0002-openssl-verify-don-t-assume-false.patch
| b/test/openssl/test_x509cert.rb | ||
|---|---|---|
| 134 | 134 |
nil, nil, OpenSSL::Digest::SHA1.new) |
| 135 | 135 |
assert_equal(false, cert.verify(@rsa1024)) |
| 136 | 136 |
assert_equal(true, cert.verify(@rsa2048)) |
| 137 |
assert_equal(false, cert.verify(@dsa256))
|
|
| 138 |
assert_equal(false, cert.verify(@dsa512))
|
|
| 137 |
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
|
|
| 138 |
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
|
|
| 139 | 139 |
cert.serial = 2 |
| 140 | 140 |
assert_equal(false, cert.verify(@rsa2048)) |
| 141 | 141 | |
| 142 | 142 |
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], |
| 143 | 143 |
nil, nil, OpenSSL::Digest::MD5.new) |
| 144 | 144 |
assert_equal(false, cert.verify(@rsa1024)) |
| 145 |
assert_equal(true, cert.verify(@rsa2048)) |
|
| 146 |
assert_equal(false, cert.verify(@dsa256)) |
|
| 147 |
assert_equal(false, cert.verify(@dsa512)) |
|
| 145 |
assert_equal(true, cert.verify(@rsa2048)) |
|
| 146 | ||
| 147 |
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
|
|
| 148 |
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
|
|
| 148 | 149 |
cert.subject = @ee1 |
| 149 | 150 |
assert_equal(false, cert.verify(@rsa2048)) |
| 150 | 151 | |
| 151 | 152 |
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], |
| 152 | 153 |
nil, nil, OpenSSL::Digest::DSS1.new) |
| 153 |
assert_equal(false, cert.verify(@rsa1024))
|
|
| 154 |
assert_equal(false, cert.verify(@rsa2048))
|
|
| 154 |
assert_equal(false, certificate_error_returns_false { cert.verify(@rsa1024) })
|
|
| 155 |
assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) })
|
|
| 155 | 156 |
assert_equal(false, cert.verify(@dsa256)) |
| 156 | 157 |
assert_equal(true, cert.verify(@dsa512)) |
| 157 | 158 |
cert.not_after = Time.now |
| ... | ... | |
| 170 | 171 |
nil, nil, OpenSSL::Digest::SHA1.new) |
| 171 | 172 |
} |
| 172 | 173 |
end |
| 174 |
|
|
| 175 |
private |
|
| 176 |
|
|
| 177 |
def certificate_error_returns_false |
|
| 178 |
yield |
|
| 179 |
rescue OpenSSL::X509::CertificateError |
|
| 180 |
false |
|
| 181 |
end |
|
| 173 | 182 |
end |
| 174 | 183 | |
| 175 | 184 |
end |
| b/test/openssl/test_x509crl.rb | ||
|---|---|---|
| 197 | 197 |
cert, @rsa2048, OpenSSL::Digest::SHA1.new) |
| 198 | 198 |
assert_equal(false, crl.verify(@rsa1024)) |
| 199 | 199 |
assert_equal(true, crl.verify(@rsa2048)) |
| 200 |
assert_equal(false, crl.verify(@dsa256))
|
|
| 201 |
assert_equal(false, crl.verify(@dsa512))
|
|
| 200 |
assert_equal(false, crl_error_returns_false { crl.verify(@dsa256) })
|
|
| 201 |
assert_equal(false, crl_error_returns_false { crl.verify(@dsa512) })
|
|
| 202 | 202 |
crl.version = 0 |
| 203 | 203 |
assert_equal(false, crl.verify(@rsa2048)) |
| 204 | 204 | |
| ... | ... | |
| 206 | 206 |
nil, nil, OpenSSL::Digest::DSS1.new) |
| 207 | 207 |
crl = issue_crl([], 1, Time.now, Time.now+1600, [], |
| 208 | 208 |
cert, @dsa512, OpenSSL::Digest::DSS1.new) |
| 209 |
assert_equal(false, crl.verify(@rsa1024))
|
|
| 210 |
assert_equal(false, crl.verify(@rsa2048))
|
|
| 209 |
assert_equal(false, crl_error_returns_false { crl.verify(@rsa1024) })
|
|
| 210 |
assert_equal(false, crl_error_returns_false { crl.verify(@rsa2048) })
|
|
| 211 | 211 |
assert_equal(false, crl.verify(@dsa256)) |
| 212 | 212 |
assert_equal(true, crl.verify(@dsa512)) |
| 213 | 213 |
crl.version = 0 |
| 214 | 214 |
assert_equal(false, crl.verify(@dsa512)) |
| 215 | 215 |
end |
| 216 |
|
|
| 217 |
private |
|
| 218 |
|
|
| 219 |
def crl_error_returns_false |
|
| 220 |
yield |
|
| 221 |
rescue OpenSSL::X509::CRLError |
|
| 222 |
false |
|
| 223 |
end |
|
| 216 | 224 |
end |
| 217 | 225 | |
| 218 | 226 |
end |
| b/test/openssl/test_x509req.rb | ||
|---|---|---|
| 107 | 107 |
req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new) |
| 108 | 108 |
assert_equal(true, req.verify(@rsa1024)) |
| 109 | 109 |
assert_equal(false, req.verify(@rsa2048)) |
| 110 |
assert_equal(false, req.verify(@dsa256))
|
|
| 111 |
assert_equal(false, req.verify(@dsa512))
|
|
| 110 |
assert_equal(false, request_error_returns_false { req.verify(@dsa256) })
|
|
| 111 |
assert_equal(false, request_error_returns_false { req.verify(@dsa512) })
|
|
| 112 | 112 |
req.version = 1 |
| 113 | 113 |
assert_equal(false, req.verify(@rsa1024)) |
| 114 | 114 | |
| 115 | 115 |
req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new) |
| 116 | 116 |
assert_equal(false, req.verify(@rsa1024)) |
| 117 | 117 |
assert_equal(true, req.verify(@rsa2048)) |
| 118 |
assert_equal(false, req.verify(@dsa256))
|
|
| 119 |
assert_equal(false, req.verify(@dsa512))
|
|
| 118 |
assert_equal(false, request_error_returns_false { req.verify(@dsa256) })
|
|
| 119 |
assert_equal(false, request_error_returns_false { req.verify(@dsa512) })
|
|
| 120 | 120 |
req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
|
| 121 | 121 |
assert_equal(false, req.verify(@rsa2048)) |
| 122 | 122 | |
| 123 | 123 |
req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new) |
| 124 |
assert_equal(false, req.verify(@rsa1024))
|
|
| 125 |
assert_equal(false, req.verify(@rsa2048))
|
|
| 124 |
assert_equal(false, request_error_returns_false { req.verify(@rsa1024) })
|
|
| 125 |
assert_equal(false, request_error_returns_false { req.verify(@rsa2048) })
|
|
| 126 | 126 |
assert_equal(false, req.verify(@dsa256)) |
| 127 | 127 |
assert_equal(true, req.verify(@dsa512)) |
| 128 | 128 |
req.public_key = @rsa1024.public_key |
| ... | ... | |
| 135 | 135 |
assert_raise(OpenSSL::X509::RequestError){
|
| 136 | 136 |
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) } |
| 137 | 137 |
end |
| 138 |
|
|
| 139 |
private |
|
| 140 |
|
|
| 141 |
def request_error_returns_false |
|
| 142 |
yield |
|
| 143 |
rescue OpenSSL::X509::RequestError |
|
| 144 |
false |
|
| 145 |
end |
|
| 138 | 146 |
end |
| 139 | 147 | |
| 140 | 148 |
end |
| 141 |
- |
|