Fixing a critical problem in how CRLs were saved and moving SSL Store responsibilities to the SSL::Host class.

I was previously saving invalid CRLs unless they'd had a revocation done in them; this commit fixes them so that they're always valid. Also, I've added to SSL::Host the ability to generate a valid SSL Store, suitable for validation. This is now used by Webrick and can be used by the http clients, too. This should have been two commits, but I'm kind of down the rabbit hole ATM.
author: Luke Kanies <luke@madstop.com> 2008-05-05 21:00:29 -0500
committer: Luke Kanies <luke@madstop.com> 2008-05-05 21:00:29 -0500
commit: 160f9d99e33b051d40f00971683cf54a0ff00c32 (patch)
tree: 50f5a7e2e40482289f84175036a42874fad26dac /spec/unit/network/http/webrick.rb
parent: ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c (diff)
download: puppet-160f9d99e33b051d40f00971683cf54a0ff00c32.tar.gz
puppet-160f9d99e33b051d40f00971683cf54a0ff00c32.tar.xz
puppet-160f9d99e33b051d40f00971683cf54a0ff00c32.zip
1 files changed, 4 insertions, 61 deletions
diff --git a/spec/unit/network/http/webrick.rb b/spec/unit/network/http/webrick.rb
index b59dc9f13..6bd3c2785 100644
--- a/spec/unit/network/http/webrick.rb
+++ b/spec/unit/network/http/webrick.rb
@@ -61,6 +61,7 @@ describe Puppet::Network::HTTP::WEBrick, "when turning on listening" do
         @server.expects(:setup_logger).returns(:Logger => :mylogger)
 
         WEBrick::HTTPServer.expects(:new).with {|args|
+            p args
             args[:Logger] == :mylogger
         }.returns(@mock_webrick)
 
@@ -209,62 +210,6 @@ describe Puppet::Network::HTTP::WEBrick do
         @server = Puppet::Network::HTTP::WEBrick.new
     end
 
-    describe "when configuring an x509 store" do
-        before do
-            @store = stub 'store'
-            @store.stub_everything
-
-            @crl = stub 'crl', :content => 'real_crl'
-            Puppet::SSL::CertificateRevocationList.stubs(:find).returns @crl
-
-            @cacert = mock 'cacert'
-            Puppet::SSL::Certificate.stubs(:find).with('ca').returns @crl
-
-            OpenSSL::X509::Store.stubs(:new).returns @store
-        end
-
-        it "should create a new x509 store" do
-            OpenSSL::X509::Store.expects(:new).returns @store
-
-            @server.setup_ssl_store
-        end
-
-        it "should fail if no CRL can be found" do
-            Puppet::SSL::CertificateRevocationList.stubs(:find).returns nil
-
-            lambda { @server.setup_ssl_store }.should raise_error(Puppet::Error)
-        end
-
-        it "should add the CRL to the store" do
-            @store.expects(:add_crl).with "real_crl"
-
-            @server.setup_ssl_store
-        end
-
-        it "should add the CA certificate file to the store" do
-            Puppet.settings.stubs(:value).with(:localcacert).returns "/ca/cert"
-            @store.expects(:add_file).with "/ca/cert"
-
-            @server.setup_ssl_store
-        end
-
-        it "should set the store's flags to 'OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK'" do
-            @store.expects(:flags=).with(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK)
-
-            @server.setup_ssl_store
-        end
-
-        it "should set the store's purpose to 'OpenSSL::X509::PURPOSE_ANY'" do
-            @store.expects(:purpose=).with OpenSSL::X509::PURPOSE_ANY
-
-            @server.setup_ssl_store
-        end
-
-        it "should return the store" do
-            @server.setup_ssl_store.should equal(@store)
-        end
-    end
-
     describe "when configuring an http logger" do
         before do
             Puppet.settings.stubs(:value).returns "something"
@@ -347,11 +292,9 @@ describe Puppet::Network::HTTP::WEBrick do
 
     describe "when configuring ssl" do
         before do
-            @server.stubs(:setup_ssl_store)
-
             @key = stub 'key', :content => "mykey"
             @cert = stub 'cert', :content => "mycert"
-            @host = stub 'host', :key => @key, :certificate => @cert, :name => "yay"
+            @host = stub 'host', :key => @key, :certificate => @cert, :name => "yay", :ssl_store => "mystore"
 
             Puppet::SSL::Certificate.stubs(:find).with('ca').returns @cert
 
@@ -414,7 +357,7 @@ describe Puppet::Network::HTTP::WEBrick do
             Puppet.settings.stubs(:value).with(:crl).returns true
             Puppet.settings.stubs(:value).with(:hostcrl).returns '/my/crl'
 
-            @server.expects(:setup_ssl_store).returns("mystore")
+            @host.expects(:ssl_store).returns "mystore"
 
             @server.setup_ssl[:SSLCertificateStore].should == "mystore"
         end
@@ -423,7 +366,7 @@ describe Puppet::Network::HTTP::WEBrick do
             Puppet.settings.stubs(:value).returns "whatever"
             Puppet.settings.stubs(:value).with(:crl).returns false
 
-            @server.expects(:setup_ssl_store).never
+            @host.expects(:ssl_store).never
 
             @server.setup_ssl[:SSLCertificateStore].should be_nil
         end
author	Luke Kanies <luke@madstop.com>	2008-05-05 21:00:29 -0500
committer	Luke Kanies <luke@madstop.com>	2008-05-05 21:00:29 -0500
commit	160f9d99e33b051d40f00971683cf54a0ff00c32 (patch)
tree	50f5a7e2e40482289f84175036a42874fad26dac /spec/unit/network/http/webrick.rb
parent	ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c (diff)
download	puppet-160f9d99e33b051d40f00971683cf54a0ff00c32.tar.gz puppet-160f9d99e33b051d40f00971683cf54a0ff00c32.tar.xz puppet-160f9d99e33b051d40f00971683cf54a0ff00c32.zip