From a0332b7116aa1c5abf16e7e3ff7a0630beb806d2 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Sat, 25 Feb 2017 00:32:09 +0100 Subject: Do test public interface for normalise_chain/2. Catches CATLFISH-96. --- src/x509.erl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/x509.erl b/src/x509.erl index c31b699..4eb9755 100644 --- a/src/x509.erl +++ b/src/x509.erl @@ -67,7 +67,7 @@ detox(LeafDer, ChainDer) -> {false, reason()} | {true, [binary()]}. %% @doc Verify that the leaf cert or precert has a valid chain back to %% an acceptable root cert. The order of certificates in the second -%% argument is: leaf cert in head, chain in tail. Order of first +%% argument is: leaf cert in head, chain in tail. Order of certs in first %% argument is irrelevant. %% %% Return {false, Reason} or {true, ListWithRoot}. Note that @@ -475,21 +475,21 @@ chain_test_() -> chain_test(C0, C1) -> [ %% Root not in chain but in trust store. - ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0], 10)), - ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0], 2)), - %% Chain too long. - ?_assertMatch({false, chain_too_long}, normalise_chain([C1], [C0], 1)), + ?_assertEqual({ok, [C0, C1]}, normalise_chain([C1], [C0])), + %% Same, but chain too long. + ?_assertEqual({false, chain_too_long}, normalise_chain([C1], [C0], 1)), %% Root in chain and in trust store. - ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0, C1], 2)), - %% Chain too long. - ?_assertMatch({false, chain_too_long}, normalise_chain([C1], [C0, C1], 1)), + ?_assertEqual({ok, [C0, C1]}, normalise_chain([C1], [C0, C1])), + %% Same, but chain too long. + ?_assertEqual({false, chain_too_long}, normalise_chain([C1], [C0, C1], 1)), %% Root not in trust store. - ?_assertMatch({false, root_unknown}, normalise_chain([], [C0, C1], 10)), + ?_assertEqual({error, root_unknown}, normalise_chain([], [C0, C1])), %% Selfsigned. Actually OK. - ?_assertMatch({true, [C0]}, normalise_chain([C0], [C0], 10)), - ?_assertMatch({true, [C0]}, normalise_chain([C0], [C0], 1)), + ?_assertEqual({ok, [C0]}, normalise_chain([C0], [C0])), + %% Same, still OK. + ?_assertEqual({true, C0}, normalise_chain([C0], [C0], 1)), %% Max chain length 0 is not OK. - ?_assertMatch({false, chain_too_long}, normalise_chain([C0], [C0], 0)) + ?_assertEqual({false, chain_too_long}, normalise_chain([C0], [C0], 0)) ]. %%-spec read_certs(file:filename()) -> [string:string()]. -- cgit v1.1