Browse Source

On SSLv2, peer chain is nil and not []

new-scoring
aeris 5 years ago
parent
commit
5976e801d8
  1. 2
      lib/cryptcheck/tls/cert.rb
  2. 5
      spec/cryptcheck/tls/cert_spec.rb

2
lib/cryptcheck/tls/cert.rb

@ -72,7 +72,7 @@ module CryptCheck
# Never add other self signed certificates than system CA !
next if cert.subject == cert.issuer
store.add_cert cert rescue nil
end
end if chain
trusted = store.verify cert
return :trusted if trusted

5
spec/cryptcheck/tls/cert_spec.rb

@ -18,6 +18,11 @@ describe CryptCheck::Tls::Cert do
cert, ca = load_chain %w(self-signed ca)
trust = ::CryptCheck::Tls::Cert.trusted? cert, [], roots: ca
expect(trust).to eq 'self signed certificate'
# Case for SSLv2
cert, ca = load_chain %w(self-signed ca)
trust = ::CryptCheck::Tls::Cert.trusted? cert, nil, roots: ca
expect(trust).to eq 'self signed certificate'
end
it 'must reject unknown CA' do

Loading…
Cancel
Save