diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2020-07-18 16:45:01 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-03-16 19:16:11 +0900 |
commit | 57a57e6e561cb7c350dc1953c44cbe65cf4f214c (patch) | |
tree | 9b92d5436aececd9502df20b284afccc9663f7eb /test/openssl | |
parent | c71afc9db7fd938a71f806bace7a2aed2722c0e9 (diff) |
[ruby/openssl] test/openssl/test_ssl: revise a test case for client_cert_cb
The current test_client_auth_public_key test case checks that supplying
a PKey containing only public components through client_cert_cb will
cause handshake to fail. While this is a correct behavior as a whole,
the assertions are misleading in the sense that giving a public key is
causing the failure. Actually, the handshake fails because a client
certificate is not supplied at all, as a result of ArgumentError that is
silently ignored.
Rename the test case to test_client_cert_cb_ignore_error and simplify it
to clarify what it is testing.
https://github.com/ruby/openssl/commit/785b5569fc
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
Diffstat (limited to 'test/openssl')
-rw-r--r-- | test/openssl/test_ssl.rb | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index b4619de259..1d3cdf90d6 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -282,20 +282,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end - def test_client_auth_public_key + def test_client_cert_cb_ignore_error vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT start_server(verify_mode: vflag, ignore_listener_error: true) do |port| - assert_raise(ArgumentError) { - ctx = OpenSSL::SSL::SSLContext.new - ctx.key = @cli_key.public_key - ctx.cert = @cli_cert - server_connect(port, ctx) { |ssl| ssl.puts("abc"); ssl.gets } - } - ctx = OpenSSL::SSL::SSLContext.new - ctx.client_cert_cb = Proc.new{ |ssl| - [@cli_cert, @cli_key.public_key] + ctx.client_cert_cb = -> ssl { + raise "exception in client_cert_cb must be suppressed" } + # 1. Exception in client_cert_cb is suppressed + # 2. No client certificate will be sent to the server + # 3. SSL_VERIFY_FAIL_IF_NO_PEER_CERT causes the handshake to fail assert_handshake_error { server_connect(port, ctx) { |ssl| ssl.puts("abc"); ssl.gets } } |