archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-15 13:39:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

[rubygems/rubygems] Avoid openssl bug in test_verify_certificate_extra_message

Browse source 
OpenSSL::X509::StoreContext#current_cert returns an empty and invalid
OpenSSL::X509::Certificate instance if it is called before starting a
certificate verification.
https://redirect.github.com/ruby/openssl/pull/919 will change it to
return nil instead in such a case.

Adjust test_verify_certificate_extra_message to actually complete
StoreContext#verify so that it will not rely on this behavior.

823799088d
This commit is contained in:
Kazuki Yamaguchi 2025-07-28 00:50:38 +09:00 committed by Hiroshi SHIBATA
parent 2256b0ffa4
commit 32977f3869
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
test/rubygems/test_gem_request.rb
View file

@ -363,19 +363,19 @@ class TestGemRequest < Gem::TestCase
def test_verify_certificate_extra_message
pend if Gem.java_platform?
error_number = OpenSSL::X509::V_ERR_INVALID_CA
error_number = OpenSSL::X509::V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
store = OpenSSL::X509::Store.new
context = OpenSSL::X509::StoreContext.new store
context.error = error_number
context = OpenSSL::X509::StoreContext.new store, CHILD_CERT
context.verify
use_ui @ui do
Gem::Request.verify_certificate context
end
expected = <<-ERROR
ERROR: SSL verification error at depth 0: invalid CA certificate (#{error_number})
ERROR: Certificate is an invalid CA certificate
ERROR: SSL verification error at depth 0: unable to get local issuer certificate (#{error_number})
ERROR: You must add #{CHILD_CERT.issuer} to your local trusted store
ERROR
assert_equal expected, @ui.error