Skip to content

Commit 4cc3c41

Browse files
rheniumrhenium
committed
test/openssl/test_x509store: tidy up tests for X509::Store#add_cert
Rename the test case to test_add_cert_duplicate to clarify what it is actually testing.
1 parent 61012df commit 4cc3c41

File tree

1 file changed

+9
-17
lines changed

1 file changed

+9
-17
lines changed

test/openssl/test_x509store.rb

+9-17
Original file line numberDiff line numberDiff line change
@@ -4,18 +4,6 @@
44
if defined?(OpenSSL)
55

66
class OpenSSL::TestX509Store < OpenSSL::TestCase
7-
def setup
8-
super
9-
@rsa1024 = Fixtures.pkey("rsa1024")
10-
@rsa2048 = Fixtures.pkey("rsa2048")
11-
@dsa256 = Fixtures.pkey("dsa256")
12-
@dsa512 = Fixtures.pkey("dsa512")
13-
@ca1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA1")
14-
@ca2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA2")
15-
@ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
16-
@ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
17-
end
18-
197
def test_store_new
208
# v2.3.0 emits explicit warning
219
assert_warning(/new does not take any arguments/) {
@@ -339,22 +327,26 @@ def test_verify_with_crl
339327
assert_equal(false, store.verify(ee2_cert))
340328
end
341329

342-
def test_set_errors
330+
def test_add_cert_duplicate
331+
# Up until OpenSSL 1.1.0, X509_STORE_add_{cert,crl}() returned an error
332+
# if the given certificate is already in the X509_STORE
343333
return if openssl?(1, 1, 0) || libressl?
344-
now = Time.now
345-
ca1_cert = issue_cert(@ca1, @rsa2048, 1, [], nil, nil)
334+
ca1 = OpenSSL::X509::Name.parse_rfc2253("CN=Root CA")
335+
ca1_key = Fixtures.pkey("rsa-1")
336+
ca1_cert = issue_cert(ca1, ca1_key, 1, [], nil, nil)
346337
store = OpenSSL::X509::Store.new
347338
store.add_cert(ca1_cert)
348339
assert_raise(OpenSSL::X509::StoreError){
349340
store.add_cert(ca1_cert) # add same certificate twice
350341
}
351342

343+
now = Time.now
352344
revoke_info = []
353345
crl1 = issue_crl(revoke_info, 1, now, now+1800, [],
354-
ca1_cert, @rsa2048, OpenSSL::Digest.new('SHA1'))
346+
ca1_cert, ca1_key, "sha256")
355347
revoke_info = [ [2, now, 1], ]
356348
crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
357-
ca1_cert, @rsa2048, OpenSSL::Digest.new('SHA1'))
349+
ca1_cert, ca1_key, "sha256")
358350
store.add_crl(crl1)
359351
assert_raise(OpenSSL::X509::StoreError){
360352
store.add_crl(crl2) # add CRL issued by same CA twice.

0 commit comments

Comments
 (0)