Skip to content

Support OPT_X_TLS_PEERCERT #427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Support OPT_X_TLS_PEERCERT #427

wants to merge 2 commits into from

Conversation

tiran
Copy link
Member

@tiran tiran commented Sep 15, 2021

Replaces PR #401

@tiran tiran added the feature label Sep 15, 2021
@graingert graingert mentioned this pull request Sep 15, 2021
Closed
@tiran
Copy link
Member Author

tiran commented Sep 15, 2021

Due to a bug in OpenLDAP, LDAP_OPT_X_TLS_PEERCERT leaks memory: https://bugs.openldap.org/show_bug.cgi?id=9696

@tiran tiran force-pushed the tls_peercert branch 2 times, most recently from f5d29ea to 9863bb7 Compare September 16, 2021 12:01
@tiran tiran marked this pull request as ready for review September 16, 2021 12:02
@tiran tiran requested a review from encukou September 16, 2021 12:03
encukou
encukou reviewed Sep 17, 2021
View reviewed changes
Tests/t_ldapobject.py Outdated
server_pem = f.read()
# remove text
begin = server_pem.find("-----BEGIN CERTIFICATE-----")
server_pem = server_pem[begin:-1]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: Is removing the final character important? In our case itdoesn't really matter, but if the file doesn't end with a newline, the exception you get here is a bit obscure.

Suggested change
server_pem = server_pem[begin:-1]
server_pem = server_pem[begin:]

@encukou encukou mentioned this pull request Sep 17, 2021
Merged
6 tasks
tiran and others added 2 commits September 18, 2021 17:28
@tiran @graingert
Implement support for OPT_X_TLS_PEERCERT
a414e99 
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
Signed-off-by: Christian Heimes <cheimes@redhat.com>
@tiran
Use regex to locate PEM body
e704ffa
mistotebe
mistotebe reviewed Dec 13, 2021
View reviewed changes
Tests/t_ldapobject.py
@@ -421,6 +428,33 @@ def test_multiple_starttls(self):
l.simple_bind_s(self.server.root_dn, self.server.root_pw)
self.assertEqual(l.whoami_s(), 'dn:' + self.server.root_dn)

@requires_tls()
@unittest.skipUnless(
hasattr(ldap, "OPT_X_TLS_PEERCERT"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds like you still need to register this in Lib/ldap/constants.py to get the tests enabled?

@mistotebe mistotebe mentioned this pull request Feb 14, 2022
Merged
@mistotebe
Copy link
Contributor

Already done as part of #458

@mistotebe mistotebe closed this Apr 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@encukou encukou encukou left review comments

@mistotebe mistotebe mistotebe left review comments

Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tiran @mistotebe @encukou