summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoremboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2012-05-25 14:44:15 +0000
committeremboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2012-05-25 14:44:15 +0000
commit6f5582a2ae543eb8000deba997348fda189c166a (patch)
treea0c8bd618155e1d969a6d4aa833228fe82ed18c8
parent913827b6afd701f5f5b7461e3acf15c70ab4f22b (diff)
* test/openssl/test_ssl.rb: Clarify the intention of errors to be
expected. Two errors are possible when connection is refused due to a protocol version that was explicitly disallowed, OpenSSL::SSL::SSLError or Errno::ECONNRESET, depending on the OpenSSL version in use. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog10
-rw-r--r--test/openssl/test_ssl.rb23
2 files changed, 22 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index 38d265cf471..161c2f3b011 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,16 @@
+Fri May 25 23:38:58 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
+
+ * test/openssl/test_ssl.rb: Clarify the intention of errors to be
+ expected. Two errors are possible when connection is refused due
+ to a protocol version that was explicitly disallowed,
+ OpenSSL::SSL::SSLError or Errno::ECONNRESET, depending on the
+ OpenSSL version in use.
+
Fri May 25 22:19:40 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
* ext/openssl/ossl_ssl.c: Revert r35583
* test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid
- the test failing in Ruby CI [1]
+ the test failing in Ruby CI [1]
[1] http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz#test-all
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index f3f3c9c3658..de4bd34c5f7 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -408,6 +408,11 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
}
end
+ # different OpenSSL versions react differently when being faced with a
+ # SSL/TLS version that has been marked as forbidden, therefore either of
+ # these may be raised
+ FORBIDDEN_PROTOCOL_ERRORS = [OpenSSL::SSL::SSLError, Errno::ECONNRESET]
+
if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
def test_forbid_ssl_v3_for_client
@@ -415,7 +420,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
start_server_version(:SSLv23, ctx_proc) { |server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :SSLv3
- assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
+ assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
}
end
@@ -423,7 +428,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
start_server_version(:SSLv3) { |server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv3
- assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
+ assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
}
end
@@ -442,7 +447,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
start_server_version(:SSLv23, ctx_proc) { |server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :TLSv1
- assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
+ assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
}
end
@@ -450,7 +455,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
start_server_version(:TLSv1) { |server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1
- assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
+ assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
}
end
@@ -469,7 +474,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
start_server_version(:SSLv23, ctx_proc) { |server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :TLSv1_1
- assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
+ assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
}
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_1)
@@ -477,7 +482,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
start_server_version(:TLSv1_1) { |server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1_1
- assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
+ assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
}
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_1)
@@ -486,7 +491,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
start_server_version(:SSLv23, ctx_proc) { |server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :TLSv1_2
- assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
+ assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
}
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_2)
@@ -494,7 +499,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
start_server_version(:TLSv1_2) { |server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1_2
- assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) }
+ assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) }
}
end if defined?(OpenSSL::SSL::OP_NO_TLSv1_2)
@@ -516,8 +521,6 @@ end
ssl.sync_close = true
ssl.connect
yield ssl
- rescue Errno::ECONNRESET => e
- raise OpenSSL::SSL::SSLError.new(e.message)
ensure
ssl.close
end