Refactor openssl command arguments into a separate function and add a test for it
This commit is contained in:
+22
-11
@@ -803,17 +803,7 @@ fn openssl_https_get_text(url: &str) -> Result<String> {
|
|||||||
let bootstrap_ca_path = write_bootstrap_ca_tempfile()?;
|
let bootstrap_ca_path = write_bootstrap_ca_tempfile()?;
|
||||||
let result = (|| {
|
let result = (|| {
|
||||||
let mut cmd = Command::new("openssl");
|
let mut cmd = Command::new("openssl");
|
||||||
cmd.args([
|
cmd.args(openssl_s_client_args(&bootstrap_ca_path, host, port));
|
||||||
"s_client",
|
|
||||||
"-quiet",
|
|
||||||
"-verify_return_error",
|
|
||||||
"-verifyCAfile",
|
|
||||||
bootstrap_ca_path.to_str().unwrap_or(""),
|
|
||||||
"-connect",
|
|
||||||
&format!("{host}:{port}"),
|
|
||||||
"-servername",
|
|
||||||
host,
|
|
||||||
]);
|
|
||||||
if Path::new(DEFAULT_SSL_CERTS_DIR).is_dir() {
|
if Path::new(DEFAULT_SSL_CERTS_DIR).is_dir() {
|
||||||
cmd.args(["-verifyCApath", DEFAULT_SSL_CERTS_DIR]);
|
cmd.args(["-verifyCApath", DEFAULT_SSL_CERTS_DIR]);
|
||||||
}
|
}
|
||||||
@@ -851,6 +841,20 @@ fn openssl_https_get_text(url: &str) -> Result<String> {
|
|||||||
result
|
result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn openssl_s_client_args(bootstrap_ca_path: &Path, host: &str, port: u16) -> Vec<String> {
|
||||||
|
vec![
|
||||||
|
"s_client".to_string(),
|
||||||
|
"-quiet".to_string(),
|
||||||
|
"-verify_return_error".to_string(),
|
||||||
|
"-CAfile".to_string(),
|
||||||
|
bootstrap_ca_path.display().to_string(),
|
||||||
|
"-connect".to_string(),
|
||||||
|
format!("{host}:{port}"),
|
||||||
|
"-servername".to_string(),
|
||||||
|
host.to_string(),
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
fn write_bootstrap_ca_tempfile() -> Result<PathBuf> {
|
fn write_bootstrap_ca_tempfile() -> Result<PathBuf> {
|
||||||
let nonce = SystemTime::now()
|
let nonce = SystemTime::now()
|
||||||
.duration_since(UNIX_EPOCH)
|
.duration_since(UNIX_EPOCH)
|
||||||
@@ -2358,6 +2362,13 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
|||||||
assert!(out.contains("BEGINDATA"));
|
assert!(out.contains("BEGINDATA"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn openssl_s_client_args_use_portable_ca_file_flag() {
|
||||||
|
let args = openssl_s_client_args(Path::new("/tmp/bootstrap-ca.pem"), "hg.mozilla.org", 443);
|
||||||
|
assert!(args.contains(&"-CAfile".to_string()));
|
||||||
|
assert!(!args.contains(&"-verifyCAfile".to_string()));
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn decode_certdata_octal_multiline_decodes_bytes() {
|
fn decode_certdata_octal_multiline_decodes_bytes() {
|
||||||
let lines = vec![r"\101\102".to_string(), r"\103".to_string()];
|
let lines = vec![r"\101\102".to_string(), r"\103".to_string()];
|
||||||
|
|||||||
Reference in New Issue
Block a user