mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
c8cb26252a
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
67 lines
2.2 KiB
Ruby
67 lines
2.2 KiB
Ruby
# frozen_string_literal: false
|
|
require_relative 'utils'
|
|
|
|
if defined?(OpenSSL::TestUtils)
|
|
|
|
class OpenSSL::TestX509Extension < OpenSSL::TestCase
|
|
def setup
|
|
@basic_constraints_value = OpenSSL::ASN1::Sequence([
|
|
OpenSSL::ASN1::Boolean(true), # CA
|
|
OpenSSL::ASN1::Integer(2) # pathlen
|
|
])
|
|
@basic_constraints = OpenSSL::ASN1::Sequence([
|
|
OpenSSL::ASN1::ObjectId("basicConstraints"),
|
|
OpenSSL::ASN1::Boolean(true),
|
|
OpenSSL::ASN1::OctetString(@basic_constraints_value.to_der),
|
|
])
|
|
end
|
|
|
|
def test_new
|
|
ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
|
|
assert_equal("basicConstraints", ext.oid)
|
|
assert_equal(true, ext.critical?)
|
|
assert_equal("CA:TRUE, pathlen:2", ext.value)
|
|
|
|
ext = OpenSSL::X509::Extension.new("2.5.29.19",
|
|
@basic_constraints_value.to_der, true)
|
|
assert_equal(@basic_constraints.to_der, ext.to_der)
|
|
end
|
|
|
|
def test_create_by_factory
|
|
ef = OpenSSL::X509::ExtensionFactory.new
|
|
|
|
bc = ef.create_extension("basicConstraints", "critical, CA:TRUE, pathlen:2")
|
|
assert_equal(@basic_constraints.to_der, bc.to_der)
|
|
|
|
bc = ef.create_extension("basicConstraints", "CA:TRUE, pathlen:2", true)
|
|
assert_equal(@basic_constraints.to_der, bc.to_der)
|
|
|
|
begin
|
|
ef.config = OpenSSL::Config.parse(<<-_end_of_cnf_)
|
|
[crlDistPts]
|
|
URI.1 = http://www.example.com/crl
|
|
URI.2 = ldap://ldap.example.com/cn=ca?certificateRevocationList;binary
|
|
_end_of_cnf_
|
|
rescue NotImplementedError
|
|
return
|
|
end
|
|
|
|
cdp = ef.create_extension("crlDistributionPoints", "@crlDistPts")
|
|
assert_equal(false, cdp.critical?)
|
|
assert_equal("crlDistributionPoints", cdp.oid)
|
|
assert_match(%{URI:http://www\.example\.com/crl}, cdp.value)
|
|
assert_match(
|
|
%r{URI:ldap://ldap\.example\.com/cn=ca\?certificateRevocationList;binary},
|
|
cdp.value)
|
|
|
|
cdp = ef.create_extension("crlDistributionPoints", "critical, @crlDistPts")
|
|
assert_equal(true, cdp.critical?)
|
|
assert_equal("crlDistributionPoints", cdp.oid)
|
|
assert_match(%{URI:http://www.example.com/crl}, cdp.value)
|
|
assert_match(
|
|
%r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
|
|
cdp.value)
|
|
end
|
|
end
|
|
|
|
end
|