def test_verify_with_missing_crl(self):
"""
`verify_certificate` raises error when an intermediate certificate's
CRL is missing.
"""
store = X509Store()
store.add_cert(self.root_cert)
store.add_cert(self.intermediate_cert)
root_crl = self._make_test_crl(
self.root_cert, self.root_key, certs=[self.intermediate_cert])
store.add_crl(root_crl)
store.set_flags(
X509StoreFlags.CRL_CHECK | X509StoreFlags.CRL_CHECK_ALL)
store_ctx = X509StoreContext(store, self.intermediate_server_cert)
with pytest.raises(X509StoreContextError) as err:
store_ctx.verify_certificate()
assert err.value.args[0][2] == 'unable to get certificate CRL'
assert err.value.certificate.get_subject().CN == 'intermediate-service'
评论列表
文章目录
