* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): try to decode

  the argument as a string.

* ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method.

* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
  set @time to avoid warning.

* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
  X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
  wrapped functions fails.

* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.

* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
  of unused variable.

* test/openssl/test_ns_spki.rb: add new file.

* test/openssl/test_x509store.rb: add test for error.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9021 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 22 insertions, 0 deletions

diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb
index 6696020af7..b0fe597262 100644
--- a/test/openssl/test_x509store.rb
+++ b/test/openssl/test_x509store.rb
@@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
     assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error)
     assert_equal(false, store.verify(ee2_cert))
   end
+
+  def test_set_errors
+    now = Time.now
+    ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [],
+                          nil, nil, OpenSSL::Digest::SHA1.new)
+    store = OpenSSL::X509::Store.new
+    store.add_cert(ca1_cert)
+    assert_raises(OpenSSL::X509::StoreError){
+      store.add_cert(ca1_cert)  # add same certificate twice
+    }
+
+    revoke_info = []
+    crl1 = issue_crl(revoke_info, 1, now, now+1800, [],
+                     ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+    revoke_info = [ [2, now, 1], ]
+    crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
+                     ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+    store.add_crl(crl1)
+    assert_raises(OpenSSL::X509::StoreError){
+      store.add_crl(crl2) # add CRL issued by same CA twice.
+    }
+  end
 end
 
 end