diff options
author | thekuwayama <thekuwayama@gmail.com> | 2019-12-31 21:12:34 +0900 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2020-01-25 00:30:40 +1300 |
commit | 5d866038920edf2729865653d6dc9309589f089a (patch) | |
tree | 5a7ad1b6b857a5db18e339ebeee53b36d1c22776 | |
parent | f18559acf97a6f6aaf3d253417eb0100b262cbc6 (diff) | |
download | ruby-openssl-5d866038920edf2729865653d6dc9309589f089a.tar.gz |
modify test_add_certificate_chain_file to check ssl.peer_cert and ssl.peer_cert_chain
-rw-r--r-- | ext/openssl/ossl_ssl.c | 9 | ||||
-rw-r--r-- | test/test_ssl.rb | 25 |
2 files changed, 28 insertions, 6 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 8a73decc..4ee698cd 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -1326,17 +1326,18 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self) * call-seq: * ctx.add_certificate_chain_file(certs_path, pkey_path) -> true | false * - * Loads (chain) certificate(s) from _certs_path_ and private key from + * Loads chain certificates from _certs_path_ and a private key from * _pkey_path_. * * === Parameters * _certs_path_:: - * A path to a (chain) certificate(s) file. A instance of String. + * A path to a chain certificates file. It may be a single certificate. + * An instance of String. * _pkey_path_:: - * A path to a private key file. A instance of String. + * A path to a private key file. An instance of String. * * === Note - * The file format of certificate and private key must be PEM. + * The file format of the certificate and private key must be PEM. * * The certificate file must be starting with the subject's certificate and * followed by intermediate CA certificates (and root CA certificate). diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 5d4c09b8..07484769 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -186,8 +186,29 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_add_certificate_chain_file - ctx = OpenSSL::SSL::SSLContext.new - assert ctx.add_certificate_chain_file(Fixtures.file_path("chain", "server.crt")) + # Create chain certificates file + GC.disable # for tempfile + certs = Tempfile.open { |f| f << @svr_cert.to_pem << @ca_cert.to_pem; f } + pkey = Tempfile.open { |f| f << @svr_key.to_pem; f } + + ctx_proc = -> ctx { + # Unset values set by start_server + ctx.cert = ctx.key = ctx.extra_chain_cert = nil + assert ctx.add_certificate_chain_file(certs.path, pkey.path) + } + + start_server(ctx_proc: ctx_proc) { |port| + server_connect(port) { |ssl| + assert_equal @svr_cert.subject, ssl.peer_cert.subject + assert_equal [@svr_cert.subject, @ca_cert.subject], + ssl.peer_cert_chain.map(&:subject) + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } + } + ensure + certs&.close + pkey&.close end def test_sysread_and_syswrite |