Skip to content

Commit 3aebc3d

Browse files
author
Tom Maher
committed
test that no tls_options means we get the system CA bundle
1 parent a890f03 commit 3aebc3d

File tree

1 file changed

+23
-0
lines changed

1 file changed

+23
-0
lines changed

test/integration/test_bind.rb

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,19 @@ def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes
133133
@ldap.get_operation_result.inspect
134134
end
135135

136+
def test_bind_tls_with_bogus_hostname_system_ca_fails
137+
@ldap.host = '127.0.0.1'
138+
@ldap.encryption(method: :start_tls, tls_options: {})
139+
error = assert_raise Net::LDAP::Error,
140+
Net::LDAP::ConnectionRefusedError do
141+
@ldap.bind BIND_CREDS
142+
end
143+
assert_equal(
144+
"hostname \"#{@ldap.host}\" does not match the server certificate",
145+
error.message,
146+
)
147+
end
148+
136149
# The following depend on /etc/hosts hacking.
137150
# We can do that on CI, but it's less than cool on people's dev boxes
138151
def test_bind_tls_with_multiple_hosts
@@ -196,4 +209,14 @@ def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails
196209
assert_equal("Unable to connect to any given server: ",
197210
error.message.split("\n").shift)
198211
end
212+
213+
# This test is CI-only because we can't add the fixture CA
214+
# to the system CA store on people's dev boxes.
215+
def test_bind_tls_valid_hostname_system_ca_on_travis_passes
216+
omit_unless ENV['TRAVIS'] == 'true'
217+
218+
@ldap.encryption(method: :start_tls, tls_options: {})
219+
assert @ldap.bind(BIND_CREDS),
220+
@ldap.get_operation_result.inspect
221+
end
199222
end

0 commit comments

Comments
 (0)