mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
a55320b093
Import Ruby/OpenSSL 2.1.0.beta2. The full commit log since commit e72d960db262 which was imported by r60013 can be found at: https://github.com/ruby/openssl/compare/e72d960db262...v2.1.0.beta2 ---------------------------------------------------------------- Kazuki Yamaguchi (26): bn: use ALLOCV() macro instead of xmalloc() appveyor.yml: remove 'openssl version' line test/test_ssl_session: skip tests for session_remove_cb x509ext: implement X509::Extension#== x509attr: implement X509::Attribute#== x509cert: implement X509::Certificate#== x509revoked: add missing X509::Revoked#to_der x509crl, x509revoked: implement X509::{CRL,Revoked}#== x509req: implement X509::Request#== ssl: extract rb_intern("call") cipher: disallow setting AAD for non-AEAD ciphers test/test_cipher: fix test_non_aead_cipher_set_auth_data failure ssl: fix conflict of options in SSLContext#set_params buffering: let #write accept multiple arguments pkey: make pkey_check_public_key() non-static x509cert, x509crl, x509req, ns_spki: check sanity of public key test/envutil: port assert_warning from Ruby trunk test/utils: remove a pointless .public_key call in issue_cert ssl: add SSLContext#add_certificate test/test_ssl: fix test_security_level Drop support for LibreSSL 2.4 kdf: add HKDF support test/test_x509cert: fix flaky test test/test_x509crl: fix random failure History.md: fix a typo Ruby/OpenSSL 2.1.0.beta2 Mark Wright (1): Fix build failure against OpenSSL 1.1 built with no-deprecated Thanks rhenium for the code review and fixes. Peter Karman (1): Add RSA sign_pss() and verify_pss() methods aeris (1): TLS Fallback Signaling Cipher Suite Value kazu (1): Use caller with length to reduce unused strings git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60907 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
91 lines
3.1 KiB
Ruby
91 lines
3.1 KiB
Ruby
# frozen_string_literal: false
|
|
require_relative 'utils'
|
|
|
|
if defined?(OpenSSL)
|
|
|
|
class OpenSSL::TestX509Extension < OpenSSL::TestCase
|
|
def setup
|
|
super
|
|
@basic_constraints_value = OpenSSL::ASN1::Sequence([
|
|
OpenSSL::ASN1::Boolean(true), # CA
|
|
OpenSSL::ASN1::Integer(2) # pathlen
|
|
])
|
|
@basic_constraints = OpenSSL::ASN1::Sequence([
|
|
OpenSSL::ASN1::ObjectId("basicConstraints"),
|
|
OpenSSL::ASN1::Boolean(true),
|
|
OpenSSL::ASN1::OctetString(@basic_constraints_value.to_der),
|
|
])
|
|
end
|
|
|
|
def test_new
|
|
ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
|
|
assert_equal("basicConstraints", ext.oid)
|
|
assert_equal(true, ext.critical?)
|
|
assert_equal("CA:TRUE, pathlen:2", ext.value)
|
|
|
|
ext = OpenSSL::X509::Extension.new("2.5.29.19",
|
|
@basic_constraints_value.to_der, true)
|
|
assert_equal(@basic_constraints.to_der, ext.to_der)
|
|
end
|
|
|
|
def test_create_by_factory
|
|
ef = OpenSSL::X509::ExtensionFactory.new
|
|
|
|
bc = ef.create_extension("basicConstraints", "critical, CA:TRUE, pathlen:2")
|
|
assert_equal(@basic_constraints.to_der, bc.to_der)
|
|
|
|
bc = ef.create_extension("basicConstraints", "CA:TRUE, pathlen:2", true)
|
|
assert_equal(@basic_constraints.to_der, bc.to_der)
|
|
|
|
ef.config = OpenSSL::Config.parse(<<-_end_of_cnf_)
|
|
[crlDistPts]
|
|
URI.1 = http://www.example.com/crl
|
|
URI.2 = ldap://ldap.example.com/cn=ca?certificateRevocationList;binary
|
|
|
|
[certPolicies]
|
|
policyIdentifier = 2.23.140.1.2.1
|
|
CPS.1 = http://cps.example.com
|
|
_end_of_cnf_
|
|
|
|
cdp = ef.create_extension("crlDistributionPoints", "@crlDistPts")
|
|
assert_equal(false, cdp.critical?)
|
|
assert_equal("crlDistributionPoints", cdp.oid)
|
|
assert_match(%{URI:http://www\.example\.com/crl}, cdp.value)
|
|
assert_match(
|
|
%r{URI:ldap://ldap\.example\.com/cn=ca\?certificateRevocationList;binary},
|
|
cdp.value)
|
|
|
|
cdp = ef.create_extension("crlDistributionPoints", "critical, @crlDistPts")
|
|
assert_equal(true, cdp.critical?)
|
|
assert_equal("crlDistributionPoints", cdp.oid)
|
|
assert_match(%{URI:http://www.example.com/crl}, cdp.value)
|
|
assert_match(
|
|
%r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
|
|
cdp.value)
|
|
|
|
cp = ef.create_extension("certificatePolicies", "@certPolicies")
|
|
assert_equal(false, cp.critical?)
|
|
assert_equal("certificatePolicies", cp.oid)
|
|
assert_match(%r{2.23.140.1.2.1}, cp.value)
|
|
assert_match(%r{http://cps.example.com}, cp.value)
|
|
end
|
|
|
|
def test_dup
|
|
ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
|
|
assert_equal(@basic_constraints.to_der, ext.to_der)
|
|
assert_equal(ext.to_der, ext.dup.to_der)
|
|
end
|
|
|
|
def test_eq
|
|
ext1 = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
|
|
ef = OpenSSL::X509::ExtensionFactory.new
|
|
ext2 = ef.create_extension("basicConstraints", "critical, CA:TRUE, pathlen:2")
|
|
ext3 = ef.create_extension("basicConstraints", "critical, CA:TRUE")
|
|
|
|
assert_equal false, ext1 == 12345
|
|
assert_equal true, ext1 == ext2
|
|
assert_equal false, ext1 == ext3
|
|
end
|
|
end
|
|
|
|
end
|