ruby.git/test/openssl/test_ossl.rb, branch v4.0.2 The Ruby Programming Language [ruby/openssl] ossl.c: implement OpenSSL::OpenSSLError#detailed_message 2025-12-13T16:57:53+00:00 Kazuki Yamaguchi k@rhe.jp 2025-12-04T14:15:57+00:00 e8d32dddc04b34e2454b1c37b271bc242dddb06e An OpenSSL function sometimes puts more than one error entry into the thread-local OpenSSL error queue. Currently, we use the highest-level entry for generating the exception message and discard the rest. Let ossl_make_error() capture all current OpenSSL error queue contents into OpenSSL::OpenSSLError#errors and extend OpenSSL::OpenSSLError#detailed_message to include the information. An example: $ ruby -Ilib -ropenssl -e'OpenSSL::X509::ExtensionFactory.new.create_ext("a", "b")' -e:1:in 'OpenSSL::X509::ExtensionFactory#create_ext': a = b: error in extension (name=a, value=b) (OpenSSL::X509::ExtensionError) OpenSSL error queue reported 2 errors: error:11000082:X509 V3 routines:do_ext_nconf:unknown extension name error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension (name=a, value=b) from -e:1:in '<main>' https://github.com/ruby/openssl/commit/d28f7a9a13 
An OpenSSL function sometimes puts more than one error entry into the
thread-local OpenSSL error queue. Currently, we use the highest-level
entry for generating the exception message and discard the rest.

Let ossl_make_error() capture all current OpenSSL error queue contents
into OpenSSL::OpenSSLError#errors and extend
OpenSSL::OpenSSLError#detailed_message to include the information.

An example:

    $ ruby -Ilib -ropenssl -e'OpenSSL::X509::ExtensionFactory.new.create_ext("a", "b")'
    -e:1:in 'OpenSSL::X509::ExtensionFactory#create_ext': a = b: error in extension (name=a, value=b) (OpenSSL::X509::ExtensionError)
    OpenSSL error queue reported 2 errors:
    error:11000082:X509 V3 routines:do_ext_nconf:unknown extension name
    error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension (name=a, value=b)
            from -e:1:in '<main>'

https://github.com/ruby/openssl/commit/d28f7a9a13
[ruby/openssl] test/openssl/test_ossl.rb: fix style issues 2025-07-21T14:31:24+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-10T16:14:43+00:00 d4621b42f2dea9ec34097027c9b66144e85e0d11 Use OpenSSL::TestCase instead of OpenSSL::SSLTestCase. Prefer assert_true and assert_false over the bare assert and refute. OpenSSL.fixed_length_secure_compare and OpenSSL.secure_compare will only return true or false, and it should be checked. https://github.com/ruby/openssl/commit/3d9938ed40 
Use OpenSSL::TestCase instead of OpenSSL::SSLTestCase.

Prefer assert_true and assert_false over the bare assert and refute.
OpenSSL.fixed_length_secure_compare and OpenSSL.secure_compare will
only return true or false, and it should be checked.

https://github.com/ruby/openssl/commit/3d9938ed40
[ruby/openssl] Move slow tests to OSSL_TEST_ALL=1 only 2025-07-21T14:31:24+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-10T12:46:36+00:00 090825f5fc9fb40cc7d27c72ec8343ddcea51cda Update GitHub Actions workflows to set OSSL_TEST_ALL=1. Exclude a few slow tests that are not critical for local development, unless OSSL_TEST_ALL=1 is set. The bindings code paths are still reached by other tests with smaller inputs, and failures in those would likely indicate an issue in OpenSSL rather than in the bindings. Newly excluded tests include generating large DSA keys and measuring CRYPTO_memcmp() timing. These tests currently take nearly half of the total runtime. https://github.com/ruby/openssl/commit/382eca2aec 
Update GitHub Actions workflows to set OSSL_TEST_ALL=1.

Exclude a few slow tests that are not critical for local development,
unless OSSL_TEST_ALL=1 is set. The bindings code paths are still reached
by other tests with smaller inputs, and failures in those would likely
indicate an issue in OpenSSL rather than in the bindings.

Newly excluded tests include generating large DSA keys and measuring
CRYPTO_memcmp() timing. These tests currently take nearly half of the
total runtime.

https://github.com/ruby/openssl/commit/382eca2aec
[ruby/openssl] test/openssl/test_ossl.rb: use clock_gettime for measuring time 2025-01-29T17:14:40+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-29T15:07:07+00:00 81c83fd79f8abed2bd000fea6e75c3ad9ab0e662 The benchmark library is planned to become a bundled gem in Ruby 3.5. While we can add it in our Gemfile, it is only used in test_memcmp_timing and the usage can be easily replaced with a few Process.clock_gettime calls. https://github.com/ruby/openssl/commit/9a746ed1a4 
The benchmark library is planned to become a bundled gem in Ruby 3.5.
While we can add it in our Gemfile, it is only used in
test_memcmp_timing and the usage can be easily replaced with a few
Process.clock_gettime calls.

https://github.com/ruby/openssl/commit/9a746ed1a4
Make optional benchmark test in OpenSSL::OSSL#test_memcmp_timing 2024-08-29T08:37:44+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2024-08-29T01:53:53+00:00 1515353353271fd89b803bcbb1472ddb97e3f10d 






[ruby/openssl] test/openssl/test_ossl.rb: relax assertion for error messages
2023-09-06T10:30:55+00:00

Kazuki Yamaguchi
k@rhe.jp

2023-08-31T05:58:14+00:00

1d4a43e7b09d0c90be6bef839b0616fe6a9008cd

The test case test_error_data utilizes the error message generated by
X509V3_EXT_nconf_nid(). The next commit will use X509V3_EXT_nconf(),
which generates a slightly different error message. Let's adapt the
check to it.

https://github.com/ruby/openssl/commit/9cdfa3a4d1





The test case test_error_data utilizes the error message generated by
X509V3_EXT_nconf_nid(). The next commit will use X509V3_EXT_nconf(),
which generates a slightly different error message. Let's adapt the
check to it.

https://github.com/ruby/openssl/commit/9cdfa3a4d1







[ruby/openssl] Include "additional data" message in OpenSSL errors
2023-08-16T05:48:41+00:00

Kazuki Yamaguchi
k@rhe.jp

2023-07-01T12:53:38+00:00

12bdacdca5d19988f3ffe60714f518ec7324b35a

Error entries in the OpenSSL error queue may contain additional
contextual information associated with the error, which can be helpful
when debugging.

This "additional data" is currently only printed to stderr when
OpenSSL.debug is enabled. Let's include this in the exception messages
raised with ossl_raise(), too.

	$ ruby -Ilib -ropenssl -e'OpenSSL.debug=true; OpenSSL::SSL::SSLContext.new.ecdh_curves="P-256:not-a-curve"'
	-e:1: warning: error on stack: error:0A080106:SSL routines:gid_cb:passed invalid argument (group 'not-a-curve' cannot be set)
	-e:1:in `ecdh_curves=': passed invalid argument (group 'not-a-curve' cannot be set) (OpenSSL::SSL::SSLError)
		from -e:1:in `<main>'

https://github.com/ruby/openssl/commit/1c5bbdd68e





Error entries in the OpenSSL error queue may contain additional
contextual information associated with the error, which can be helpful
when debugging.

This "additional data" is currently only printed to stderr when
OpenSSL.debug is enabled. Let's include this in the exception messages
raised with ossl_raise(), too.

	$ ruby -Ilib -ropenssl -e'OpenSSL.debug=true; OpenSSL::SSL::SSLContext.new.ecdh_curves="P-256:not-a-curve"'
	-e:1: warning: error on stack: error:0A080106:SSL routines:gid_cb:passed invalid argument (group 'not-a-curve' cannot be set)
	-e:1:in `ecdh_curves=': passed invalid argument (group 'not-a-curve' cannot be set) (OpenSSL::SSL::SSLError)
		from -e:1:in `<main>'

https://github.com/ruby/openssl/commit/1c5bbdd68e







[ruby/openssl] Look up digest by name instead of constant
2020-05-13T06:47:51+00:00

Bart de Water
bartdewater@gmail.com

2020-04-19T15:14:36+00:00

0b2c70eaa1e8e41fcb6332b22b084dabb81e637c

https://github.com/ruby/openssl/commit/b28fb2f05c





https://github.com/ruby/openssl/commit/b28fb2f05c







Make OpenSSL::OSSL#test_memcmp_timing robust
2020-02-16T10:55:19+00:00

Yusuke Endoh
mame@ruby-lang.org

2020-02-16T10:55:19+00:00

01138f5853a16068fb5a45ea39d3fc35fe664cb7

The test was too fragile.  Actually, it fails on one of our CIs
immediately after it was merged to ruby/ruby.

https://gist.github.com/ko1/7ea4a5826641f79e2f9e041d83e45dba#file-brlog-trunk_clang_40-20200216-101730-L532-L535
https://gist.github.com/ko1/1c657746092b871359d8bf9e0ad28921#file-brlog-trunk-test4-20200216-104518-L473-L476

* Two measurements, a-b and a-c, must be interative instead of
  sequential; the execution time will be easily affected by disturbance
  (say, cron job or some external process invoked during measurement)

* The comparison of the two results must be relative instead of
  absolute; slow machine may take several tens of seconds for each
  execution, and one delta second is too small.  The test cases of a, b,
  and c are very extreme, so if the target method has a bug, the two
  execution times would be very different.  So I think it is enough to
  check if the difference is less than 10 times.

This change is the same as https://github.com/ruby/openssl/pull/332





The test was too fragile.  Actually, it fails on one of our CIs
immediately after it was merged to ruby/ruby.

https://gist.github.com/ko1/7ea4a5826641f79e2f9e041d83e45dba#file-brlog-trunk_clang_40-20200216-101730-L532-L535
https://gist.github.com/ko1/1c657746092b871359d8bf9e0ad28921#file-brlog-trunk-test4-20200216-104518-L473-L476

* Two measurements, a-b and a-c, must be interative instead of
  sequential; the execution time will be easily affected by disturbance
  (say, cron job or some external process invoked during measurement)

* The comparison of the two results must be relative instead of
  absolute; slow machine may take several tens of seconds for each
  execution, and one delta second is too small.  The test cases of a, b,
  and c are very extreme, so if the target method has a bug, the two
  execution times would be very different.  So I think it is enough to
  check if the difference is less than 10 times.

This change is the same as https://github.com/ruby/openssl/pull/332







Import openssl-2.2.0 (#2693)
2020-02-16T06:21:29+00:00

Hiroshi SHIBATA
hsbt@ruby-lang.org

2020-02-16T06:21:29+00:00

b99775b163ce44079c1f8727ce9b4ed8bb03489d

Import the master branch of ruby/openssl for preparing to release openssl-2.2.0





Import the master branch of ruby/openssl for preparing to release openssl-2.2.0