test/test_ocsp: ignore test failure due to a bug in old OpenSSL

Reference: https://rt.openssl.org/Ticket/Display.html?id=2560
author: Kazuki Yamaguchi <k@rhe.jp> 2016-08-26 14:39:59 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2016-08-26 15:09:01 +0900
commit: a47ec6dbdc1ccfe9b07124e2addfbb197d9dd3b3 (patch)
tree: 0b5e83d3fc06f297e36092e97bd5903289415287 /test/test_ocsp.rb
parent: 5dc7a9322943b2ea57d505dbcf956d6370407816 (diff)
download: ruby-openssl-a47ec6dbdc1ccfe9b07124e2addfbb197d9dd3b3.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/test/test_ocsp.rb b/test/test_ocsp.rb
index f91fb327..a69fd60f 100644
--- a/test/test_ocsp.rb
+++ b/test/test_ocsp.rb
@@ -118,10 +118,20 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase
     # without signer cert
     req = OpenSSL::OCSP::Request.new.add_certid(cid)
     req.sign(@cert, @cert_key, nil)
-    assert_equal true, req.verify([@cert], store)
     assert_equal false, req.verify([@cert2], store)
     assert_equal false, req.verify([], store) # no signer
     assert_equal false, req.verify([], store, OpenSSL::OCSP::NOVERIFY)
+
+    assert_equal true, req.verify([@cert], store, OpenSSL::OCSP::NOINTERN)
+    ret = req.verify([@cert], store)
+    if ret || OpenSSL::OPENSSL_VERSION =~ /OpenSSL/ && OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10002000
+      assert_equal true, ret
+    else
+      # RT2560; OCSP_request_verify() does not find signer cert from 'certs' when
+      # OCSP_NOINTERN is not specified.
+      # fixed by OpenSSL 1.0.1j, 1.0.2 and LibreSSL 2.4.2
+      pend "RT2560: ocsp_req_find_signer"
+    end
   end
 
   def test_request_nonce
author	Kazuki Yamaguchi <k@rhe.jp>	2016-08-26 14:39:59 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2016-08-26 15:09:01 +0900
commit	a47ec6dbdc1ccfe9b07124e2addfbb197d9dd3b3 (patch)
tree	0b5e83d3fc06f297e36092e97bd5903289415287 /test/test_ocsp.rb
parent	5dc7a9322943b2ea57d505dbcf956d6370407816 (diff)
download	ruby-openssl-a47ec6dbdc1ccfe9b07124e2addfbb197d9dd3b3.tar.gz