openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-06-17 21:20:21 +04:00
Code Issues Packages Projects Releases Wiki Activity
Files
1adc05845455fa0da399d534a7ac35cdfc0e86f7
packages/lang/python/python-pyopenssl/test.sh
T
Alexandru Ardelean e4bf8904fb python-pyopenssl: bump to 26.2.0 
Refresh sha256 from PyPI sdist. pyOpenSSL 26.2.0 dropped EC support
from the legacy crypto.PKey API (the call surfaces as "OpenSSL.crypto.Error:
No such key type"); drop the EC-key arm of test.sh accordingly. Upstream
points at the cryptography package for EC key generation.

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
2026-06-05 07:37:42 +03:00

85 lines
2.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
[ "$1" = python3-pyopenssl ] || exit 0
# Basic sanity check (prints linked OpenSSL version info)
python3 -m OpenSSL.debug || exit 1
python3 - << EOF
import sys
import importlib.metadata
version = importlib.metadata.version("pyOpenSSL")
if version != "$2":
print("Wrong version: " + version)
sys.exit(1)
from OpenSSL import SSL, crypto
from OpenSSL.crypto import (
PKey, TYPE_RSA,
X509, X509Req, X509Store, X509StoreContext,
dump_certificate, dump_privatekey, load_certificate, load_privatekey,
dump_certificate_request,
FILETYPE_PEM,
)
# --- Key generation ---
# pyOpenSSL 26.2.0 dropped EC support from the legacy crypto.PKey API
# ("OpenSSL.crypto.Error: No such key type"). For EC keys, the upstream
# recommendation is to use the cryptography package directly.
rsa_key = PKey()
rsa_key.generate_key(TYPE_RSA, 2048)
assert rsa_key.bits() == 2048
assert rsa_key.type() == TYPE_RSA
# --- Self-signed certificate ---
cert = X509()
cert.get_subject().CN = "test.example.com"
cert.get_subject().O = "Test Org"
cert.set_serial_number(1)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365 * 24 * 60 * 60)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(rsa_key)
cert.sign(rsa_key, "sha256")
assert cert.get_subject().CN == "test.example.com"
assert cert.get_serial_number() == 1
assert not cert.has_expired()
# --- PEM round-trip (cert) ---
pem = dump_certificate(FILETYPE_PEM, cert)
assert pem.startswith(b"-----BEGIN CERTIFICATE-----")
cert2 = load_certificate(FILETYPE_PEM, pem)
assert cert2.get_subject().CN == "test.example.com"
# --- PEM round-trip (private key) ---
key_pem = dump_privatekey(FILETYPE_PEM, rsa_key)
assert key_pem.startswith(b"-----BEGIN")
key2 = load_privatekey(FILETYPE_PEM, key_pem)
assert key2.bits() == 2048
# --- Certificate signing request ---
req = X509Req()
req.get_subject().CN = "csr.example.com"
req.set_pubkey(rsa_key)
req.sign(rsa_key, "sha256")
assert req.verify(rsa_key)
csr_pem = dump_certificate_request(FILETYPE_PEM, req)
assert csr_pem.startswith(b"-----BEGIN CERTIFICATE REQUEST-----")
# --- X509Store verification ---
store = X509Store()
store.add_cert(cert)
ctx = X509StoreContext(store, cert)
ctx.verify_certificate() # raises if invalid
sys.exit(0)
EOF
Reference in New Issue View Git Blame Copy Permalink