ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4830/python/how-to-fix-it/openssl.adoc

38 lines
933 B
Plaintext
Raw Normal View History

Modify rule S4830: LaYC format (#2176)
2023-06-20 13:26:14 +02:00
== How to fix it in OpenSSL
=== Code examples
include::../../common/fix/code-rationale.adoc[]
Certificate validation is not enabled by default and has to be explicitly
enabled through `set_verify`.
==== Noncompliant code example
[source,python,diff-id=1,diff-type=noncompliant]
----
from OpenSSL import SSL
ctx1 = SSL.Context(SSL.TLSv1_2_METHOD) # Noncompliant
ctx2 = SSL.Context(SSL.TLSv1_2_METHOD)
ctx2.set_verify(SSL.VERIFY_NONE, verify_callback) # Noncompliant
----
==== Compliant solution
Diff blocks: fix incorrect use for python (#2795) Improvement identified in #2790. Add a prefix to the diff-id when it is used multiple times in different "how to fix it in XYZ" sections to avoid ambiguity and pedantically follow the spec: > A single and unique diff-id should be used only once for each type of code example as shown in the description of a rule. Obvious typos around `diff-type` were fixed. An obvious extra use of diff blocks was removed.
2023-08-21 15:22:49 +02:00
[source,python,diff-id=1,diff-type=compliant]
Modify rule S4830: LaYC format (#2176)
2023-06-20 13:26:14 +02:00
----
from OpenSSL import SSL
ctx = SSL.Context(SSL.TLSv1_2_METHOD)
ctx.set_verify(SSL.VERIFY_PEER, verify_callback)
ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback)
ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE, verify_callback)
----
=== How does this work?
include::../../common/fix/validation.adoc[]
Reference in New Issue Copy Permalink