[ruby/openssl] ssl: refactor test case test_verify_mode_server_cert

Minimize the amount of code inside the assert_raise block to avoid
accidentally catching a wrong exception.

https://github.com/ruby/openssl/commit/5089b2d311
This commit is contained in:
Kazuki Yamaguchi 2025-02-06 23:56:07 +09:00 committed by git
parent a8b36314ec
commit 5791c93f8e

View File

@ -348,27 +348,27 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
empty_store = OpenSSL::X509::Store.new
# Valid certificate, SSL_VERIFY_PEER
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.cert_store = populated_store
assert_nothing_raised {
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.cert_store = populated_store
server_connect(port, ctx) { |ssl| ssl.puts("abc"); ssl.gets }
}
# Invalid certificate, SSL_VERIFY_NONE
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
ctx.cert_store = empty_store
assert_nothing_raised {
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
ctx.cert_store = empty_store
server_connect(port, ctx) { |ssl| ssl.puts("abc"); ssl.gets }
}
# Invalid certificate, SSL_VERIFY_PEER
assert_handshake_error {
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.cert_store = empty_store
server_connect(port, ctx) { |ssl| ssl.puts("abc"); ssl.gets }
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.cert_store = empty_store
assert_raise(OpenSSL::SSL::SSLError) {
server_connect(port, ctx)
}
}
end