diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-26 14:39:59 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-26 15:09:01 +0900 |
commit | a47ec6dbdc1ccfe9b07124e2addfbb197d9dd3b3 (patch) | |
tree | 0b5e83d3fc06f297e36092e97bd5903289415287 /test/test_ocsp.rb | |
parent | 5dc7a9322943b2ea57d505dbcf956d6370407816 (diff) | |
download | ruby-openssl-a47ec6dbdc1ccfe9b07124e2addfbb197d9dd3b3.tar.gz |
test/test_ocsp: ignore test failure due to a bug in old OpenSSL
Reference: https://rt.openssl.org/Ticket/Display.html?id=2560
Diffstat (limited to 'test/test_ocsp.rb')
-rw-r--r-- | test/test_ocsp.rb | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/test/test_ocsp.rb b/test/test_ocsp.rb index f91fb327..a69fd60f 100644 --- a/test/test_ocsp.rb +++ b/test/test_ocsp.rb @@ -118,10 +118,20 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase # without signer cert req = OpenSSL::OCSP::Request.new.add_certid(cid) req.sign(@cert, @cert_key, nil) - assert_equal true, req.verify([@cert], store) assert_equal false, req.verify([@cert2], store) assert_equal false, req.verify([], store) # no signer assert_equal false, req.verify([], store, OpenSSL::OCSP::NOVERIFY) + + assert_equal true, req.verify([@cert], store, OpenSSL::OCSP::NOINTERN) + ret = req.verify([@cert], store) + if ret || OpenSSL::OPENSSL_VERSION =~ /OpenSSL/ && OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10002000 + assert_equal true, ret + else + # RT2560; OCSP_request_verify() does not find signer cert from 'certs' when + # OCSP_NOINTERN is not specified. + # fixed by OpenSSL 1.0.1j, 1.0.2 and LibreSSL 2.4.2 + pend "RT2560: ocsp_req_find_signer" + end end def test_request_nonce |