diff options
author | Linus Nordberg <linus@nordu.net> | 2017-02-25 00:32:09 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2017-02-25 00:43:49 +0100 |
commit | a0332b7116aa1c5abf16e7e3ff7a0630beb806d2 (patch) | |
tree | dcff2bcdeb7b27db974f62f88355bfb1d98a0bd8 /src | |
parent | 816a4024bc8d0744a3947539efbf3bfa1e30e8a8 (diff) |
Do test public interface for normalise_chain/2.
Catches CATLFISH-96.
Diffstat (limited to 'src')
-rw-r--r-- | src/x509.erl | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/src/x509.erl b/src/x509.erl index c31b699..4eb9755 100644 --- a/src/x509.erl +++ b/src/x509.erl @@ -67,7 +67,7 @@ detox(LeafDer, ChainDer) -> {false, reason()} | {true, [binary()]}. %% @doc Verify that the leaf cert or precert has a valid chain back to %% an acceptable root cert. The order of certificates in the second -%% argument is: leaf cert in head, chain in tail. Order of first +%% argument is: leaf cert in head, chain in tail. Order of certs in first %% argument is irrelevant. %% %% Return {false, Reason} or {true, ListWithRoot}. Note that @@ -475,21 +475,21 @@ chain_test_() -> chain_test(C0, C1) -> [ %% Root not in chain but in trust store. - ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0], 10)), - ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0], 2)), - %% Chain too long. - ?_assertMatch({false, chain_too_long}, normalise_chain([C1], [C0], 1)), + ?_assertEqual({ok, [C0, C1]}, normalise_chain([C1], [C0])), + %% Same, but chain too long. + ?_assertEqual({false, chain_too_long}, normalise_chain([C1], [C0], 1)), %% Root in chain and in trust store. - ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0, C1], 2)), - %% Chain too long. - ?_assertMatch({false, chain_too_long}, normalise_chain([C1], [C0, C1], 1)), + ?_assertEqual({ok, [C0, C1]}, normalise_chain([C1], [C0, C1])), + %% Same, but chain too long. + ?_assertEqual({false, chain_too_long}, normalise_chain([C1], [C0, C1], 1)), %% Root not in trust store. - ?_assertMatch({false, root_unknown}, normalise_chain([], [C0, C1], 10)), + ?_assertEqual({error, root_unknown}, normalise_chain([], [C0, C1])), %% Selfsigned. Actually OK. - ?_assertMatch({true, [C0]}, normalise_chain([C0], [C0], 10)), - ?_assertMatch({true, [C0]}, normalise_chain([C0], [C0], 1)), + ?_assertEqual({ok, [C0]}, normalise_chain([C0], [C0])), + %% Same, still OK. + ?_assertEqual({true, C0}, normalise_chain([C0], [C0], 1)), %% Max chain length 0 is not OK. - ?_assertMatch({false, chain_too_long}, normalise_chain([C0], [C0], 0)) + ?_assertEqual({false, chain_too_long}, normalise_chain([C0], [C0], 0)) ]. %%-spec read_certs(file:filename()) -> [string:string()]. |