diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-28 15:35:05 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-28 15:35:44 +0900 |
| commit | e76f076f093efb93dabf2cb042c527500f956061 (patch) | |
| tree | fa77e3ae93108f518ac70a2f274ee7b3e9da5432 /test/test_x509ext.rb | |
| parent | ef3b30ddb6cff80c1ead60cb63940e80d0fb9ec5 (diff) | |
| download | ruby-openssl-e76f076f093efb93dabf2cb042c527500f956061.tar.gz | |
x509ext: fix X509::ExtensionFactory#create_ext with config
The assumption in commit 1b1d520818e0 ("x509ext: fix memory leak in
X509::ExtensionFactory#config=") was wrong. The uninitialized
X509V3_CTX::db can be referred through "r2i" functions when creating
certain types of extension that use them.
Diffstat (limited to 'test/test_x509ext.rb')
| -rw-r--r-- | test/test_x509ext.rb | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/test/test_x509ext.rb b/test/test_x509ext.rb index 33989873..79713c0f 100644 --- a/test/test_x509ext.rb +++ b/test/test_x509ext.rb @@ -36,15 +36,15 @@ class OpenSSL::TestX509Extension < OpenSSL::TestCase bc = ef.create_extension("basicConstraints", "CA:TRUE, pathlen:2", true) assert_equal(@basic_constraints.to_der, bc.to_der) - begin - ef.config = OpenSSL::Config.parse(<<-_end_of_cnf_) - [crlDistPts] - URI.1 = http://www.example.com/crl - URI.2 = ldap://ldap.example.com/cn=ca?certificateRevocationList;binary - _end_of_cnf_ - rescue NotImplementedError - return - end + ef.config = OpenSSL::Config.parse(<<-_end_of_cnf_) + [crlDistPts] + URI.1 = http://www.example.com/crl + URI.2 = ldap://ldap.example.com/cn=ca?certificateRevocationList;binary + + [certPolicies] + policyIdentifier = 2.23.140.1.2.1 + CPS.1 = http://cps.example.com + _end_of_cnf_ cdp = ef.create_extension("crlDistributionPoints", "@crlDistPts") assert_equal(false, cdp.critical?) @@ -61,6 +61,12 @@ class OpenSSL::TestX509Extension < OpenSSL::TestCase assert_match( %r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary}, cdp.value) + + cp = ef.create_extension("certificatePolicies", "@certPolicies") + assert_equal(false, cp.critical?) + assert_equal("certificatePolicies", cp.oid) + assert_match(%r{2.23.140.1.2.1}, cp.value) + assert_match(%r{http://cps.example.com}, cp.value) end def test_dup |