openssl: import v2.1.0.beta2

Import Ruby/OpenSSL 2.1.0.beta2. The full commit log since commit
e72d960db262 which was imported by r60013 can be found at:

	https://github.com/ruby/openssl/compare/e72d960db262...v2.1.0.beta2

----------------------------------------------------------------
Kazuki Yamaguchi (26):
      bn: use ALLOCV() macro instead of xmalloc()
      appveyor.yml: remove 'openssl version' line
      test/test_ssl_session: skip tests for session_remove_cb
      x509ext: implement X509::Extension#==
      x509attr: implement X509::Attribute#==
      x509cert: implement X509::Certificate#==
      x509revoked: add missing X509::Revoked#to_der
      x509crl, x509revoked: implement X509::{CRL,Revoked}#==
      x509req: implement X509::Request#==
      ssl: extract rb_intern("call")
      cipher: disallow setting AAD for non-AEAD ciphers
      test/test_cipher: fix test_non_aead_cipher_set_auth_data failure
      ssl: fix conflict of options in SSLContext#set_params
      buffering: let #write accept multiple arguments
      pkey: make pkey_check_public_key() non-static
      x509cert, x509crl, x509req, ns_spki: check sanity of public key
      test/envutil: port assert_warning from Ruby trunk
      test/utils: remove a pointless .public_key call in issue_cert
      ssl: add SSLContext#add_certificate
      test/test_ssl: fix test_security_level
      Drop support for LibreSSL 2.4
      kdf: add HKDF support
      test/test_x509cert: fix flaky test
      test/test_x509crl: fix random failure
      History.md: fix a typo
      Ruby/OpenSSL 2.1.0.beta2

Mark Wright (1):
      Fix build failure against OpenSSL 1.1 built with no-deprecated Thanks rhenium for the code review and fixes.

Peter Karman (1):
      Add RSA sign_pss() and verify_pss() methods

aeris (1):
      TLS Fallback Signaling Cipher Suite Value

kazu (1):
      Use caller with length to reduce unused strings

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60907 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 52 insertions, 0 deletions

diff --git a/test/openssl/test_x509crl.rb b/test/openssl/test_x509crl.rb
index 1914a651cf..03fdf64dd4 100644
--- a/test/openssl/test_x509crl.rb
+++ b/test/openssl/test_x509crl.rb
@@ -197,6 +197,58 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase
     assert_equal(false, crl.verify(@dsa512))
   end
 
+  def test_revoked_to_der
+    # revokedCertificates     SEQUENCE OF SEQUENCE  {
+    #      userCertificate         CertificateSerialNumber,
+    #      revocationDate          Time,
+    #      crlEntryExtensions      Extensions OPTIONAL
+    #                               -- if present, version MUST be v2
+    #                           }  OPTIONAL,
+
+    now = Time.utc(2000, 1, 1)
+    rev1 = OpenSSL::X509::Revoked.new
+    rev1.serial = 123
+    rev1.time = now
+    ext = OpenSSL::X509::Extension.new("CRLReason", OpenSSL::ASN1::Enumerated(1))
+    rev1.extensions = [ext]
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::Integer(123),
+      OpenSSL::ASN1::UTCTime(now),
+      OpenSSL::ASN1::Sequence([ext.to_der])
+    ])
+
+    assert_equal asn1.to_der, rev1.to_der
+  end
+
+  def test_eq
+    now = Time.now
+
+    cacert = issue_cert(@ca, @rsa1024, 1, [], nil, nil)
+    crl1 = issue_crl([], 1, now, now + 3600, [], cacert, @rsa1024, "sha256")
+    rev1 = OpenSSL::X509::Revoked.new.tap { |rev|
+      rev.serial = 1
+      rev.time = now
+    }
+    crl1.add_revoked(rev1)
+    crl2 = OpenSSL::X509::CRL.new(crl1.to_der)
+
+    # CRL
+    assert_equal false, crl1 == 12345
+    assert_equal true, crl1 == crl2
+    rev2 = OpenSSL::X509::Revoked.new.tap { |rev|
+      rev.serial = 2
+      rev.time = now
+    }
+    crl2.add_revoked(rev2)
+    assert_equal false, crl1 == crl2
+
+    # Revoked
+    assert_equal false, rev1 == 12345
+    assert_equal true, rev1 == crl2.revoked[0]
+    assert_equal false, rev1 == crl2.revoked[1]
+    assert_equal true, rev2 == crl2.revoked[1]
+  end
+
   private
 
   def crl_error_returns_false