diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-07-20 21:33:30 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-07-20 21:33:30 +0900 |
commit | 4b860f5fc9c8742f90e9609274638628c3253bc8 (patch) | |
tree | 53ed8f634806d29666e27d38b38dc5ef68d60129 /test | |
parent | 5129832790cda2d88ec67a51941b9fc6f709ca2b (diff) | |
parent | 66c1da57eb03c19f96f3f1c843ea2a93dca3d243 (diff) | |
download | ruby-openssl-4b860f5fc9c8742f90e9609274638628c3253bc8.tar.gz |
Merge branch 'topic/ssl-check-pkey-private'
* topic/ssl-check-pkey-private:
ssl: reject keys without private components
ssl: remove unneeded instance variable x509 and key from SSL::SSLSocket
pkey: remove unused things
Diffstat (limited to 'test')
-rw-r--r-- | test/test_ssl.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index a8d6539f..ad3d5af1 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -236,6 +236,26 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end + def test_client_auth_public_key + vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT + start_server(vflag, true, ignore_listener_error: true) do |server, port| + assert_raise(ArgumentError) { + ctx = OpenSSL::SSL::SSLContext.new + ctx.key = @cli_key.public_key + ctx.cert = @cli_cert + server_connect(port, ctx) { } + } + + assert_raise(OpenSSL::SSL::SSLError) { + ctx = OpenSSL::SSL::SSLContext.new + ctx.client_cert_cb = Proc.new{ |ssl| + [@cli_cert, @cli_key.public_key] + } + server_connect(port, ctx) { } + } + end + end + def test_client_ca ctx_proc = Proc.new do |ctx| ctx.client_ca = [@ca_cert] |