diff options
| author | Brice Figureau <brice-puppet@daysofwonder.com> | 2009-07-05 19:45:40 +0200 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2009-07-07 16:20:27 +1000 |
| commit | 8b09b8316e5f385522fcc4353b3cea725076fb25 (patch) | |
| tree | 6524fb2be7d54ad25837d3616601920b731f4152 /spec/unit/ssl | |
| parent | ea66cf6b9a5de1dd784dfed8995babf90225f8a0 (diff) | |
| download | puppet-8b09b8316e5f385522fcc4353b3cea725076fb25.tar.gz puppet-8b09b8316e5f385522fcc4353b3cea725076fb25.tar.xz puppet-8b09b8316e5f385522fcc4353b3cea725076fb25.zip | |
Fix #2082 - puppetca shouldn't list revoked certificates
This patch does two things:
* it enhance puppetca to list revoked certificates (prefixed by -)
* it fixes the ca crl verification which was broken
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Diffstat (limited to 'spec/unit/ssl')
| -rwxr-xr-x | spec/unit/ssl/certificate_authority.rb | 8 | ||||
| -rwxr-xr-x | spec/unit/ssl/certificate_authority/interface.rb | 6 |
2 files changed, 12 insertions, 2 deletions
diff --git a/spec/unit/ssl/certificate_authority.rb b/spec/unit/ssl/certificate_authority.rb index 4c2466d93..80114300e 100755 --- a/spec/unit/ssl/certificate_authority.rb +++ b/spec/unit/ssl/certificate_authority.rb @@ -585,7 +585,7 @@ describe Puppet::SSL::CertificateAuthority do describe "and verifying certificates" do before do - @store = stub 'store', :verify => true, :add_file => nil, :purpose= => nil, :add_crl => true + @store = stub 'store', :verify => true, :add_file => nil, :purpose= => nil, :add_crl => true, :flags= => nil OpenSSL::X509::Store.stubs(:new).returns @store @@ -631,6 +631,12 @@ describe Puppet::SSL::CertificateAuthority do @ca.verify("me") end + it "should set the store flags to check the crl" do + @store.expects(:flags=).with OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK + + @ca.verify("me") + end + it "should use the store to verify the certificate" do @cert.expects(:content).returns "mycert" diff --git a/spec/unit/ssl/certificate_authority/interface.rb b/spec/unit/ssl/certificate_authority/interface.rb index 784c6cf9a..d741ec400 100755 --- a/spec/unit/ssl/certificate_authority/interface.rb +++ b/spec/unit/ssl/certificate_authority/interface.rb @@ -176,6 +176,7 @@ describe Puppet::SSL::CertificateAuthority::Interface do describe "and an empty array was provided" do it "should print a string containing all certificate requests" do @ca.expects(:waiting?).returns %w{host1 host2} + @ca.stubs(:verify) @applier = @class.new(:list, []) @@ -189,12 +190,14 @@ describe Puppet::SSL::CertificateAuthority::Interface do it "should print a string containing all certificate requests and certificates" do @ca.expects(:waiting?).returns %w{host1 host2} @ca.expects(:list).returns %w{host3 host4} + @ca.stubs(:verify) + @ca.expects(:verify).with("host3").raises(Puppet::SSL::CertificateAuthority::CertificateVerificationError.new(23), "certificate revoked") @applier = @class.new(:list, :all) @applier.expects(:puts).with "host1" @applier.expects(:puts).with "host2" - @applier.expects(:puts).with "+ host3" + @applier.expects(:puts).with "- host3 (certificate revoked)" @applier.expects(:puts).with "+ host4" @applier.apply(@ca) @@ -205,6 +208,7 @@ describe Puppet::SSL::CertificateAuthority::Interface do it "should print a string of all named hosts that have a waiting request" do @ca.expects(:waiting?).returns %w{host1 host2} @ca.expects(:list).returns %w{host3 host4} + @ca.stubs(:verify) @applier = @class.new(:list, %w{host1 host2 host3 host4}) |