Merge branch 'maint'bpoint

* maint: Ruby/OpenSSL 2.0.4 History.md: add entries for 2.0.1-2.0.3 History.md: wrap at 80 characters extconf.rb: simplify searching libraries logic Search SSL libraries by testing various filename patterns openssl: fix broken openssl check openssl: fix broken openssl check x509store: clear error queue after calling X509_LOOKUP_load_file() tool/sync-with-trunk: 'LASY' -> 'LAST' Update .travis.yml and Dockerfile test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors Fix documentation for OpenSSL::Cipher#final Fix typos ssl: check return value of SSL_set_fd() test/test_ssl: fix typo in test_sysread_and_syswrite Fix typos test/test_pkey_ec: do not use dummy 0 order
author: Kazuki Yamaguchi <k@rhe.jp> 2017-06-14 18:23:25 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2017-06-14 18:23:25 +0900
commit: 576eff66bece4c3e49d4041a3746c2a520627946 (patch)
tree: 2a1c3c3599d1feee558e32573deb286cb322ee30 /test/test_x509store.rb
parent: e52a351f02396ad839449c270cd4392277764f36 (diff)
parent: dde512aa2d29bac496040af27c0d3487323b7552 (diff)
download: ruby-openssl-576eff66bece4c3e49d4041a3746c2a520627946.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/test/test_x509store.rb b/test/test_x509store.rb
index dbab6424..0009813d 100644
--- a/test/test_x509store.rb
+++ b/test/test_x509store.rb
@@ -24,6 +24,29 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
     ctx.verify
   end
 
+  def test_add_file
+    ca_exts = [
+      ["basicConstraints", "CA:TRUE", true],
+      ["keyUsage", "cRLSign,keyCertSign", true],
+    ]
+    cert1 = issue_cert(@ca1, @rsa1024, 1, ca_exts, nil, nil)
+    cert2 = issue_cert(@ca2, @rsa2048, 1, ca_exts, nil, nil)
+    tmpfile = Tempfile.open { |f| f << cert1.to_pem << cert2.to_pem; f }
+
+    store = OpenSSL::X509::Store.new
+    assert_equal false, store.verify(cert1)
+    assert_equal false, store.verify(cert2)
+    store.add_file(tmpfile.path)
+    assert_equal true, store.verify(cert1)
+    assert_equal true, store.verify(cert2)
+
+    # OpenSSL < 1.1.1 leaks an error on a duplicate certificate
+    assert_nothing_raised { store.add_file(tmpfile.path) }
+    assert_equal [], OpenSSL.errors
+  ensure
+    tmpfile and tmpfile.close!
+  end
+
   def test_verify
     # OpenSSL uses time(2) while Time.now uses clock_gettime(CLOCK_REALTIME),
     # and there may be difference.
@@ -184,6 +207,7 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
   end
 
   def test_set_errors
+    return if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000
     now = Time.now
     ca1_cert = issue_cert(@ca1, @rsa2048, 1, [], nil, nil)
     store = OpenSSL::X509::Store.new
author	Kazuki Yamaguchi <k@rhe.jp>	2017-06-14 18:23:25 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2017-06-14 18:23:25 +0900
commit	576eff66bece4c3e49d4041a3746c2a520627946 (patch)
tree	2a1c3c3599d1feee558e32573deb286cb322ee30 /test/test_x509store.rb
parent	e52a351f02396ad839449c270cd4392277764f36 (diff)
parent	dde512aa2d29bac496040af27c0d3487323b7552 (diff)
download	ruby-openssl-576eff66bece4c3e49d4041a3746c2a520627946.tar.gz