aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorthekuwayama <thekuwayama@gmail.com>2019-12-31 21:12:34 +0900
committerSamuel Williams <samuel.williams@oriontransfer.co.nz>2020-01-25 00:30:40 +1300
commit5d866038920edf2729865653d6dc9309589f089a (patch)
tree5a7ad1b6b857a5db18e339ebeee53b36d1c22776
parentf18559acf97a6f6aaf3d253417eb0100b262cbc6 (diff)
downloadruby-openssl-5d866038920edf2729865653d6dc9309589f089a.tar.gz
modify test_add_certificate_chain_file to check ssl.peer_cert and ssl.peer_cert_chain
Diffstat
-rw-r--r--ext/openssl/ossl_ssl.c9
-rw-r--r--test/test_ssl.rb25
2 files changed, 28 insertions, 6 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 8a73decc..4ee698cd 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1326,17 +1326,18 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self)
* call-seq:
* ctx.add_certificate_chain_file(certs_path, pkey_path) -> true | false
*
- * Loads (chain) certificate(s) from _certs_path_ and private key from
+ * Loads chain certificates from _certs_path_ and a private key from
* _pkey_path_.
*
* === Parameters
* _certs_path_::
- * A path to a (chain) certificate(s) file. A instance of String.
+ * A path to a chain certificates file. It may be a single certificate.
+ * An instance of String.
* _pkey_path_::
- * A path to a private key file. A instance of String.
+ * A path to a private key file. An instance of String.
*
* === Note
- * The file format of certificate and private key must be PEM.
+ * The file format of the certificate and private key must be PEM.
*
* The certificate file must be starting with the subject's certificate and
* followed by intermediate CA certificates (and root CA certificate).
diff --git a/test/test_ssl.rb b/test/test_ssl.rb
index 5d4c09b8..07484769 100644
--- a/test/test_ssl.rb
+++ b/test/test_ssl.rb
@@ -186,8 +186,29 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end
def test_add_certificate_chain_file
- ctx = OpenSSL::SSL::SSLContext.new
- assert ctx.add_certificate_chain_file(Fixtures.file_path("chain", "server.crt"))
+ # Create chain certificates file
+ GC.disable # for tempfile
+ certs = Tempfile.open { |f| f << @svr_cert.to_pem << @ca_cert.to_pem; f }
+ pkey = Tempfile.open { |f| f << @svr_key.to_pem; f }
+
+ ctx_proc = -> ctx {
+ # Unset values set by start_server
+ ctx.cert = ctx.key = ctx.extra_chain_cert = nil
+ assert ctx.add_certificate_chain_file(certs.path, pkey.path)
+ }
+
+ start_server(ctx_proc: ctx_proc) { |port|
+ server_connect(port) { |ssl|
+ assert_equal @svr_cert.subject, ssl.peer_cert.subject
+ assert_equal [@svr_cert.subject, @ca_cert.subject],
+ ssl.peer_cert_chain.map(&:subject)
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
+ }
+ ensure
+ certs&.close
+ pkey&.close
end
def test_sysread_and_syswrite
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-22 09:43:38 +0000