github
/
ruby
зеркало из https://github.com/github/ruby.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

[ruby/openssl] ssl: update test_options_disable_versions 

Use the combination of TLS 1.2 and TLS 1.3 instead of TLS 1.1 and TLS
1.2 so that will the test case will be run on latest platforms.

https://github.com/ruby/openssl/commit/e168df0f35
This commit is contained in:
Kazuki Yamaguchi 2021-12-12 00:47:35 +09:00
Родитель 15eefd30ad
Коммит 2df917ed4f
1 изменённых файлов: 43 добавлений и 38 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

81
test/openssl/test_ssl.rb
Просмотреть файл

@ -1209,46 +1209,51 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end
def test_options_disable_versions
# Note: Use of these OP_* flags has been deprecated since OpenSSL 1.1.0.
# It's recommended to use SSLContext#{min,max}_version= instead in real
# applications. The purpose of this test case is to check that SSL options
# are properly propagated to OpenSSL library.
supported = check_supported_protocol_versions
if supported.include?(OpenSSL::SSL::TLS1_1_VERSION) &&
supported.include?(OpenSSL::SSL::TLS1_2_VERSION)
# Server disables ~ TLS 1.1
ctx_proc = proc { |ctx|
ctx.options |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3 |
OpenSSL::SSL::OP_NO_TLSv1 | OpenSSL::SSL::OP_NO_TLSv1_1
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port|
# Client only supports TLS 1.1
ctx1 = OpenSSL::SSL::SSLContext.new
ctx1.min_version = ctx1.max_version = OpenSSL::SSL::TLS1_1_VERSION
assert_handshake_error { server_connect(port, ctx1) { } }
# Client only supports TLS 1.2
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.min_version = ctx2.max_version = OpenSSL::SSL::TLS1_2_VERSION
assert_nothing_raised { server_connect(port, ctx2) { } }
}
# Server only supports TLS 1.1
ctx_proc = proc { |ctx|
ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_1_VERSION
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port|
# Client disables TLS 1.1
ctx1 = OpenSSL::SSL::SSLContext.new
ctx1.options |= OpenSSL::SSL::OP_NO_TLSv1_1
assert_handshake_error { server_connect(port, ctx1) { } }
# Client disables TLS 1.2
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.options |= OpenSSL::SSL::OP_NO_TLSv1_2
assert_nothing_raised { server_connect(port, ctx2) { } }
}
else
pend "TLS 1.1 and TLS 1.2 must be supported; skipping"
if !defined?(OpenSSL::SSL::TLS1_3_VERSION) ||
!supported.include?(OpenSSL::SSL::TLS1_2_VERSION) ||
!supported.include?(OpenSSL::SSL::TLS1_3_VERSION) ||
!defined?(OpenSSL::SSL::OP_NO_TLSv1_3) # LibreSSL < 3.4
pend "this test case requires both TLS 1.2 and TLS 1.3 to be supported " \
"and enabled by default"
end
# Server disables TLS 1.2 and earlier
ctx_proc = proc { |ctx|
ctx.options |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3 |
OpenSSL::SSL::OP_NO_TLSv1 | OpenSSL::SSL::OP_NO_TLSv1_1 |
OpenSSL::SSL::OP_NO_TLSv1_2
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port|
# Client only supports TLS 1.2
ctx1 = OpenSSL::SSL::SSLContext.new
ctx1.min_version = ctx1.max_version = OpenSSL::SSL::TLS1_2_VERSION
assert_handshake_error { server_connect(port, ctx1) { } }
# Client only supports TLS 1.3
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.min_version = ctx2.max_version = OpenSSL::SSL::TLS1_3_VERSION
assert_nothing_raised { server_connect(port, ctx2) { } }
}
# Server only supports TLS 1.2
ctx_proc = proc { |ctx|
ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port|
# Client doesn't support TLS 1.2
ctx1 = OpenSSL::SSL::SSLContext.new
ctx1.options |= OpenSSL::SSL::OP_NO_TLSv1_2
assert_handshake_error { server_connect(port, ctx1) { } }
# Client supports TLS 1.2 by default
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.options |= OpenSSL::SSL::OP_NO_TLSv1_3
assert_nothing_raised { server_connect(port, ctx2) { } }
}
end
def test_ssl_methods_constant