diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-06-30 12:42:31 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-06-30 12:42:31 +0000 |
commit | 127c8a219f0e2eb3b4b08146bc297832da0b28dd (patch) | |
tree | 014ea4e5b77b69e9b370eb2fb6471a6eebadea82 /test | |
parent | 687763bc4f7cc7acb57b3ebb4641eeeec0648c22 (diff) |
* ext/openssl/ossl_x509store.c: clear error queue after calling
X509_LOOKUP_load_file()
X509_LOOKUP_load_file(), which ends up calling
X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: [Backport #11033]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59235 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
-rw-r--r-- | test/openssl/test_x509store.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb index 9964cc8fc4..0ae94e2c64 100644 --- a/test/openssl/test_x509store.rb +++ b/test/openssl/test_x509store.rb @@ -36,6 +36,32 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase OpenSSL::TestUtils.issue_crl(*args) end + def test_add_file + now = Time.at(Time.now.to_i) + ca_exts = [ + ["basicConstraints", "CA:TRUE", true], + ["keyUsage", "cRLSign,keyCertSign", true], + ] + cert1 = issue_cert(@ca1, @rsa1024, 1, now, now+3600, ca_exts, + nil, nil, "sha1") + cert2 = issue_cert(@ca2, @rsa2048, 1, now, now+3600, ca_exts, + nil, nil, "sha1") + tmpfile = Tempfile.open { |f| f << cert1.to_pem << cert2.to_pem; f } + + store = OpenSSL::X509::Store.new + assert_equal false, store.verify(cert1) + assert_equal false, store.verify(cert2) + store.add_file(tmpfile.path) + assert_equal true, store.verify(cert1) + assert_equal true, store.verify(cert2) + + # OpenSSL < 1.1.1 leaks an error on a duplicate certificate + assert_nothing_raised { store.add_file(tmpfile.path) } + assert_equal [], OpenSSL.errors + ensure + tmpfile and tmpfile.close! + end + def test_verify now = Time.at(Time.now.to_i) ca_exts = [ |