fix envvars

.travis.yml

@@ -20,42 +20,30 @@ matrix:
       env: TOXENV=py27_install BOULDER_INTEGRATION=v2
       sudo: required
       services: docker
-    - python: "2.7"
+    - python: "3.4"
-      env: TOXENV=cover FYI="this also tests py27"
+      env: TOXENV=py34 BOULDER_INTEGRATION=v1
-    - sudo: required
-      env: TOXENV=nginx_compat
-      services: docker
-      before_install:
-      addons:
-    - python: "2.7"
-      env: TOXENV=lint
-    - python: "2.7"
-      env: TOXENV=py27-oldest
       sudo: required
       services: docker
     - python: "3.4"
-      env: TOXENV=py34
+      env: TOXENV=py34 BOULDER_INTEGRATION=v2
+      sudo: required
+      services: docker
+    - python: "3.5"
+      env: TOXENV=py35 BOULDER_INTEGRATION=v1
+      sudo: required
+      services: docker
+    - python: "3.5"
+      env: TOXENV=py35 BOULDER_INTEGRATION=v2
       sudo: required
       services: docker
     - python: "3.6"
-      env: TOXENV=py36
+      env: TOXENV=py36 BOULDER_INTEGRATION=v1
       sudo: required
       services: docker
-    - sudo: required
+    - python: "3.6"
-      env: TOXENV=apache_compat
+      env: TOXENV=py36 BOULDER_INTEGRATION=v2
-      services: docker
-      before_install:
-      addons:
-    - sudo: required
-      env: TOXENV=le_auto_trusty
-      services: docker
-      before_install:
-      addons:
-    - python: "2.7"
-      env: TOXENV=apacheconftest
       sudo: required
-    - python: "2.7"
+      services: docker
-      env: TOXENV=nginxroundtrip
 
 
 # Only build pushes to the master branch, PRs, and branches beginning with
@@ -100,9 +88,3 @@ after_success: '[ "$TOXENV" == "cover" ] && coveralls'
 
 notifications:
   email: false
-  irc:
-    channels:
-      - secure: "SGWZl3ownKx9xKVV2VnGt7DqkTmutJ89oJV9tjKhSs84kLijU6EYdPnllqISpfHMTxXflNZuxtGo0wTDYHXBuZL47w1O32W6nzuXdra5zC+i4sYQwYULUsyfOv9gJX8zWAULiK0Z3r0oho45U+FR5ZN6TPCidi8/eGU+EEPwaAw="
-    on_success: never
-    on_failure: always
-    use_notice: true

acme/acme/client.py

@@ -809,8 +809,8 @@ class BackwardsCompatibleClientV2(object):
                     'certificate, please rerun the command for a new one.')
 
             cert = OpenSSL.crypto.dump_certificate(
-                    OpenSSL.crypto.FILETYPE_PEM, certr.body.wrapped)
+                    OpenSSL.crypto.FILETYPE_PEM, certr.body.wrapped).decode()
-            chain = crypto_util.dump_pyopenssl_chain(chain)
+            chain = crypto_util.dump_pyopenssl_chain(chain).decode()
 
             return orderr.update(fullchain_pem=(cert + chain))
         else:

acme/acme/client_test.py

@@ -99,10 +99,10 @@ class BackwardsCompatibleClientV2Test(ClientTestBase):
         self.chain = [wrapped, wrapped]
 
         self.cert_pem = OpenSSL.crypto.dump_certificate(
-            OpenSSL.crypto.FILETYPE_PEM, messages_test.CERT.wrapped)
+            OpenSSL.crypto.FILETYPE_PEM, messages_test.CERT.wrapped).decode()
 
         single_chain = OpenSSL.crypto.dump_certificate(
-            OpenSSL.crypto.FILETYPE_PEM, loaded)
+            OpenSSL.crypto.FILETYPE_PEM, loaded).decode()
         self.chain_pem = single_chain + single_chain
 
         self.fullchain_pem = self.cert_pem + self.chain_pem

acme/acme/crypto_util.py

@@ -287,6 +287,9 @@ def dump_pyopenssl_chain(chain, filetype=OpenSSL.crypto.FILETYPE_PEM):
     :param list chain: List of `OpenSSL.crypto.X509` (or wrapped in
         :class:`josepy.util.ComparableX509`).
 
+    :returns: certificate chain bundle
+    :rtype: bytes
+
     """
     # XXX: returns empty string when no chain is available, which
     # shuts up RenewableCert, but might not be the best solution...

certbot/client.py

@@ -244,7 +244,7 @@ class Client(object):
             than `authkey`.
         :param acme.messages.OrderResource orderr: contains authzrs
 
-        :returns: certificate and chain as PEM strings
+        :returns: certificate and chain as PEM byte strings
         :rtype: tuple
 
         """
@@ -263,7 +263,8 @@ class Client(object):
 
         deadline = datetime.datetime.now() + datetime.timedelta(seconds=90)
         orderr = self.acme.finalize_order(orderr, deadline)
-        return crypto_util.cert_and_chain_from_fullchain(orderr.fullchain_pem)
+        cert, chain = crypto_util.cert_and_chain_from_fullchain(orderr.fullchain_pem)
+        return cert.encode(), chain.encode()
 
     def obtain_certificate(self, domains):
         """Obtains a certificate from the ACME server.

certbot/crypto_util.py

@@ -441,8 +441,9 @@ def cert_and_chain_from_fullchain(fullchain_pem):
 
     :returns: tuple of string cert_pem and chain_pem
     :rtype: tuple
+
     """
     cert = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
-        OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, fullchain_pem))
+        OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, fullchain_pem)).decode()
     chain = fullchain_pem[len(cert):]
     return (cert, chain)

certbot/tests/client_test.py

@@ -132,7 +132,6 @@ class ClientTest(ClientTestCommon):
         self.eg_domains = ["example.com", "www.example.com"]
         self.eg_order = mock.MagicMock(
             authorizations=[None],
-            fullchain_pem=mock.sentinel.fullchain_pem,
             csr_pem=mock.sentinel.csr_pem)
 
     def test_init_acme_verify_ssl(self):
@@ -165,8 +164,7 @@ class ClientTest(ClientTestCommon):
         self._mock_obtain_certificate()
         test_csr = util.CSR(form="pem", file=None, data=CSR_SAN)
         auth_handler = self.client.auth_handler
-        mock_crypto_util.cert_and_chain_from_fullchain.return_value = (mock.sentinel.cert,
+        self._set_mock_from_fullchain(mock_crypto_util.cert_and_chain_from_fullchain)
-            mock.sentinel.chain)
 
         orderr = self.acme.new_order(test_csr.data)
         auth_handler.handle_authorizations(orderr, False)
@@ -199,8 +197,7 @@ class ClientTest(ClientTestCommon):
         csr = util.CSR(form="pem", file=None, data=CSR_SAN)
         mock_crypto_util.init_save_csr.return_value = csr
         mock_crypto_util.init_save_key.return_value = mock.sentinel.key
-        mock_crypto_util.cert_and_chain_from_fullchain.return_value = (mock.sentinel.cert,
+        self._set_mock_from_fullchain(mock_crypto_util.cert_and_chain_from_fullchain)
-            mock.sentinel.chain)
 
         self._test_obtain_certificate_common(mock.sentinel.key, csr)
 
@@ -209,7 +206,7 @@ class ClientTest(ClientTestCommon):
         mock_crypto_util.init_save_csr.assert_called_once_with(
             mock.sentinel.key, self.eg_domains, self.config.csr_dir)
         mock_crypto_util.cert_and_chain_from_fullchain.assert_called_once_with(
-            mock.sentinel.fullchain_pem)
+            self.eg_order.fullchain_pem)
 
     @mock.patch("certbot.client.crypto_util")
     @mock.patch("os.remove")
@@ -218,8 +215,7 @@ class ClientTest(ClientTestCommon):
         key = util.CSR(form="pem", file=mock.sentinel.key_file, data=CSR_SAN)
         mock_crypto_util.init_save_csr.return_value = csr
         mock_crypto_util.init_save_key.return_value = key
-        mock_crypto_util.cert_and_chain_from_fullchain.return_value = (mock.sentinel.cert,
+        self._set_mock_from_fullchain(mock_crypto_util.cert_and_chain_from_fullchain)
-            mock.sentinel.chain)
 
         authzr = self._authzr_from_domains(["example.com"])
         self.config.allow_subset_of_names = True
@@ -237,8 +233,7 @@ class ClientTest(ClientTestCommon):
         mock_acme_crypto.make_csr.return_value = CSR_SAN
         mock_crypto.make_key.return_value = mock.sentinel.key_pem
         key = util.Key(file=None, pem=mock.sentinel.key_pem)
-        mock_crypto.cert_and_chain_from_fullchain.return_value = (mock.sentinel.cert,
+        self._set_mock_from_fullchain(mock_crypto.cert_and_chain_from_fullchain)
-            mock.sentinel.chain)
 
         self.client.config.dry_run = True
         self._test_obtain_certificate_common(key, csr)
@@ -250,6 +245,13 @@ class ClientTest(ClientTestCommon):
         mock_crypto.init_save_csr.assert_not_called()
         self.assertEqual(mock_crypto.cert_and_chain_from_fullchain.call_count, 1)
 
+    def _set_mock_from_fullchain(self, mock_from_fullchain):
+        mock_cert = mock.Mock()
+        mock_cert.encode.return_value = mock.sentinel.cert
+        mock_chain = mock.Mock()
+        mock_chain.encode.return_value = mock.sentinel.chain
+        mock_from_fullchain.return_value = (mock_cert, mock_chain)
+
     def _authzr_from_domains(self, domains):
         authzr = []
 

certbot/tests/crypto_util_test.py

@@ -377,8 +377,8 @@ class CertAndChainFromFullchainTest(unittest.TestCase):
     """Tests for certbot.crypto_util.cert_and_chain_from_fullchain"""
 
     def test_cert_and_chain_from_fullchain(self):
-        cert_pem = CERT
+        cert_pem = CERT.decode()
-        chain_pem = CERT + SS_CERT
+        chain_pem = cert_pem + SS_CERT.decode()
         fullchain_pem = cert_pem + chain_pem
         from certbot.crypto_util import cert_and_chain_from_fullchain
         cert_out, chain_out = cert_and_chain_from_fullchain(fullchain_pem)