diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2020-08-08 19:03:46 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-03-16 19:16:11 +0900 |
commit | 88b8b3ac15223d65cf4b40cfc7d193b54b6e2f09 (patch) | |
tree | 5e409a418498064d28706cecb1d972668e874527 /test/openssl | |
parent | 92f19f7bb043908a583f04fb737664c5010a3ec2 (diff) |
[ruby/openssl] x509store: let X509::Store#add_file raise TypeError if nil is given
Undo special treatment of nil and simply pass the value to
StringValueCStr().
nil was never a valid argument for the method; OpenSSL::X509::StoreError
with an unhelpful error message "system lib" was raised in that case.
https://github.com/ruby/openssl/commit/fb2fcbb137
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
Diffstat (limited to 'test/openssl')
-rw-r--r-- | test/openssl/test_x509store.rb | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb index 1cbc73d539..b3212e4bd4 100644 --- a/test/openssl/test_x509store.rb +++ b/test/openssl/test_x509store.rb @@ -26,15 +26,20 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase ctx.verify end - def test_add_file + def test_add_file_path ca_exts = [ ["basicConstraints", "CA:TRUE", true], ["keyUsage", "cRLSign,keyCertSign", true], ] - cert1 = issue_cert(@ca1, @rsa1024, 1, ca_exts, nil, nil) - cert2 = issue_cert(@ca2, @rsa2048, 1, ca_exts, nil, nil) - tmpfile = Tempfile.open { |f| f << cert1.to_pem << cert2.to_pem; f } + cert1_subj = OpenSSL::X509::Name.parse_rfc2253("CN=Cert 1") + cert1_key = Fixtures.pkey("rsa-1") + cert1 = issue_cert(cert1_subj, cert1_key, 1, ca_exts, nil, nil) + cert2_subj = OpenSSL::X509::Name.parse_rfc2253("CN=Cert 2") + cert2_key = Fixtures.pkey("rsa-2") + cert2 = issue_cert(cert2_subj, cert2_key, 1, ca_exts, nil, nil) + # X509::Store#add_file reads concatenated PEM file + tmpfile = Tempfile.open { |f| f << cert1.to_pem << cert2.to_pem; f } store = OpenSSL::X509::Store.new assert_equal false, store.verify(cert1) assert_equal false, store.verify(cert2) @@ -42,9 +47,23 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase assert_equal true, store.verify(cert1) assert_equal true, store.verify(cert2) + # X509::Store#add_path + Dir.mktmpdir do |dir| + hash1 = "%08x.%d" % [cert1_subj.hash, 0] + File.write(File.join(dir, hash1), cert1.to_pem) + store = OpenSSL::X509::Store.new + store.add_path(dir) + + assert_equal true, store.verify(cert1) + assert_equal false, store.verify(cert2) + end + # OpenSSL < 1.1.1 leaks an error on a duplicate certificate assert_nothing_raised { store.add_file(tmpfile.path) } assert_equal [], OpenSSL.errors + + # Non-String is given + assert_raise(TypeError) { store.add_file(nil) } ensure tmpfile and tmpfile.close! end |