1require 'rubygems/test_case'
2require 'net/https'
3
4# = Testing Bundled CA
5#
6# The tested hosts are explained in detail here: https://github.com/rubygems/rubygems/commit/5e16a5428f973667cabfa07e94ff939e7a83ebd9
7#
8class TestBundledCA < Gem::TestCase
9
10  THIS_FILE = File.expand_path __FILE__
11
12  def bundled_certificate_store
13    store = OpenSSL::X509::Store.new
14
15    ssl_cert_glob =
16      File.expand_path '../../../lib/rubygems/ssl_certs/*.pem', THIS_FILE
17
18    Dir[ssl_cert_glob].each do |ssl_cert|
19      store.add_file ssl_cert
20    end
21
22    store
23  end
24
25  def assert_https(host)
26    if self.respond_to? :_assertions # minitest <= 4
27      self._assertions += 1
28    else # minitest >= 5
29      self.assertions += 1
30    end
31    http = Net::HTTP.new(host, 443)
32    http.use_ssl = true
33    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
34    http.cert_store = bundled_certificate_store
35    http.get('/')
36  rescue Errno::ENOENT
37    skip "#{host} seems offline, I can't tell whether ssl would work."
38  rescue OpenSSL::SSL::SSLError => e
39    # Only fail for certificate verification errors
40    if e.message =~ /certificate verify failed/
41      flunk "#{host} is not verifiable using the included certificates. Error was: #{e.message}"
42    end
43    raise
44  end
45
46  def test_accessing_rubygems
47    assert_https('rubygems.org')
48  end
49
50  def test_accessing_cloudfront
51    assert_https('d2chzxaqi4y7f8.cloudfront.net')
52  end
53
54  def test_accessing_s3
55    assert_https('s3.amazonaws.com')
56  end
57
58end if ENV['TRAVIS']
59
60