ruby.git/test/webrick, branch ruby_2_4 The Ruby Programming Language merge revision(s) 3ce238b5f9795581eb84114dcfbdf4aa086bfecc 2019-10-01T11:05:56+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-10-01T11:05:56+00:00 8eff476bce40b52f244b8c912d1a5f40aa64b683 WEBrick: prevent response splitting and header injection This is a follow up to d9d4a28. The commit prevented CRLR, but did not address an isolated CR or an isolated LF. Co-Authored-By: NARUSE, Yui <naruse@airemix.jp> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67819 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
WEBrick: prevent response splitting and header injection

This is a follow up to d9d4a28.
The commit prevented CRLR, but did not address an isolated CR or an
isolated LF.

Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67819 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 36e057e26ef2104bc2349799d6c52d22bb1c7d03 2019-10-01T11:05:22+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-10-01T11:05:22+00:00 38d2d0dbd319a9cc49fd2c945be4090cea72ef36 Loop with String#scan without creating substrings Create the substrings necessary parts only, instead of cutting the rest of the buffer. Also removed a useless, probable typo, regexp. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67818 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Loop with String#scan without creating substrings

Create the substrings necessary parts only, instead of cutting the
rest of the buffer.  Also removed a useless, probable typo, regexp.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67818 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 60584,62954,62955,62956,62957,62958,62959,63008: 2018-03-28T13:54:58+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T13:54:58+00:00 c461bdc3c5243d4b0ea1f47b78fa67eac0d355db webrick: support Proc objects as body responses * lib/webrick/httpresponse.rb (send_body): call send_body_proc (send_body_proc): new method (class ChunkedWrapper): new class * test/webrick/test_httpresponse.rb (test_send_body_proc): new test (test_send_body_proc_chunked): ditto [Feature #855] webrick/httpresponse: IO.copy_stream for regular files Remove the redundant _send_file method since its functionality is unnecessary with IO.copy_stream. IO.copy_stream also allows the use of sendfile under some OSes to speed up copies to non-TLS sockets. Testing with "curl >/dev/null" and "ruby -run -e httpd" to read a 1G file over Linux loopback reveals a reduction from around ~0.770 to ~0.490 seconds on the client side. * lib/webrick/httpresponse.rb (send_body_io): use IO.copy_stream (_send_file): remove [Feature #14237] webrick: use IO.copy_stream for single range response This is also compatible with range responses generated by Rack::File (tested with rack 2.0.3). * lib/webrick/httpresponse.rb (send_body_io): use Content-Range * lib/webrick/httpservlet/filehandler.rb (make_partial_content): use File object for the single range case * test/webrick/test_filehandler.rb (get_res_body): use send_body to test result test/webrick/test_filehandler.rb: stricter multipart range test We need to ensure we generate compatibile output in the face of future changes * test/webrick/test_filehandler.rb (test_make_partial_content): check response body webrick: quiet warning for multi-part ranges Content-Length is ignored by WEBrick::HTTPResponse even if we calculate it, so instead we chunk responses to HTTP/1.1 clients and terminate HTTP/1.0 connections. * lib/webrick/httpservlet/filehandler.rb (make_partial_content): quiet warning webrick/httpresponse: make ChunkedWrapper copy_stream-compatible The .write method needs to return the number of bytes written to avoid confusing IO.copy_stream. * lib/webrick/httpresponse.rb (ChunkedWrapper#write): return bytes written (ChunkedWrapper#<<): return self webrick: use IO.copy_stream for multipart response Use the new Proc response body feature to generate a multipart range response dynamically. We use a flat array to minimize object overhead as much as possible; as many ranges may fit into an HTTP request header. * lib/webrick/httpservlet/filehandler.rb (multipart_body): new method (make_partial_content): use multipart_body get rid of test error/failure on Windows introduced at r62955 * lib/webrick/httpresponse.rb (send_body_io): use seek if NotImplementedError is raised in IO.copy_stream with offset. * lib/webrick/httpservlet/filehandler.rb (multipart_body): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@63012 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	webrick: support Proc objects as body responses

	* lib/webrick/httpresponse.rb (send_body): call send_body_proc
	  (send_body_proc): new method
	  (class ChunkedWrapper): new class

	* test/webrick/test_httpresponse.rb (test_send_body_proc): new test
	  (test_send_body_proc_chunked): ditto
	  [Feature #855]

	webrick/httpresponse: IO.copy_stream for regular files

	Remove the redundant _send_file method since its functionality
	is unnecessary with IO.copy_stream.  IO.copy_stream also allows
	the use of sendfile under some OSes to speed up copies to
	non-TLS sockets.

	Testing with "curl >/dev/null" and "ruby -run -e httpd" to
	read a 1G file over Linux loopback reveals a reduction from
	around ~0.770 to ~0.490 seconds on the client side.

	* lib/webrick/httpresponse.rb (send_body_io): use IO.copy_stream
	  (_send_file): remove
	  [Feature #14237]

	webrick: use IO.copy_stream for single range response

	This is also compatible with range responses generated
	by Rack::File (tested with rack 2.0.3).

	* lib/webrick/httpresponse.rb (send_body_io): use Content-Range
	* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
	  use File object for the single range case
	* test/webrick/test_filehandler.rb (get_res_body): use send_body
	  to test result

	test/webrick/test_filehandler.rb: stricter multipart range test

	We need to ensure we generate compatibile output in
	the face of future changes

	* test/webrick/test_filehandler.rb (test_make_partial_content):
	  check response body

	webrick: quiet warning for multi-part ranges

	Content-Length is ignored by WEBrick::HTTPResponse even if we
	calculate it, so instead we chunk responses to HTTP/1.1 clients
	and terminate HTTP/1.0 connections.

	* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
	  quiet warning

	webrick/httpresponse: make ChunkedWrapper copy_stream-compatible

	The .write method needs to return the number of bytes written
	to avoid confusing IO.copy_stream.

	* lib/webrick/httpresponse.rb (ChunkedWrapper#write): return bytes written
	  (ChunkedWrapper#<<): return self

	webrick: use IO.copy_stream for multipart response

	Use the new Proc response body feature to generate a multipart
	range response dynamically.  We use a flat array to minimize
	object overhead as much as possible; as many ranges may fit
	into an HTTP request header.

	* lib/webrick/httpservlet/filehandler.rb (multipart_body): new method
	  (make_partial_content): use multipart_body

	get rid of test error/failure on Windows introduced at r62955

	* lib/webrick/httpresponse.rb (send_body_io): use seek if NotImplementedError
	  is raised in IO.copy_stream with offset.

	* lib/webrick/httpservlet/filehandler.rb (multipart_body): ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@63012 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 62960,62961,62962,62963,62964,62965: 2018-03-28T12:23:29+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T12:23:29+00:00 16b426e96611d1ccc9acc9a9f9a2ea1f6c5cc4ec webrick/httprequest: limit request headers size We use the same 112 KB limit started (AFAIK) by Mongrel, Thin, and Puma to prevent malicious users from using up all the memory with a single request. This also limits the damage done by excessive ranges in multipart Range: requests. Due to the way we rely on IO#gets and the desire to keep the code simple, the actual maximum header may be 4093 bytes larger than 112 KB, but we're splitting hairs at that point. * lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH (read_header): raise when headers exceed max length webrick/httpservlet/cgihandler: reduce memory use WEBrick::HTTPRequest#body can be passed a block to process the body in chunks. Use this feature to avoid building a giant string in memory. * lib/webrick/httpservlet/cgihandler.rb (do_GET): avoid reading entire request body into memory (do_POST is aliased to do_GET, so it handles bodies) webrick/httprequest: raise correct exception "BadRequest" alone does not resolve correctly, it is in the HTTPStatus namespace. * lib/webrick/httprequest.rb (read_chunked): use correct exception * test/webrick/test_httpserver.rb (test_eof_in_chunk): new test webrick/httprequest: use InputBufferSize for chunked requests While WEBrick::HTTPRequest#body provides a Proc interface for streaming large request bodies, clients must not force the server to use an excessively large chunk size. * lib/webrick/httprequest.rb (read_chunk_size): limit each read and block.call to :InputBufferSize in config. * test/webrick/test_httpserver.rb (test_big_chunks): new test webrick: add test for Digest auth-int No changes to the actual code, this is a new test for a feature for which no tests existed. I don't understand the Digest authentication code well at all, but this is necessary for the subsequent change. * test/webrick/test_httpauth.rb (test_digest_auth_int): new test (credentials_for_request): support bodies with POST webrick/httpauth/digestauth: stream req.body WARNING! WARNING! WARNING! LIKELY BROKEN CHANGE Pass a proc to WEBrick::HTTPRequest#body to avoid reading a potentially large request body into memory during authentication. WARNING! this will break apps completely which want to do something with the body besides calculating the MD5 digest of it. Also, keep in mind that probably nobody uses "auth-int". Servers such as Apache, lighttpd, nginx don't seem to support it; nor does curl when using POST/PUT bodies; and we didn't have tests for it until now... * lib/webrick/httpauth/digestauth.rb (_authenticate): stream req.body git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@63004 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	webrick/httprequest: limit request headers size

	We use the same 112 KB limit started (AFAIK) by Mongrel, Thin,
	and Puma to prevent malicious users from using up all the memory
	with a single request.  This also limits the damage done by
	excessive ranges in multipart Range: requests.

	Due to the way we rely on IO#gets and the desire to keep
	the code simple, the actual maximum header may be 4093 bytes
	larger than 112 KB, but we're splitting hairs at that point.

	* lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH
	  (read_header): raise when headers exceed max length

	webrick/httpservlet/cgihandler: reduce memory use

	WEBrick::HTTPRequest#body can be passed a block to process the
	body in chunks.  Use this feature to avoid building a giant
	string in memory.

	* lib/webrick/httpservlet/cgihandler.rb (do_GET):
	  avoid reading entire request body into memory
	  (do_POST is aliased to do_GET, so it handles bodies)

	webrick/httprequest: raise correct exception

	"BadRequest" alone does not resolve correctly, it is in the
	HTTPStatus namespace.

	* lib/webrick/httprequest.rb (read_chunked): use correct exception
	* test/webrick/test_httpserver.rb (test_eof_in_chunk): new test

	webrick/httprequest: use InputBufferSize for chunked requests

	While WEBrick::HTTPRequest#body provides a Proc interface
	for streaming large request bodies, clients must not force
	the server to use an excessively large chunk size.

	* lib/webrick/httprequest.rb (read_chunk_size): limit each
	  read and block.call to :InputBufferSize in config.
	* test/webrick/test_httpserver.rb (test_big_chunks): new test

	webrick: add test for Digest auth-int

	No changes to the actual code, this is a new test for
	a feature for which no tests existed.  I don't understand
	the Digest authentication code well at all, but this is
	necessary for the subsequent change.

	* test/webrick/test_httpauth.rb (test_digest_auth_int): new test
	  (credentials_for_request): support bodies with POST

	webrick/httpauth/digestauth: stream req.body

	WARNING! WARNING! WARNING!  LIKELY BROKEN CHANGE

	Pass a proc to WEBrick::HTTPRequest#body to avoid reading a
	potentially large request body into memory during
	authentication.

	WARNING! this will break apps completely which want to do
	something with the body besides calculating the MD5 digest
	of it.

	Also, keep in mind that probably nobody uses "auth-int".
	Servers such as Apache, lighttpd, nginx don't seem to
	support it; nor does curl when using POST/PUT bodies;
	and we didn't have tests for it until now...

	* lib/webrick/httpauth/digestauth.rb (_authenticate): stream req.body

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@63004 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 62968: 2018-03-28T11:49:00+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T11:49:00+00:00 dcd07242f0e7682072415b1adfe04f3ab12e0da5 webrick: prevent response splitting and header injection Original patch by tenderlove (with minor style adjustments). * lib/webrick/httpresponse.rb (send_header): call check_header (check_header): raise on embedded CRLF in header value * test/webrick/test_httpresponse.rb (test_prevent_response_splitting_headers): new test * (test_prevent_response_splitting_cookie_headers): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@63002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	webrick: prevent response splitting and header injection

	Original patch by tenderlove (with minor style adjustments).

	* lib/webrick/httpresponse.rb (send_header): call check_header
	  (check_header): raise on embedded CRLF in header value
	* test/webrick/test_httpresponse.rb
	  (test_prevent_response_splitting_headers): new test
	* (test_prevent_response_splitting_cookie_headers): ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@63002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 60123,60172,60189,60208,60210,60211: [Backport #14005] 2017-12-14T13:31:41+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-12-14T13:31:41+00:00 2e728d51e70ed3756ad760c687a08b8487b0112f webrick: avoid unnecessary IO#sync= call Sockets and pipes are always created with FMODE_SYNC flag already set (otherwise many things would be broken). * lib/webrick/server.rb (accept_client): remove unnecessary IO#sync= call webrick: do not hang acceptor on slow TLS connections OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients which negotiate the TCP connection, but fail (or are slow) to negotiate the subsequent TLS handshake. This prevents the multi-threaded WEBrick server from accepting other connections. Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept) consists of normal read/write traffic over TCP, handle it in the per-client thread, instead. Furthermore, using non-blocking accept() is useful for non-TLS sockets anyways because spurious wakeups are possible from select(2). * lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock and remove OpenSSL::SSL::SSLSocket#accept call * lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept * test/webrick/test_ssl_server.rb (test_slow_connect): new test [ruby-core:83221] [Bug #14005] webrick: fix up r60172 By making the socket non-blocking in r60172, TLS/SSL negotiation via the SSL_accept function must handle non-blocking sockets properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. OpenSSL::SSL::SSLSocket#accept cannot do that properly with a non-blocking socket, so it must use non-blocking logic of OpenSSL::SSL::SSLSocket#accept_nonblock. Thanks to MSP-Greg (Greg L) for finding this. * lib/webrick/server.rb (start_thread): use SSL_accept properly with non-blocking socket. [Bug #14013] [Bug #14005] webrick: fix up r60172 and revert r60189 Thanks to MSP-Greg (Greg L) for helping with this. * lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED, EPROTO, and EINVAL on TLS negotiation errors the same way they were ignored before r60172 in the accept_client method of the main acceptor thread. [Bug #14013] [Bug #14005] webrick: fix up r60172 and r60208 Thanks to MSP-Greg (Greg L) for helping with this. * lib/webrick/server.rb (start_thread): fix non-local return introduced in r60208 webrick: fix up r60172 and r60210 Thanks to MSP-Greg (Greg L) for helping with this. * lib/webrick/server.rb (start_thread): properly fix non-local return introduced in r60208 and r60210 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@61239 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	webrick: avoid unnecessary IO#sync= call

	Sockets and pipes are always created with FMODE_SYNC flag
	already set (otherwise many things would be broken).

	* lib/webrick/server.rb (accept_client): remove unnecessary
	  IO#sync= call

	webrick: do not hang acceptor on slow TLS connections

	OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
	which negotiate the TCP connection, but fail (or are slow) to
	negotiate the subsequent TLS handshake.  This prevents the
	multi-threaded WEBrick server from accepting other connections.

	Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
	consists of normal read/write traffic over TCP, handle it in the
	per-client thread, instead.

	Furthermore, using non-blocking accept() is useful for non-TLS
	sockets anyways because spurious wakeups are possible from
	select(2).

	* lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
	  and remove OpenSSL::SSL::SSLSocket#accept call
	* lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
	* test/webrick/test_ssl_server.rb (test_slow_connect): new test
	  [ruby-core:83221] [Bug #14005]

	webrick: fix up r60172

	By making the socket non-blocking in r60172, TLS/SSL negotiation
	via the SSL_accept function must handle non-blocking sockets
	properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
	OpenSSL::SSL::SSLSocket#accept cannot do that properly with a
	non-blocking socket, so it must use non-blocking logic of
	OpenSSL::SSL::SSLSocket#accept_nonblock.

	Thanks to MSP-Greg (Greg L) for finding this.

	* lib/webrick/server.rb (start_thread): use SSL_accept properly
	  with non-blocking socket.
	  [Bug #14013] [Bug #14005]

	webrick: fix up r60172 and revert r60189

	Thanks to MSP-Greg (Greg L) for helping with this.

	* lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED,
	  EPROTO, and EINVAL on TLS negotiation errors the same way they
	  were ignored before r60172 in the accept_client method of the
	  main acceptor thread.
	  [Bug #14013] [Bug #14005]

	webrick: fix up r60172 and r60208

	Thanks to MSP-Greg (Greg L) for helping with this.

	* lib/webrick/server.rb (start_thread): fix non-local return
	  introduced in r60208

	webrick: fix up r60172 and r60210

	Thanks to MSP-Greg (Greg L) for helping with this.

	* lib/webrick/server.rb (start_thread): properly fix non-local return
	  introduced in r60208 and r60210

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@61239 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 61197: [Backport #14184] 2017-12-14T13:14:12+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-12-14T13:14:12+00:00 096db35abad5e9288b2563c29a98fcf7ebce7715 webrick: compile RE correctly for beginning and end match Using ^ and $ in regexps means we can accidentally get fooled by "%0a" in HTTP request paths being decoded to newline characters. Use \A and \z to match beginning and end-of-string respectively, instead. Thanks to mame and hsbt for reporting. * lib/webrick/httpserver.rb (MountTable#compile): use \A and \z instead of ^ and $ * lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $ * test/webrick/test_httpserver.rb (test_cntrl_in_path): new test git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@61238 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	webrick: compile RE correctly for beginning and end match

	Using ^ and $ in regexps means we can accidentally get fooled
	by "%0a" in HTTP request paths being decoded to newline
	characters.  Use \A and \z to match beginning and end-of-string
	respectively, instead.

	Thanks to mame and hsbt for reporting.

	* lib/webrick/httpserver.rb (MountTable#compile):
	  use \A and \z instead of ^ and $
	* lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $
	* test/webrick/test_httpserver.rb (test_cntrl_in_path): new test

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@61238 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 59897: 2017-09-14T11:24:10+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-09-14T11:24:10+00:00 dead0efddba4143116c0d84c87c88e62ef9b8a23 lib/webrick/log.rb: sanitize any type of logs It had failed to sanitize some type of exception messages. Reported and patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59898 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	lib/webrick/log.rb: sanitize any type of logs

	It had failed to sanitize some type of exception messages.  Reported and
	patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59898 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Delay Utils.getservername until needed. 2016-12-07T12:59:48+00:00 shugo shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-12-07T12:59:48+00:00 03ec73972939ad068304ac6f33759a815da14690 There is no need to call Utils.getservername when the :ServerName option is specified, so delay Utils.getservername until needed to avoid unnecessary DNS lookups. [ruby-core:78492] [Bug #13007] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57014 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
There is no need to call Utils.getservername when the :ServerName option is
specified, so delay Utils.getservername until needed to avoid unnecessary
DNS lookups.  [ruby-core:78492] [Bug #13007]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57014 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick: don't use OpenSSL::TestUtils from webrick tests 2016-11-29T15:48:47+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-11-29T15:48:47+00:00 db31f2fafb3634364bba91130162bc9c394f8232 Follow net/http and open-uri. Don't rely on the constants/methods from OpenSSL::TestUtils. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56936 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Follow net/http and open-uri. Don't rely on the constants/methods from
OpenSSL::TestUtils.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56936 b2dd03c8-39d4-4d8f-98ff-823fe69b080e