Imported Upstream version 3.7.0upstream/3.7.0

4 files changed, 26 insertions, 10 deletions

diff --git a/spec/integration/ssl/certificate_authority_spec.rb b/spec/integration/ssl/certificate_authority_spec.rb
index acbc38cbc..3cf494afa 100755
--- a/spec/integration/ssl/certificate_authority_spec.rb
+++ b/spec/integration/ssl/certificate_authority_spec.rb
@@ -99,6 +99,32 @@ describe Puppet::SSL::CertificateAuthority, :unless => Puppet.features.microsoft
     end
   end
 
+  describe "when revoking certificate" do
+    it "should work for one certificate" do
+      certificate_request_for("luke.madstop.com")
+
+      ca.sign("luke.madstop.com")
+      ca.revoke("luke.madstop.com")
+
+      expect { ca.verify("luke.madstop.com") }.to raise_error(
+        Puppet::SSL::CertificateAuthority::CertificateVerificationError,
+        "certificate revoked"
+      )
+    end
+
+    it "should work for several certificates" do
+      3.times.each do |c|
+        certificate_request_for("luke.madstop.com")
+        ca.sign("luke.madstop.com")
+        ca.destroy("luke.madstop.com")
+      end
+      ca.revoke("luke.madstop.com")
+
+      ca.crl.content.revoked.map { |r| r.serial }.should == [2,3,4] # ca has serial 1
+    end
+
+  end
+
   it "allows autosigning certificates concurrently", :unless => Puppet::Util::Platform.windows? do
     Puppet[:autosign] = true
     hosts = (0..4).collect { |i| certificate_request_for("host#{i}") }
diff --git a/spec/integration/ssl/certificate_request_spec.rb b/spec/integration/ssl/certificate_request_spec.rb
index 4a035d532..eeb29da79 100755
--- a/spec/integration/ssl/certificate_request_spec.rb
+++ b/spec/integration/ssl/certificate_request_spec.rb
@@ -10,8 +10,6 @@ describe Puppet::SSL::CertificateRequest do
     # Get a safe temporary file
     dir = tmpdir("csr_integration_testing")
 
-    Puppet.settings.clear
-
     Puppet.settings[:confdir] = dir
     Puppet.settings[:vardir] = dir
     Puppet.settings[:group] = Process.gid
@@ -26,10 +24,6 @@ describe Puppet::SSL::CertificateRequest do
     Puppet::SSL::CertificateRequest.indirection.termini.clear
   end
 
-  after do
-    Puppet.settings.clear
-  end
-
   it "should be able to generate CSRs" do
     @csr.generate(@key)
   end
diff --git a/spec/integration/ssl/certificate_revocation_list_spec.rb b/spec/integration/ssl/certificate_revocation_list_spec.rb
index 06a69a741..ec344926b 100755
--- a/spec/integration/ssl/certificate_revocation_list_spec.rb
+++ b/spec/integration/ssl/certificate_revocation_list_spec.rb
@@ -20,8 +20,6 @@ describe Puppet::SSL::CertificateRevocationList do
   after {
     Puppet::SSL::Host.ca_location = :none
 
-    Puppet.settings.clear
-
     # This is necessary so the terminus instances don't lie around.
     Puppet::SSL::Host.indirection.termini.clear
   }
diff --git a/spec/integration/ssl/host_spec.rb b/spec/integration/ssl/host_spec.rb
index fbb108db7..18f0d17fc 100755
--- a/spec/integration/ssl/host_spec.rb
+++ b/spec/integration/ssl/host_spec.rb
@@ -22,8 +22,6 @@ describe Puppet::SSL::Host do
 
   after {
     Puppet::SSL::Host.ca_location = :none
-
-    Puppet.settings.clear
   }
 
   it "should be considered a CA host if its name is equal to 'ca'" do