Skip to content

Commit 175be32

Browse files
tsaarnitsaarni
committed
Restore invalid client cert test
Error is now returned on reading invalid client cert if running with jruby-openssl v0.14.4 or newer. Signed-off-by: Tero Saarni <[email protected]>
1 parent ad39484 commit 175be32

File tree

4 files changed

+59
-42
lines changed

4 files changed

+59
-42
lines changed

spec/fixtures/certs.yaml

+4
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,11 @@ sans:
3131
subject: cn=client
3232
issuer: cn=ca
3333
key_type: RSA
34+
not_before: 1970-01-01T00:00:00Z
35+
not_after: 2100-01-01T00:00:00Z
3436
---
3537
subject: cn=client-ec
3638
issuer: cn=ca
3739
key_type: EC
40+
not_before: 1970-01-01T00:00:00Z
41+
not_after: 2100-01-01T00:00:00Z

spec/fixtures/client-key.pem

+26-26
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,28 @@
11
-----BEGIN PRIVATE KEY-----
2-
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCnPqjlJMF4uvsN
3-
t1kdrVP/Zi3KS3dvCg2Dpg1BAyo0nhe8vKHAAK0TE9//peTOqt5P+hps7fw4SG3N
4-
ZNmmkOk8u6B0I15FLHywTsMPU9H+gLrte8Y/yZC4AbdmVrYFml83Q41wGj8UM05t
5-
pslVMfkveNkG/LBzKrPENo2Wb2+2/Um/BzNsaX0bhg7MGesD8TjhMFmh+kvChUMp
6-
jFK4dKDOlXFMBLd43wtNVeWDz7duNx/oz6LyQ5JsAmVCHCMxlgc4GQEeUJ2lEnkI
7-
Jw+lwDCKutwIQ4lm6pWAm4KU/BTcA7h6PWM0ku6XnfW7/xbT0FdeKnga8uTO8+vM
8-
7/GqawGLAgMBAAECggEAdJl38QG2LTDXNVHdvJYKGOapB/+jTfQJRf5wASJuu255
9-
CCnO72jJQaK6qaaEJh30jnfFEqq9DJRakTc9kyY2phP9otrBr6J7cAQJdFcw8anY
10-
KRgBOJmT3uW7cosDrlZZCdN7+WsjDTdT95ivh0km/JTZYkir0C82U5bhEb+xeDZv
11-
f/76b1gDYz3ZrvQMnb4x+60vb9U7iVrnXNEVxle/FhpLNbA9tsFLoSsm/6SbEnju
12-
cyimwmkMnQhPdiN5wmdTzXaTTsM3Ayomtj2bZZMTM9VSrFYAFPYAh2GwX7xn1hmo
13-
gacYqZcXgqu+uIE812hbWEAFmaS3vrxNVAXwa7IjkQKBgQDeR9EdabphDryvgjgA
14-
MUm5TxKKp5Wm9Cz+FiEUASFxoduuCdSb4vq2YGL5PL22MNxmMtYq2oc/dZOMtr45
15-
hruq0IZmVBNlViqjjcY1J3zvBRWSn93JdSY32o3g3rpgx6/6AZvUzfJmbwVcZBZR
16-
VimCf6oknoNt3lADEJXaVtYBAwKBgQDAnYyGPrufS52dRinnuFVImKX/FvbFDYJI
17-
F31cfi2y4y+g0tFFh0vjG0qVkxkBII5Cy5y1brLYColVWd8gWKibQMJ0TVZfV1ez
18-
gAkR69XIdMLlHl5oXzwyaMYLnsx6MYgzPRHB2ojhtGiEym0dUUrzovl4zB9+LpRd
19-
z6hpMoti2QKBgQDPWo9osMh84hKCZyd2hoQPqgPR9KNWK1INdPdGggeAyUz0/Zao
20-
FQVsPF4XwuH2o332mFXRhCnGuRf7nD23zEglAIFf0+6ECe2cxRSxYTTahBOrxBZR
21-
aEdOs0LHEv8qaR1wSy/jRHtrswV9OqDXH1l5sz41CunwBAL/2Ojx1S+toQKBgQCB
22-
iPK6TXIMXOPwowEHjtX77nykIqNuPfmB1ho+m7TL+zFKrLyET8rfPrlYAgbs1SIX
23-
Faub8Ihh9iQJvFjr/fPWBSVA5cnScIDQfKic3sd0+eEgCN5gvrtTA1c89Vx6SNlZ
24-
7BYHEpq/f35S33emIceQNegkLtJ3H4gz1rVhmdZXcQKBgQCl1OvIJI7FmBzG1XPz
25-
VNkE1nCPhXZEnrR3csZsiJiHCkI+t7izoIwFZZnEaW/+rqrZAWjMdFu11hy0Fz1n
26-
y74CmHrlupOoSbNZlB7w7MfqZydqXT6XXgjHdlnR9+celzkS7HnZ/jxwJChCnznm
27-
JR8q9KOY82PMpTHNnlEoUDqCJA==
2+
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCXSEpG7rD6YdEo
3+
ADk4r31b4+EQGkRYMWf3jAYrLG7VloCu4Is3b251uiBpa7fcjGT+dAQzmEBvmPz5
4+
MU3XgdepgB/4hayBV3eUiC0AGYAu+8VuqPQ/zWqRJZf5h++OrYyi+DUZT803Vgqx
5+
rv33ORb+NZRRFTeHC0ie2U37wij9wTN208l4zKdrxqs2gCYwuqRK6UHRRLsw/SFl
6+
3/rcbXgc7k/nnf1BkdLQyWbx7lXNpboywo1DaYg65DXn3Ha8IUurNmA1H4dkXbFo
7+
z/Tux33pTyX3KtVCclgKoZztRDfM1m5FXF0HuX6fI0jRbNO/blJIzIgdM3tyKPFG
8+
QSRM6KTBAgMBAAECggEAbWgWb54H18wOG0OuHlSr8FypU5/rdWylp91YSLjlnwot
9+
Hku94uVvmSx2bEc+vP27vFni//1H/G1D5mPFy+lXMno6pNznmNLM5FpnUP8gONpU
10+
Omdt3QaN31K0yf2JPkI8x0+B90BDRZWwPjgz6ysaedX94XXapot+hYLaZwxP4NNP
11+
4ufa0CXsgHmxnlD4SrwvJ65Qf5aFA75ExJ1X9g4EK3eOR34Zi69B5f5tN/CyK9tP
12+
wxxVYHR/H1tXw82j3gDeTzJ3udPGiSfVMYVZAsLLTnvvvz9Jv1uPw41qdVAwqEhl
13+
+6LjKta8g72sMpgXPk2UUyDDaswQVHWlgfPNvx2J0QKBgQDFbW3zBoKNA9UduxJU
14+
jE2aX5qYLhARThXm0CzOgrHZ3uzJobNQ5zFPha4Ki4nqh7GTYnxUHdVUIR/ST1pi
15+
DbxdndsJLAcscbKeCDHgBXRs2PFrWm6M6zlc3eA96WUZzYTxtHe3A8qQW9oM+lsL
16+
i3/ecrZackuwKRQ4/+G4s2c9iwKBgQDEKicWPx/XAacW/8pA45jSgKf0uhdG/LQm
17+
wdl55RNjVqMqSIdkSkFT+KNZKwLGE7En7IiMbjoiO+PZ2Hk5dIgUcbr4bL2yqPXL
18+
noY3Q1q5r4Ocx6YLoy3sjYpPbEv5ohuXSptTsLMnEjV3H5Mv8CbI3to7WJeqRRhL
19+
sHgCNx6IYwKBgQCQ+8vCrQUyiZ34N2k+rcpPk+Xz29/w1WdAGaDOByyU0yEQ8a69
20+
uwp7W7B0DgU6Nmwx0CF9pGsFXU4BJEU7vNqX5VT1Z1/dQ6HobBw0Z80YIjkonUCS
21+
PCvkBwymar/UMxluZxmDTUV0vf9jiHdUAx3kPlmsEkODGqe/NCqPeTBYAQKBgQCf
22+
ydZdAL5m3SnGSkXt5XcuwS4O4ybi5CW7DFyiNj88w+3VG49t2i6sv/QPRkHUJ2Y/
23+
JyVzfrZL/Iz1fqgAbTQLszih87HyPj85xb9+dJcKejWzF83h3OIjtofbelPI3Iut
24+
CVDNMzo7sVFr34R9oBl3tk/914RzZiUMQor/AvcUEQKBgFUpIztXL7USnreON+eu
25+
tk8nsh9fWa3xDSILlidWKPVCj5Aqnrz6hrWlBaoWCrI3TJo/H8qqM1vnhr7EwD4R
26+
Esw1SGrha4oRqgGZToR00rxLj3TSeYy+hgF3BUfoMDUs1JhtfOPVH+KoNHJVhEei
27+
Kt34inlNgsD9R8unYrHJGwT8
2828
-----END PRIVATE KEY-----

spec/fixtures/client.pem

+16-16
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIC0zCCAbugAwIBAgIIF4RwxFvwiMEwDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE
3-
AxMCY2EwHhcNMjMwOTEzMTEwOTA4WhcNMjQwOTEyMTEwOTA4WjARMQ8wDQYDVQQD
4-
EwZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnPqjlJMF4
5-
uvsNt1kdrVP/Zi3KS3dvCg2Dpg1BAyo0nhe8vKHAAK0TE9//peTOqt5P+hps7fw4
6-
SG3NZNmmkOk8u6B0I15FLHywTsMPU9H+gLrte8Y/yZC4AbdmVrYFml83Q41wGj8U
7-
M05tpslVMfkveNkG/LBzKrPENo2Wb2+2/Um/BzNsaX0bhg7MGesD8TjhMFmh+kvC
8-
hUMpjFK4dKDOlXFMBLd43wtNVeWDz7duNx/oz6LyQ5JsAmVCHCMxlgc4GQEeUJ2l
9-
EnkIJw+lwDCKutwIQ4lm6pWAm4KU/BTcA7h6PWM0ku6XnfW7/xbT0FdeKnga8uTO
10-
8+vM7/GqawGLAgMBAAGjMzAxMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAWgBRN
11-
ukfgtxJMkwu7XMvQ8ETWqi5BVTANBgkqhkiG9w0BAQsFAAOCAQEAkyK273ywVTm8
12-
SFssX0igt/sGDD/PMy9D9X5ovg7083g6FFYqdP9bWrkIasXzVb5s0feeV/tAV+DO
13-
sDjHcR7K5SwBjsNdYA+wie5WC1XaKAxSVNfe+VnwbZcgXaHcKPeqG7S3ZHJ3riRh
14-
GTPMArnb/w9+RqWTTSsxEvzw1lPVVbqFDiAPHsg6FTKetNEr83xbOzk4EOAnD2Hq
15-
CgKstcxl+lm8kaIhz1Jd5wVZ68i/+wDLRtk16inkoKIQYFvksdoMjNQLfhc5Cx+h
16-
4+3gOylszUF92SSbipFmEBs5LJ88G3U35xHS/imI9OdsMNdj4HE9Tk7TiuYH3Kt7
17-
DUOgg4S+0w==
2+
MIIC1TCCAb2gAwIBAgIIGCnXXZtehFEwDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE
3+
AxMCY2EwIBcNNzAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBExDzANBgNV
4+
BAMTBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJdISkbu
5+
sPph0SgAOTivfVvj4RAaRFgxZ/eMBissbtWWgK7gizdvbnW6IGlrt9yMZP50BDOY
6+
QG+Y/PkxTdeB16mAH/iFrIFXd5SILQAZgC77xW6o9D/NapEll/mH746tjKL4NRlP
7+
zTdWCrGu/fc5Fv41lFEVN4cLSJ7ZTfvCKP3BM3bTyXjMp2vGqzaAJjC6pErpQdFE
8+
uzD9IWXf+txteBzuT+ed/UGR0tDJZvHuVc2lujLCjUNpiDrkNefcdrwhS6s2YDUf
9+
h2RdsWjP9O7HfelPJfcq1UJyWAqhnO1EN8zWbkVcXQe5fp8jSNFs079uUkjMiB0z
10+
e3Io8UZBJEzopMECAwEAAaMzMDEwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaA
11+
FE26R+C3EkyTC7tcy9DwRNaqLkFVMA0GCSqGSIb3DQEBCwUAA4IBAQCU/JQyE+cL
12+
fnHBKHtg/5CIZ0xD8iMlHQ6Fe2S1ZJG6RQWUumiukljMUHFnp2ydSGll1l6A4WoC
13+
COJW0wyFZS7F9cVYkf9W7+lkOFYu4WNx7UPY9ohBB0hRdyl8VeFscNHuLe0eS1VO
14+
wiOwP/5fZleCOMSrOKqgtJvyYgR/5UtIWtVLSb3sYaLyaBSxqcMhDnZekWYX1rdL
15+
yTSHFYJUtOK7IV1gPEWTfxb04hsPc9Zd4ddYu4XgGyro72jLilocf54xQKeJCPZ/
16+
zvx0Wo2wUdqYQQonGDoaIit77BRpDopuq1quLfE9l9dP9vMRdQYyuEeSm8ci18L4
17+
54wHRKX4SR/0
1818
-----END CERTIFICATE-----

spec/outputs/syslog_tls_spec.rb

+13
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,19 @@
109109
context "read PEM" do
110110
let(:options) { { "host" => "localhost", "port" => port, "protocol" => "ssl-tcp", "ssl_verify" => true } }
111111

112+
context "invalid client certificate" do
113+
let(:options ) { super().merge(
114+
"ssl_cert" => File.join(FIXTURES_PATH, "invalid.pem"),
115+
"ssl_key" => File.join(FIXTURES_PATH, "client-key.pem"),
116+
"ssl_cacert" => File.join(FIXTURES_PATH, "ca.pem"),
117+
"ssl_crl" => File.join(FIXTURES_PATH, "ca-crl.pem")
118+
) }
119+
120+
it "register raises error" do
121+
expect { subject.register }.to raise_error(OpenSSL::X509::CertificateError, /malformed PEM data/)
122+
end
123+
end
124+
112125
context "RSA certificate and private key" do
113126
let(:options ) { super().merge(
114127
"ssl_cert" => File.join(FIXTURES_PATH, "client.pem"),

0 commit comments

Comments
 (0)