From aa21a1298ac330a5428ba3109704b76eaaba9715 Mon Sep 17 00:00:00 2001 From: Ahmed TAHRI Date: Mon, 27 May 2024 07:36:21 +0200 Subject: [PATCH] :bug: Fix generating ocsp error message for revoked certificate --- HISTORY.md | 6 ++++++ src/niquests/__version__.py | 4 ++-- src/niquests/extensions/_ocsp.py | 2 +- tests/test_async.py | 13 ++++++++++++- tests/test_live.py | 11 +++++++++++ 5 files changed, 32 insertions(+), 4 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 298ff8f0ea..f1b7c64bd1 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,12 @@ Release History =============== +3.6.6 (2024-05-27) +------------------ + +**Fixed** +- ReasonFlag not properly translated to readable text when peer or intermediate certificate is revoked. + 3.6.5 (2024-05-22) ------------------ diff --git a/src/niquests/__version__.py b/src/niquests/__version__.py index e5be4b0dce..2a69e7f826 100644 --- a/src/niquests/__version__.py +++ b/src/niquests/__version__.py @@ -9,9 +9,9 @@ __url__: str = "https://niquests.readthedocs.io" __version__: str -__version__ = "3.6.5" +__version__ = "3.6.6" -__build__: int = 0x030605 +__build__: int = 0x030606 __author__: str = "Kenneth Reitz" __author_email__: str = "me@kennethreitz.org" __license__: str = "Apache-2.0" diff --git a/src/niquests/extensions/_ocsp.py b/src/niquests/extensions/_ocsp.py index a59a76b49d..2b486e4d8d 100644 --- a/src/niquests/extensions/_ocsp.py +++ b/src/niquests/extensions/_ocsp.py @@ -65,7 +65,7 @@ def _str_fingerprint_of(certificate: Certificate) -> str: def readable_revocation_reason(flag: ReasonFlags | None) -> str | None: - return flag.name.lower() if flag is not None else None + return str(flag).split(".")[-1].lower() if flag is not None else None def _ask_nicely_for_issuer( diff --git a/tests/test_async.py b/tests/test_async.py index b3ec3cd016..02ce048f74 100644 --- a/tests/test_async.py +++ b/tests/test_async.py @@ -7,7 +7,7 @@ import pytest from niquests import AsyncSession, AsyncResponse, Response -from niquests.exceptions import MultiplexingError +from niquests.exceptions import MultiplexingError, ConnectionError @pytest.mark.usefixtures("requires_wan") @@ -228,3 +228,14 @@ async def test_happy_eyeballs(self) -> None: r = await s.get("https://pie.dev/get") assert r.ok + + @pytest.mark.xfail(reason="Using flaky revoked.badssl.com") + async def test_revoked_certificate(self) -> None: + """This test may fail at any moment. Using https://revoked.badssl.com/ as a target tester.""" + + async with AsyncSession() as s: + with pytest.raises( + ConnectionError, + match="Unable to establish a secure connection to https://revoked.badssl.com/ because the certificate has been revoked", + ): + await s.get("https://revoked.badssl.com/") diff --git a/tests/test_live.py b/tests/test_live.py index 5aa7b72d23..7a37f63373 100644 --- a/tests/test_live.py +++ b/tests/test_live.py @@ -110,3 +110,14 @@ def test_happy_eyeballs(self) -> None: r = s.get("https://pie.dev/get") assert r.ok + + @pytest.mark.xfail(reason="Using flaky revoked.badssl.com") + def test_revoked_certificate(self) -> None: + """This test may fail at any moment. Using https://revoked.badssl.com/ as a target tester.""" + + with Session() as s: + with pytest.raises( + ConnectionError, + match="Unable to establish a secure connection to https://revoked.badssl.com/ because the certificate has been revoked", + ): + s.get("https://revoked.badssl.com/")