Pyopenssl does not work well on Python3 (requires string object but signatures are not valid utf-8)

celery/security/certificate.py

@@ -35,7 +35,7 @@ class Certificate(object):
 
     def get_serial_number(self):
         """Return the serial number in the certificate."""
-        return self._cert.get_serial_number()
+        return bytes_to_str(self._cert.get_serial_number())
 
     def get_issuer(self):
         """Return issuer (CA) as a string"""
@@ -66,14 +66,15 @@ class CertStore(object):
     def __getitem__(self, id):
         """get certificate by id"""
         try:
-            return self._certs[id]
+            return self._certs[bytes_to_str(id)]
         except KeyError:
             raise SecurityError('Unknown certificate: {0!r}'.format(id))
 
     def add_cert(self, cert):
-        if cert.get_id() in self._certs:
+        cert_id = bytes_to_str(cert.get_id())
+        if cert_id in self._certs:
             raise SecurityError('Duplicate certificate: {0!r}'.format(id))
-        self._certs[cert.get_id()] = cert
+        self._certs[cert_id] = cert
 
 
 class FSCertStore(CertStore):

celery/security/serialization.py

@@ -44,7 +44,7 @@ class SecureSerializer(object):
         assert self._cert is not None
         with reraise_errors('Unable to serialize: {0!r}', (Exception, )):
             content_type, content_encoding, body = dumps(
-                data, serializer=self._serializer)
+                bytes_to_str(data), serializer=self._serializer)
             # What we sign is the serialized body, not the body itself.
             # this way the receiver doesn't have to decode the contents
             # to verify the signature (and thus avoiding potential flaws
@@ -89,15 +89,12 @@ class SecureSerializer(object):
 
         v = raw_payload[end_of_sig:].split(sep)
 
-        values = [bytes_to_str(signer), bytes_to_str(signature),
-                  bytes_to_str(v[0]), bytes_to_str(v[1]), bytes_to_str(v[2])]
-
         return {
-            'signer': values[0],
-            'signature': values[1],
-            'content_type': values[2],
-            'content_encoding': values[3],
-            'body': values[4],
+            'signer': signer,
+            'signature': signature,
+            'content_type': bytes_to_str(v[0]),
+            'content_encoding': bytes_to_str(v[1]),
+            'body': bytes_to_str(v[2]),
         }
 
 

celery/tests/app/test_app.py

@@ -549,14 +549,14 @@ class test_App(AppCase):
         # Test passing in a string and make sure the string
         # gets there untouched
         self.app.conf.BROKER_FAILOVER_STRATEGY = 'foo-bar'
-        self.assertEquals(
+        self.assertEqual(
             self.app.connection('amqp:////value').failover_strategy,
             'foo-bar',
         )
 
         # Try passing in None
         self.app.conf.BROKER_FAILOVER_STRATEGY = None
-        self.assertEquals(
+        self.assertEqual(
             self.app.connection('amqp:////value').failover_strategy,
             itertools.cycle,
         )
@@ -566,7 +566,7 @@ class test_App(AppCase):
             yield True
 
         self.app.conf.BROKER_FAILOVER_STRATEGY = my_failover_strategy
-        self.assertEquals(
+        self.assertEqual(
             self.app.connection('amqp:////value').failover_strategy,
             my_failover_strategy,
         )

celery/tests/security/case.py

@@ -2,10 +2,14 @@ from __future__ import absolute_import
 
 from celery.tests.case import AppCase, SkipTest
 
+import sys
+
 
 class SecurityCase(AppCase):
 
     def setup(self):
+        if sys.version_info[0] == 3:
+            raise SkipTest('PyOpenSSL does not work on Python 3')
         try:
             from OpenSSL import crypto  # noqa
         except ImportError: