From 89d36713e360ff5797f67e9b89d14db81da3bc25 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Wed, 5 Oct 2016 10:44:31 +1100 Subject: certutils: cap the cert store size at 100 by default This should be enough to give us reuse without growing infinitely. This is part of fixing the memory situation in mitmdump. TODO: There's an opportunity here for a better algorithm, that expires certs based on least-recently-accessed time, rather than oldest generated time. --- test/netlib/test_certutils.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'test/netlib/test_certutils.py') diff --git a/test/netlib/test_certutils.py b/test/netlib/test_certutils.py index 027dcc93..cf9a671b 100644 --- a/test/netlib/test_certutils.py +++ b/test/netlib/test_certutils.py @@ -74,6 +74,31 @@ class TestCertStore: cert, key, chain_file = ca.get_cert(b"foo.bar.com", [b"*.baz.com"]) assert b"*.baz.com" in cert.altnames + def test_expire(self): + with tutils.tmpdir() as d: + ca = certutils.CertStore.from_store(d, "test") + ca.STORE_CAP = 3 + ca.get_cert(b"one.com", []) + ca.get_cert(b"two.com", []) + ca.get_cert(b"three.com", []) + + assert (b"one.com", ()) in ca.certs + assert (b"two.com", ()) in ca.certs + assert (b"three.com", ()) in ca.certs + + ca.get_cert(b"one.com", []) + + assert (b"one.com", ()) in ca.certs + assert (b"two.com", ()) in ca.certs + assert (b"three.com", ()) in ca.certs + + ca.get_cert(b"four.com", []) + + assert (b"one.com", ()) not in ca.certs + assert (b"two.com", ()) in ca.certs + assert (b"three.com", ()) in ca.certs + assert (b"four.com", ()) in ca.certs + def test_overrides(self): with tutils.tmpdir() as d: ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test") -- cgit v1.2.3