[_519] review corrections

d-w-moore · d-w-moore · commit 05f344f497ab · 2024-04-10T04:29:41.000-04:00
diff --git a/irods/connection.py b/irods/connection.py
@@ -188,7 +188,7 @@ def make_ssl_context(irods_account):
         # See https://stackoverflow.com/questions/30461969/disable-default-certificate-verification-in-python-2-7-9/49040695#49040695
         ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile=CAfile, capath=CApath)
         # Note: check_hostname must be assigned prior to verify_mode property or Python library complains!
-        ctx.check_hostname = (verify_server.startswith('host') and verify != ssl.CERT_NONE)
+        ctx.check_hostname = (verify_server == 'hostname' and verify != ssl.CERT_NONE)
         ctx.verify_mode = verify
         return ctx
 
diff --git a/irods/test/login_auth_test.py b/irods/test/login_auth_test.py
@@ -202,7 +202,7 @@ def create_env_dirs(self):
     @classmethod
     def setUpClass(cls):
         cls.admin = helpers.make_session()
-        if cls.admin.server_version > (4,3):
+        if cls.admin.server_version >= (4,3):
             cls.PAM_SCHEME_STRING = cls.user_auth_envs['.irods.pam']['AUTH'] = 'pam_password'
 
     @classmethod
@@ -244,7 +244,7 @@ def _setup_rodsuser_and_optional_pw(self, name, make_irods_pw = False):
 
     def tst0(self, ssl_opt, auth_opt, env_opt, name = TEST_RODS_USER, make_irods_pw = False):
         _auth_opt = auth_opt
-        if auth_opt.startswith('pam'):
+        if auth_opt in ('pam', 'pam_password'):
             auth_opt = self.PAM_SCHEME_STRING
         with self._setup_rodsuser_and_optional_pw(name = name, make_irods_pw = make_irods_pw):
             self.envdirs = self.create_env_dirs()
@@ -328,7 +328,7 @@ def test_4(self):
         self.tst0 ( ssl_opt = False, auth_opt = 'native' , env_opt = True, make_irods_pw = True)
 
     # == test explicit scheme 'pam'
-    
+
     def test_5(self):
         self.tst0 ( ssl_opt = True,  auth_opt = 'pam'    , env_opt = False )
 
@@ -509,20 +509,25 @@ def setUp(self):
 
     def test_ssl_with_server_verify_set_to_none_281(self):
         env_file = os.path.expanduser('~/.irods/irods_environment.json')
-        with helpers.file_backed_up(env_file):
-            with open(env_file) as env_file_handle:
-                env = json.load( env_file_handle )
-            my_ssl_directory = os.path.expanduser("~/some")
-            # Elect for efficiency in DH param generation, eg. when setting up for testing.
-            create_ssl_dir(ssl_dir = my_ssl_directory, use_strong_primes_for_dh_generation = False)
-            keys_to_update = {key:value.replace("/etc/irods/ssl",my_ssl_directory)
-                              for key,value in env.items() if type(value) is str and value.startswith("/etc/irods/ssl")}
-            keys_to_update["irods_ssl_verify_server"] = "none"
-            env.update( keys_to_update )
-            with open(env_file,'w') as f:
-                json.dump(env,f)
-            with helpers.make_session() as session:
-                session.collections.get('/{session.zone}/home/{session.username}'.format(**locals()))
+        my_ssl_directory = ''
+        try:
+            with helpers.file_backed_up(env_file):
+                with open(env_file) as env_file_handle:
+                    env = json.load( env_file_handle )
+                my_ssl_directory = tempfile.mkdtemp(dir = os.path.expanduser("~"))
+                # Elect for efficiency in DH param generation, eg. when setting up for testing.
+                create_ssl_dir(ssl_dir = my_ssl_directory, use_strong_primes_for_dh_generation = False)
+                settings_to_update = {key:value.replace("/etc/irods/ssl",my_ssl_directory)
+                                  for key,value in env.items() if type(value) is str and value.startswith("/etc/irods/ssl")}
+                settings_to_update["irods_ssl_verify_server"] = "none"
+                env.update( settings_to_update )
+                with open(env_file,'w') as f:
+                    json.dump(env,f)
+                with helpers.make_session() as session:
+                    session.collections.get('/{session.zone}/home/{session.username}'.format(**locals()))
+        finally:
+            if my_ssl_directory:
+                shutil.rmtree(my_ssl_directory)
 
 if __name__ == '__main__':
     # let the tests find the parent irods lib
diff --git a/irods/test/test_ssl_context.bats b/irods/test/test_ssl_context.bats
@@ -143,7 +143,7 @@ teardown() {
 # THE TESTS THEMSELVES
 
 @test "basic_test" {
-    json_config -i $IRODS_LOCAL_ENV 'verify_server="host"'
+    json_config -i $IRODS_LOCAL_ENV 'verify_server="hostname"'
     python3 $REPO_SCRIPTS/ssl_test_client.py
 }
 

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ teardown() {`
`143`	`143`	`# THE TESTS THEMSELVES`
`144`	`144`
`145`	`145`	`@test "basic_test" {`
`146`		`- json_config -i $IRODS_LOCAL_ENV 'verify_server="host"'`
	`146`	`+ json_config -i $IRODS_LOCAL_ENV 'verify_server="hostname"'`
`147`	`147`	`python3 $REPO_SCRIPTS/ssl_test_client.py`
`148`	`148`	`}`
`149`	`149`