diff options
author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-12-19 08:28:33 +0000 |
---|---|---|
committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-12-19 08:28:33 +0000 |
commit | 049c3927ff0692282187507e3d4914bb8112ff0a (patch) | |
tree | e309494f4ffa535b8868d251db6bb26c399d1722 /test/openssl/test_x509store.rb | |
parent | 80f52f38c7751854a1ab7c3187d104f4c09d35e6 (diff) |
* ext/openssl/ossl_x509store.c
(ossl_x509store_set_time): add OpenSSL::X509::Store#time=.
(ossl_x509stctx_set_time): add OpenSSL::X509::StoreContext#time=.
* test/openssl/ossl_x509store.rb: test certificate validity times.
* ext/openssl/ossl_x509name.c (ossl_x509name_to_s): add optional
second argument to specify the output format (see also
X509_NAME_print_ex).
* ext/openssl/ossl_x509name.c (ossl_x509name_init): new constants:
OpenSSL::X509::Name::COMPAT, OpenSSL::X509::Name::RFC2253,
OpenSSL::X509::ONELINE, OpenSSL::X509::MULTILINE.
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name::RFC2253DN):
new module to provide the parse for RFC2253 DN format.
* ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name.parse_rfc2253):
new method to parse RFC2253 DN format.
* test/openssl/ossl_x509name.rb: add tests about RFC2253 DN.
* text/openssl/ssl_server.rb: try to listen ports from 20443 to 20542
while EADDRINUSE is raised.
* all changes in this entry are backport from 1.9.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7599 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl/test_x509store.rb')
-rw-r--r-- | test/openssl/test_x509store.rb | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb index 113e81fa52..8151e5fdb6 100644 --- a/test/openssl/test_x509store.rb +++ b/test/openssl/test_x509store.rb @@ -49,6 +49,8 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new) ee3_cert = issue_cert(@ee2, @dsa512, 30, now-100, now-1, ee_exts, ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new) + ee4_cert = issue_cert(@ee2, @dsa512, 40, now+1000, now+2000, ee_exts, + ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new) revoke_info = [] crl1 = issue_crl(revoke_info, 1, now, now+1800, [], @@ -106,6 +108,36 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase assert_equal(@ca1.to_der, chain[2].subject.to_der) assert_equal(false, store.verify(ee3_cert)) assert_match(/expire/i, store.error_string) + assert_equal(false, store.verify(ee4_cert)) + assert_match(/not yet valid/i, store.error_string) + + store = OpenSSL::X509::Store.new + store.add_cert(ca1_cert) + store.add_cert(ca2_cert) + store.time = now + 1500 + assert_equal(true, store.verify(ca1_cert)) + assert_equal(true, store.verify(ca2_cert)) + assert_equal(true, store.verify(ee4_cert)) + store.time = now + 1900 + assert_equal(true, store.verify(ca1_cert)) + assert_equal(false, store.verify(ca2_cert)) + assert_match(/expire/i, store.error_string) + assert_equal(false, store.verify(ee4_cert)) + assert_match(/expire/i, store.error_string) + store.time = now + 4000 + assert_equal(false, store.verify(ee1_cert)) + assert_match(/expire/i, store.error_string) + assert_equal(false, store.verify(ee4_cert)) + assert_match(/expire/i, store.error_string) + + # the underlying X509 struct caches the result of the last + # verification for signature and not-before. so the following code + # rebuilds new objects to avoid site effect. + store.time = Time.now - 4000 + assert_equal(false, store.verify(OpenSSL::X509::Certificate.new(ca2_cert))) + assert_match(/not yet valid/i, store.error_string) + assert_equal(false, store.verify(OpenSSL::X509::Certificate.new(ee1_cert))) + assert_match(/not yet valid/i, store.error_string) return unless defined?(OpenSSL::X509::V_FLAG_CRL_CHECK) |