diff options
author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-09 10:00:19 +0000 |
---|---|---|
committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-09 10:00:19 +0000 |
commit | 33dd5d6970489c0aef929880e8730126cc7ad4c6 (patch) | |
tree | 7917ea40486c882fe41b1e35800b29d6f49c6791 /test/net/ftp | |
parent | 0ecd348cb5d87e0d0e4d8a9ece08849a185cdf84 (diff) |
net/http, net/ftp: skip SSL/TLS session resumption tests
Due to a bug in OpenSSL 1.1.0h[1] (it's only in this specific version;
it was introduced just before the release and is already fixed in their
stable branch), the callback set by SSLContext#session_new_cb= does not
get called for clients, making net/http and net/ftp not attempt session
resumption.
Let's disable the affected test cases for now. Another option would be
to fallback to using SSLSocket#session as we did before r64234. But
since only a single version is affected and hopefully a new stable
version containing the fix will be released in near future, I chose not
to add such workaround code to lib/.
[1] https://github.com/openssl/openssl/pull/5967
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64252 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/net/ftp')
-rw-r--r-- | test/net/ftp/test_ftp.rb | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb index 36292f181a..98322fdd57 100644 --- a/test/net/ftp/test_ftp.rb +++ b/test/net/ftp/test_ftp.rb @@ -1755,6 +1755,7 @@ EOF server = TCPServer.new(SERVER_ADDR, 0) port = server.addr[1] commands = [] + session_reused_for_data_connection = nil binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3 @thread = Thread.start do sock = server.accept @@ -1793,6 +1794,7 @@ EOF conn = OpenSSL::SSL::SSLSocket.new(conn, ctx) conn.sync_close = true conn.accept + session_reused_for_data_connection = conn.session_reused? binary_data.scan(/.{1,1024}/nm) do |s| conn.print(s) end @@ -1823,6 +1825,11 @@ EOF assert_match(/\A(PORT|EPRT) /, commands.shift) assert_equal("RETR foo\r\n", commands.shift) assert_equal(nil, commands.shift) + # FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h. + # See https://github.com/openssl/openssl/pull/5967 for details. + if OpenSSL::OPENSSL_LIBRARY_VERSION !~ /OpenSSL 1.1.0h/ + assert_equal(true, session_reused_for_data_connection) + end ensure ftp.close end @@ -1832,6 +1839,7 @@ EOF server = TCPServer.new(SERVER_ADDR, 0) port = server.addr[1] commands = [] + session_reused_for_data_connection = nil binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3 @thread = Thread.start do sock = server.accept @@ -1869,6 +1877,7 @@ EOF conn = OpenSSL::SSL::SSLSocket.new(conn, ctx) conn.sync_close = true conn.accept + session_reused_for_data_connection = conn.session_reused? binary_data.scan(/.{1,1024}/nm) do |s| conn.print(s) end @@ -1900,6 +1909,10 @@ EOF assert_match(/\A(PASV|EPSV)\r\n/, commands.shift) assert_equal("RETR foo\r\n", commands.shift) assert_equal(nil, commands.shift) + # FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h. + if OpenSSL::OPENSSL_LIBRARY_VERSION !~ /OpenSSL 1.1.0h/ + assert_equal(true, session_reused_for_data_connection) + end ensure ftp.close end |