On SSLv2, peer chain is nil and not []

6 years ago · 5976e801d8
parent 15f8574213
commit 5976e801d8
2 changed files with 6 additions and 1 deletions
--- a/lib/cryptcheck/tls/cert.rb
+++ b/lib/cryptcheck/tls/cert.rb
@ -72,7 +72,7 @@ module CryptCheck
 					# Never add other self signed certificates than system CA !
 					next if cert.subject == cert.issuer
 					store.add_cert cert rescue nil
-				end
+				end if chain

 				trusted = store.verify cert
 				return :trusted if trusted
--- a/spec/cryptcheck/tls/cert_spec.rb
+++ b/spec/cryptcheck/tls/cert_spec.rb
@ -18,6 +18,11 @@ describe CryptCheck::Tls::Cert do
 			cert, ca = load_chain %w(self-signed ca)
 			trust    = ::CryptCheck::Tls::Cert.trusted? cert, [], roots: ca
 			expect(trust).to eq 'self signed certificate'
+
+			# Case for SSLv2
+			cert, ca = load_chain %w(self-signed ca)
+			trust    = ::CryptCheck::Tls::Cert.trusted? cert, nil, roots: ca
+			expect(trust).to eq 'self signed certificate'
 		end

 		it 'must reject unknown CA' do