зеркало из https://github.com/github/ruby.git
* test/openssl/test_ssl.rb: Clarify the intention of errors to be
expected. Two errors are possible when connection is refused due to a protocol version that was explicitly disallowed, OpenSSL::SSL::SSLError or Errno::ECONNRESET, depending on the OpenSSL version in use. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
emboss
Родитель
913827b6af
Коммит
6f5582a2ae
10
ChangeLog
10
ChangeLog
|
|
@ -1,8 +1,16 @@
|
||||||
|
Fri May 25 23:38:58 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
|
||||||
|
|
||||||
|
* test/openssl/test_ssl.rb: Clarify the intention of errors to be
|
||||||
|
expected. Two errors are possible when connection is refused due
|
||||||
|
to a protocol version that was explicitly disallowed,
|
||||||
|
OpenSSL::SSL::SSLError or Errno::ECONNRESET, depending on the
|
||||||
|
OpenSSL version in use.
|
||||||
|
|
||||||
Fri May 25 22:19:40 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
|
Fri May 25 22:19:40 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
|
||||||
|
|
||||||
* ext/openssl/ossl_ssl.c: Revert r35583
|
* ext/openssl/ossl_ssl.c: Revert r35583
|
||||||
* test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid
|
* test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid
|
||||||
the test failing in Ruby CI [1]
|
the test failing in Ruby CI [1]
|
||||||
|
|
||||||
[1] http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz#test-all
|
[1] http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz#test-all
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -408,6 +408,11 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# different OpenSSL versions react differently when being faced with a
|
||||||
|
# SSL/TLS version that has been marked as forbidden, therefore either of
|
||||||
|
# these may be raised
|
||||||
|
FORBIDDEN_PROTOCOL_ERRORS = [OpenSSL::SSL::SSLError, Errno::ECONNRESET]
|
||||||
|
|
||||||
if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
|
if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
|
||||||
|
|
||||||
def test_forbid_ssl_v3_for_client
|
def test_forbid_ssl_v3_for_client
|
||||||
|
|
@ -415,7 +420,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
|
||||||
start_server_version(:SSLv23, ctx_proc) { |server, port|
|
start_server_version(:SSLv23, ctx_proc) { |server, port|
|
||||||
ctx = OpenSSL::SSL::SSLContext.new
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
ctx.ssl_version = :SSLv3
|
ctx.ssl_version = :SSLv3
|
||||||
assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
|
assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -423,7 +428,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
|
||||||
start_server_version(:SSLv3) { |server, port|
|
start_server_version(:SSLv3) { |server, port|
|
||||||
ctx = OpenSSL::SSL::SSLContext.new
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv3
|
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv3
|
||||||
assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
|
assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -442,7 +447,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
|
||||||
start_server_version(:SSLv23, ctx_proc) { |server, port|
|
start_server_version(:SSLv23, ctx_proc) { |server, port|
|
||||||
ctx = OpenSSL::SSL::SSLContext.new
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
ctx.ssl_version = :TLSv1
|
ctx.ssl_version = :TLSv1
|
||||||
assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
|
assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -450,7 +455,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
|
||||||
start_server_version(:TLSv1) { |server, port|
|
start_server_version(:TLSv1) { |server, port|
|
||||||
ctx = OpenSSL::SSL::SSLContext.new
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1
|
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1
|
||||||
assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
|
assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -469,7 +474,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
|
||||||
start_server_version(:SSLv23, ctx_proc) { |server, port|
|
start_server_version(:SSLv23, ctx_proc) { |server, port|
|
||||||
ctx = OpenSSL::SSL::SSLContext.new
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
ctx.ssl_version = :TLSv1_1
|
ctx.ssl_version = :TLSv1_1
|
||||||
assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
|
assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
|
||||||
}
|
}
|
||||||
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_1)
|
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_1)
|
||||||
|
|
||||||
|
|
@ -477,7 +482,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
|
||||||
start_server_version(:TLSv1_1) { |server, port|
|
start_server_version(:TLSv1_1) { |server, port|
|
||||||
ctx = OpenSSL::SSL::SSLContext.new
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1_1
|
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1_1
|
||||||
assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
|
assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
|
||||||
}
|
}
|
||||||
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_1)
|
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_1)
|
||||||
|
|
||||||
|
|
@ -486,7 +491,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
|
||||||
start_server_version(:SSLv23, ctx_proc) { |server, port|
|
start_server_version(:SSLv23, ctx_proc) { |server, port|
|
||||||
ctx = OpenSSL::SSL::SSLContext.new
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
ctx.ssl_version = :TLSv1_2
|
ctx.ssl_version = :TLSv1_2
|
||||||
assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
|
assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
|
||||||
}
|
}
|
||||||
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_2)
|
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_2)
|
||||||
|
|
||||||
|
|
@ -494,7 +499,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
|
||||||
start_server_version(:TLSv1_2) { |server, port|
|
start_server_version(:TLSv1_2) { |server, port|
|
||||||
ctx = OpenSSL::SSL::SSLContext.new
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1_2
|
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1_2
|
||||||
assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
|
assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
|
||||||
}
|
}
|
||||||
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_2)
|
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_2)
|
||||||
|
|
||||||
|
|
@ -516,8 +521,6 @@ end
|
||||||
ssl.sync_close = true
|
ssl.sync_close = true
|
||||||
ssl.connect
|
ssl.connect
|
||||||
yield ssl
|
yield ssl
|
||||||
rescue Errno::ECONNRESET => e
|
|
||||||
raise OpenSSL::SSL::SSLError.new(e.message)
|
|
||||||
ensure
|
ensure
|
||||||
ssl.close
|
ssl.close
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче