From 80ed1ef8ab900d3532da17da79ec85d350fdffd6 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Tue, 16 Aug 2016 22:41:36 -0700
Subject: Ignore flickering test on windows

---
 openssl/src/ssl/tests/mod.rs | 1 +
 1 file changed, 1 insertion(+)

(limited to 'openssl/src/ssl/tests/mod.rs')

diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 4e4985e1..2881d4fe 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -909,6 +909,7 @@ fn test_write_nonblocking() {
 }
 
 #[test]
+#[cfg_attr(windows, ignore)] // FIXME flickers on appveyor
 fn test_read_nonblocking() {
     let (_s, stream) = Server::new();
     stream.set_nonblocking(true).unwrap();
-- 
cgit v1.2.3


From cd69343d67081ab9c070f21d58918433a44f97bf Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Wed, 17 Aug 2016 19:30:57 -0700
Subject: Fix SslContext::add_extra_chain_cert

SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.

This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
---
 openssl/src/ssl/tests/mod.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'openssl/src/ssl/tests/mod.rs')

diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 2881d4fe..3bbbed03 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -1081,3 +1081,11 @@ fn default_verify_paths() {
     assert!(result.starts_with(b"HTTP/1.0"));
     assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
 }
+
+#[test]
+fn add_extra_chain_cert() {
+    let cert = include_bytes!("../../../test/cert.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap();
+    ctx.add_extra_chain_cert(&cert).unwrap();
+}
-- 
cgit v1.2.3