summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2017-02-25 00:32:09 +0100
committerLinus Nordberg <linus@nordu.net>2017-02-25 00:43:49 +0100
commita0332b7116aa1c5abf16e7e3ff7a0630beb806d2 (patch)
treedcff2bcdeb7b27db974f62f88355bfb1d98a0bd8
parent816a4024bc8d0744a3947539efbf3bfa1e30e8a8 (diff)
Do test public interface for normalise_chain/2.
Catches CATLFISH-96.
-rw-r--r--src/x509.erl24
1 files changed, 12 insertions, 12 deletions
diff --git a/src/x509.erl b/src/x509.erl
index c31b699..4eb9755 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -67,7 +67,7 @@ detox(LeafDer, ChainDer) ->
{false, reason()} | {true, [binary()]}.
%% @doc Verify that the leaf cert or precert has a valid chain back to
%% an acceptable root cert. The order of certificates in the second
-%% argument is: leaf cert in head, chain in tail. Order of first
+%% argument is: leaf cert in head, chain in tail. Order of certs in first
%% argument is irrelevant.
%%
%% Return {false, Reason} or {true, ListWithRoot}. Note that
@@ -475,21 +475,21 @@ chain_test_() ->
chain_test(C0, C1) ->
[
%% Root not in chain but in trust store.
- ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0], 10)),
- ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0], 2)),
- %% Chain too long.
- ?_assertMatch({false, chain_too_long}, normalise_chain([C1], [C0], 1)),
+ ?_assertEqual({ok, [C0, C1]}, normalise_chain([C1], [C0])),
+ %% Same, but chain too long.
+ ?_assertEqual({false, chain_too_long}, normalise_chain([C1], [C0], 1)),
%% Root in chain and in trust store.
- ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0, C1], 2)),
- %% Chain too long.
- ?_assertMatch({false, chain_too_long}, normalise_chain([C1], [C0, C1], 1)),
+ ?_assertEqual({ok, [C0, C1]}, normalise_chain([C1], [C0, C1])),
+ %% Same, but chain too long.
+ ?_assertEqual({false, chain_too_long}, normalise_chain([C1], [C0, C1], 1)),
%% Root not in trust store.
- ?_assertMatch({false, root_unknown}, normalise_chain([], [C0, C1], 10)),
+ ?_assertEqual({error, root_unknown}, normalise_chain([], [C0, C1])),
%% Selfsigned. Actually OK.
- ?_assertMatch({true, [C0]}, normalise_chain([C0], [C0], 10)),
- ?_assertMatch({true, [C0]}, normalise_chain([C0], [C0], 1)),
+ ?_assertEqual({ok, [C0]}, normalise_chain([C0], [C0])),
+ %% Same, still OK.
+ ?_assertEqual({true, C0}, normalise_chain([C0], [C0], 1)),
%% Max chain length 0 is not OK.
- ?_assertMatch({false, chain_too_long}, normalise_chain([C0], [C0], 0))
+ ?_assertEqual({false, chain_too_long}, normalise_chain([C0], [C0], 0))
].
%%-spec read_certs(file:filename()) -> [string:string()].