зеркало из https://github.com/github/ruby.git
openssl: sync with upstream repository
Sync with the current tip of master branch, 62436385306c of ruby/openssl.git. Changes can be found at: https://github.com/ruby/openssl/compare/v2.1.1...62436385306c ---------------------------------------------------------------- Brian Cunnie (1): Correctly verify abbreviated IPv6 SANs Janko Marohnić (1): Reduce memory allocation when writing to SSLSocket Jeremy Evans (1): Move rb_global_variable call to directly after assignment Kazuki Yamaguchi (7): pkcs7: allow recipient's certificate to be omitted for PKCS7#decrypt pkey: resume key generation after interrupt tool/ruby-openssl-docker: update to latest versions test/test_ssl: fix test failure with TLS 1.3 test/test_x509name: change script encoding to ASCII-8BIT x509name: refactor OpenSSL::X509::Name#to_s x509name: fix handling of X509_NAME_{oneline,print_ex}() return value ahadc (1): Update CONTRIBUTING.md nobu (6): no ID cache in Init functions search winsock libraries explicitly openssl: search winsock openssl_missing.h: constified reduce LibreSSL warnings openssl/buffering.rb: no RS when output git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
rhe
Родитель
4b13656e39
Коммит
a0f292bbcd
|
|
@ -316,20 +316,15 @@ module OpenSSL::Buffering
|
|||
@wbuffer << s
|
||||
@wbuffer.force_encoding(Encoding::BINARY)
|
||||
@sync ||= false
|
||||
if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex("\n")
|
||||
remain = idx ? idx + 1 : @wbuffer.size
|
||||
nwritten = 0
|
||||
while remain > 0
|
||||
str = @wbuffer[nwritten,remain]
|
||||
if @sync or @wbuffer.size > BLOCK_SIZE
|
||||
until @wbuffer.empty?
|
||||
begin
|
||||
nwrote = syswrite(str)
|
||||
nwrote = syswrite(@wbuffer)
|
||||
rescue Errno::EAGAIN
|
||||
retry
|
||||
end
|
||||
remain -= nwrote
|
||||
nwritten += nwrote
|
||||
@wbuffer[0, nwrote] = ""
|
||||
end
|
||||
@wbuffer[0,nwritten] = ""
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@
|
|||
|
||||
require "openssl/buffering"
|
||||
require "io/nonblock"
|
||||
require "ipaddr"
|
||||
|
||||
module OpenSSL
|
||||
module SSL
|
||||
|
|
@ -272,11 +273,11 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
|
|||
return true if verify_hostname(hostname, san.value)
|
||||
when 7 # iPAddress in GeneralName (RFC5280)
|
||||
should_verify_common_name = false
|
||||
# follows GENERAL_NAME_print() in x509v3/v3_alt.c
|
||||
if san.value.size == 4
|
||||
return true if san.value.unpack('C*').join('.') == hostname
|
||||
elsif san.value.size == 16
|
||||
return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
|
||||
if san.value.size == 4 || san.value.size == 16
|
||||
begin
|
||||
return true if san.value == IPAddr.new(hostname).hton
|
||||
rescue IPAddr::InvalidAddressError
|
||||
end
|
||||
end
|
||||
end
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,34 +10,37 @@ Gem::Specification.new do |s|
|
|||
s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata=
|
||||
s.require_paths = ["lib".freeze]
|
||||
s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze]
|
||||
s.date = "2018-05-12"
|
||||
s.date = "2018-08-08"
|
||||
s.description = "It wraps the OpenSSL library.".freeze
|
||||
s.email = ["ruby-core@ruby-lang.org".freeze]
|
||||
s.extensions = ["ext/openssl/extconf.rb".freeze]
|
||||
s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "History.md".freeze, "README.md".freeze]
|
||||
s.extra_rdoc_files = ["History.md".freeze, "README.md".freeze, "CONTRIBUTING.md".freeze]
|
||||
s.files = ["BSDL".freeze, "CONTRIBUTING.md".freeze, "History.md".freeze, "LICENSE.txt".freeze, "README.md".freeze, "ext/openssl/deprecation.rb".freeze, "ext/openssl/extconf.rb".freeze, "ext/openssl/openssl_missing.c".freeze, "ext/openssl/openssl_missing.h".freeze, "ext/openssl/ossl.c".freeze, "ext/openssl/ossl.h".freeze, "ext/openssl/ossl_asn1.c".freeze, "ext/openssl/ossl_asn1.h".freeze, "ext/openssl/ossl_bio.c".freeze, "ext/openssl/ossl_bio.h".freeze, "ext/openssl/ossl_bn.c".freeze, "ext/openssl/ossl_bn.h".freeze, "ext/openssl/ossl_cipher.c".freeze, "ext/openssl/ossl_cipher.h".freeze, "ext/openssl/ossl_config.c".freeze, "ext/openssl/ossl_config.h".freeze, "ext/openssl/ossl_digest.c".freeze, "ext/openssl/ossl_digest.h".freeze, "ext/openssl/ossl_engine.c".freeze, "ext/openssl/ossl_engine.h".freeze, "ext/openssl/ossl_hmac.c".freeze, "ext/openssl/ossl_hmac.h".freeze, "ext/openssl/ossl_kdf.c".freeze, "ext/openssl/ossl_kdf.h".freeze, "ext/openssl/ossl_ns_spki.c".freeze, "ext/openssl/ossl_ns_spki.h".freeze, "ext/openssl/ossl_ocsp.c".freeze, "ext/openssl/ossl_ocsp.h".freeze, "ext/openssl/ossl_pkcs12.c".freeze, "ext/openssl/ossl_pkcs12.h".freeze, "ext/openssl/ossl_pkcs7.c".freeze, "ext/openssl/ossl_pkcs7.h".freeze, "ext/openssl/ossl_pkey.c".freeze, "ext/openssl/ossl_pkey.h".freeze, "ext/openssl/ossl_pkey_dh.c".freeze, "ext/openssl/ossl_pkey_dsa.c".freeze, "ext/openssl/ossl_pkey_ec.c".freeze, "ext/openssl/ossl_pkey_rsa.c".freeze, "ext/openssl/ossl_rand.c".freeze, "ext/openssl/ossl_rand.h".freeze, "ext/openssl/ossl_ssl.c".freeze, "ext/openssl/ossl_ssl.h".freeze, "ext/openssl/ossl_ssl_session.c".freeze, "ext/openssl/ossl_version.h".freeze, "ext/openssl/ossl_x509.c".freeze, "ext/openssl/ossl_x509.h".freeze, "ext/openssl/ossl_x509attr.c".freeze, "ext/openssl/ossl_x509cert.c".freeze, "ext/openssl/ossl_x509crl.c".freeze, "ext/openssl/ossl_x509ext.c".freeze, "ext/openssl/ossl_x509name.c".freeze, "ext/openssl/ossl_x509req.c".freeze, "ext/openssl/ossl_x509revoked.c".freeze, "ext/openssl/ossl_x509store.c".freeze, "ext/openssl/ruby_missing.h".freeze, "lib/openssl.rb".freeze, "lib/openssl/bn.rb".freeze, "lib/openssl/buffering.rb".freeze, "lib/openssl/cipher.rb".freeze, "lib/openssl/config.rb".freeze, "lib/openssl/digest.rb".freeze, "lib/openssl/pkcs5.rb".freeze, "lib/openssl/pkey.rb".freeze, "lib/openssl/ssl.rb".freeze, "lib/openssl/x509.rb".freeze]
|
||||
s.homepage = "https://github.com/ruby/openssl".freeze
|
||||
s.licenses = ["Ruby".freeze]
|
||||
s.rdoc_options = ["--main".freeze, "README.md".freeze]
|
||||
s.required_ruby_version = Gem::Requirement.new(">= 2.3.0".freeze)
|
||||
s.rubygems_version = "2.7.6".freeze
|
||||
s.rubygems_version = "3.0.0.beta1".freeze
|
||||
s.summary = "OpenSSL provides SSL, TLS and general purpose cryptography.".freeze
|
||||
|
||||
if s.respond_to? :specification_version then
|
||||
s.specification_version = 4
|
||||
|
||||
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
||||
s.add_runtime_dependency(%q<ipaddr>.freeze, [">= 0"])
|
||||
s.add_development_dependency(%q<rake>.freeze, [">= 0"])
|
||||
s.add_development_dependency(%q<rake-compiler>.freeze, [">= 0"])
|
||||
s.add_development_dependency(%q<test-unit>.freeze, ["~> 3.0"])
|
||||
s.add_development_dependency(%q<rdoc>.freeze, [">= 0"])
|
||||
else
|
||||
s.add_dependency(%q<ipaddr>.freeze, [">= 0"])
|
||||
s.add_dependency(%q<rake>.freeze, [">= 0"])
|
||||
s.add_dependency(%q<rake-compiler>.freeze, [">= 0"])
|
||||
s.add_dependency(%q<test-unit>.freeze, ["~> 3.0"])
|
||||
s.add_dependency(%q<rdoc>.freeze, [">= 0"])
|
||||
end
|
||||
else
|
||||
s.add_dependency(%q<ipaddr>.freeze, [">= 0"])
|
||||
s.add_dependency(%q<rake>.freeze, [">= 0"])
|
||||
s.add_dependency(%q<rake-compiler>.freeze, [">= 0"])
|
||||
s.add_dependency(%q<test-unit>.freeze, ["~> 3.0"])
|
||||
|
|
|
|||
|
|
@ -27,9 +27,6 @@ int ossl_EC_curve_nist2nid(const char *);
|
|||
|
||||
#if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
|
||||
# define X509_STORE_CTX_get0_store(x) ((x)->ctx)
|
||||
#elif defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL
|
||||
/* old LibreSSL provides this function but lacks the declaration */
|
||||
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *xs);
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_SSL_IS_SERVER)
|
||||
|
|
|
|||
|
|
@ -1824,6 +1824,7 @@ do{\
|
|||
rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
|
||||
|
||||
class_tag_map = rb_hash_new();
|
||||
rb_global_variable(&class_tag_map);
|
||||
rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
|
||||
rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
|
||||
rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
|
||||
|
|
@ -1847,7 +1848,6 @@ do{\
|
|||
rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
|
||||
rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
|
||||
rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
|
||||
rb_global_variable(&class_tag_map);
|
||||
|
||||
id_each = rb_intern_const("each");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -803,9 +803,9 @@ ossl_pkcs7_decrypt(int argc, VALUE *argv, VALUE self)
|
|||
BIO *out;
|
||||
VALUE str;
|
||||
|
||||
rb_scan_args(argc, argv, "21", &pkey, &cert, &flags);
|
||||
rb_scan_args(argc, argv, "12", &pkey, &cert, &flags);
|
||||
key = GetPrivPKeyPtr(pkey); /* NO NEED TO DUP */
|
||||
x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
|
||||
x509 = NIL_P(cert) ? NULL : GetX509CertPtr(cert); /* NO NEED TO DUP */
|
||||
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
|
||||
GetPKCS7(self, p7);
|
||||
if(!(out = BIO_new(BIO_s_mem())))
|
||||
|
|
|
|||
|
|
@ -20,6 +20,21 @@ static ID id_private_q;
|
|||
/*
|
||||
* callback for generating keys
|
||||
*/
|
||||
static VALUE
|
||||
call_check_ints0(VALUE arg)
|
||||
{
|
||||
rb_thread_check_ints();
|
||||
return Qnil;
|
||||
}
|
||||
|
||||
static void *
|
||||
call_check_ints(void *arg)
|
||||
{
|
||||
int state;
|
||||
rb_protect(call_check_ints0, Qnil, &state);
|
||||
return (void *)(VALUE)state;
|
||||
}
|
||||
|
||||
int
|
||||
ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
|
||||
{
|
||||
|
|
@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
|
|||
*/
|
||||
rb_protect(rb_yield, ary, &state);
|
||||
if (state) {
|
||||
arg->stop = 1;
|
||||
arg->state = state;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (arg->interrupted) {
|
||||
arg->interrupted = 0;
|
||||
state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
|
||||
if (state) {
|
||||
arg->state = state;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (arg->stop) return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -50,7 +72,7 @@ void
|
|||
ossl_generate_cb_stop(void *ptr)
|
||||
{
|
||||
struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
|
||||
arg->stop = 1;
|
||||
arg->interrupted = 1;
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
|
|||
|
||||
struct ossl_generate_cb_arg {
|
||||
int yield;
|
||||
int stop;
|
||||
int interrupted;
|
||||
int state;
|
||||
};
|
||||
int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
|
||||
|
|
|
|||
|
|
@ -250,14 +250,12 @@ ossl_x509name_to_s_old(VALUE self)
|
|||
{
|
||||
X509_NAME *name;
|
||||
char *buf;
|
||||
VALUE str;
|
||||
|
||||
GetX509Name(self, name);
|
||||
buf = X509_NAME_oneline(name, NULL, 0);
|
||||
str = rb_str_new2(buf);
|
||||
OPENSSL_free(buf);
|
||||
|
||||
return str;
|
||||
if (!buf)
|
||||
ossl_raise(eX509NameError, "X509_NAME_oneline");
|
||||
return ossl_buf2str(buf, rb_long2int(strlen(buf)));
|
||||
}
|
||||
|
||||
static VALUE
|
||||
|
|
@ -265,12 +263,14 @@ x509name_print(VALUE self, unsigned long iflag)
|
|||
{
|
||||
X509_NAME *name;
|
||||
BIO *out;
|
||||
int ret;
|
||||
|
||||
GetX509Name(self, name);
|
||||
out = BIO_new(BIO_s_mem());
|
||||
if (!out)
|
||||
ossl_raise(eX509NameError, NULL);
|
||||
if (!X509_NAME_print_ex(out, name, 0, iflag)) {
|
||||
ret = X509_NAME_print_ex(out, name, 0, iflag);
|
||||
if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
|
||||
BIO_free(out);
|
||||
ossl_raise(eX509NameError, "X509_NAME_print_ex");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -133,6 +133,8 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
|
|||
assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
|
||||
assert_equal(3, recip[1].serial)
|
||||
assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
|
||||
|
||||
assert_equal(data, p7.decrypt(@rsa1024))
|
||||
end
|
||||
|
||||
def test_graceful_parsing_failure #[ruby-core:43250]
|
||||
|
|
|
|||
|
|
@ -47,6 +47,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
assert_equal 2, ssl.peer_cert_chain.size
|
||||
assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der
|
||||
assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der
|
||||
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
ensure
|
||||
ssl&.close
|
||||
sock&.close
|
||||
|
|
@ -65,6 +67,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
assert_equal @svr_cert.subject, ssl.peer_cert.subject
|
||||
assert_equal [@svr_cert.subject, @ca_cert.subject],
|
||||
ssl.peer_cert_chain.map(&:subject)
|
||||
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
end
|
||||
end
|
||||
|
|
@ -157,6 +161,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
sock = TCPSocket.new("127.0.0.1", port)
|
||||
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
||||
ssl.connect
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
ssl.close
|
||||
assert_not_predicate sock, :closed?
|
||||
ensure
|
||||
|
|
@ -168,6 +173,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
||||
ssl.sync_close = true # !!
|
||||
ssl.connect
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
ssl.close
|
||||
assert_predicate sock, :closed?
|
||||
ensure
|
||||
|
|
@ -259,7 +265,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
client_ca_from_server = sslconn.client_ca
|
||||
[@cli_cert, @cli_key]
|
||||
end
|
||||
server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) }
|
||||
server_connect(port, ctx) { |ssl|
|
||||
assert_equal([@ca], client_ca_from_server)
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
|
|
@ -356,21 +365,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
}
|
||||
|
||||
start_server { |port|
|
||||
sock = TCPSocket.new("127.0.0.1", port)
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
||||
ctx.verify_callback = Proc.new do |preverify_ok, store_ctx|
|
||||
store_ctx.error = OpenSSL::X509::V_OK
|
||||
true
|
||||
end
|
||||
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
||||
ssl.sync_close = true
|
||||
begin
|
||||
ssl.connect
|
||||
server_connect(port, ctx) { |ssl|
|
||||
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
|
||||
ensure
|
||||
ssl.close
|
||||
end
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
}
|
||||
|
||||
start_server(ignore_listener_error: true) { |port|
|
||||
|
|
@ -455,6 +459,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
|
||||
start_server { |port|
|
||||
server_connect(port) { |ssl|
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
|
||||
assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
|
||||
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
|
||||
assert(ssl.post_connection_check("localhost"))
|
||||
|
|
@ -476,6 +482,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
@svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
|
||||
start_server { |port|
|
||||
server_connect(port) { |ssl|
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
|
||||
assert(ssl.post_connection_check("localhost.localdomain"))
|
||||
assert(ssl.post_connection_check("127.0.0.1"))
|
||||
assert_raise(sslerr){ssl.post_connection_check("localhost")}
|
||||
|
|
@ -496,6 +504,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
@svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key)
|
||||
start_server { |port|
|
||||
server_connect(port) { |ssl|
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
|
||||
assert(ssl.post_connection_check("localhost.localdomain"))
|
||||
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
|
||||
assert_raise(sslerr){ssl.post_connection_check("localhost")}
|
||||
|
|
@ -516,8 +526,12 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, "www.example.com\0.evil.com"))
|
||||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255'))
|
||||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1'))
|
||||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17'))
|
||||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13::17'))
|
||||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::18'))
|
||||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17'))
|
||||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '44:0:0:0:0:0:0:17'))
|
||||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '0013:0000:0000:0000:0000:0000:0000:0017'))
|
||||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '1313:0000:0000:0000:0000:0000:0000:0017'))
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -722,6 +736,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ssl.connect
|
||||
assert_equal @cli_cert.serial, ssl.peer_cert.serial
|
||||
assert_predicate fooctx, :frozen?
|
||||
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
ensure
|
||||
ssl&.close
|
||||
sock.close
|
||||
|
|
@ -733,6 +749,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ssl.hostname = "bar.example.com"
|
||||
ssl.connect
|
||||
assert_equal @svr_cert.serial, ssl.peer_cert.serial
|
||||
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
ensure
|
||||
ssl&.close
|
||||
sock.close
|
||||
|
|
@ -805,7 +823,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
||||
ssl.hostname = name
|
||||
if expected_ok
|
||||
assert_nothing_raised { ssl.connect }
|
||||
ssl.connect
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
else
|
||||
assert_handshake_error { ssl.connect }
|
||||
end
|
||||
|
|
@ -879,7 +898,9 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
}
|
||||
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) do |port|
|
||||
begin
|
||||
server_connect(port) { }
|
||||
server_connect(port) { |ssl|
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
rescue OpenSSL::SSL::SSLError, Errno::ECONNRESET
|
||||
else
|
||||
supported << ver
|
||||
|
|
@ -937,6 +958,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
if ver == cver
|
||||
server_connect(port, ctx1) { |ssl|
|
||||
assert_equal vmap[cver][:name], ssl.ssl_version
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
else
|
||||
assert_handshake_error { server_connect(port, ctx1) { } }
|
||||
|
|
@ -950,6 +972,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
if ver == cver
|
||||
server_connect(port, ctx2) { |ssl|
|
||||
assert_equal vmap[cver][:name], ssl.ssl_version
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
else
|
||||
assert_handshake_error { server_connect(port, ctx2) { } }
|
||||
|
|
@ -962,6 +985,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ctx3.min_version = ctx3.max_version = nil
|
||||
server_connect(port, ctx3) { |ssl|
|
||||
assert_equal vmap[ver][:name], ssl.ssl_version
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
}
|
||||
end
|
||||
|
|
@ -980,6 +1004,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
ctx1.min_version = cver
|
||||
server_connect(port, ctx1) { |ssl|
|
||||
assert_equal vmap[supported.last][:name], ssl.ssl_version
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
|
||||
# Client sets max_version
|
||||
|
|
@ -988,6 +1013,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
if cver >= sver
|
||||
server_connect(port, ctx2) { |ssl|
|
||||
assert_equal vmap[cver][:name], ssl.ssl_version
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
else
|
||||
assert_handshake_error { server_connect(port, ctx2) { } }
|
||||
|
|
@ -1006,6 +1032,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
if cver <= sver
|
||||
server_connect(port, ctx1) { |ssl|
|
||||
assert_equal vmap[sver][:name], ssl.ssl_version
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
else
|
||||
assert_handshake_error { server_connect(port, ctx1) { } }
|
||||
|
|
@ -1020,6 +1047,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
else
|
||||
assert_equal vmap[cver][:name], ssl.ssl_version
|
||||
end
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
end
|
||||
}
|
||||
|
|
@ -1086,6 +1114,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
|
|||
start_server_version(:SSLv23, ctx_proc) { |port|
|
||||
server_connect(port) { |ssl|
|
||||
assert_equal(1, num_handshakes)
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
}
|
||||
end
|
||||
|
|
@ -1104,6 +1133,7 @@ if openssl?(1, 0, 2) || libressl?
|
|||
ctx.alpn_protocols = advertised
|
||||
server_connect(port, ctx) { |ssl|
|
||||
assert_equal(advertised.first, ssl.alpn_protocol)
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
}
|
||||
end
|
||||
|
|
@ -1226,14 +1256,11 @@ end
|
|||
end
|
||||
|
||||
def test_close_after_socket_close
|
||||
server_proc = proc { |ctx, ssl|
|
||||
# Do nothing
|
||||
}
|
||||
start_server(server_proc: server_proc) { |port|
|
||||
start_server { |port|
|
||||
sock = TCPSocket.new("127.0.0.1", port)
|
||||
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
||||
ssl.sync_close = true
|
||||
ssl.connect
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
sock.close
|
||||
assert_nothing_raised do
|
||||
ssl.close
|
||||
|
|
@ -1298,6 +1325,7 @@ end
|
|||
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
|
||||
server_connect(port, ctx) { |ssl|
|
||||
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
end
|
||||
end
|
||||
|
|
@ -1440,6 +1468,7 @@ end
|
|||
assert_equal "secp384r1", ssl.tmp_key.group.curve_name
|
||||
end
|
||||
end
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
|
||||
if openssl?(1, 0, 2) || libressl?(2, 5, 1)
|
||||
|
|
@ -1455,6 +1484,7 @@ end
|
|||
|
||||
server_connect(port, ctx) { |ssl|
|
||||
assert_equal "secp521r1", ssl.tmp_key.group.curve_name
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
}
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -113,6 +113,7 @@ __EOS__
|
|||
non_resumable = nil
|
||||
start_server { |port|
|
||||
server_connect_with_session(port, nil, nil) { |ssl|
|
||||
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
||||
non_resumable = ssl.session
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -371,6 +371,12 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
|
|||
assert_equal "DC = org, DC = ruby-lang, " \
|
||||
"CN = \"\\E3\\83\\95\\E3\\83\\BC, \\E3\\83\\90\\E3\\83\\BC\"",
|
||||
name.to_s(OpenSSL::X509::Name::ONELINE)
|
||||
|
||||
empty = OpenSSL::X509::Name.new
|
||||
assert_equal "", empty.to_s
|
||||
assert_equal "", empty.to_s(OpenSSL::X509::Name::COMPAT)
|
||||
assert_equal "", empty.to_s(OpenSSL::X509::Name::RFC2253)
|
||||
assert_equal "", empty.to_s(OpenSSL::X509::Name::ONELINE)
|
||||
end
|
||||
|
||||
def test_to_utf8
|
||||
|
|
@ -386,6 +392,9 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
|
|||
expected = "CN=フー\\, バー,DC=ruby-lang,DC=org".force_encoding("UTF-8")
|
||||
assert_equal expected, str
|
||||
assert_equal Encoding.find("UTF-8"), str.encoding
|
||||
|
||||
empty = OpenSSL::X509::Name.new
|
||||
assert_equal "", empty.to_utf8
|
||||
end
|
||||
|
||||
def test_equals2
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче