Skip to content

Fix 'One or more parameters passed to a function were not valid.' in …#206

Open
rpoelstra wants to merge 4 commits intosethmlarson:mainfrom
rpoelstra:fix/no-certs-to-verify-macOS
Open

Fix 'One or more parameters passed to a function were not valid.' in …#206
rpoelstra wants to merge 4 commits intosethmlarson:mainfrom
rpoelstra:fix/no-certs-to-verify-macOS

Conversation

@rpoelstra
Copy link

@rpoelstra rpoelstra commented Jan 15, 2026
edited
Loading

…case there are no certificates to verify.

This mimics the Windows implementation by performing the emptiness check in the caller.

This issue is reported in #205 and #204

@rpoelstra
Copy link
Author

rpoelstra commented Mar 12, 2026

@sethmlarson Can you please look into this?

@sethmlarson
Copy link
Owner

sethmlarson commented Mar 12, 2026

@rpoelstra Thanks for the pull request, could you add a test case so we verify this behavior continues to work?

@rpoelstra
Copy link
Author

rpoelstra commented Mar 23, 2026

Hi @sethmlarson,

I've added a test.
On 'main' this test fails with:

FAILED tests/test_api.py::test_verify_peercerts_no_cert_chain_raises[True-None] - Failed: DID NOT RAISE <class 'ssl.SSLCertVerificationError'>
FAILED tests/test_api.py::test_verify_peercerts_no_cert_chain_raises[True-empty_value1] - Failed: DID NOT RAISE <class 'ssl.SSLCertVerificationError'>
FAILED tests/test_api.py::test_verify_peercerts_no_cert_chain_raises[False-None] - Failed: DID NOT RAISE <class 'ssl.SSLCertVerificationError'>
FAILED tests/test_api.py::test_verify_peercerts_no_cert_chain_raises[False-empty_value1] - Failed: DID NOT RAISE <class 'ssl.SSLCertVerificationError'>

I noticed that there is another test failing, but this test also fails on an unmodified 'main', so it's not caused by this PR.

sethmlarson
sethmlarson reviewed Mar 23, 2026
View reviewed changes
src/truststore/_macos.py
cert_chain: list[bytes],
server_hostname: str | None = None,
) -> None:
certs = None
Copy link
Owner

@sethmlarson sethmlarson Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

certs = None defined below, too.

sethmlarson
sethmlarson approved these changes Mar 23, 2026
View reviewed changes
Copy link
Owner

@sethmlarson sethmlarson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you!

@rpoelstra
Fix 'One or more parameters passed to a function were not valid.' in …
8895379 
…case there are no certificates to verify.

This mimics the Windows implementation.

Signed-off-by: Remco Poelstra <remco@beryllium.net>
@rpoelstra
Move code up to the caller
028842f 
Makes the code more DRY and reduces general code in OS specific implementations

Signed-off-by: Remco Poelstra <remco@beryllium.net>
@rpoelstra
Added a test to ensure _verify_peercerts raises SSLCertVerificationEr…
910cab9 
…ror when no peer certificates are returned, and that verification does not proceed further.

Signed-off-by: Remco Poelstra <remco@beryllium.net>
@rpoelstra
Fix parameter
02d7a93 
Signed-off-by: Remco Poelstra <remco@beryllium.net>
@rpoelstra rpoelstra force-pushed the fix/no-certs-to-verify-macOS branch from 4b4bc42 to 02d7a93 Compare March 24, 2026 13:36
@rpoelstra
Copy link
Author

rpoelstra commented Mar 24, 2026

@sethmlarson I've pushed new commits, which I've signed with my private key to make sure they are verified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sethmlarson sethmlarson sethmlarson approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rpoelstra @sethmlarson