зеркало из https://github.com/github/ruby.git
fix OpenSSL::SSL::SSLContext#min_version doesn't work
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60310 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
Родитель
6cba29b422
Коммит
8cbf2dae5a
|
@ -136,6 +136,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
|
||||||
# used.
|
# used.
|
||||||
def set_params(params={})
|
def set_params(params={})
|
||||||
params = DEFAULT_PARAMS.merge(params)
|
params = DEFAULT_PARAMS.merge(params)
|
||||||
|
self.options = params.delete(:options) # set before min_version/max_version
|
||||||
params.each{|name, value| self.__send__("#{name}=", value) }
|
params.each{|name, value| self.__send__("#{name}=", value) }
|
||||||
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
||||||
unless self.ca_file or self.ca_path or self.cert_store
|
unless self.ca_file or self.ca_path or self.cert_store
|
||||||
|
@ -147,7 +148,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
|
||||||
|
|
||||||
# call-seq:
|
# call-seq:
|
||||||
# ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
|
# ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
|
||||||
# ctx.min_version = :TLS1_2
|
# ctx.min_version = :TLSv1_2
|
||||||
# ctx.min_version = nil
|
# ctx.min_version = nil
|
||||||
#
|
#
|
||||||
# Sets the lower bound on the supported SSL/TLS protocol version. The
|
# Sets the lower bound on the supported SSL/TLS protocol version. The
|
||||||
|
@ -166,18 +167,30 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
|
||||||
# sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
|
# sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
|
||||||
# sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
|
# sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
|
||||||
def min_version=(version)
|
def min_version=(version)
|
||||||
|
case version
|
||||||
|
when nil, Integer
|
||||||
|
else
|
||||||
|
version = (METHODS_MAP[version] or
|
||||||
|
raise ArgumentError, "unknown SSL version `#{version.inspect}'")
|
||||||
|
end
|
||||||
set_minmax_proto_version(version, @max_proto_version ||= nil)
|
set_minmax_proto_version(version, @max_proto_version ||= nil)
|
||||||
@min_proto_version = version
|
@min_proto_version = version
|
||||||
end
|
end
|
||||||
|
|
||||||
# call-seq:
|
# call-seq:
|
||||||
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
||||||
# ctx.max_version = :TLS1_2
|
# ctx.max_version = :TLSv1_2
|
||||||
# ctx.max_version = nil
|
# ctx.max_version = nil
|
||||||
#
|
#
|
||||||
# Sets the upper bound of the supported SSL/TLS protocol version. See
|
# Sets the upper bound of the supported SSL/TLS protocol version. See
|
||||||
# #min_version= for the possible values.
|
# #min_version= for the possible values.
|
||||||
def max_version=(version)
|
def max_version=(version)
|
||||||
|
case version
|
||||||
|
when nil, Integer
|
||||||
|
else
|
||||||
|
version = (METHODS_MAP[version] or
|
||||||
|
raise ArgumentError, "unknown SSL version `#{version.inspect}'")
|
||||||
|
end
|
||||||
set_minmax_proto_version(@min_proto_version ||= nil, version)
|
set_minmax_proto_version(@min_proto_version ||= nil, version)
|
||||||
@max_proto_version = version
|
@max_proto_version = version
|
||||||
end
|
end
|
||||||
|
|
|
@ -811,6 +811,33 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
||||||
supported
|
supported
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_min_version
|
||||||
|
supported = check_supported_protocol_versions
|
||||||
|
|
||||||
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
|
ctx.set_params
|
||||||
|
orig_options = ctx.options
|
||||||
|
|
||||||
|
ctx.set_params(min_version: 999)
|
||||||
|
assert_not_equal(ctx.options, orig_options)
|
||||||
|
|
||||||
|
ctx.min_version = :TLSv1_2
|
||||||
|
assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1)
|
||||||
|
assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_1)
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_max_version
|
||||||
|
supported = check_supported_protocol_versions
|
||||||
|
|
||||||
|
ctx = OpenSSL::SSL::SSLContext.new
|
||||||
|
ctx.set_params
|
||||||
|
orig_options = ctx.options
|
||||||
|
|
||||||
|
ctx.max_version = :TLSv1
|
||||||
|
assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_1)
|
||||||
|
assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_2)
|
||||||
|
end
|
||||||
|
|
||||||
def test_minmax_version
|
def test_minmax_version
|
||||||
supported = check_supported_protocol_versions
|
supported = check_supported_protocol_versions
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче