diff options
Diffstat (limited to 'test/rubygems/test_bundled_ca.rb')
-rw-r--r-- | test/rubygems/test_bundled_ca.rb | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/test/rubygems/test_bundled_ca.rb b/test/rubygems/test_bundled_ca.rb new file mode 100644 index 0000000000..d2ccdaf484 --- /dev/null +++ b/test/rubygems/test_bundled_ca.rb @@ -0,0 +1,60 @@ +require 'rubygems/test_case' +require 'net/https' +require 'rubygems/request' + +# = Testing Bundled CA +# +# The tested hosts are explained in detail here: https://github.com/rubygems/rubygems/commit/5e16a5428f973667cabfa07e94ff939e7a83ebd9 +# +class TestBundledCA < Gem::TestCase + + THIS_FILE = File.expand_path __FILE__ + + def bundled_certificate_store + store = OpenSSL::X509::Store.new + + ssl_cert_glob = + File.expand_path '../../../lib/rubygems/ssl_certs/*.pem', THIS_FILE + + Dir[ssl_cert_glob].each do |ssl_cert| + store.add_file ssl_cert + end + + store + end + + def assert_https(host) + if self.respond_to? :_assertions # minitest <= 4 + self._assertions += 1 + else # minitest >= 5 + self.assertions += 1 + end + http = Net::HTTP.new(host, 443) + http.use_ssl = true + http.verify_mode = OpenSSL::SSL::VERIFY_PEER + http.cert_store = bundled_certificate_store + http.get('/') + rescue Errno::ENOENT + skip "#{host} seems offline, I can't tell whether ssl would work." + rescue OpenSSL::SSL::SSLError => e + # Only fail for certificate verification errors + if e.message =~ /certificate verify failed/ + flunk "#{host} is not verifiable using the included certificates. Error was: #{e.message}" + end + raise + end + + def test_accessing_rubygems + assert_https('rubygems.org') + end + + def test_accessing_cloudfront + assert_https('d2chzxaqi4y7f8.cloudfront.net') + end + + def test_accessing_s3 + assert_https('s3.amazonaws.com') + end + +end if ENV['TRAVIS'] + |