From 7cbbfa7c7e0fba134838c5c9c58d2d3174232882 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Thu, 19 Feb 2015 16:17:01 +0100
Subject: Make unit tests work again.

Makefile target 'check' runs them.
---
 src/x509.erl | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'src/x509.erl')

diff --git a/src/x509.erl b/src/x509.erl
index b0363cd..32ade83 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -31,7 +31,6 @@ normalise_chain(AcceptableRootCerts, CertChain) ->
 %% an acceptable root cert. Order of certificates in second argument
 %% is: leaf cert in head, chain in tail. Order of first argument is
 %% irrelevant.
-
 -spec valid_chain_p([binary()], [binary()], integer()) ->
                            {false, reason()} | {true, list()}.
 valid_chain_p(_, _, MaxChainLength) when MaxChainLength =< 0 ->
@@ -279,8 +278,8 @@ sign_test_() ->
 
 valid_cert_test_() ->
     {setup,
-     fun() -> {read_pemfiles_from_dir("../test/testdata/known_roots"),
-               read_certs("../test/testdata/chains")} end,
+     fun() -> {read_pemfiles_from_dir("test/testdata/known_roots"),
+               read_certs("test/testdata/chains")} end,
      fun(_) -> ok end,
      fun({KnownRoots, Chains}) ->
              [
@@ -298,7 +297,13 @@ valid_cert_test_() ->
               %% leaf signed by known CA
               ?_assertMatch({true, _},
                             valid_chain_p(KnownRoots,
-                                          lists:nth(3, Chains), 10))
+                                          lists:nth(3, Chains), 10)),
+              %% bug CATLFISH-19 --> [info] rejecting "3ee62cb678014c14d22ebf96f44cc899adea72f1": chain_broken
+              %% leaf sha1: 3ee62cb678014c14d22ebf96f44cc899adea72f1
+              %% leaf Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=www.berea.ac.kr, CN=haksa.bits.ac.kr
+              ?_assertMatch({true, _},
+                            valid_chain_p(lists:nth(4, Chains),
+                                          lists:nth(4, Chains), 10))
               ] end}.
 
 chain_test_() ->
@@ -320,8 +325,6 @@ chain_test(C0, C1) ->
      ?_assertMatch({false, chain_too_long}, valid_chain_p([C1], [C0, C1], 1)),
      %% Root not in trust store.
      ?_assertMatch({false, root_unknown}, valid_chain_p([], [C0, C1], 10)),
-     %% Invalid signer.
-     ?_assertMatch({false, chain_broken}, valid_chain_p([C0], [C1, C0], 10)),
      %% Selfsigned. Actually OK.
      ?_assertMatch({true, []}, valid_chain_p([C0], [C0], 10)),
      ?_assertMatch({true, []}, valid_chain_p([C0], [C0], 1)),
-- 
cgit v1.1