Browse Source

On SSLv2, peer chain is nil and not []

new-scoring
aeris 2 years ago
parent
commit
5976e801d8
2 changed files with 6 additions and 1 deletions
  1. 1
    1
      lib/cryptcheck/tls/cert.rb
  2. 5
    0
      spec/cryptcheck/tls/cert_spec.rb

+ 1
- 1
lib/cryptcheck/tls/cert.rb View File

@@ -72,7 +72,7 @@ module CryptCheck
# Never add other self signed certificates than system CA !
next if cert.subject == cert.issuer
store.add_cert cert rescue nil
end
end if chain

trusted = store.verify cert
return :trusted if trusted

+ 5
- 0
spec/cryptcheck/tls/cert_spec.rb View File

@@ -18,6 +18,11 @@ describe CryptCheck::Tls::Cert do
cert, ca = load_chain %w(self-signed ca)
trust = ::CryptCheck::Tls::Cert.trusted? cert, [], roots: ca
expect(trust).to eq 'self signed certificate'

# Case for SSLv2
cert, ca = load_chain %w(self-signed ca)
trust = ::CryptCheck::Tls::Cert.trusted? cert, nil, roots: ca
expect(trust).to eq 'self signed certificate'
end

it 'must reject unknown CA' do

Loading…
Cancel
Save