ruby.git/test/openssl/test_ts.rb, branch v3_3_11 The Ruby Programming Language [ruby/openssl] fix segv in Timestamp::{Request,Response,TokenInfo}.new 2021-10-16T09:34:35+00:00 Nobuhiro IMAI nov@yo.rim.or.jp 2020-09-28T15:05:36+00:00 f88401f38e918c0bdc4d7c6b22f25e0a7eef04bb prevent `ossl_ts_*_free()` from calling when `d2i_TS_*_bio()` failed. https://github.com/ruby/openssl/commit/b29e215786 
prevent `ossl_ts_*_free()` from calling when `d2i_TS_*_bio()` failed.

https://github.com/ruby/openssl/commit/b29e215786
[ruby/openssl] test: adjust test cases for LibreSSL 3.2.4 2021-03-16T10:37:06+00:00 Kazuki Yamaguchi k@rhe.jp 2021-02-25T08:28:23+00:00 a3f97007bbd1012a4b7662b8166118b81b52527a LibreSSL 3.2.4 made the certificate verification logic back closer to pre-3.2.2 one, which is more compatible with OpenSSL. Part of the fixes added by commit a0e98d48c91f ("Enhance TLS 1.3 support on LibreSSL 3.2/3.3", 2020-12-03) is required for 3.2.2 and 3.2.3 only (and ~3.3.1, however 3.3 does not have a stable release yet). Since both releases are security fix, it should be safe to remove those special treatment from our test suite. While we are at it, TestSSL#test_ecdh_curves is split into TLS 1.2 and TLS 1.3 variants for clarity. https://github.com/ruby/openssl/commit/a9954bac22 
LibreSSL 3.2.4 made the certificate verification logic back closer to
pre-3.2.2 one, which is more compatible with OpenSSL.

Part of the fixes added by commit a0e98d48c91f ("Enhance TLS 1.3 support
on LibreSSL 3.2/3.3", 2020-12-03) is required for 3.2.2 and 3.2.3 only
(and ~3.3.1, however 3.3 does not have a stable release yet). Since both
releases are security fix, it should be safe to remove those special
treatment from our test suite.

While we are at it, TestSSL#test_ecdh_curves is split into TLS 1.2 and
TLS 1.3 variants for clarity.

https://github.com/ruby/openssl/commit/a9954bac22
[ruby/openssl] Fixed the results of OpenSSL::Timestamp::Response#failure_info 2021-03-16T10:37:06+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2021-02-14T09:16:06+00:00 1ad222477344597038d7ec08885a41f547c2a3b4 Made stored values `Symbol`s instead of `ID`s. Fixes https://bugs.ruby-lang.org/issues/17625 Co-Authored-By: xtkoba (Tee KOBAYASHI) <xtkoba+ruby@gmail.com> https://github.com/ruby/openssl/commit/f2d004679a 
Made stored values `Symbol`s instead of `ID`s.

Fixes https://bugs.ruby-lang.org/issues/17625

Co-Authored-By: xtkoba (Tee KOBAYASHI) <xtkoba+ruby@gmail.com>

https://github.com/ruby/openssl/commit/f2d004679a
[ruby/openssl] Enhance TLS 1.3 support on LibreSSL 3.2/3.3 2021-03-16T10:37:06+00:00 Jeremy Evans code@jeremyevans.net 2020-12-03T17:12:12+00:00 e2ce3830447b95fbb7d9b8dff80b8c1716688da0 This defines TLS1_3_VERSION when using LibreSSL 3.2+. LibreSSL 3.2/3.3 doesn't advertise this by default, even though it will use TLS 1.3 in both client and server modes. Changes between LibreSSL 3.1 and 3.2/3.3 broke a few tests, Defining TLS1_3_VERSION by itself fixes 1 test failure. A few tests now fail on LibreSSL 3.2/3.3 unless TLS 1.2 is set as the maximum version, and this adjusts those tests. The client CA test doesn't work in LibreSSL 3.2+, so I've marked that as pending. For the hostname verification, LibreSSL 3.2.2+ has a new stricter hostname verifier that doesn't like subjectAltName such as c*.example.com and d.*.example.com, so adjust the related tests. With these changes, the tests pass on LibreSSL 3.2/3.3. https://github.com/ruby/openssl/commit/a0e98d48c9 
This defines TLS1_3_VERSION when using LibreSSL 3.2+.  LibreSSL 3.2/3.3
doesn't advertise this by default, even though it will use TLS 1.3
in both client and server modes.

Changes between LibreSSL 3.1 and 3.2/3.3 broke a few tests, Defining
TLS1_3_VERSION by itself fixes 1 test failure.  A few tests now
fail on LibreSSL 3.2/3.3 unless TLS 1.2 is set as the maximum version,
and this adjusts those tests.  The client CA test doesn't work in
LibreSSL 3.2+, so I've marked that as pending.

For the hostname verification, LibreSSL 3.2.2+ has a new stricter
hostname verifier that doesn't like subjectAltName such as
c*.example.com and d.*.example.com, so adjust the related tests.

With these changes, the tests pass on LibreSSL 3.2/3.3.

https://github.com/ruby/openssl/commit/a0e98d48c9
[ruby/openssl] Look up digest by name instead of constant 2020-05-13T06:47:51+00:00 Bart de Water bartdewater@gmail.com 2020-04-19T15:14:36+00:00 0b2c70eaa1e8e41fcb6332b22b084dabb81e637c https://github.com/ruby/openssl/commit/b28fb2f05c 
https://github.com/ruby/openssl/commit/b28fb2f05c
[ruby/openssl] ts: simplify OpenSSL::Timestamp::Request#algorithm 2020-02-17T11:50:47+00:00 Kazuki Yamaguchi k@rhe.jp 2020-02-17T08:28:33+00:00 99b191d83f96dd7f56b673bb1b7dbf96b68dc3e6 Stop the special treatment of invalid hashAlgorithm of the message imprint. Those invalid values can only appear after the object is instantiated, before the user sets an actual message digest algorithm. OpenSSL::Timestamp::TokenInfo#algorithm already does the same. Also, remove the test case "test_create_request" since it does not make much sense. Those fields are to be set by the user after creation of the object and checking the initial value is pointless. Fixes: https://github.com/ruby/openssl/issues/335 https://github.com/ruby/openssl/commit/890a6476fa 
Stop the special treatment of invalid hashAlgorithm of the message
imprint. Those invalid values can only appear after the object is
instantiated, before the user sets an actual message digest algorithm.

OpenSSL::Timestamp::TokenInfo#algorithm already does the same.

Also, remove the test case "test_create_request" since it does not make
much sense. Those fields are to be set by the user after creation of
the object and checking the initial value is pointless.

Fixes: https://github.com/ruby/openssl/issues/335

https://github.com/ruby/openssl/commit/890a6476fa
Revert "test/openssl/test_ts.rb: tentatively skip a failing test on CentOS 6.9" 2020-02-16T13:16:22+00:00 Yusuke Endoh mame@ruby-lang.org 2020-02-16T13:16:22+00:00 331755c5e97ff1a5c0a4a3ceed9c26ea2c580768 This reverts commit a6d007c70b3aa5b55c9ca774446130356bd36eac. Unfortunately, the test fails on armv7l https://rubyci.org/logs/rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20200216T091708Z.fail.html.gz 
This reverts commit a6d007c70b3aa5b55c9ca774446130356bd36eac.

Unfortunately, the test fails on armv7l
https://rubyci.org/logs/rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20200216T091708Z.fail.html.gz
test/openssl/test_ts.rb: tentatively skip a failing test on CentOS 6.9 2020-02-16T12:20:09+00:00 Yusuke Endoh mame@ruby-lang.org 2020-02-16T12:20:09+00:00 a6d007c70b3aa5b55c9ca774446130356bd36eac CentOS 6.9 will be EOL at Nov. Ruby 3.0 (or 2.8) release version will not support CentOS 6.9, so I'll remove the environment after it become green. 
CentOS 6.9 will be EOL at Nov.  Ruby 3.0 (or 2.8) release version will
not support CentOS 6.9, so I'll remove the environment after it become
green.
Import openssl-2.2.0 (#2693) 2020-02-16T06:21:29+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2020-02-16T06:21:29+00:00 b99775b163ce44079c1f8727ce9b4ed8bb03489d Import the master branch of ruby/openssl for preparing to release openssl-2.2.0 
Import the master branch of ruby/openssl for preparing to release openssl-2.2.0