From d4db08fc0d0290a275f304974b471a6efd2842f5 Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Fri, 24 Jun 2022 12:53:56 +0300
Subject: [PATCH] Fix and mark HMAC tests with empty secret as pending for
 openssl 3.0

---
 spec/integration/readme_examples_spec.rb | 1 +
 spec/jwt_spec.rb                         | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/spec/integration/readme_examples_spec.rb b/spec/integration/readme_examples_spec.rb
index 80a90f79..75c65e64 100644
--- a/spec/integration/readme_examples_spec.rb
+++ b/spec/integration/readme_examples_spec.rb
@@ -29,6 +29,7 @@
     end
 
     it 'decodes with HMAC algorithm without secret key' do
+      pending 'Different behaviour on OpenSSL 3.0 (https://github.com/openssl/openssl/issues/13089)' if ::JWT.openssl_3?
       token = JWT.encode payload, nil, 'HS256'
       decoded_token = JWT.decode token, nil, false
 
diff --git a/spec/jwt_spec.rb b/spec/jwt_spec.rb
index 5b203ec5..0f4d4b88 100644
--- a/spec/jwt_spec.rb
+++ b/spec/jwt_spec.rb
@@ -629,6 +629,7 @@
 
   context 'when hmac algorithm is used without secret key' do
     it 'encodes payload' do
+      pending 'Different behaviour on OpenSSL 3.0 (https://github.com/openssl/openssl/issues/13089)' if ::JWT.openssl_3?
       payload = { a: 1, b: 'b' }
 
       token = JWT.encode(payload, '', 'HS256')
@@ -644,8 +645,8 @@
     let(:payload) { { 'a' => 1, 'b' => 'b' } }
 
     it 'ignores algorithm casing during encode/decode' do
-      enc = JWT.encode(payload, '', 'hs256')
-      expect(JWT.decode(enc, '')).to eq([payload, { 'alg' => 'HS256' }])
+      enc = JWT.encode(payload, 'secret', 'hs256')
+      expect(JWT.decode(enc, 'secret')).to eq([payload, { 'alg' => 'HS256' }])
 
       enc = JWT.encode(payload, data[:rsa_private], 'rs512')
       expect(JWT.decode(enc, data[:rsa_public], true, algorithm: 'RS512')).to eq([payload, { 'alg' => 'RS512' }])
@@ -759,6 +760,7 @@
   describe 'when token signed with nil and decoded with nil' do
     let(:no_key_token) { ::JWT.encode(payload, nil, 'HS512') }
     it 'raises JWT::DecodeError' do
+      pending 'Different behaviour on OpenSSL 3.0 (https://github.com/openssl/openssl/issues/13089)' if ::JWT.openssl_3?
       expect { ::JWT.decode(no_key_token, nil, true, algorithms: 'HS512') }.to raise_error(JWT::DecodeError, 'No verification key available')
     end
   end