ssl: suppress test failure with SSLContext#add_certificate_chain_file

The feature is currently premature and will be rewritten. However, it
is causing test failures on RubyCI. Make it happy for now.

Reference: https://github.com/ruby/openssl/issues/334

6 files changed, 32 insertions, 48 deletions

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 2ecd7ddc..718f25d8 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1325,12 +1325,16 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self)
 static VALUE
 ossl_sslctx_add_certificate_chain_file(VALUE self, VALUE path)
 {
-    StringValue(path);
-    SSL_CTX *ctx = NULL;
+    SSL_CTX *ctx;
+    int ret;
 
     GetSSLCTX(self, ctx);
+    StringValueCStr(path);
+    ret = SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(path));
+    if (ret != 1)
+        ossl_raise(eSSLError, "SSL_CTX_use_certificate_chain_file");
 
-    return SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(path)) == 1 ? Qtrue : Qfalse;
+    return Qtrue;
 }
 
 /*
diff --git a/test/openssl/fixtures/chain/dh512.pem b/test/openssl/fixtures/chain/dh512.pem
deleted file mode 100644
index fec138c7..00000000
--- a/test/openssl/fixtures/chain/dh512.pem
+++ /dev/null
@@ -1,4 +0,0 @@
------BEGIN DH PARAMETERS-----
-MEYCQQCjDVzTg9C4u43MV0TKDGsBuYdChrPMczr4IYjy+jHQvXm2DDadNNWBIDau
-4zNtwfLCg2gMwOc7t18m4Ten/NOLAgEC
------END DH PARAMETERS-----
diff --git a/test/openssl/fixtures/chain/server.crt b/test/openssl/fixtures/chain/server.crt
deleted file mode 100644
index d6b814f4..00000000
--- a/test/openssl/fixtures/chain/server.crt
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICATCCAWoCCQDbxIRGgXeWaDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJO
-WjETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMB4XDTE5MDYxMzA1MDU0MloXDTI5MDYxMDA1MDU0MlowRTELMAkG
-A1UEBhMCTloxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA29Vu
-Y6m8pRrsXxUhlK2BX48CDChr8D53SqZozcQI26BCm+05TBnQxKAHOknR3y/ige2U
-2zftSwbSoK/zKUC8o5pKVL+l36anDEnZ6RWc9Z9CvmaCFjlcP4nXZO+yD1Is/jCy
-KqGGC8lQ920VXOCFflJj6AWg88+4C3GLjxJe6bMCAwEAATANBgkqhkiG9w0BAQsF
-AAOBgQCDaqKGBkYxNxnv37vEKp7zi/cov8LvEsZaAD1pcSU+ysBiBes/B7a/Qjcj
-PTZsH/hedn9mVynLkjc7LrztUWngTeW9gk5EB9YSwJdPhwLntV1TdaBlf/tu0n/c
-s7QxaZhFMUyo1Eof28zXVHhs1OEhlSjwJ8lxuC3vBE4F1BjSNQ==
------END CERTIFICATE-----
diff --git a/test/openssl/fixtures/chain/server.csr b/test/openssl/fixtures/chain/server.csr
deleted file mode 100644
index 51b38e33..00000000
--- a/test/openssl/fixtures/chain/server.csr
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBhDCB7gIBADBFMQswCQYDVQQGEwJOWjETMBEGA1UECAwKU29tZS1TdGF0ZTEh
-MB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDb1W5jqbylGuxfFSGUrYFfjwIMKGvwPndKpmjNxAjboEKb
-7TlMGdDEoAc6SdHfL+KB7ZTbN+1LBtKgr/MpQLyjmkpUv6XfpqcMSdnpFZz1n0K+
-ZoIWOVw/iddk77IPUiz+MLIqoYYLyVD3bRVc4IV+UmPoBaDzz7gLcYuPEl7pswID
-AQABoAAwDQYJKoZIhvcNAQELBQADgYEAONaTWYVfyMmd8irCtognRoM4tFF4xvDg
-PTcnHjVb/6oPPMU+mtQVD9qNf8SOdhNuYVTZ61mDLQGeq45CLM5qWjZkqFPHnngf
-ajfZRE7Y3vA8ZaWFvsTJYcU+R3/FRS0XnFYj99+q9Yi3JExSY+arElyAW3tFYlcs
-RWOCk1pT2Yc=
------END CERTIFICATE REQUEST-----
diff --git a/test/openssl/fixtures/chain/server.key b/test/openssl/fixtures/chain/server.key
deleted file mode 100644
index 9590235d..00000000
--- a/test/openssl/fixtures/chain/server.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDb1W5jqbylGuxfFSGUrYFfjwIMKGvwPndKpmjNxAjboEKb7TlM
-GdDEoAc6SdHfL+KB7ZTbN+1LBtKgr/MpQLyjmkpUv6XfpqcMSdnpFZz1n0K+ZoIW
-OVw/iddk77IPUiz+MLIqoYYLyVD3bRVc4IV+UmPoBaDzz7gLcYuPEl7pswIDAQAB
-AoGAGO+q5+83ENtu+JIjDwRnanmEV/C13biYO4WI2d5kytTw+VL9bt52yfcFGt2I
-yvJZlTdn7T340svhVIzg3ksTmp1xQk3zh6zR00zQy45kYwY8uyd8Xfh2IsnpByoc
-h2jWVX6LSqi1Iy3RxanHmMYPSMy15otsjwlwnnTAHLnnvzECQQDvw3TL90DucQSD
-S0h6DWAGakaiOMhY/PpFbTsjzw+uG+Up65tpz4QqPbsXfoReeK0CQIuyE/LlYoJl
-VOlIsL6HAkEA6rh4zsWi6KVTGa7qd5x70TEgxeMMAW1qUbak1THxeZTFYnyvucBz
-i+VQvHEVnCadhVpHIwbBNUeOyS5DXjj6dQJAA0Caf/3Noq5jykgmJomx6MReSusM
-RLDB0FlH+Rdg9hKozCXHCOtoto350LrFnuZyKlqnynWc0OHCNQ+uzm6fVwJAbtyW
-YsNCQLPlXhoZsEj+yj10B0NH5lyxfMrRa8jdDtnPqMbPkOJvMMIssfSPimNKvzN2
-qfqEww97R1ZMh3JOCQJBAIIwGHBN5rDGIb4CgR+PLsh8bve1X+gO8UnOYJXa/Uzx
-gAXE0uzHNH6rNSG0V/IQnFYlSHpNJGgcdSl+MZNLldQ=
------END RSA PRIVATE KEY-----
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index d31ccacc..95232239 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -190,8 +190,31 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
   end
 
   def test_add_certificate_chain_file
-    ctx = OpenSSL::SSL::SSLContext.new
-    assert ctx.add_certificate_chain_file(Fixtures.file_path("chain", "server.crt"))
+    # Create chain certificates file
+    certs = Tempfile.open { |f| f << @svr_cert.to_pem << @ca_cert.to_pem; f }
+    pkey = Tempfile.open { |f| f << @svr_key.to_pem; f }
+
+    ctx_proc = -> ctx {
+      # FIXME: This is a temporary test case written just to match the current
+      # state. ctx.add_certificate_chain_file should take two arguments.
+      ctx.add_certificate_chain_file(certs.path)
+      # # Unset values set by start_server
+      # ctx.cert = ctx.key = ctx.extra_chain_cert = nil
+      # assert_nothing_raised { ctx.add_certificate_chain_file(certs.path, pkey.path) }
+    }
+
+    start_server(ctx_proc: ctx_proc) { |port|
+      server_connect(port) { |ssl|
+        assert_equal @svr_cert.subject, ssl.peer_cert.subject
+        assert_equal [@svr_cert.subject, @ca_cert.subject],
+          ssl.peer_cert_chain.map(&:subject)
+
+        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+      }
+    }
+  ensure
+    certs&.unlink
+    pkey&.unlink
   end
 
   def test_sysread_and_syswrite