Browse Source

On SSLv2, peer chain is nil and not []

new-scoring
aeris 2 years ago
parent
commit
5976e801d8
2 changed files with 6 additions and 1 deletions
  1. 1
    1
      lib/cryptcheck/tls/cert.rb
  2. 5
    0
      spec/cryptcheck/tls/cert_spec.rb

+ 1
- 1
lib/cryptcheck/tls/cert.rb View File

@@ -72,7 +72,7 @@ module CryptCheck
72 72
 					# Never add other self signed certificates than system CA !
73 73
 					next if cert.subject == cert.issuer
74 74
 					store.add_cert cert rescue nil
75
-				end
75
+				end if chain
76 76
 
77 77
 				trusted = store.verify cert
78 78
 				return :trusted if trusted

+ 5
- 0
spec/cryptcheck/tls/cert_spec.rb View File

@@ -18,6 +18,11 @@ describe CryptCheck::Tls::Cert do
18 18
 			cert, ca = load_chain %w(self-signed ca)
19 19
 			trust    = ::CryptCheck::Tls::Cert.trusted? cert, [], roots: ca
20 20
 			expect(trust).to eq 'self signed certificate'
21
+
22
+			# Case for SSLv2
23
+			cert, ca = load_chain %w(self-signed ca)
24
+			trust    = ::CryptCheck::Tls::Cert.trusted? cert, nil, roots: ca
25
+			expect(trust).to eq 'self signed certificate'
21 26
 		end
22 27
 
23 28
 		it 'must reject unknown CA' do

Loading…
Cancel
Save