mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
c8cb26252a
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
52 lines
1.8 KiB
Ruby
52 lines
1.8 KiB
Ruby
# frozen_string_literal: false
|
|
require_relative 'utils'
|
|
|
|
if defined?(OpenSSL::TestUtils)
|
|
|
|
class OpenSSL::TestNSSPI < OpenSSL::TestCase
|
|
def setup
|
|
# This request data is adopt from the specification of
|
|
# "Netscape Extensions for User Key Generation".
|
|
# -- http://wp.netscape.com/eng/security/comm4-keygen.html
|
|
@b64 = "MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAnX0TILJrOMUue+PtwBRE6XfV"
|
|
@b64 << "WtKQbsshxk5ZhcUwcwyvcnIq9b82QhJdoACdD34rqfCAIND46fXKQUnb0mvKzQID"
|
|
@b64 << "AQABFhFNb3ppbGxhSXNNeUZyaWVuZDANBgkqhkiG9w0BAQQFAANBAAKv2Eex2n/S"
|
|
@b64 << "r/7iJNroWlSzSMtTiQTEB+ADWHGj9u1xrUrOilq/o2cuQxIfZcNZkYAkWP4DubqW"
|
|
@b64 << "i0//rgBvmco="
|
|
end
|
|
|
|
def test_build_data
|
|
key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
|
key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
|
spki = OpenSSL::Netscape::SPKI.new
|
|
spki.challenge = "RandomString"
|
|
spki.public_key = key1.public_key
|
|
spki.sign(key1, OpenSSL::Digest::SHA1.new)
|
|
assert(spki.verify(spki.public_key))
|
|
assert(spki.verify(key1.public_key))
|
|
assert(!spki.verify(key2.public_key))
|
|
|
|
der = spki.to_der
|
|
spki = OpenSSL::Netscape::SPKI.new(der)
|
|
assert_equal("RandomString", spki.challenge)
|
|
assert_equal(key1.public_key.to_der, spki.public_key.to_der)
|
|
assert(spki.verify(spki.public_key))
|
|
assert_not_nil(spki.to_text)
|
|
end
|
|
|
|
def test_decode_data
|
|
spki = OpenSSL::Netscape::SPKI.new(@b64)
|
|
assert_equal(@b64, spki.to_pem)
|
|
assert_equal(@b64.unpack("m").first, spki.to_der)
|
|
assert_equal("MozillaIsMyFriend", spki.challenge)
|
|
assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
|
|
|
|
spki = OpenSSL::Netscape::SPKI.new(@b64.unpack("m").first)
|
|
assert_equal(@b64, spki.to_pem)
|
|
assert_equal(@b64.unpack("m").first, spki.to_der)
|
|
assert_equal("MozillaIsMyFriend", spki.challenge)
|
|
assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
|
|
end
|
|
end
|
|
|
|
end
|