mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
[ruby/openssl] test/openssl/test_ssl: revise verify_mode test cases
Add explicit test cases for the behaviors with different verify_mode. If we made a bug in verify_mode, we would notice it by failures of other test cases, but there were no dedicated test cases for verify_mode. https://github.com/ruby/openssl/commit/1ccdc05662
This commit is contained in:
parent
57a57e6e56
commit
3b43e3fa10
Notes:
git
2021-03-16 20:38:48 +09:00
1 changed files with 45 additions and 1 deletions
|
@ -246,7 +246,51 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
end
|
||||
end
|
||||
|
||||
def test_client_auth_failure
|
||||
def test_verify_mode_server_cert
|
||||
start_server(ignore_listener_error: true) { |port|
|
||||
populated_store = OpenSSL::X509::Store.new
|
||||
populated_store.add_cert(@ca_cert)
|
||||
empty_store = OpenSSL::X509::Store.new
|
||||
|
||||
# Valid certificate, SSL_VERIFY_PEER
|
||||
assert_nothing_raised {
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
||||
ctx.cert_store = populated_store
|
||||
server_connect(port, ctx) { |ssl| ssl.puts("abc"); ssl.gets }
|
||||
}
|
||||
|
||||
# Invalid certificate, SSL_VERIFY_NONE
|
||||
assert_nothing_raised {
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
||||
ctx.cert_store = empty_store
|
||||
server_connect(port, ctx) { |ssl| ssl.puts("abc"); ssl.gets }
|
||||
}
|
||||
|
||||
# Invalid certificate, SSL_VERIFY_PEER
|
||||
assert_handshake_error {
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
||||
ctx.cert_store = empty_store
|
||||
server_connect(port, ctx) { |ssl| ssl.puts("abc"); ssl.gets }
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def test_verify_mode_client_cert_required
|
||||
# Optional, client certificate not supplied
|
||||
vflag = OpenSSL::SSL::VERIFY_PEER
|
||||
accept_proc = -> ssl {
|
||||
assert_equal nil, ssl.peer_cert
|
||||
}
|
||||
start_server(verify_mode: vflag, accept_proc: accept_proc) { |port|
|
||||
assert_nothing_raised {
|
||||
server_connect(port) { |ssl| ssl.puts("abc"); ssl.gets }
|
||||
}
|
||||
}
|
||||
|
||||
# Required, client certificate not supplied
|
||||
vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
|
||||
start_server(verify_mode: vflag, ignore_listener_error: true) { |port|
|
||||
assert_handshake_error {
|
||||
|
|
Loading…
Add table
Reference in a new issue