16
16
DIR = File.dirname(File.expand_path(__FILE__))
19
Config::CONFIG["bindir"],
20
Config::CONFIG["ruby_install_name"] + Config::CONFIG["EXEEXT"]
19
RbConfig::CONFIG["bindir"],
20
RbConfig::CONFIG["ruby_install_name"] + RbConfig::CONFIG["EXEEXT"]
53
53
def test_verification
54
54
cfg = @client.options
55
55
cfg["protocol.http.ssl_config.verify_callback"] = method(:verify_callback).to_proc
57
@verify_callback_called = false
58
@client.hello_world("ssl client")
60
rescue OpenSSL::SSL::SSLError => ssle
61
assert_equal("certificate verify failed", ssle.message)
62
assert(@verify_callback_called)
56
@verify_callback_called = false
57
ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
58
assert_equal("certificate verify failed", ssle.message)
59
assert(@verify_callback_called)
65
61
cfg["protocol.http.ssl_config.client_cert"] = File.join(DIR, "client.cert")
66
62
cfg["protocol.http.ssl_config.client_key"] = File.join(DIR, "client.key")
67
63
@verify_callback_called = false
69
@client.hello_world("ssl client")
71
rescue OpenSSL::SSL::SSLError => ssle
72
assert_equal("certificate verify failed", ssle.message)
73
assert(@verify_callback_called)
64
ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
65
assert_equal("certificate verify failed", ssle.message)
66
assert(@verify_callback_called)
76
68
cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "ca.cert")
77
69
@verify_callback_called = false
79
@client.hello_world("ssl client")
81
rescue OpenSSL::SSL::SSLError => ssle
82
assert_equal("certificate verify failed", ssle.message)
83
assert(@verify_callback_called)
70
ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
71
assert_equal("certificate verify failed", ssle.message)
72
assert(@verify_callback_called)
86
74
cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "subca.cert")
87
75
@verify_callback_called = false
91
79
cfg["protocol.http.ssl_config.verify_depth"] = "1"
92
80
@verify_callback_called = false
94
@client.hello_world("ssl client")
96
rescue OpenSSL::SSL::SSLError => ssle
97
assert_equal("certificate verify failed", ssle.message)
98
assert(@verify_callback_called)
81
ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
82
assert_equal("certificate verify failed", ssle.message)
83
assert(@verify_callback_called)
101
85
cfg["protocol.http.ssl_config.verify_depth"] = ""
102
86
cfg["protocol.http.ssl_config.cert_store"] = OpenSSL::X509::Store.new
103
87
cfg["protocol.http.ssl_config.verify_mode"] = OpenSSL::SSL::VERIFY_PEER.to_s
105
@client.hello_world("ssl client")
107
rescue OpenSSL::SSL::SSLError => ssle
108
assert_equal("certificate verify failed", ssle.message)
88
ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
89
assert_equal("certificate verify failed", ssle.message)
111
91
cfg["protocol.http.ssl_config.verify_mode"] = ""
112
92
assert_equal("Hello World, from ssl client", @client.hello_world("ssl client"))
131
111
@client.options["protocol.http.ssl_config.verify_callback"] = method(:verify_callback).to_proc
132
112
@verify_callback_called = false
135
@client.hello_world("ssl client")
137
rescue OpenSSL::SSL::SSLError => ssle
138
assert_equal("certificate verify failed", ssle.message)
139
assert(@verify_callback_called)
114
ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
115
assert_equal("certificate verify failed", ssle.message)
116
assert(@verify_callback_called)
141
117
# NG with Integer
142
118
@client.options["protocol.http.ssl_config.verify_depth"] = 0
144
@client.hello_world("ssl client")
146
rescue OpenSSL::SSL::SSLError => ssle
147
assert_equal("certificate verify failed", ssle.message)
148
assert(@verify_callback_called)
119
ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
120
assert_equal("certificate verify failed", ssle.message)
121
assert(@verify_callback_called)
151
123
@client.options["protocol.http.ssl_config.verify_depth"] = ""
152
124
@verify_callback_called = false
181
153
#cfg.timeout = 123
182
154
cfg["protocol.http.ssl_config.ciphers"] = "!ALL"
185
@client.hello_world("ssl client")
187
rescue OpenSSL::SSL::SSLError => ssle
188
# depends on OpenSSL version. (?:0.9.8|0.9.7)
189
assert_match(/\A(?:SSL_CTX_set_cipher_list:: no cipher match|no ciphers available)\z/, ssle.message)
156
ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
157
# depends on OpenSSL version. (?:0.9.8|0.9.7)
158
assert_match(/\A(?:SSL_CTX_set_cipher_list:: no cipher match|no ciphers available)\z/, ssle.message)
192
160
cfg["protocol.http.ssl_config.ciphers"] = "ALL"
193
161
assert_equal("Hello World, from ssl client", @client.hello_world("ssl client"))