diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/openssl/test_pkcs7.rb | 2 | ||||
| -rw-r--r-- | test/openssl/test_ssl.rb | 2 | ||||
| -rw-r--r-- | test/openssl/test_x509store.rb | 24 |
3 files changed, 26 insertions, 2 deletions
diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb index 48d5999752..3219155462 100644 --- a/test/openssl/test_pkcs7.rb +++ b/test/openssl/test_pkcs7.rb @@ -51,7 +51,7 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase assert_equal(@ee1_cert.serial, signers[0].serial) assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s) - # Normaly OpenSSL tries to translate the supplied content into canonical + # Normally OpenSSL tries to translate the supplied content into canonical # MIME format (e.g. a newline character is converted into CR+LF). # If the content is a binary, PKCS7::BINARY flag should be used. diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 8d74f25f5f..1906656635 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -66,7 +66,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase buf = "" ssl.syswrite(str) assert_same buf, ssl.sysread(str.size, buf) - assert_equal(str, newstr) + assert_equal(str, buf) } } end diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb index af0d8b2836..c45233aaec 100644 --- a/test/openssl/test_x509store.rb +++ b/test/openssl/test_x509store.rb @@ -34,6 +34,29 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase OpenSSL::TestUtils.issue_crl(*args) end + def test_add_file + ca_exts = [ + ["basicConstraints", "CA:TRUE", true], + ["keyUsage", "cRLSign,keyCertSign", true], + ] + cert1 = issue_cert(@ca1, @rsa1024, 1, ca_exts, nil, nil) + cert2 = issue_cert(@ca2, @rsa2048, 1, ca_exts, nil, nil) + tmpfile = Tempfile.open { |f| f << cert1.to_pem << cert2.to_pem; f } + + store = OpenSSL::X509::Store.new + assert_equal false, store.verify(cert1) + assert_equal false, store.verify(cert2) + store.add_file(tmpfile.path) + assert_equal true, store.verify(cert1) + assert_equal true, store.verify(cert2) + + # OpenSSL < 1.1.1 leaks an error on a duplicate certificate + assert_nothing_raised { store.add_file(tmpfile.path) } + assert_equal [], OpenSSL.errors + ensure + tmpfile and tmpfile.close! + end + def test_verify # OpenSSL uses time(2) while Time.now uses clock_gettime(CLOCK_REALTIME), # and there may be difference. @@ -194,6 +217,7 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase end def test_set_errors + return if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000 now = Time.now ca1_cert = issue_cert(@ca1, @rsa2048, 1, [], nil, nil) store = OpenSSL::X509::Store.new |