summaryrefslogtreecommitdiff
path: root/test/rubygems/test_bundled_ca.rb
diff options
context:
space:
mode:
Diffstat (limited to 'test/rubygems/test_bundled_ca.rb')
-rw-r--r--test/rubygems/test_bundled_ca.rb60
1 files changed, 60 insertions, 0 deletions
diff --git a/test/rubygems/test_bundled_ca.rb b/test/rubygems/test_bundled_ca.rb
new file mode 100644
index 0000000000..d2ccdaf484
--- /dev/null
+++ b/test/rubygems/test_bundled_ca.rb
@@ -0,0 +1,60 @@
+require 'rubygems/test_case'
+require 'net/https'
+require 'rubygems/request'
+
+# = Testing Bundled CA
+#
+# The tested hosts are explained in detail here: https://github.com/rubygems/rubygems/commit/5e16a5428f973667cabfa07e94ff939e7a83ebd9
+#
+class TestBundledCA < Gem::TestCase
+
+ THIS_FILE = File.expand_path __FILE__
+
+ def bundled_certificate_store
+ store = OpenSSL::X509::Store.new
+
+ ssl_cert_glob =
+ File.expand_path '../../../lib/rubygems/ssl_certs/*.pem', THIS_FILE
+
+ Dir[ssl_cert_glob].each do |ssl_cert|
+ store.add_file ssl_cert
+ end
+
+ store
+ end
+
+ def assert_https(host)
+ if self.respond_to? :_assertions # minitest <= 4
+ self._assertions += 1
+ else # minitest >= 5
+ self.assertions += 1
+ end
+ http = Net::HTTP.new(host, 443)
+ http.use_ssl = true
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+ http.cert_store = bundled_certificate_store
+ http.get('/')
+ rescue Errno::ENOENT
+ skip "#{host} seems offline, I can't tell whether ssl would work."
+ rescue OpenSSL::SSL::SSLError => e
+ # Only fail for certificate verification errors
+ if e.message =~ /certificate verify failed/
+ flunk "#{host} is not verifiable using the included certificates. Error was: #{e.message}"
+ end
+ raise
+ end
+
+ def test_accessing_rubygems
+ assert_https('rubygems.org')
+ end
+
+ def test_accessing_cloudfront
+ assert_https('d2chzxaqi4y7f8.cloudfront.net')
+ end
+
+ def test_accessing_s3
+ assert_https('s3.amazonaws.com')
+ end
+
+end if ENV['TRAVIS']
+