1require 'rubygems/test_case' 2require 'net/https' 3 4# = Testing Bundled CA 5# 6# The tested hosts are explained in detail here: https://github.com/rubygems/rubygems/commit/5e16a5428f973667cabfa07e94ff939e7a83ebd9 7# 8class TestBundledCA < Gem::TestCase 9 10 THIS_FILE = File.expand_path __FILE__ 11 12 def bundled_certificate_store 13 store = OpenSSL::X509::Store.new 14 15 ssl_cert_glob = 16 File.expand_path '../../../lib/rubygems/ssl_certs/*.pem', THIS_FILE 17 18 Dir[ssl_cert_glob].each do |ssl_cert| 19 store.add_file ssl_cert 20 end 21 22 store 23 end 24 25 def assert_https(host) 26 if self.respond_to? :_assertions # minitest <= 4 27 self._assertions += 1 28 else # minitest >= 5 29 self.assertions += 1 30 end 31 http = Net::HTTP.new(host, 443) 32 http.use_ssl = true 33 http.verify_mode = OpenSSL::SSL::VERIFY_PEER 34 http.cert_store = bundled_certificate_store 35 http.get('/') 36 rescue Errno::ENOENT 37 skip "#{host} seems offline, I can't tell whether ssl would work." 38 rescue OpenSSL::SSL::SSLError => e 39 # Only fail for certificate verification errors 40 if e.message =~ /certificate verify failed/ 41 flunk "#{host} is not verifiable using the included certificates. Error was: #{e.message}" 42 end 43 raise 44 end 45 46 def test_accessing_rubygems 47 assert_https('rubygems.org') 48 end 49 50 def test_accessing_cloudfront 51 assert_https('d2chzxaqi4y7f8.cloudfront.net') 52 end 53 54 def test_accessing_s3 55 assert_https('s3.amazonaws.com') 56 end 57 58end if ENV['TRAVIS'] 59 60