0eef0bc3 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -18,7 +18,7 @@ import pytest
 import six
 
 from cryptography import utils, x509
-from cryptography.exceptions import UnsupportedAlgorithm, InvalidSignature
+from cryptography.exceptions import UnsupportedAlgorithm
 from cryptography.hazmat.backends.interfaces import (
     DSABackend, EllipticCurveBackend, RSABackend, X509Backend
 )
@@ -1241,23 +1241,21 @@ class TestRSACertificateRequest(object):
         with pytest.raises(TypeError):
             request.public_bytes('NotAnEncoding')
 
-    def test_verify_bad(self, backend):
+    def test_signature_invalid(self, backend):
         request = _load_cert(
             os.path.join("x509", "requests", "invalid_signature.pem"),
             x509.load_pem_x509_csr,
             backend
         )
+        assert not request.is_signature_valid
 
-        with pytest.raises(InvalidSignature):
-            request.verify()
-
-    def test_verify_good(self, backend):
+    def test_signature_valid(self, backend):
         request = _load_cert(
             os.path.join("x509", "requests", "rsa_sha256.pem"),
             x509.load_pem_x509_csr,
             backend
         )
-        request.verify()
+        assert request.is_signature_valid
 
     @pytest.mark.parametrize(
         ("request_path", "loader_func", "encoding"),