-
Notifications
You must be signed in to change notification settings - Fork 83
Closed
Description
Spec from my project: https://github.com/basho/riak-ruby-client/blob/0e162cecbbb0ee550080de56abbb30032c59ac5f/spec/integration/riak/security_spec.rb#L45-L57
it "refuses to connect if the server cert isn't recognized" do
broken_auth_config = config.dup
broken_auth_config[:authentication] = broken_auth_config[:authentication].dup
# this CA has never ever been used to sign a key
broken_auth_config[:authentication][:ca_file] =
File.join('support', 'certs', 'empty_ca.crt')
bugged_crypto_client = Riak::Client.new broken_auth_config
expect{ bugged_crypto_client.ping }.
to(raise_error(OpenSSL::SSL::SSLError,
/certificate verify failed/i))
end
This raises an OpenSSL::SSL::SSLError with an unhelpful message: #<OpenSSL::SSL::SSLError: No message available>
instead of one describing the problem or matching one I've seen from C-Ruby OpenSSL.
The TLS connection is established at:
https://github.com/basho/riak-ruby-client/blob/0e162cecbbb0ee550080de56abbb30032c59ac5f/lib/riak/client/beefcake/socket.rb#L162
I suspect the error is one of these: https://github.com/jruby/jruby-openssl/blob/master/src/main/java/org/jruby/ext/openssl/SSLSocket.java#L202
Metadata
Metadata
Assignees
Labels
No labels