merge revision(s) 26836:26859,26861,27921:

* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_{get,set}_time{,out}): fixed a bug introduced by backporting. (see [ruby-dev:40573]) use long in according to OpenSSL API. (SSL_SESSION_{get,set}_time{,out}) * ext/openssl/ossl_x509name.c: added X509::Name#hash_old as a wrapper for X509_NAME_hash_old in OpenSSL 1.0.0. * test/openssl/test_x509name.rb (test_hash): make test pass with OpenSSL 1.0.0. * test/openssl/test_x509*: make tests pass with OpenSSL 1.0.0b5. * PKey::PKey#verify raises an exception when a given PKey does not match with signature. * PKey::DSA#sign accepts SHA1, SHA256 other than DSS1. * backport the commit from trunk: Sun Feb 28 11:49:35 2010 NARUSE, Yui <naruse@ruby-lang.org> * openssl/ossl.c (OSSL_IMPL_SK2ARY): for OpenSSL 1.0. patched by Jeroen van Meeuwen at [ruby-core:25210] fixed by Nobuyoshi Nakada [ruby-core:25238], Hongli Lai [ruby-core:27417], and Motohiro KOSAKI [ruby-core:28063] * ext/openssl/ossl_ssl.c (ossl_ssl_method_tab), (ossl_ssl_cipher_to_ary): constified. * ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls): split pkcs7_get_certs_or_crls. * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is truncated with ec_key.group.order.size after openssl 0.9.8m for FIPS 186-3 compliance. WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns false when you pass dgst longer than expected (no truncation performed). * ext/openssl/ossl_pkey_ec.c: rdoc typo fixed. * ext/openssl/ossl_config.c: defined own IMPLEMENT_LHASH_DOALL_ARG_FN_098 macro according to IMPLEMENT_LHASH_DOALL_ARG_FN in OpenSSL 0.9.8m. OpenSSL 1.0.0beta5 has a slightly different definiton so it could be a temporal workaround for 0.9.8 and 1.0.0 dual support. * ext/openssl/ossl_pkcs5.c (ossl_pkcs5_pbkdf2_hmac): follows function definition in OpenSSL 1.0.0beta5. PKCS5_PBKDF2_HMAC is from 1.0.0 (0.9.8 only has PKCS5_PBKDF2_HMAC_SHA1) * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_eq): do not use SSL_SESSION_cmp and implement equality func by ousrself. See the comment. * ext/openssl/extconf.rb: check some functions added at OpenSSL 1.0.0. * ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which exists. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@28367 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-06-21 09:18:59 +0000
committer: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-06-21 09:18:59 +0000
commit: 1ae16961956c2459c0f29b676c5da9cb9cc875bf (patch)
tree: 37800b37cb336e24813ae4d74b26df81a361947b /test/openssl/test_x509req.rb
parent: c9915e5b08bbb58618b2bbc2dcbc9dafd5c1ba84 (diff)
1 files changed, 26 insertions, 12 deletions
diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb
index a37ed5c5ef..6186bcea0c 100644
--- a/test/openssl/test_x509req.rb
+++ b/test/openssl/test_x509req.rb
@@ -103,37 +103,51 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
     assert_equal(exts, get_ext_req(attrs[1].value))
   end
 
+  def test_sign_and_verify_wrong_key_type
+    req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
+    req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
+    begin
+      assert_equal(false, req_rsa.verify(@dsa256))
+    rescue OpenSSL::X509::RequestError => e
+      # OpenSSL 1.0.0 added checks for pkey OID
+      assert_equal('wrong public key type', e.message)
+    end
+
+    begin
+      assert_equal(false, req_dsa.verify(@rsa1024))
+    rescue OpenSSL::X509::RequestError => e
+      # OpenSSL 1.0.0 added checks for pkey OID
+      assert_equal('wrong public key type', e.message)
+    end
+  end
+
   def test_sign_and_verify
     req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
     assert_equal(true,  req.verify(@rsa1024))
     assert_equal(false, req.verify(@rsa2048))
-    assert_equal(false, req.verify(@dsa256))
-    assert_equal(false, req.verify(@dsa512))
     req.version = 1
     assert_equal(false, req.verify(@rsa1024))
 
     req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
     assert_equal(false, req.verify(@rsa1024))
     assert_equal(true,  req.verify(@rsa2048))
-    assert_equal(false, req.verify(@dsa256))
-    assert_equal(false, req.verify(@dsa512))
     req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
     assert_equal(false, req.verify(@rsa2048))
 
     req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
-    assert_equal(false, req.verify(@rsa1024))
-    assert_equal(false, req.verify(@rsa2048))
     assert_equal(false, req.verify(@dsa256))
     assert_equal(true,  req.verify(@dsa512))
     req.public_key = @rsa1024.public_key
     assert_equal(false, req.verify(@dsa512))
+  end
 
-    assert_raise(OpenSSL::X509::RequestError){
-      issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) }
-    assert_raise(OpenSSL::X509::RequestError){
-      issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) }
-    assert_raise(OpenSSL::X509::RequestError){
-      issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
+  def test_dsig_algorithm_mismatch
+    assert_raise(OpenSSL::X509::RequestError) do
+      issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new)
+    end
+    assert_raise(OpenSSL::X509::RequestError) do
+      issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new)
+    end
   end
 end
author	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-06-21 09:18:59 +0000
committer	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-06-21 09:18:59 +0000
commit	1ae16961956c2459c0f29b676c5da9cb9cc875bf (patch)
tree	37800b37cb336e24813ae4d74b26df81a361947b /test/openssl/test_x509req.rb
parent	c9915e5b08bbb58618b2bbc2dcbc9dafd5c1ba84 (diff)