test/ssl-test_test.rb in ssl-test-1.2.0 vs test/ssl-test_test.rb in ssl-test-1.3.0

@@ -37,20 +37,27 @@
       error.must_equal "error code 18: self signed certificate"
       valid.must_equal false
       cert.must_be_instance_of OpenSSL::X509::Certificate
     end
 
+    it "returns error on incomplete chain" do
+      valid, error, cert = SSLTest.test("https://incomplete-chain.badssl.com/")
+      error.must_equal "error code 20: unable to get local issuer certificate"
+      valid.must_equal false
+      cert.must_be_instance_of OpenSSL::X509::Certificate
+    end
+
     it "returns error on untrusted root" do
       valid, error, cert = SSLTest.test("https://untrusted-root.badssl.com/")
       error.must_equal "error code 20: unable to get local issuer certificate"
       valid.must_equal false
       cert.must_be_instance_of OpenSSL::X509::Certificate
     end
 
     it "returns error on invalid host" do
       valid, error, cert = SSLTest.test("https://wrong.host.badssl.com/")
-      error.must_equal 'hostname "wrong.host.badssl.com" does not match the server certificate (*.badssl.com, badssl.com)'
+      error.must_equal 'hostname "wrong.host.badssl.com" does not match the server certificate'
       valid.must_equal false
       cert.must_be_instance_of OpenSSL::X509::Certificate
     end
 
     it "returns error on expired cert" do
@@ -72,14 +79,34 @@
       error.must_equal "SSL certificate test failed: Net::OpenTimeout"
       valid.must_be_nil
       cert.must_be_nil
     end
 
-    # Not implemented yet
-    # it "returns error on revoked cert" do
-    #   valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
-    #   error.must_equal "error code XX: certificate has been revoked"
-    #   valid.must_equal false
-    #   cert.must_be_instance_of OpenSSL::X509::Certificate
-    # end
+    it "returns error on revoked cert" do
+      valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
+      error.must_equal "SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date: 2019-10-07 20:30:39 UTC)"
+      valid.must_equal false
+      cert.must_be_instance_of OpenSSL::X509::Certificate
+    end
+
+    it "stops following redirection after the limit for the revoked certs check" do
+      valid, error, cert = SSLTest.test("https://github.com/", redirection_limit: 0)
+      error.must_equal "OCSP test couldn't be performed: OCSP response request failed"
+      valid.must_equal true
+      cert.must_be_instance_of OpenSSL::X509::Certificate
+    end
+
+    it "warns when the OCSP URI is missing" do
+      valid, error, cert = SSLTest.test("https://www.demarches-simplifiees.fr")
+      error.must_equal "OCSP test couldn't be performed: Missing OCSP URI in authorityInfoAccess extension"
+      valid.must_equal true
+      cert.must_be_instance_of OpenSSL::X509::Certificate
+    end
+
+    it "warns when the authorityInfoAccess extension is missing" do
+      valid, error, cert = SSLTest.test("https://www.anonymisation.gov.pf")
+      error.must_equal "OCSP test couldn't be performed: Missing authorityInfoAccess extension"
+      valid.must_equal true
+      cert.must_be_instance_of OpenSSL::X509::Certificate
+    end
   end
-end
\ No newline at end of file
+end