* ext/openssl/ossl_ssl.c: add support for option flags

  OpenSSL::SSL::OP_NO_TLSv1_1
  OpenSSL::SSL::OP_NO_TLSv1_2
  to allow blocking specific TLS versions. Thanks to Justin Guyett for
  pointing this out to me.
* test/openssl/test_ssl.rb: add tests to assert correct behavior when
  blocking certain versions of TLS/SSL both on server and client side.
  Also refactored tests to reduce boilerplate code a little.
* test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where
  client rejects the connection because a forbidden protocol version
  was used.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 7 insertions, 1 deletions

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 3746f97fa7..d375b0ff67 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1919,7 +1919,7 @@ Init_ossl_ssl()
     rb_define_const(cSSLContext, "SESSION_CACHE_BOTH", LONG2FIX(SSL_SESS_CACHE_BOTH)); /* no different than CACHE_SERVER in 0.9.8e */
 
     /*
-     * Normally the sesison cache is checked for expired sessions every 255
+     * Normally the session cache is checked for expired sessions every 255
      * connections.  Since this may lead to a delay that cannot be controlled,
      * the automatic flushing may be disabled and #flush_sessions can be
      * called explicitly.
@@ -2035,6 +2035,12 @@ Init_ossl_ssl()
     ossl_ssl_def_const(OP_NO_SSLv2);
     ossl_ssl_def_const(OP_NO_SSLv3);
     ossl_ssl_def_const(OP_NO_TLSv1);
+#if defined(SSL_OP_NO_TLSv1_1)
+    ossl_ssl_def_const(OP_NO_TLSv1_1);
+#endif
+#if defined(SSL_OP_NO_TLSv1_2)
+    ossl_ssl_def_const(OP_NO_TLSv1_2);
+#endif
 #if defined(SSL_OP_NO_TICKET)
     ossl_ssl_def_const(OP_NO_TICKET);
 #endif