diff --git a/acme/acme/challenges.py b/acme/acme/challenges.py index 07872bed1..369558ae0 100644 --- a/acme/acme/challenges.py +++ b/acme/acme/challenges.py @@ -299,7 +299,7 @@ class DVSNIResponse(ChallengeResponse): key_filetype, cert.get_pubkey()) return (keys_match and domain in sans and - self.z_domain(chall) in sans) + self.z_domain(chall).decode() in sans) @Challenge.register diff --git a/acme/acme/challenges_test.py b/acme/acme/challenges_test.py index 087d93bc8..e1cd1c541 100644 --- a/acme/acme/challenges_test.py +++ b/acme/acme/challenges_test.py @@ -191,7 +191,7 @@ class DVSNITest(unittest.TestCase): mock_gethostbyname.assert_called_once_with('foo.com') mock_probe_sni.assert_called_once_with( host='127.0.0.1', port=self.msg.PORT, - name='a82d5ff8ef740d12881f6d3c2277ab2e.acme.invalid') + name=b'a82d5ff8ef740d12881f6d3c2277ab2e.acme.invalid') self.msg.probe_cert('foo.com', host='8.8.8.8') mock_probe_sni.assert_called_with( @@ -205,10 +205,10 @@ class DVSNITest(unittest.TestCase): mock_probe_sni.assert_called_with( host=mock.ANY, port=mock.ANY, name=mock.ANY, bar='baz') - self.msg.probe_cert('foo.com', name='xxx') + self.msg.probe_cert('foo.com', name=b'xxx') mock_probe_sni.assert_called_with( host=mock.ANY, port=mock.ANY, - name='a82d5ff8ef740d12881f6d3c2277ab2e.acme.invalid') + name=b'a82d5ff8ef740d12881f6d3c2277ab2e.acme.invalid') class DVSNIResponseTest(unittest.TestCase): diff --git a/acme/acme/crypto_util.py b/acme/acme/crypto_util.py index 4268ede07..8893dd53f 100644 --- a/acme/acme/crypto_util.py +++ b/acme/acme/crypto_util.py @@ -4,6 +4,8 @@ import logging import socket import sys +from six.moves import range # pylint: disable=import-error + import OpenSSL from acme import errors @@ -81,7 +83,7 @@ def _probe_sni(name, host, port=443, timeout=300, context = OpenSSL.SSL.Context(method) context.set_timeout(timeout) - socket_kwargs = {} if sys.version < (2, 7) else { + socket_kwargs = {} if sys.version_info < (2, 7) else { 'source_address': source_address} try: @@ -121,13 +123,13 @@ def _pyopenssl_cert_or_req_san(cert_or_req): # OpenSSL.crypto.X509Error._subjectAltNameString parts_separator = ", " part_separator = ":" - extension_short_name = "subjectAltName" + extension_short_name = b"subjectAltName" if hasattr(cert_or_req, 'get_extensions'): # X509Req extensions = cert_or_req.get_extensions() else: # X509 extensions = [cert_or_req.get_extension(i) - for i in xrange(cert_or_req.get_extension_count())] + for i in range(cert_or_req.get_extension_count())] # pylint: disable=protected-access,no-member label = OpenSSL.crypto.X509Extension._prefixes[OpenSSL.crypto._lib.GEN_DNS] diff --git a/acme/acme/crypto_util_test.py b/acme/acme/crypto_util_test.py index 5aa9d2d5b..10d62fbf5 100644 --- a/acme/acme/crypto_util_test.py +++ b/acme/acme/crypto_util_test.py @@ -21,7 +21,7 @@ class ServeProbeSNITest(unittest.TestCase): OpenSSL.crypto.FILETYPE_PEM, test_util.load_vector('rsa512_key.pem')) # pylint: disable=protected-access - certs = {'foo': (key, self.cert._wrapped)} + certs = {b'foo': (key, self.cert._wrapped)} sock = socket.socket() sock.bind(('', 0)) # pick random port @@ -50,15 +50,15 @@ class ServeProbeSNITest(unittest.TestCase): name, host='127.0.0.1', port=self.port)) def test_probe_ok(self): - self.assertEqual(self.cert, self._probe('foo')) + self.assertEqual(self.cert, self._probe(b'foo')) def test_probe_not_recognized_name(self): - self.assertRaises(errors.Error, self._probe, 'bar') + self.assertRaises(errors.Error, self._probe, b'bar') def test_probe_connection_error(self): - self._probe('foo') + self._probe(b'foo') time.sleep(1) # TODO: avoid race conditions in other way - self.assertRaises(errors.Error, self._probe, 'bar') + self.assertRaises(errors.Error, self._probe, b'bar') class PyOpenSSLCertOrReqSANTest(unittest.TestCase):