diff options
| author | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2020-02-16 07:34:52 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-16 07:34:52 +0900 |
| commit | 23b07043e7fde743ff920f8354b5a094fee19a03 (patch) | |
| tree | 95a2e4c7036aac572b00c06dd8164c94b80faaa2 /test/test_ssl.rb | |
| parent | f602e67405a6ff77b04a16f8300f0230468623de (diff) | |
| download | ruby-openssl-23b07043e7fde743ff920f8354b5a094fee19a03.tar.gz | |
Revert add_certificate_chain_file changes (#320)
Revert SSLContext#add_certificate_chain_file changes
* 0da0dfaf09f549b2b2cd984627b321b7908d1186.
* 8d12f0f6ca944212cb8000e689469d7aaa8190d7.
* 49f42ad5f82f8b61f51a16e3a6df1ab0d5307d5f.
* 5ee295ab8e37c8ffc6eb8c1b7b79ec024f3253e4.
* 8b4fa5e336c7544ea677ccee160ec6d221559e10.
* 443d13e9b2c127230fde2733959eaa4d41eb355d.
* 5d866038920edf2729865653d6dc9309589f089a.
* f18559acf97a6f6aaf3d253417eb0100b262cbc6.
Diffstat (limited to 'test/test_ssl.rb')
| -rw-r--r-- | test/test_ssl.rb | 103 |
1 files changed, 2 insertions, 101 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 6bfd3111..eb5b77be 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -186,107 +186,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_add_certificate_chain_file - # Create chain certificates file - certs = Tempfile.open { |f| f << @svr_cert.to_pem << @ca_cert.to_pem; f } - pkey = Tempfile.open { |f| f << @svr_key.to_pem; f } - - ctx_proc = -> ctx { - # Unset values set by start_server - ctx.cert = ctx.key = ctx.extra_chain_cert = nil - assert_nothing_raised { ctx.add_certificate_chain_file(certs.path, pkey.path) } - } - - start_server(ctx_proc: ctx_proc) { |port| - server_connect(port) { |ssl| - assert_equal @svr_cert.subject, ssl.peer_cert.subject - assert_equal [@svr_cert.subject, @ca_cert.subject], - ssl.peer_cert_chain.map(&:subject) - - ssl.puts "abc"; assert_equal "abc\n", ssl.gets - } - } - ensure - certs&.close - pkey&.close - certs&.unlink - pkey&.unlink - end - - def test_add_certificate_chain_file_multiple_certs - pend "EC is not supported" unless defined?(OpenSSL::PKey::EC) - pend "TLS 1.2 is not supported" unless tls12_supported? - - # SSL_CTX_set0_chain() is needed for setting multiple certificate chains - add0_chain_supported = openssl?(1, 0, 2) - - if add0_chain_supported - ca2_key = Fixtures.pkey("rsa2048") - ca2_exts = [ - ["basicConstraints", "CA:TRUE", true], - ["keyUsage", "cRLSign, keyCertSign", true], - ] - ca2_dn = OpenSSL::X509::Name.parse_rfc2253("CN=CA2") - ca2_cert = issue_cert(ca2_dn, ca2_key, 123, ca2_exts, nil, nil) - else - # Use the same CA as @svr_cert - ca2_key = @ca_key; ca2_cert = @ca_cert - end - - ecdsa_key = Fixtures.pkey("p256") - exts = [ - ["keyUsage", "digitalSignature", false], - ] - ecdsa_dn = OpenSSL::X509::Name.parse_rfc2253("CN=localhost2") - ecdsa_cert = issue_cert(ecdsa_dn, ecdsa_key, 456, exts, ca2_cert, ca2_key) - - # Create chain certificates file - certs1 = Tempfile.open { |f| f << @svr_cert.to_pem << @ca_cert.to_pem; f } - pkey1 = Tempfile.open { |f| f << @svr_key.to_pem; f } - certs2 = Tempfile.open { |f| f << ecdsa_cert.to_pem << ca2_cert.to_pem; f } - pkey2 = Tempfile.open { |f| f << ecdsa_key.to_pem; f } - - ctx_proc = -> ctx { - # Unset values set by start_server - ctx.cert = ctx.key = ctx.extra_chain_cert = nil - ctx.ecdh_curves = "P-256" unless openssl?(1, 0, 2) - assert_nothing_raised { - ctx.add_certificate_chain_file(certs1.path, pkey1.path) # RSA - ctx.add_certificate_chain_file(certs2.path, pkey2.path) # ECDSA - } - } - - start_server(ctx_proc: ctx_proc) do |port| - ctx = OpenSSL::SSL::SSLContext.new - ctx.max_version = :TLS1_2 - ctx.ciphers = "aRSA" - server_connect(port, ctx) { |ssl| - assert_equal @svr_cert.subject, ssl.peer_cert.subject - assert_equal [@svr_cert.subject, @ca_cert.subject], - ssl.peer_cert_chain.map(&:subject) - - ssl.puts "abc"; assert_equal "abc\n", ssl.gets - } - - ctx = OpenSSL::SSL::SSLContext.new - ctx.max_version = :TLS1_2 - ctx.ciphers = "aECDSA" - server_connect(port, ctx) { |ssl| - assert_equal ecdsa_cert.subject, ssl.peer_cert.subject - assert_equal [ecdsa_cert.subject, ca2_cert.subject], - ssl.peer_cert_chain.map(&:subject) - - ssl.puts "123"; assert_equal "123\n", ssl.gets - } - end - ensure - certs1&.close - pkey1&.close - certs1&.unlink - pkey1&.unlink - certs2&.close - pkey2&.close - certs2&.unlink - pkey2&.unlink + ctx = OpenSSL::SSL::SSLContext.new + assert ctx.add_certificate_chain_file(Fixtures.file_path("chain", "server.crt")) end def test_sysread_and_syswrite |