Refactor openssl command to use a dedicated function for CApath arguments and add corresponding tests
This commit is contained in:
+15
-1
@@ -805,7 +805,9 @@ fn openssl_https_get_text(url: &str) -> Result<String> {
|
||||
let mut cmd = Command::new("openssl");
|
||||
cmd.args(openssl_s_client_args(&bootstrap_ca_path, host, port));
|
||||
if Path::new(DEFAULT_SSL_CERTS_DIR).is_dir() {
|
||||
cmd.args(["-verifyCApath", DEFAULT_SSL_CERTS_DIR]);
|
||||
cmd.args(openssl_s_client_capath_args(Path::new(
|
||||
DEFAULT_SSL_CERTS_DIR,
|
||||
)));
|
||||
}
|
||||
cmd.stdin(Stdio::piped())
|
||||
.stdout(Stdio::piped())
|
||||
@@ -855,6 +857,10 @@ fn openssl_s_client_args(bootstrap_ca_path: &Path, host: &str, port: u16) -> Vec
|
||||
]
|
||||
}
|
||||
|
||||
fn openssl_s_client_capath_args(ca_path: &Path) -> Vec<String> {
|
||||
vec!["-CApath".to_string(), ca_path.display().to_string()]
|
||||
}
|
||||
|
||||
fn write_bootstrap_ca_tempfile() -> Result<PathBuf> {
|
||||
let nonce = SystemTime::now()
|
||||
.duration_since(UNIX_EPOCH)
|
||||
@@ -2367,6 +2373,14 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
let args = openssl_s_client_args(Path::new("/tmp/bootstrap-ca.pem"), "hg.mozilla.org", 443);
|
||||
assert!(args.contains(&"-CAfile".to_string()));
|
||||
assert!(!args.contains(&"-verifyCAfile".to_string()));
|
||||
assert!(!args.contains(&"-verifyCApath".to_string()));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn openssl_s_client_capath_args_use_libressl_portable_flag() {
|
||||
let args = openssl_s_client_capath_args(Path::new("/etc/ssl/certs"));
|
||||
assert_eq!(args, vec!["-CApath", "/etc/ssl/certs"]);
|
||||
assert!(!args.contains(&"-verifyCApath".to_string()));
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
||||
Reference in New Issue
Block a user