diff --git a/test/fixtures/cacert.pem b/test/fixtures/cacert.pem new file mode 100644 index 00000000..f8b134e1 --- /dev/null +++ b/test/fixtures/cacert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAf+gAwIBAgIEVHpbmjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhy +dWJ5bGRhcDAeFw0xNDExMjkyMzQ5NDZaFw0xNTExMjkyMzQ5NDZaMBMxETAPBgNV +BAMTCHJ1YnlsZGFwMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEA4pKe +cDCNuL53fkpO/WSAS+gmMTsOs+oOK71kZlk2QT/MBz8TxC6m358qCADjnXcMVVxa +ySQbQlVKZMkIvLNciZbiLDgC5II0NbHACNa8rqenoKRjS4J9W3OhA8EmnXn/Me+8 +uMCI9tfnKNRZYdkQZlra4I+Idn+xYfl/5q5b/7ZjPS2zY/585hFEYE+5vfOZVBSU +3HMNSeuJvTehLv7dD7aQfXNM4cRgHXequkJQ/HLLFAO4AgJ+LJrFWpj7GWz3crgr +9G5px4T78wJH3NQiOsG6UBXPw8c4T+Z6GAWX2l1zs1gZsaiCVbAraqK3404lL7yp ++ThbsW3ifzgNPhmjScXBLdbEDrrAKosW7kkTOGzxiMCBmNlj2SKhcztoduAtfF1f +Fs2Jk8MRTHwO8ThD7wIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB +/wQFAwMHBAAwHQYDVR0OBBYEFJDm67ekyFu4/Z7VcO6Vk/5pinGcMA0GCSqGSIb3 +DQEBCwUAA4IBMQDHeEPzfYRtjynpUKyrtxx/6ZVOfCLuz4eHkBZggz/pJacDCv/a +I//W03XCk8RWq/fWVVUzvxXgPwnYcw992PLM7XW81zp6ruRUDWooYnjHZZz3bRhe +kC4QvM2mZhcsMVmhmWWKZn81qXgVdUY1XNRhk87cuXjF/UTpEieFvWAsCUkFZkqB +AmySCuI/FuPaauT1YAltkIlYAEIGNJGZDMf2BTVUQpXhTXeS9/AZWLNDBwiq+fwo +YYnsr9MnBXCEmg1gVSR/Ay2AZmbYfiYtb5kU8uq2lSWAUb4LX6HZl82wo3OilrJ2 +WXl6Qf+Fcy4qqkRt4AKHjtzizpEDCOVYuuG0Zoy+QnxNXRsEzpb8ymnJFrcgYfk/ +6Lv2gWAFl5FqCZp7gBWg55eL2coT4C+mbNTF +-----END CERTIFICATE----- diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index c322f401..bea6b034 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -20,8 +20,15 @@ def test_bind_fail refute @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "not my password"), @ldap.get_operation_result.inspect end - def test_bind_tls - @ldap.encryption(method: :start_tls, tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS) + def test_bind_tls_with_cafile + tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(:ca_file => CA_FILE) + @ldap.encryption(method: :start_tls, tls_options: tls_options) + assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect + end + + def test_bind_tls_with_verify_none + tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(:verify_mode => OpenSSL::SSL::VERIFY_NONE) + @ldap.encryption(method: :start_tls, tls_options: tls_options) assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect end end diff --git a/test/test_helper.rb b/test/test_helper.rb index f208977d..640b0e23 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -6,6 +6,18 @@ # Whether integration tests should be run. INTEGRATION = ENV.fetch("INTEGRATION", "skip") != "skip" +# The CA file to verify certs against for tests. +# Override with CA_FILE env variable; otherwise checks for the VM-specific path +# and falls back to the test/fixtures/cacert.pem for local testing. +CA_FILE = + ENV.fetch("CA_FILE") do + if File.exist?("/etc/ssl/certs/cacert.pem") + "/etc/ssl/certs/cacert.pem" + else + File.expand_path("fixtures/cacert.pem", File.dirname(__FILE__)) + end + end + if RUBY_VERSION < "2.0" class String def b