popping cert spec for now

d-w-moore · d-w-moore · commit 40db2e21c9ea · 2024-03-13T04:35:37.000-04:00
diff --git a/irods/connection.py b/irods/connection.py
@@ -209,6 +209,7 @@ def ssl_startup(self):
         try:
             context = self.account.ssl_context
         except AttributeError:
+            # TODO - if verify explicitly none, then try to ignore certificate_(file|path) even if given (reopen #281 ?)
             self.account.ssl_context = context = self.make_ssl_context(self.account)
 
         # Wrap socket with context
diff --git a/irods/test/login_auth_test.py b/irods/test/login_auth_test.py
@@ -24,6 +24,7 @@
 from re import compile as regex
 import gc
 import six
+from irods.test.setupssl import create_ssl_dir
 
 #
 # Allow override to specify the PAM password in effect for the test rodsuser.
@@ -511,16 +512,12 @@ def test_ssl_with_server_verify_set_to_none_281(self):
         with helpers.file_backed_up(env_file):
             with open(env_file) as env_file_handle:
                 env = json.load( env_file_handle )
+            create_ssl_dir(ssl_dir='./some')
             env.update({
-            #            "irods_client_server_negotiation": "request_server_negotiation",
-            #            "irods_client_server_policy": "CS_NEG_REQUIRE",
-            #            "irods_ssl_ca_certificate_file": "/path/to/some/file.crt",  # does not need to exist
+                         #"irods_ssl_ca_certificate_file": "./some/irods.crt",  # does not need to match server cert
                          "irods_ssl_verify_server": "none",
-            #            "irods_encryption_key_size": 32,
-            #            "irods_encryption_salt_size": 8,
-            #            "irods_encryption_num_hash_rounds": 16,
-            #            "irods_encryption_algorithm": "AES-256-CBC" 
             })
+            print('popping cert file path-->{}'.format(env.pop('irods_ssl_ca_certificate_file',None)))
             with open(env_file,'w') as f:
                 json.dump(env,f)
             with helpers.make_session() as session:
diff --git a/irods/test/setupssl.py b/irods/test/setupssl.py
@@ -25,13 +25,14 @@ def create_server_cert(process_output = sys.stdout, irods_key_path = 'irods.key'
     p.wait()
     return p.returncode
 
-def create_ssl_dir(irods_key_path = 'irods.key'):
+def create_ssl_dir(irods_key_path = 'irods.key', ssl_dir = ''):
+    ssl_dir = ssl_dir or IRODS_SSL_DIR
     save_cwd = os.getcwd()
     silent_run =  { 'shell': True, 'stderr' : PIPE, 'stdout' : PIPE }
     try:
-        if not (os.path.exists(IRODS_SSL_DIR)):
-            os.mkdir(IRODS_SSL_DIR)
-        os.chdir(IRODS_SSL_DIR)
+        if not (os.path.exists(ssl_dir)):
+            os.mkdir(ssl_dir)
+        os.chdir(ssl_dir)
         if not keep_old:
             Popen("openssl genrsa -out '{irods_key_path}' 2048 && chmod 600 '{irods_key_path}'".format(**locals()),
                   **silent_run).communicate()
