From b99775b163ce44079c1f8727ce9b4ed8bb03489d Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Sun, 16 Feb 2020 15:21:29 +0900
Subject: Import openssl-2.2.0 (#2693)

Import the master branch of ruby/openssl for preparing to release openssl-2.2.0
---
 test/openssl/test_x509crl.rb | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'test/openssl/test_x509crl.rb')

diff --git a/test/openssl/test_x509crl.rb b/test/openssl/test_x509crl.rb
index 03fdf64dd4..a6d0adc592 100644
--- a/test/openssl/test_x509crl.rb
+++ b/test/openssl/test_x509crl.rb
@@ -1,4 +1,4 @@
-# frozen_string_literal: false
+# frozen_string_literal: true
 require_relative "utils"
 
 if defined?(OpenSSL)
@@ -118,7 +118,7 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase
       ["keyUsage", "cRLSign, keyCertSign", true],
     ]
     crl_exts = [
-      ["authorityKeyIdentifier", "keyid:always", false],
+      ["authorityKeyIdentifier", "issuer:always,keyid:always", false],
       ["issuerAltName", "issuer:copy", false],
     ]
 
@@ -131,6 +131,9 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase
     assert_equal("crlNumber", exts[0].oid)
     assert_equal(false, exts[0].critical?)
 
+    expected_keyid = OpenSSL::TestUtils.get_subject_key_id(cert, hex: false)
+    assert_equal expected_keyid, crl.authority_key_identifier
+
     assert_equal("authorityKeyIdentifier", exts[1].oid)
     keyid = OpenSSL::TestUtils.get_subject_key_id(cert)
     assert_match(/^keyid:#{keyid}/, exts[1].value)
@@ -155,6 +158,10 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase
     assert_equal("issuerAltName", exts[2].oid)
     assert_equal("email:xyzzy@ruby-lang.org", exts[2].value)
     assert_equal(false, exts[2].critical?)
+
+    no_ext_crl = issue_crl([], 1, Time.now, Time.now+1600, [],
+      cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+    assert_equal nil, no_ext_crl.authority_key_identifier
   end
 
   def test_crlnumber
@@ -249,6 +256,22 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase
     assert_equal true, rev2 == crl2.revoked[1]
   end
 
+  def test_marshal
+    now = Time.now
+
+    cacert = issue_cert(@ca, @rsa1024, 1, [], nil, nil)
+    crl = issue_crl([], 1, now, now + 3600, [], cacert, @rsa1024, "sha256")
+    rev = OpenSSL::X509::Revoked.new.tap { |rev|
+      rev.serial = 1
+      rev.time = now
+    }
+    crl.add_revoked(rev)
+    deserialized = Marshal.load(Marshal.dump(crl))
+
+    assert_equal crl.to_der, deserialized.to_der
+    assert_equal crl.revoked[0].to_der, deserialized.revoked[0].to_der
+  end
+
   private
 
   def crl_error_returns_false
-- 
cgit v1.2.3