Feature #2022 » 0002-openssl-verify-don-t-assume-false.patch
| test/openssl/test_x509cert.rb | ||
|---|---|---|
|
nil, nil, OpenSSL::Digest::SHA1.new)
|
||
|
assert_equal(false, cert.verify(@rsa1024))
|
||
|
assert_equal(true, cert.verify(@rsa2048))
|
||
|
assert_equal(false, cert.verify(@dsa256))
|
||
|
assert_equal(false, cert.verify(@dsa512))
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
|
||
|
cert.serial = 2
|
||
|
assert_equal(false, cert.verify(@rsa2048))
|
||
|
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
|
||
|
nil, nil, OpenSSL::Digest::MD5.new)
|
||
|
assert_equal(false, cert.verify(@rsa1024))
|
||
|
assert_equal(true, cert.verify(@rsa2048))
|
||
|
assert_equal(false, cert.verify(@dsa256))
|
||
|
assert_equal(false, cert.verify(@dsa512))
|
||
|
assert_equal(true, cert.verify(@rsa2048))
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
|
||
|
cert.subject = @ee1
|
||
|
assert_equal(false, cert.verify(@rsa2048))
|
||
|
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
|
||
|
nil, nil, OpenSSL::Digest::DSS1.new)
|
||
|
assert_equal(false, cert.verify(@rsa1024))
|
||
|
assert_equal(false, cert.verify(@rsa2048))
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@rsa1024) })
|
||
|
assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) })
|
||
|
assert_equal(false, cert.verify(@dsa256))
|
||
|
assert_equal(true, cert.verify(@dsa512))
|
||
|
cert.not_after = Time.now
|
||
| ... | ... | |
|
nil, nil, OpenSSL::Digest::SHA1.new)
|
||
|
}
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def certificate_error_returns_false
|
||
|
yield
|
||
|
rescue OpenSSL::X509::CertificateError
|
||
|
false
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| test/openssl/test_x509crl.rb | ||
|---|---|---|
|
cert, @rsa2048, OpenSSL::Digest::SHA1.new)
|
||
|
assert_equal(false, crl.verify(@rsa1024))
|
||
|
assert_equal(true, crl.verify(@rsa2048))
|
||
|
assert_equal(false, crl.verify(@dsa256))
|
||
|
assert_equal(false, crl.verify(@dsa512))
|
||
|
assert_equal(false, crl_error_returns_false { crl.verify(@dsa256) })
|
||
|
assert_equal(false, crl_error_returns_false { crl.verify(@dsa512) })
|
||
|
crl.version = 0
|
||
|
assert_equal(false, crl.verify(@rsa2048))
|
||
| ... | ... | |
|
nil, nil, OpenSSL::Digest::DSS1.new)
|
||
|
crl = issue_crl([], 1, Time.now, Time.now+1600, [],
|
||
|
cert, @dsa512, OpenSSL::Digest::DSS1.new)
|
||
|
assert_equal(false, crl.verify(@rsa1024))
|
||
|
assert_equal(false, crl.verify(@rsa2048))
|
||
|
assert_equal(false, crl_error_returns_false { crl.verify(@rsa1024) })
|
||
|
assert_equal(false, crl_error_returns_false { crl.verify(@rsa2048) })
|
||
|
assert_equal(false, crl.verify(@dsa256))
|
||
|
assert_equal(true, crl.verify(@dsa512))
|
||
|
crl.version = 0
|
||
|
assert_equal(false, crl.verify(@dsa512))
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def crl_error_returns_false
|
||
|
yield
|
||
|
rescue OpenSSL::X509::CRLError
|
||
|
false
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| test/openssl/test_x509req.rb | ||
|---|---|---|
|
req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
|
||
|
assert_equal(true, req.verify(@rsa1024))
|
||
|
assert_equal(false, req.verify(@rsa2048))
|
||
|
assert_equal(false, req.verify(@dsa256))
|
||
|
assert_equal(false, req.verify(@dsa512))
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@dsa256) })
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@dsa512) })
|
||
|
req.version = 1
|
||
|
assert_equal(false, req.verify(@rsa1024))
|
||
|
req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
|
||
|
assert_equal(false, req.verify(@rsa1024))
|
||
|
assert_equal(true, req.verify(@rsa2048))
|
||
|
assert_equal(false, req.verify(@dsa256))
|
||
|
assert_equal(false, req.verify(@dsa512))
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@dsa256) })
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@dsa512) })
|
||
|
req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
|
||
|
assert_equal(false, req.verify(@rsa2048))
|
||
|
req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
|
||
|
assert_equal(false, req.verify(@rsa1024))
|
||
|
assert_equal(false, req.verify(@rsa2048))
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@rsa1024) })
|
||
|
assert_equal(false, request_error_returns_false { req.verify(@rsa2048) })
|
||
|
assert_equal(false, req.verify(@dsa256))
|
||
|
assert_equal(true, req.verify(@dsa512))
|
||
|
req.public_key = @rsa1024.public_key
|
||
| ... | ... | |
|
assert_raise(OpenSSL::X509::RequestError){
|
||
|
issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def request_error_returns_false
|
||
|
yield
|
||
|
rescue OpenSSL::X509::RequestError
|
||
|
false
|
||
|
end
|
||
|
end
|
||
|
end
|
||