From a0332b7116aa1c5abf16e7e3ff7a0630beb806d2 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Sat, 25 Feb 2017 00:32:09 +0100
Subject: Do test public interface for normalise_chain/2.

Catches CATLFISH-96.
---
 src/x509.erl | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

(limited to 'src/x509.erl')

diff --git a/src/x509.erl b/src/x509.erl
index c31b699..4eb9755 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -67,7 +67,7 @@ detox(LeafDer, ChainDer) ->
                              {false, reason()} | {true, [binary()]}.
 %% @doc Verify that the leaf cert or precert has a valid chain back to
 %% an acceptable root cert. The order of certificates in the second
-%% argument is: leaf cert in head, chain in tail. Order of first
+%% argument is: leaf cert in head, chain in tail. Order of certs in first
 %% argument is irrelevant.
 %%
 %% Return {false, Reason} or {true, ListWithRoot}. Note that
@@ -475,21 +475,21 @@ chain_test_() ->
 chain_test(C0, C1) ->
     [
      %% Root not in chain but in trust store.
-     ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0], 10)),
-     ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0], 2)),
-     %% Chain too long.
-     ?_assertMatch({false, chain_too_long}, normalise_chain([C1], [C0], 1)),
+     ?_assertEqual({ok, [C0, C1]}, normalise_chain([C1], [C0])),
+     %% Same, but chain too long.
+     ?_assertEqual({false, chain_too_long}, normalise_chain([C1], [C0], 1)),
      %% Root in chain and in trust store.
-     ?_assertEqual({true, [C1]}, normalise_chain([C1], [C0, C1], 2)),
-     %% Chain too long.
-     ?_assertMatch({false, chain_too_long}, normalise_chain([C1], [C0, C1], 1)),
+     ?_assertEqual({ok, [C0, C1]}, normalise_chain([C1], [C0, C1])),
+     %% Same, but chain too long.
+     ?_assertEqual({false, chain_too_long}, normalise_chain([C1], [C0, C1], 1)),
      %% Root not in trust store.
-     ?_assertMatch({false, root_unknown}, normalise_chain([], [C0, C1], 10)),
+     ?_assertEqual({error, root_unknown}, normalise_chain([], [C0, C1])),
      %% Selfsigned. Actually OK.
-     ?_assertMatch({true, [C0]}, normalise_chain([C0], [C0], 10)),
-     ?_assertMatch({true, [C0]}, normalise_chain([C0], [C0], 1)),
+     ?_assertEqual({ok, [C0]}, normalise_chain([C0], [C0])),
+     %% Same, still OK.
+     ?_assertEqual({true, C0}, normalise_chain([C0], [C0], 1)),
      %% Max chain length 0 is not OK.
-     ?_assertMatch({false, chain_too_long}, normalise_chain([C0], [C0], 0))
+     ?_assertEqual({false, chain_too_long}, normalise_chain([C0], [C0], 0))
     ].
 
 %%-spec read_certs(file:filename()) -> [string:string()].
-- 
cgit v1.1