From fb0bd9300c6bf31ea7a5d8aa4906e5dee415ee1a Mon Sep 17 00:00:00 2001
From: Erica Portnoy <ebportnoy@gmail.com>
Date: Thu, 13 Feb 2020 17:28:32 -0800
Subject: [PATCH] don't use strings

---
 .../certbot_apache/_internal/configurator.py      | 15 +++++----------
 certbot-apache/tests/configurator_test.py         | 12 ++++++------
 2 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/certbot-apache/certbot_apache/_internal/configurator.py b/certbot-apache/certbot_apache/_internal/configurator.py
index c7f7bdd66..b093cd54b 100644
--- a/certbot-apache/certbot_apache/_internal/configurator.py
+++ b/certbot-apache/certbot_apache/_internal/configurator.py
@@ -257,18 +257,13 @@ class ApacheConfigurator(common.Installer):
             return None
         # Grep in the .so for openssl version
         try:
-            proc = subprocess.Popen(
-                ["strings", ssl_module_location],
-                stdout=subprocess.PIPE,
-                stderr=subprocess.PIPE,
-                universal_newlines=True)
-            strings = proc.communicate()[0]  # strings prints output to stdout
-        except (OSError, ValueError) as error:
+            with open(ssl_module_location) as f:
+                contents = f.read()
+        except IOError as error:
             logger.debug(str(error), exc_info=True)
-            raise errors.PluginError(
-                "Unable to run strings")
+            raise errors.PluginError("Unable to open ssl_module file")
         # looks like: OpenSSL 1.0.2s  28 May 2019
-        matches = re.findall(r"OpenSSL ([0-9]\.[^ ]+) ", strings)
+        matches = re.findall(r"OpenSSL ([0-9]\.[^ ]+) ", contents)
         if not matches:
             logger.warning("Could not find OpenSSL version; not disabling session tickets.")
             return None
diff --git a/certbot-apache/tests/configurator_test.py b/certbot-apache/tests/configurator_test.py
index 6e5f60365..0c0b2b91d 100644
--- a/certbot-apache/tests/configurator_test.py
+++ b/certbot-apache/tests/configurator_test.py
@@ -1782,9 +1782,7 @@ class InstallSslOptionsConfTest(util.ApacheTest):
 
     @mock.patch("certbot_apache._internal.configurator.subprocess.Popen")
     def test_openssl_version(self, mock_popen):
-        # pylint: disable=protected-access
-        mock_popen().communicate.return_value = (
-            """
+        some_string_contents = """
             SSLOpenSSLConfCmd
             OpenSSL configuration command
             SSLv3 not supported by this version of OpenSSL
@@ -1794,9 +1792,11 @@ class InstallSslOptionsConfTest(util.ApacheTest):
             AH02407: "SSLOpenSSLConfCmd %s %s" failed for %s
             AH02556: "SSLOpenSSLConfCmd %s %s" applied to %s
             OpenSSL 1.0.2g  1 Mar 2016
-            """, "")
-        self.config.parser.modules['ssl_module'] = '/fake/path'
-        self.assertEqual(self.config.openssl_version, "1.0.2g")
+            """
+        with mock.patch("%s.open" % six.moves.builtins.__name__,
+            mock.mock_open(read_data=some_string_contents)) as mock_file:
+            self.config.parser.modules['ssl_module'] = '/fake/path'
+            self.assertEqual(self.config.openssl_version, "1.0.2g")
 
 
 if __name__ == "__main__":