ruby.git/test/openssl/test_ssl_session.rb, branch v4.0.3 The Ruby Programming Language [ruby/openssl] Move slow tests to OSSL_TEST_ALL=1 only 2025-07-21T14:31:24+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-10T12:46:36+00:00 090825f5fc9fb40cc7d27c72ec8343ddcea51cda Update GitHub Actions workflows to set OSSL_TEST_ALL=1. Exclude a few slow tests that are not critical for local development, unless OSSL_TEST_ALL=1 is set. The bindings code paths are still reached by other tests with smaller inputs, and failures in those would likely indicate an issue in OpenSSL rather than in the bindings. Newly excluded tests include generating large DSA keys and measuring CRYPTO_memcmp() timing. These tests currently take nearly half of the total runtime. https://github.com/ruby/openssl/commit/382eca2aec 
Update GitHub Actions workflows to set OSSL_TEST_ALL=1.

Exclude a few slow tests that are not critical for local development,
unless OSSL_TEST_ALL=1 is set. The bindings code paths are still reached
by other tests with smaller inputs, and failures in those would likely
indicate an issue in OpenSSL rather than in the bindings.

Newly excluded tests include generating large DSA keys and measuring
CRYPTO_memcmp() timing. These tests currently take nearly half of the
total runtime.

https://github.com/ruby/openssl/commit/382eca2aec
[ruby/openssl] test_ssl_session.rb: test adjustments to work with AWS-LC 2025-02-22T15:11:40+00:00 Samuel Chiang sachiang@amazon.com 2025-02-12T02:12:05+00:00 fd882fb6819fb8b48b09e24ff71748d1bae35e43 The SSL SESSION files we were originally testing against use DHE and SSLv3. AWS-LC happens to have no support for either and we have newer possible alternatives available, so I've updated the respective files to use ECDHE-RSA-AES256-SHA with TLS 1.1 and 1.2. I've verified that these work as expected with all libcryptos we support. There are also a few SSL session discrepencies in AWS-LC when compared to OpenSSL. 1. AWS-LC has no support for internal session caching on the client-end. 2. AWS-LC supports internal session caching on the server, but SSL_get1_session does not return a resumable session with TLS 1.3 in AWS-LC. Users have to use the SSL_CTX_sess_set_new_cb (ctx.session_new_cb in Ruby) to retrieve the resumable session ticket. 3. AWS-LC has no current support for external session caching in TLS 1.3. https://github.com/ruby/openssl/commit/ca384b8e2f 
The SSL SESSION files we were originally testing against use DHE and
SSLv3. AWS-LC happens to have no support for either and we have newer
possible alternatives available, so I've updated the respective
files to use ECDHE-RSA-AES256-SHA with TLS 1.1 and 1.2. I've verified
that these work as expected with all libcryptos we support.

There are also a few SSL session discrepencies in AWS-LC when
compared to OpenSSL.

1. AWS-LC has no support for internal session caching on the
   client-end.
2. AWS-LC supports internal session caching on the server, but
   SSL_get1_session does not return a resumable session with TLS 1.3
   in AWS-LC. Users have to use the SSL_CTX_sess_set_new_cb
   (ctx.session_new_cb in Ruby) to retrieve the resumable session
   ticket.
3. AWS-LC has no current support for external session caching in TLS
   1.3.

https://github.com/ruby/openssl/commit/ca384b8e2f
[ruby/openssl] ssl: prefer SSLContext#max_version= in tests 2025-02-09T10:26:07+00:00 Kazuki Yamaguchi k@rhe.jp 2025-02-06T14:48:26+00:00 581dbcec79b16ab55cf3548631cb34fe6db006ee Avoid using the deprecated OpenSSL::SSL::SSLContext#ssl_version= outside the tests specifically written for it. https://github.com/ruby/openssl/commit/93a564dec2 
Avoid using the deprecated OpenSSL::SSL::SSLContext#ssl_version= outside
the tests specifically written for it.

https://github.com/ruby/openssl/commit/93a564dec2
[ruby/openssl] Require OpenSSL 1.1.1 or later 2025-01-21T18:14:14+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-20T17:08:54+00:00 43c48e3030c513c17bfcf4c37bbe533097fa1a22 Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2. Distributions that shipped with OpenSSL 1.1.0 include: - Debian 9 (EOL 2022-06) - Ubuntu 18.04 LTS (EOL 2023-04) https://github.com/ruby/openssl/commit/ba83abe920 
Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and
it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2.
Distributions that shipped with OpenSSL 1.1.0 include:

 - Debian 9 (EOL 2022-06)
 - Ubuntu 18.04 LTS (EOL 2023-04)

https://github.com/ruby/openssl/commit/ba83abe920
[ruby/openssl] Require LibreSSL 3.9 or later 2025-01-14T12:38:16+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-07T16:55:56+00:00 0fb64bda9bf16c36de3c4ca5f9d3aa8da5d39ee2 Drop support for LibreSSL 3.1-3.8. LibreSSL 3.8 has reached its EOL in 2024-10. https://github.com/ruby/openssl/commit/f33d611f9f 
Drop support for LibreSSL 3.1-3.8. LibreSSL 3.8 has reached its EOL in
2024-10.

https://github.com/ruby/openssl/commit/f33d611f9f
[ruby/openssl] ssl: fix flaky test case test_ctx_client_session_cb_tls13_exception 2024-12-21T18:33:03+00:00 Kazuki Yamaguchi k@rhe.jp 2024-12-20T11:48:54+00:00 2a3f2412b704cfd4eb34c90e2032e3e2d40d3ae2 In the test case, the client raises an exception in the session_new_cb and may not cleanly close the connection. Let's ignore exceptions raised at the server side. Fixes: https://github.com/ruby/openssl/issues/828 https://github.com/ruby/openssl/commit/210ba0334a 
In the test case, the client raises an exception in the session_new_cb
and may not cleanly close the connection. Let's ignore exceptions raised
at the server side.

Fixes: https://github.com/ruby/openssl/issues/828

https://github.com/ruby/openssl/commit/210ba0334a
[ruby/openssl] ssl: handle callback exceptions in SSLSocket#sysread and #syswrite 2024-12-07T07:37:32+00:00 Kazuki Yamaguchi k@rhe.jp 2024-11-24T05:45:12+00:00 06fc13a15c72ecf77a638b45ea325d945bc7cc6d Check the ID_callback_state ivar after SSL_read() or SSL_write() returns, similar to what ossl_start_ssl() does. Previously, callbacks that can raise a Ruby exception were only called from ossl_start_ssl(). This has changed in OpenSSL 1.1.1. Particularly, the session_new_cb will be called whenever a client receives a NewSessionTicket message, which can happen at any time during a TLS 1.3 connection. https://github.com/ruby/openssl/commit/aac9ce1304 
Check the ID_callback_state ivar after SSL_read() or SSL_write()
returns, similar to what ossl_start_ssl() does.

Previously, callbacks that can raise a Ruby exception were only called
from ossl_start_ssl(). This has changed in OpenSSL 1.1.1. Particularly,
the session_new_cb will be called whenever a client receives a
NewSessionTicket message, which can happen at any time during a TLS 1.3
connection.

https://github.com/ruby/openssl/commit/aac9ce1304
[ruby/openssl] Prefer String#unpack1 2023-09-06T10:24:53+00:00 Mau Magnaguagno maumagnaguagno@gmail.com 2023-08-31T06:38:45+00:00 60a6de81a823cdb932d21fa5869c93853d3f2795 (https://github.com/ruby/openssl/pull/586) String#unpack1 avoids the intermediate array created by String#unpack for single elements, while also making a call to Array#first/[0] unnecessary. https://github.com/ruby/openssl/commit/8eb0715a42 
(https://github.com/ruby/openssl/pull/586)

String#unpack1 avoids the intermediate array created by String#unpack
for single elements, while also making a call to Array#first/[0]
unnecessary.

https://github.com/ruby/openssl/commit/8eb0715a42
[ruby/openssl] test/openssl/test_ssl.rb: do not run SSL tests if not available 2022-12-23T00:39:15+00:00 Kazuki Yamaguchi k@rhe.jp 2022-12-22T19:06:12+00:00 a4b4997c69437e9d2ba09629d72284a4fb9defc5 https://github.com/ruby/openssl/commit/a3d230d4e0 
https://github.com/ruby/openssl/commit/a3d230d4e0
[ruby/openssl] test/openssl/test_ssl: assume TLS 1.2 support 2021-10-23T04:38:36+00:00 Kazuki Yamaguchi k@rhe.jp 2021-09-27T06:32:39+00:00 0e805e73cedbce3748c979049c17c74f3f0eca43 Current versions of OpenSSL and LibreSSL all support TLS 1.2, so there is no need for checking the availability. https://github.com/ruby/openssl/commit/a175a41529 
Current versions of OpenSSL and LibreSSL all support TLS 1.2, so there
is no need for checking the availability.

https://github.com/ruby/openssl/commit/a175a41529