diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-11-30 21:57:35 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-12-22 14:48:30 +0900 |
| commit | 4eb4b3297a92149d0a95c674107d091b18fe76af (patch) | |
| tree | 637ad45f90371a7eda174f50cd4bc6efcd7ee503 /test/test_x509cert.rb | |
| parent | c9225b0cbc5d6ce48e7d6172e2010f02b90e22c9 (diff) | |
| download | ruby-openssl-4eb4b3297a92149d0a95c674107d091b18fe76af.tar.gz | |
Remove support for OpenSSL 0.9.8 and 1.0.0topic/drop-openssl-098-and-100
They are no longer receiving security updates from the OpenSSL
development team since 2015-12.
We have kept basic compatibility until now because RHEL 5 still uses an
(heavily modified) OpenSSL 0.9.8e. The RHEL 5 will reach EOL on 2017-03,
thus it is now safe to assume nobody is still using such old versions of
OpenSSL.
Diffstat (limited to 'test/test_x509cert.rb')
| -rw-r--r-- | test/test_x509cert.rb | 30 |
1 files changed, 6 insertions, 24 deletions
diff --git a/test/test_x509cert.rb b/test/test_x509cert.rb index 0cfe4402..0f317c38 100644 --- a/test/test_x509cert.rb +++ b/test/test_x509cert.rb @@ -1,8 +1,6 @@ # frozen_string_literal: false require_relative "utils" -if defined?(OpenSSL::TestUtils) - class OpenSSL::TestX509Certificate < OpenSSL::TestCase def setup super @@ -34,13 +32,10 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase ["authorityKeyIdentifier","keyid:always",false], ] - sha1 = OpenSSL::Digest::SHA1.new - dsa_digest = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new - [ - [@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dsa_digest], [@dsa512, dsa_digest] - ].each{|pk, digest| - cert = issue_cert(@ca, pk, 1, exts, nil, nil, digest: digest) + @rsa1024, @rsa2048, @dsa256, @dsa512, + ].each{|pk| + cert = issue_cert(@ca, pk, 1, exts, nil, nil) assert_equal(cert.extensions.sort_by(&:to_s)[2].value, OpenSSL::TestUtils.get_subject_key_id(cert)) cert = OpenSSL::X509::Certificate.new(cert.to_der) @@ -152,26 +147,15 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase } end - def test_dsig_algorithm_mismatch - assert_raise(OpenSSL::X509::CertificateError) do - issue_cert(@ca, @rsa2048, 1, [], nil, nil, digest: OpenSSL::Digest::DSS1.new) - end if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10001000 # [ruby-core:42949] - end - def test_dsa_with_sha2 - begin - cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha256") - assert_equal("dsa_with_SHA256", cert.signature_algorithm) - rescue OpenSSL::X509::CertificateError - # dsa_with_sha2 not supported. skip following test. - return - end + cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha256") + assert_equal("dsa_with_SHA256", cert.signature_algorithm) # TODO: need more tests for dsa + sha2 # SHA1 is allowed from OpenSSL 1.0.0 (0.9.8 requires DSS1) cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha1") assert_equal("dsaWithSHA1", cert.signature_algorithm) - end if defined?(OpenSSL::Digest::SHA256) + end def test_check_private_key cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil) @@ -186,5 +170,3 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase false end end - -end |