summaryrefslogtreecommitdiffstats
path: root/test
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | Merge in changes to tests from upstream.Samuel Williams2020-02-061-0/+13
| | | |
* | | | Ensure that binary buffer is used at all times.Samuel Williams2020-02-061-1/+8
| | | |
* | | | Prefer `frozen_string_literal: true`.Samuel Williams2020-02-0631-47/+47
| | | |
* | | | Use assert_raise instead of assert_raisesHiroshi SHIBATA2020-01-282-37/+37
| | | |
* | | | rm GC.disable && add {certs,pkey}.unlinkthekuwayama2020-01-251-2/+6
| | | |
* | | | modify ossl_sslctx_add_certificate_chain_file() to raise Error and to return ↵thekuwayama2020-01-251-1/+75
| | | | | | | | | | | | | | | | | | | | | | | | self add test_add_certificate_chain_file_multiple_certs
* | | | modify test_add_certificate_chain_file to check ssl.peer_cert and ↵thekuwayama2020-01-251-2/+23
| | | | | | | | | | | | | | | | ssl.peer_cert_chain
* | | | Remove out-of-scope test.Samuel Williams2019-12-291-12/+0
| | | |
* | | | Merge in changes to tests from ruby/test/openssl.Samuel Williams2019-12-295-13/+36
| | | |
* | | | modify the document about `CertificateId.new`thekuwayama2019-12-021-0/+1
| | | |
* | | | pkey: add support for PKCS #8 key serializationKazuki Yamaguchi2019-11-251-0/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL::PKey::PKey#private_to_der, #private_to_pem are added to the generic PKey class. They serialize the private key to PKCS #8 {Encrypted,}PrivateKeyInfo format, in DER- and PEM- encoding, respectively. For symmetry, also add #public_to_der and #public_to_pem that serialize the public key into X.509 SubjectPublicKeyInfo format. OpenSSL::PKey.read now reads DER-encoded PKCS #8 keys as well as the "raw" private keys. PEM-encoded PKCS #8 keys have been already handled by PEM_read_bio_PrivateKey().
* | | | check AIA extension is criticalthekuwayama2019-11-191-2/+1
| | | |
* | | | add helper to retrieve OCSP URIs from Certificatethekuwayama2019-11-191-2/+35
| | | | | | | | | | | | | | | | add helper to access information and services for the issuer of the Certificate
* | | | add invalid extension testthekuwayama2019-11-111-0/+21
| | | |
* | | | Make OpenSSL::HMAC#== compare in constant time instead of returning falseBart de Water2019-11-041-0/+10
| | | |
* | | | Add helper to retrieve CRL URIs from a certificateBart de Water2019-11-011-0/+16
| | | |
* | | | Separate cert generation and issuance test helpersBart de Water2019-11-011-3/+12
| | | |
* | | | Fix `const_get` in test.Samuel Williams2019-11-011-1/+1
| | | |
* | | | Add support for SHA3. Resolves #272.Samuel Williams2019-11-011-7/+26
| | | |
* | | | update SSLSocket.open to match TCPSocket.open method signaturethekuwayama2019-10-311-2/+33
| | | |
* | | | add SSLSocket.openthekuwayama2019-10-311-11/+15
| | | |
* | | | add `SSLSocket.open` as alias of `SSLSocket.new`thekuwayama2019-10-311-0/+11
| | | |
* | | | Add Marshal support to X509 objectsBart de Water2019-10-296-0/+59
| | | | | | | | | | | | | | | | | | | | | | | | This allows for example to use Rails' cache to store these objects. Without this patch you'd get errors like "TypeError (no _dump_data is defined for class OpenSSL::X509::Certificate)" Note that the X509::Revoked class doesn't need the newly introduced modules as the DER output of X509::CRL already includes these.
* | | | Add OpenSSL.secure_compare with same semantics as Active Support >= 5.2Bart de Water2019-10-281-0/+17
| | | | | | | | | | | | | | | | secure_compare is for user input, fixed_length_secure_compare for already processed data that is known to have the same length
* | | | Rename OpenSSL.secure_compare to fixed_length_secure_compareBart de Water2019-10-281-18/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In 1ade643cbc01f3f7bd96e90bd8837df7ed491a09 the Rails-like secure_compare naming was adopted and in original pull request introducing this functionality debate around timing of hash functions followed. This made me realize why Rails' default of hashing the values to protect users from making mistakes is a good idea.
* | | | OpenSSL::TestSSL#test_finished_messages - gracefully close clientMSP-Greg2019-10-271-2/+4
| | | |
* | | | add client_finished, client_peer_finishedthekuwayama2019-10-271-3/+7
| | | | | | | | | | | | | | | | clean `start_server` method `block` argument
* | | | Rename `memcmp?` to `secure_compare`.Samuel Williams2019-10-261-18/+18
| | | | | | | | | | | | | | | | Minor improvements to formatting and documentation.
* | | | Add test for OpenSSL::PKCS7.{read,write}_smimeJeremy Evans2019-10-081-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 2nd and 3rd arguments to write_smime are not really testable without exposing additional OpenSSL constants to Ruby. Still, test that write_smime works when passed 3 arguments. Fixes Ruby Bug 8274.
* | | | Add test to ensure constant time comparison stays constantBart de Water2019-10-081-0/+17
| | | | | | | | | | | | | | | | Co-authored-by: arrtchiu <arrtchiu@gmail.com>
* | | | Add `OpenSSL.memcmp?` for constant time/timing safe string comparisonBart de Water2019-10-081-0/+28
| | | | | | | | | | | | | | | | Fixes https://bugs.ruby-lang.org/issues/10098
* | | | Add test verifying client/server finished_messagesMo Morsi2019-10-081-0/+17
| | | |
* | | | test/utils: add start_server param to specify accept callbackMo Morsi2019-10-081-0/+2
| | | | | | | | | | | | | | | | | | | | Callback will be invoked with new ssl connection upon acceptance by server. Default is empty proc.
* | | | ts: require list of allowed digest algos for FactoryBen Toews2019-10-011-2/+60
| | | |
* | | | ts: address more feedbackBen Toews2019-10-012-5/+1
| | | |
* | | | ts: move TS_TST_INFO accessors to a new Timestamp::TokenInfo classBen Toews2019-10-011-14/+62
| | | |
* | | | ts: simplify signature for TimestampFactory#additional_certs alsoBen Toews2019-10-011-16/+0
| | | |
* | | | ts: simplify TimestampResponse#response signatureBen Toews2019-10-011-41/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This method allowed roots and intermediates to be specified in a number of ways. This complexity wasn't super valuable though and its better to only allow an X509::Store with an optional Array of intermediates. This greatly simplifies the code and fixes a few leaks.
* | | | ts: address minor feedback from rhenium (more changes coming)Ben Toews2019-10-011-31/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - make some global variables static instead of extern - get rid of GetTsReqPtr/GetTsRespPtr functions - don't use c99 comments - fix some leaks - clarify what numeric type is returned (Integer or BN, never Fixnum) - typos - add missing checks, remove unecessary checks - use OPENSSL_NO_TS instead of our own macros checking for ts support - use EVP_{digest-name} instead of looking up algos by NID - don't differentiate between failure reasons when verifying - rename Response#pkcs7 to #token
* | | | ts: fix windows buildBen Toews2019-10-011-11/+7
| | | |
* | | | ts: clean up some memory leaksBen Toews2019-10-011-64/+80
| | | |
* | | | ts: update to work with openssl 1.1.xBen Toews2019-10-011-1/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - clean up whitespace - be consistent with not returning after ossl_raise - use accessor functions when working with openssl TS_* structs - backport accessors for TS_STATUS_INFO, TS_VERIFY_CTX, and TS_RESP_CTX as macros
* | | | ts: get tests running/passingBen Toews2019-10-012-499/+490
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A number of conventions seem to have changed, causing a fair bit of breakage: - `Data_*` was deprecated in favor of `TypedData_*` - `ossl_obj2bio` takes a `VALUE*` instead of `VALUE` now - `time_to_time_t()` was removed
* | | | ts: Timestamp support (3/3)Martin Bosslet2019-10-011-2/+24
| | | | | | | | | | | | | | | | This commit applies the third patches (tsr3.tar.gz) from https://bugs.ruby-lang.org/issues/4183
* | | | ts: Timestamp support (2/3)Martin Bosslet2019-10-011-6/+6
| | | | | | | | | | | | | | | | This commit applies the second patches (ts2.tar.gz) from https://bugs.ruby-lang.org/issues/4183
* | | | ts: Timestamp support (1/3)Martin Bosslet2019-10-011-0/+601
| | | | | | | | | | | | | | | | | | | | | | | | This commit applies the initial patches (ts.tar.gz) from https://bugs.ruby-lang.org/issues/4183 This compiles with several warnings. Tests don't run yet.
* | | | simplify AKI parsing to only return keyIdentifier fieldBen Toews2019-09-272-14/+2
| | | |
* | | | helpers for accessing AKI/SKI extensions of certs/crlsBen Toews2019-09-273-5/+36
| | | |
* | | | Silence warning on spaceship testsEspartaco Palma2019-07-291-2/+2
| | | | | | | | | | | | | | | | | | | | /src/test/test_x509name.rb:416: warning: ambiguous first argument; put parentheses or a space even after `-' operator /src/test/test_x509name.rb:418: warning: ambiguous first argument; put parentheses or a space even after `-' operator
* | | | x509name: return nil for wrong type in Name#<=>Andy Brody2019-07-271-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, OpenSSL::X509::Name#{cmp,<=>} would raise a TypeError if you attempted to compare a Name object with another object of a different type. Most Ruby classes instead return nil in this situation. The old behavior resulted in some strange outcomes: >> n1 = OpenSSL::X509::Name.new >> 'abc' == n1 => false >> n1 == 'abc' TypeError: wrong argument type String (expected OpenSSL/X509/NAME) With the new behavior, cmp/<=> will return nil if the other object is not an X509::Name instead of raising an error. This allows `==` to also return false instead of raising an error for type mismatches. New behavior: >> n1 = OpenSSL::X509::Name.new >> n1 == 'abc' => false >> n1 <=> 'abc' => nil
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-28 09:36:32 +0000