summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorusa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-10-17 15:30:28 (GMT)
committerusa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-10-17 15:30:28 (GMT)
commit53f3f02bb2bf16c3426da3fbd0ea9e3783c81bc6 (patch)
treefd10f4074b96718b5266ba673803c14f6ab8bab6
parente68968288f45a5de3d1273fc30383fb67aed4fc7 (diff)
updated ext/openssl to 2.0.9
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@65134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ext/openssl/History.md23
-rw-r--r--ext/openssl/extconf.rb7
-rw-r--r--ext/openssl/openssl.gemspec8
-rw-r--r--ext/openssl/openssl_missing.h4
-rw-r--r--ext/openssl/ossl.c1
-rw-r--r--ext/openssl/ossl_asn1.c1
-rw-r--r--ext/openssl/ossl_pkcs12.c1
-rw-r--r--ext/openssl/ossl_pkcs7.c1
-rw-r--r--ext/openssl/ossl_pkey.c29
-rw-r--r--ext/openssl/ossl_pkey.h2
-rw-r--r--ext/openssl/ossl_pkey_ec.c1
-rw-r--r--ext/openssl/ossl_version.h2
-rw-r--r--ext/openssl/ossl_x509ext.c1
-rw-r--r--ext/openssl/ossl_x509name.c51
-rw-r--r--ext/openssl/ossl_x509store.c1
-rw-r--r--test/openssl/test_ssl.rb45
-rw-r--r--test/openssl/test_ssl_session.rb1
-rw-r--r--test/openssl/test_x509name.rb44
-rw-r--r--version.h2
19 files changed, 170 insertions, 55 deletions
diff --git a/ext/openssl/History.md b/ext/openssl/History.md
index db7d98e..eb7b272 100644
--- a/ext/openssl/History.md
+++ b/ext/openssl/History.md
@@ -1,3 +1,26 @@
+Version 2.0.9
+=============
+
+Security fixes
+--------------
+
+* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
+ objects. CVE-2018-16395 is assigned for this issue.
+ https://hackerone.com/reports/387250
+
+Bug fixes
+---------
+
+* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
+ interrupted.
+ [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
+ [[GitHub #205]](https://github.com/ruby/openssl/pull/205)
+* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
+ called against an empty instance.
+ [[GitHub #200]](https://github.com/ruby/openssl/issues/200)
+ [[GitHub #211]](https://github.com/ruby/openssl/pull/211)
+
+
Version 2.0.8
=============
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 998d910..b00b3a5 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -33,6 +33,9 @@ end
Logging::message "=== Checking for system dependent stuff... ===\n"
have_library("nsl", "t_open")
have_library("socket", "socket")
+if $mswin || $mingw
+ have_library("ws2_32")
+end
Logging::message "=== Checking for required stuff... ===\n"
result = pkg_config("openssl") && have_header("openssl/ssl.h")
@@ -122,6 +125,10 @@ engines.each { |name|
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
}
+if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
+ $defs.push("-DNOCRYPT")
+end
+
# added in 0.9.8X
have_func("EVP_CIPHER_CTX_new")
have_func("EVP_CIPHER_CTX_free")
diff --git a/ext/openssl/openssl.gemspec b/ext/openssl/openssl.gemspec
index 0e0e151..5dadfc5 100644
--- a/ext/openssl/openssl.gemspec
+++ b/ext/openssl/openssl.gemspec
@@ -1,20 +1,20 @@
# -*- encoding: utf-8 -*-
-# stub: openssl 2.0.8 ruby lib
+# stub: openssl 2.0.9 ruby lib
# stub: ext/openssl/extconf.rb
Gem::Specification.new do |s|
s.name = "openssl".freeze
- s.version = "2.0.8"
+ s.version = "2.0.9"
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata=
s.require_paths = ["lib".freeze]
s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze]
- s.date = "2018-05-12"
+ s.date = "2018-10-17"
s.description = "It wraps the OpenSSL library.".freeze
s.email = ["ruby-core@ruby-lang.org".freeze]
s.extensions = ["ext/openssl/extconf.rb".freeze]
- s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "History.md".freeze, "README.md".freeze]
+ s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "README.md".freeze, "History.md".freeze]
s.files = ["BSDL".freeze, "CONTRIBUTING.md".freeze, "History.md".freeze, "LICENSE.txt".freeze, "README.md".freeze, "ext/openssl/deprecation.rb".freeze, "ext/openssl/extconf.rb".freeze, "ext/openssl/openssl_missing.c".freeze, "ext/openssl/openssl_missing.h".freeze, "ext/openssl/ossl.c".freeze, "ext/openssl/ossl.h".freeze, "ext/openssl/ossl_asn1.c".freeze, "ext/openssl/ossl_asn1.h".freeze, "ext/openssl/ossl_bio.c".freeze, "ext/openssl/ossl_bio.h".freeze, "ext/openssl/ossl_bn.c".freeze, "ext/openssl/ossl_bn.h".freeze, "ext/openssl/ossl_cipher.c".freeze, "ext/openssl/ossl_cipher.h".freeze, "ext/openssl/ossl_config.c".freeze, "ext/openssl/ossl_config.h".freeze, "ext/openssl/ossl_digest.c".freeze, "ext/openssl/ossl_digest.h".freeze, "ext/openssl/ossl_engine.c".freeze, "ext/openssl/ossl_engine.h".freeze, "ext/openssl/ossl_hmac.c".freeze, "ext/openssl/ossl_hmac.h".freeze, "ext/openssl/ossl_ns_spki.c".freeze, "ext/openssl/ossl_ns_spki.h".freeze, "ext/openssl/ossl_ocsp.c".freeze, "ext/openssl/ossl_ocsp.h".freeze, "ext/openssl/ossl_pkcs12.c".freeze, "ext/openssl/ossl_pkcs12.h".freeze, "ext/openssl/ossl_pkcs5.c".freeze, "ext/openssl/ossl_pkcs5.h".freeze, "ext/openssl/ossl_pkcs7.c".freeze, "ext/openssl/ossl_pkcs7.h".freeze, "ext/openssl/ossl_pkey.c".freeze, "ext/openssl/ossl_pkey.h".freeze, "ext/openssl/ossl_pkey_dh.c".freeze, "ext/openssl/ossl_pkey_dsa.c".freeze, "ext/openssl/ossl_pkey_ec.c".freeze, "ext/openssl/ossl_pkey_rsa.c".freeze, "ext/openssl/ossl_rand.c".freeze, "ext/openssl/ossl_rand.h".freeze, "ext/openssl/ossl_ssl.c".freeze, "ext/openssl/ossl_ssl.h".freeze, "ext/openssl/ossl_ssl_session.c".freeze, "ext/openssl/ossl_version.h".freeze, "ext/openssl/ossl_x509.c".freeze, "ext/openssl/ossl_x509.h".freeze, "ext/openssl/ossl_x509attr.c".freeze, "ext/openssl/ossl_x509cert.c".freeze, "ext/openssl/ossl_x509crl.c".freeze, "ext/openssl/ossl_x509ext.c".freeze, "ext/openssl/ossl_x509name.c".freeze, "ext/openssl/ossl_x509req.c".freeze, "ext/openssl/ossl_x509revoked.c".freeze, "ext/openssl/ossl_x509store.c".freeze, "ext/openssl/ruby_missing.h".freeze, "lib/openssl.rb".freeze, "lib/openssl/bn.rb".freeze, "lib/openssl/buffering.rb".freeze, "lib/openssl/cipher.rb".freeze, "lib/openssl/config.rb".freeze, "lib/openssl/digest.rb".freeze, "lib/openssl/pkey.rb".freeze, "lib/openssl/ssl.rb".freeze, "lib/openssl/x509.rb".freeze]
s.homepage = "https://www.ruby-lang.org/".freeze
s.licenses = ["Ruby".freeze]
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 3d11aec..3c2bce9 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -196,7 +196,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
return pkey->pkey._name; }
#define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
-static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
+static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
if (a1) *a1 = obj->a1; \
if (a2) *a2 = obj->a2; } \
static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
@@ -205,7 +205,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
BN_clear_free(obj->a2); obj->a2 = a2; \
return 1; }
#define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
-static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
+static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
if (a1) *a1 = obj->a1; \
if (a2) *a2 = obj->a2; \
if (a3) *a3 = obj->a3; } \
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 88bb8f2..9776f61 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -1078,6 +1078,7 @@ static void Init_ossl_locks(void)
void
Init_openssl(void)
{
+#undef rb_intern
/*
* Init timezone info
*/
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 0225597..9053643 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -1412,6 +1412,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
void
Init_ossl_asn1(void)
{
+#undef rb_intern
VALUE ary;
int i;
diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c
index 8502a6d..c90a723 100644
--- a/ext/openssl/ossl_pkcs12.c
+++ b/ext/openssl/ossl_pkcs12.c
@@ -237,6 +237,7 @@ ossl_pkcs12_to_der(VALUE self)
void
Init_ossl_pkcs12(void)
{
+#undef rb_intern
#if 0
mOSSL = rb_define_module("OpenSSL");
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index 40cc5f2..c18dff1 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -1054,6 +1054,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self)
void
Init_ossl_pkcs7(void)
{
+#undef rb_intern
#if 0
mOSSL = rb_define_module("OpenSSL");
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index aad3e2e..b4a412c 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -20,6 +20,21 @@ static ID id_private_q;
/*
* callback for generating keys
*/
+static VALUE
+call_check_ints0(VALUE arg)
+{
+ rb_thread_check_ints();
+ return Qnil;
+}
+
+static void *
+call_check_ints(void *arg)
+{
+ int state;
+ rb_protect(call_check_ints0, Qnil, &state);
+ return (void *)(VALUE)state;
+}
+
int
ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
{
@@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
*/
rb_protect(rb_yield, ary, &state);
if (state) {
- arg->stop = 1;
arg->state = state;
+ return 0;
+ }
+ }
+ if (arg->interrupted) {
+ arg->interrupted = 0;
+ state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
+ if (state) {
+ arg->state = state;
+ return 0;
}
}
- if (arg->stop) return 0;
return 1;
}
@@ -50,7 +72,7 @@ void
ossl_generate_cb_stop(void *ptr)
{
struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
- arg->stop = 1;
+ arg->interrupted = 1;
}
static void
@@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
void
Init_ossl_pkey(void)
{
+#undef rb_intern
#if 0
mOSSL = rb_define_module("OpenSSL");
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h
index a0b4974..5c8ccc0 100644
--- a/ext/openssl/ossl_pkey.h
+++ b/ext/openssl/ossl_pkey.h
@@ -41,7 +41,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
struct ossl_generate_cb_arg {
int yield;
- int stop;
+ int interrupted;
int state;
};
int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 5262d3b..201b7df 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -1676,6 +1676,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
void Init_ossl_ec(void)
{
+#undef rb_intern
#if 0
mPKey = rb_define_module_under(mOSSL, "PKey");
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h
index a4b99e8..1ac6b4c 100644
--- a/ext/openssl/ossl_version.h
+++ b/ext/openssl/ossl_version.h
@@ -10,6 +10,6 @@
#if !defined(_OSSL_VERSION_H_)
#define _OSSL_VERSION_H_
-#define OSSL_VERSION "2.0.8"
+#define OSSL_VERSION "2.0.9"
#endif /* _OSSL_VERSION_H_ */
diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c
index b92b078..a6184d3 100644
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@@ -441,6 +441,7 @@ ossl_x509ext_to_der(VALUE obj)
void
Init_ossl_x509ext(void)
{
+#undef rb_intern
#if 0
mOSSL = rb_define_module("OpenSSL");
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index ac98c1b..fe84559 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -239,14 +239,31 @@ ossl_x509name_to_s_old(VALUE self)
{
X509_NAME *name;
char *buf;
- VALUE str;
GetX509Name(self, name);
buf = X509_NAME_oneline(name, NULL, 0);
- str = rb_str_new2(buf);
- OPENSSL_free(buf);
+ if (!buf)
+ ossl_raise(eX509NameError, "X509_NAME_oneline");
+ return ossl_buf2str(buf, rb_long2int(strlen(buf)));
+}
- return str;
+static VALUE
+x509name_print(VALUE self, unsigned long iflag)
+{
+ X509_NAME *name;
+ BIO *out;
+ int ret;
+
+ GetX509Name(self, name);
+ out = BIO_new(BIO_s_mem());
+ if (!out)
+ ossl_raise(eX509NameError, NULL);
+ ret = X509_NAME_print_ex(out, name, 0, iflag);
+ if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
+ BIO_free(out);
+ ossl_raise(eX509NameError, "X509_NAME_print_ex");
+ }
+ return ossl_membio2str(out);
}
/*
@@ -264,25 +281,12 @@ ossl_x509name_to_s_old(VALUE self)
static VALUE
ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
{
- X509_NAME *name;
- VALUE flag, str;
- BIO *out;
- unsigned long iflag;
-
- rb_scan_args(argc, argv, "01", &flag);
- if (NIL_P(flag))
+ rb_check_arity(argc, 0, 1);
+ /* name.to_s(nil) was allowed */
+ if (!argc || NIL_P(argv[0]))
return ossl_x509name_to_s_old(self);
- else iflag = NUM2ULONG(flag);
- if (!(out = BIO_new(BIO_s_mem())))
- ossl_raise(eX509NameError, NULL);
- GetX509Name(self, name);
- if (!X509_NAME_print_ex(out, name, 0, iflag)){
- BIO_free(out);
- ossl_raise(eX509NameError, NULL);
- }
- str = ossl_membio2str(out);
-
- return str;
+ else
+ return x509name_print(self, NUM2ULONG(argv[0]));
}
/*
@@ -358,7 +362,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
result = ossl_x509name_cmp0(self, other);
if (result < 0) return INT2FIX(-1);
- if (result > 1) return INT2FIX(1);
+ if (result > 0) return INT2FIX(1);
return INT2FIX(0);
}
@@ -462,6 +466,7 @@ ossl_x509name_to_der(VALUE self)
void
Init_ossl_x509name(void)
{
+#undef rb_intern
VALUE utf8str, ptrstr, ia5str, hash;
#if 0
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index 4becc8e..3cddcc4 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -800,6 +800,7 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
void
Init_ossl_x509store(void)
{
+#undef rb_intern
#if 0
mOSSL = rb_define_module("OpenSSL");
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 7bb32ad..408c7d8 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -48,6 +48,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_equal 2, ssl.peer_cert_chain.size
assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der
assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock&.close
@@ -77,6 +79,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ssl.close
assert_not_predicate sock, :closed?
ensure
@@ -88,6 +91,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.sync_close = true # !!
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ssl.close
assert_predicate sock, :closed?
ensure
@@ -179,7 +183,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
client_ca_from_server = sslconn.client_ca
[@cli_cert, @cli_key]
end
- server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) }
+ server_connect(port, ctx) { |ssl|
+ assert_equal([@ca], client_ca_from_server)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
}
end
@@ -276,21 +283,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
}
start_server { |port|
- sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.verify_callback = Proc.new do |preverify_ok, store_ctx|
store_ctx.error = OpenSSL::X509::V_OK
true
end
- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
- ssl.sync_close = true
- begin
- ssl.connect
+ server_connect(port, ctx) { |ssl|
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
- ensure
- ssl.close
- end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
}
start_server(ignore_listener_error: true) { |port|
@@ -377,6 +379,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert(ssl.post_connection_check("localhost"))
@@ -398,6 +402,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
@svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert(ssl.post_connection_check("localhost.localdomain"))
assert(ssl.post_connection_check("127.0.0.1"))
assert_raise(sslerr){ssl.post_connection_check("localhost")}
@@ -418,6 +424,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
@svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key)
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert(ssl.post_connection_check("localhost.localdomain"))
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert_raise(sslerr){ssl.post_connection_check("localhost")}
@@ -644,6 +652,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl.connect
assert_equal @cli_cert.serial, ssl.peer_cert.serial
assert_predicate fooctx, :frozen?
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock.close
@@ -655,6 +665,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl.hostname = "bar.example.com"
ssl.connect
assert_equal @svr_cert.serial, ssl.peer_cert.serial
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock.close
@@ -727,7 +739,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.hostname = name
if expected_ok
- assert_nothing_raised { ssl.connect }
+ ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
else
assert_handshake_error { ssl.connect }
end
@@ -856,6 +869,7 @@ end
start_server_version(:SSLv23, ctx_proc) { |port|
server_connect(port) { |ssl|
assert_equal(1, num_handshakes)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -874,6 +888,7 @@ if openssl?(1, 0, 2) || libressl?
ctx.alpn_protocols = advertised
server_connect(port, ctx) { |ssl|
assert_equal(advertised.first, ssl.alpn_protocol)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -996,14 +1011,11 @@ end
end
def test_close_after_socket_close
- server_proc = proc { |ctx, ssl|
- # Do nothing
- }
- start_server(server_proc: server_proc) { |port|
+ start_server { |port|
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
- ssl.sync_close = true
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
sock.close
assert_nothing_raised do
ssl.close
@@ -1068,6 +1080,7 @@ end
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
server_connect(port, ctx) { |ssl|
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end
@@ -1158,6 +1171,7 @@ end
assert_equal "secp384r1", ssl.tmp_key.group.curve_name
end
end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
if openssl?(1, 0, 2) || libressl?(2, 5, 1)
@@ -1173,6 +1187,7 @@ end
server_connect(port, ctx) { |ssl|
assert_equal "secp521r1", ssl.tmp_key.group.curve_name
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
index 6db0c2d..78b160e 100644
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@@ -113,6 +113,7 @@ __EOS__
non_resumable = nil
start_server { |port|
server_connect_with_session(port, nil, nil) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
non_resumable = ssl.session
}
}
diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb
index c1dacf4..b128123 100644
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@@ -1,4 +1,4 @@
-# coding: US-ASCII
+# coding: ASCII-8BIT
# frozen_string_literal: false
require_relative 'utils'
@@ -322,6 +322,34 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
assert_equal("Namiki", ary[5][1])
end
+ def test_to_s
+ dn = [
+ ["DC", "org"],
+ ["DC", "ruby-lang"],
+ ["CN", "フー, バー"],
+ ]
+ name = OpenSSL::X509::Name.new
+ dn.each { |x| name.add_entry(*x) }
+
+ assert_equal "/DC=org/DC=ruby-lang/" \
+ "CN=\\xE3\\x83\\x95\\xE3\\x83\\xBC, \\xE3\\x83\\x90\\xE3\\x83\\xBC",
+ name.to_s
+ # OpenSSL escapes characters with MSB by default
+ assert_equal \
+ "CN=\\E3\\83\\95\\E3\\83\\BC\\, \\E3\\83\\90\\E3\\83\\BC," \
+ "DC=ruby-lang,DC=org",
+ name.to_s(OpenSSL::X509::Name::RFC2253)
+ assert_equal "DC = org, DC = ruby-lang, " \
+ "CN = \"\\E3\\83\\95\\E3\\83\\BC, \\E3\\83\\90\\E3\\83\\BC\"",
+ name.to_s(OpenSSL::X509::Name::ONELINE)
+
+ empty = OpenSSL::X509::Name.new
+ assert_equal "", empty.to_s
+ assert_equal "", empty.to_s(OpenSSL::X509::Name::COMPAT)
+ assert_equal "", empty.to_s(OpenSSL::X509::Name::RFC2253)
+ assert_equal "", empty.to_s(OpenSSL::X509::Name::ONELINE)
+ end
+
def test_equals2
n1 = OpenSSL::X509::Name.parse 'CN=a'
n2 = OpenSSL::X509::Name.parse 'CN=a'
@@ -330,10 +358,16 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
end
def test_spaceship
- n1 = OpenSSL::X509::Name.parse 'CN=a'
- n2 = OpenSSL::X509::Name.parse 'CN=b'
-
- assert_equal(-1, n1 <=> n2)
+ n1 = OpenSSL::X509::Name.new([["CN", "a"]])
+ n2 = OpenSSL::X509::Name.new([["CN", "a"]])
+ n3 = OpenSSL::X509::Name.new([["CN", "ab"]])
+
+ assert_equal 0, n1 <=> n2
+ assert_equal -1, n1 <=> n3
+ assert_equal 0, n2 <=> n1
+ assert_equal -1, n2 <=> n3
+ assert_equal 1, n3 <=> n1
+ assert_equal 1, n3 <=> n2
end
def name_hash(name)
diff --git a/version.h b/version.h
index a4fddd5..8e8237f 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
#define RUBY_VERSION "2.4.5"
#define RUBY_RELEASE_DATE "2018-10-18"
-#define RUBY_PATCHLEVEL 334
+#define RUBY_PATCHLEVEL 335
#define RUBY_RELEASE_YEAR 2018
#define RUBY_RELEASE_MONTH 10