зеркало из https://github.com/github/ruby.git
[ruby/openssl] test/openssl/test_ssl: assume ECC support
Disabling ECC support of OpenSSL is impractical nowadays. We still try to have the C extension compile on no-ec builds (as well as no-dh or no-engine, etc.) as long as we can, but keeping test cases for such an extreme scenario is not worth the effort. https://github.com/ruby/openssl/commit/2cd01d4676
This commit is contained in:
Kazuki Yamaguchi
Родитель
0e805e73ce
Коммит
5a8e1c520a
|
|
@ -23,7 +23,6 @@ module OpenSSL::SSLPairM
|
|||
sctx = OpenSSL::SSL::SSLContext.new
|
||||
sctx.cert = @svr_cert
|
||||
sctx.key = @svr_key
|
||||
sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
|
||||
sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
|
||||
ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx)
|
||||
ns = ssls.accept
|
||||
|
|
@ -383,7 +382,6 @@ module OpenSSL::TestPairM
|
|||
ctx2 = OpenSSL::SSL::SSLContext.new
|
||||
ctx2.cert = @svr_cert
|
||||
ctx2.key = @svr_key
|
||||
ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
|
||||
|
||||
sock1, sock2 = tcp_pair
|
||||
|
||||
|
|
@ -431,7 +429,6 @@ module OpenSSL::TestPairM
|
|||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.cert = @svr_cert
|
||||
ctx.key = @svr_key
|
||||
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
|
||||
|
||||
sock1, sock2 = tcp_pair
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# frozen_string_literal: true
|
||||
require_relative 'utils'
|
||||
|
||||
if defined?(OpenSSL) && defined?(OpenSSL::PKey::EC)
|
||||
if defined?(OpenSSL)
|
||||
|
||||
class OpenSSL::TestEC < OpenSSL::PKeyTestCase
|
||||
def test_ec_key
|
||||
|
|
|
|||
|
|
@ -124,8 +124,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
end
|
||||
|
||||
def test_add_certificate_multiple_certs
|
||||
pend "EC is not supported" unless defined?(OpenSSL::PKey::EC)
|
||||
|
||||
ca2_key = Fixtures.pkey("rsa-3")
|
||||
ca2_exts = [
|
||||
["basicConstraints", "CA:TRUE", true],
|
||||
|
|
@ -556,6 +554,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ctx_proc = -> ctx {
|
||||
ctx.ssl_version = :TLSv1_2
|
||||
ctx.ciphers = "aNULL"
|
||||
ctx.tmp_dh = Fixtures.pkey("dh-1")
|
||||
ctx.security_level = 0
|
||||
}
|
||||
|
||||
|
|
@ -830,7 +829,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
|
||||
def test_tlsext_hostname
|
||||
fooctx = OpenSSL::SSL::SSLContext.new
|
||||
fooctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
|
||||
fooctx.cert = @cli_cert
|
||||
fooctx.key = @cli_key
|
||||
|
||||
|
|
@ -882,7 +880,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ctx2 = OpenSSL::SSL::SSLContext.new
|
||||
ctx2.cert = @svr_cert
|
||||
ctx2.key = @svr_key
|
||||
ctx2.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
|
||||
ctx2.servername_cb = lambda { |args| Object.new }
|
||||
|
||||
sock1, sock2 = socketpair
|
||||
|
|
@ -1329,7 +1326,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ctx1 = OpenSSL::SSL::SSLContext.new
|
||||
ctx1.cert = @svr_cert
|
||||
ctx1.key = @svr_key
|
||||
ctx1.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
|
||||
ctx1.alpn_select_cb = -> (protocols) { nil }
|
||||
ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
|
||||
|
||||
|
|
@ -1484,6 +1480,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ctx_proc2 = proc { |ctx|
|
||||
ctx.ssl_version = :TLSv1_2
|
||||
ctx.ciphers = "EDH"
|
||||
ctx.tmp_dh = Fixtures.pkey("dh-1")
|
||||
}
|
||||
start_server(ctx_proc: ctx_proc2) do |port|
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
|
|
@ -1494,20 +1491,18 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
}
|
||||
end
|
||||
|
||||
if defined?(OpenSSL::PKey::EC)
|
||||
# ECDHE
|
||||
ctx_proc3 = proc { |ctx|
|
||||
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
|
||||
ctx.ecdh_curves = "P-256"
|
||||
# ECDHE
|
||||
ctx_proc3 = proc { |ctx|
|
||||
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
|
||||
ctx.ecdh_curves = "P-256"
|
||||
}
|
||||
start_server(ctx_proc: ctx_proc3) do |port|
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
|
||||
server_connect(port, ctx) { |ssl|
|
||||
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
start_server(ctx_proc: ctx_proc3) do |port|
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
|
||||
server_connect(port, ctx) { |ssl|
|
||||
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -1656,7 +1651,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
end
|
||||
|
||||
def test_ecdh_curves_tls13
|
||||
pend "EC is disabled" unless defined?(OpenSSL::PKey::EC)
|
||||
pend "TLS 1.3 not supported" unless tls13_supported?
|
||||
|
||||
ctx_proc = -> ctx {
|
||||
|
|
|
|||
|
|
@ -215,7 +215,6 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase
|
|||
ctx.cert_store = store
|
||||
ctx.cert = @svr_cert
|
||||
ctx.key = @svr_key
|
||||
ctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
|
||||
ctx.verify_mode = verify_mode
|
||||
ctx_proc.call(ctx) if ctx_proc
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче