diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-06-14 18:23:25 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-06-14 18:23:25 +0900 |
commit | 576eff66bece4c3e49d4041a3746c2a520627946 (patch) | |
tree | 2a1c3c3599d1feee558e32573deb286cb322ee30 /test/test_x509store.rb | |
parent | e52a351f02396ad839449c270cd4392277764f36 (diff) | |
parent | dde512aa2d29bac496040af27c0d3487323b7552 (diff) | |
download | ruby-openssl-576eff66bece4c3e49d4041a3746c2a520627946.tar.gz |
Merge branch 'maint'bpoint
* maint:
Ruby/OpenSSL 2.0.4
History.md: add entries for 2.0.1-2.0.3
History.md: wrap at 80 characters
extconf.rb: simplify searching libraries logic
Search SSL libraries by testing various filename patterns
openssl: fix broken openssl check
openssl: fix broken openssl check
x509store: clear error queue after calling X509_LOOKUP_load_file()
tool/sync-with-trunk: 'LASY' -> 'LAST'
Update .travis.yml and Dockerfile
test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
Fix documentation for OpenSSL::Cipher#final
Fix typos
ssl: check return value of SSL_set_fd()
test/test_ssl: fix typo in test_sysread_and_syswrite
Fix typos
test/test_pkey_ec: do not use dummy 0 order
Diffstat (limited to 'test/test_x509store.rb')
-rw-r--r-- | test/test_x509store.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/test/test_x509store.rb b/test/test_x509store.rb index dbab6424..0009813d 100644 --- a/test/test_x509store.rb +++ b/test/test_x509store.rb @@ -24,6 +24,29 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase ctx.verify end + def test_add_file + ca_exts = [ + ["basicConstraints", "CA:TRUE", true], + ["keyUsage", "cRLSign,keyCertSign", true], + ] + cert1 = issue_cert(@ca1, @rsa1024, 1, ca_exts, nil, nil) + cert2 = issue_cert(@ca2, @rsa2048, 1, ca_exts, nil, nil) + tmpfile = Tempfile.open { |f| f << cert1.to_pem << cert2.to_pem; f } + + store = OpenSSL::X509::Store.new + assert_equal false, store.verify(cert1) + assert_equal false, store.verify(cert2) + store.add_file(tmpfile.path) + assert_equal true, store.verify(cert1) + assert_equal true, store.verify(cert2) + + # OpenSSL < 1.1.1 leaks an error on a duplicate certificate + assert_nothing_raised { store.add_file(tmpfile.path) } + assert_equal [], OpenSSL.errors + ensure + tmpfile and tmpfile.close! + end + def test_verify # OpenSSL uses time(2) while Time.now uses clock_gettime(CLOCK_REALTIME), # and there may be difference. @@ -184,6 +207,7 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase end def test_set_errors + return if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000 now = Time.now ca1_cert = issue_cert(@ca1, @rsa2048, 1, [], nil, nil) store = OpenSSL::X509::Store.new |