aboutsummaryrefslogtreecommitdiffstats
path: root/test/test_x509store.rb
diff options
context:
space:
mode:
Diffstat (limited to 'test/test_x509store.rb')
-rw-r--r--test/test_x509store.rb24
1 files changed, 24 insertions, 0 deletions
diff --git a/test/test_x509store.rb b/test/test_x509store.rb
index dbab6424..0009813d 100644
--- a/test/test_x509store.rb
+++ b/test/test_x509store.rb
@@ -24,6 +24,29 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
ctx.verify
end
+ def test_add_file
+ ca_exts = [
+ ["basicConstraints", "CA:TRUE", true],
+ ["keyUsage", "cRLSign,keyCertSign", true],
+ ]
+ cert1 = issue_cert(@ca1, @rsa1024, 1, ca_exts, nil, nil)
+ cert2 = issue_cert(@ca2, @rsa2048, 1, ca_exts, nil, nil)
+ tmpfile = Tempfile.open { |f| f << cert1.to_pem << cert2.to_pem; f }
+
+ store = OpenSSL::X509::Store.new
+ assert_equal false, store.verify(cert1)
+ assert_equal false, store.verify(cert2)
+ store.add_file(tmpfile.path)
+ assert_equal true, store.verify(cert1)
+ assert_equal true, store.verify(cert2)
+
+ # OpenSSL < 1.1.1 leaks an error on a duplicate certificate
+ assert_nothing_raised { store.add_file(tmpfile.path) }
+ assert_equal [], OpenSSL.errors
+ ensure
+ tmpfile and tmpfile.close!
+ end
+
def test_verify
# OpenSSL uses time(2) while Time.now uses clock_gettime(CLOCK_REALTIME),
# and there may be difference.
@@ -184,6 +207,7 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
end
def test_set_errors
+ return if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000
now = Time.now
ca1_cert = issue_cert(@ca1, @rsa2048, 1, [], nil, nil)
store = OpenSSL::X509::Store.new
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-22 09:45:08 +0000