Skip to content

Commit c5f2126

Browse files
author
Tom Maher
committed
more TLS tests around merging vs not merging the default options
1 parent eeb7a6d commit c5f2126

File tree

1 file changed

+46
-6
lines changed

1 file changed

+46
-6
lines changed

test/integration/test_bind.rb

Lines changed: 46 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,18 @@ def test_bind_tls_with_cafile
4242
@ldap.get_operation_result.inspect
4343
end
4444

45-
def test_bind_tls_with_verify_none
45+
def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes
46+
@ldap.host = '127.0.0.1'
47+
@ldap.port = 9389 unless ENV['TRAVIS'] == 'true'
48+
@ldap.encryption(
49+
method: :start_tls,
50+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
51+
)
52+
assert @ldap.bind(BIND_CREDS),
53+
@ldap.get_operation_result.inspect
54+
end
55+
56+
def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes
4657
@ldap.host = '127.0.0.1'
4758
@ldap.port = 9389 unless ENV['TRAVIS'] == 'true'
4859
@ldap.encryption(
@@ -53,13 +64,13 @@ def test_bind_tls_with_verify_none
5364
@ldap.get_operation_result.inspect
5465
end
5566

56-
def test_bind_tls_with_bad_hostname
67+
def test_bind_tls_with_bad_hostname_verify_peer_ca_fails
5768
@ldap.host = '127.0.0.1'
5869
@ldap.port = 9389 unless ENV['TRAVIS'] == 'true'
5970
@ldap.encryption(
6071
method: :start_tls,
61-
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
62-
ca_file: CA_FILE),
72+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
73+
ca_file: CA_FILE },
6374
)
6475
error = assert_raise Net::LDAP::Error,
6576
Net::LDAP::ConnectionRefusedError do
@@ -71,7 +82,24 @@ def test_bind_tls_with_bad_hostname
7182
)
7283
end
7384

74-
def test_bind_tls_with_valid_hostname
85+
def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails
86+
@ldap.host = '127.0.0.1'
87+
@ldap.port = 9389 unless ENV['TRAVIS'] == 'true'
88+
@ldap.encryption(
89+
method: :start_tls,
90+
tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
91+
)
92+
error = assert_raise Net::LDAP::Error,
93+
Net::LDAP::ConnectionRefusedError do
94+
@ldap.bind BIND_CREDS
95+
end
96+
assert_equal(
97+
"hostname \"#{@ldap.host}\" does not match the server certificate",
98+
error.message,
99+
)
100+
end
101+
102+
def test_bind_tls_with_valid_hostname_default_opts_passes
75103
@ldap.host = 'localhost'
76104
@ldap.port = 9389 unless ENV['TRAVIS'] == 'true'
77105
@ldap.encryption(
@@ -83,6 +111,18 @@ def test_bind_tls_with_valid_hostname
83111
@ldap.get_operation_result.inspect
84112
end
85113

114+
def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes
115+
@ldap.host = 'localhost'
116+
@ldap.port = 9389 unless ENV['TRAVIS'] == 'true'
117+
@ldap.encryption(
118+
method: :start_tls,
119+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
120+
ca_file: CA_FILE },
121+
)
122+
assert @ldap.bind(BIND_CREDS),
123+
@ldap.get_operation_result.inspect
124+
end
125+
86126
# The following depend on /etc/hosts hacking.
87127
# We can do that on CI, but it's less than cool on people's dev boxes
88128
def test_bind_tls_with_multiple_hosts
@@ -137,7 +177,7 @@ def test_bind_tls_with_multiple_bogus_hosts_ca_check_only
137177
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
138178
@ldap.encryption(
139179
method: :start_tls,
140-
tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
180+
tls_options: { ca_file: CA_FILE },
141181
)
142182
assert @ldap.bind(BIND_CREDS),
143183
@ldap.get_operation_result.inspect

0 commit comments

Comments
 (0)