diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2021-09-27 15:34:28 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-10-23 13:38:37 +0900 |
commit | 5a8e1c520ac71c76f6424f9ef5aef64a79527f78 (patch) | |
tree | c5d1edb252eb5c582688961768318c7cf8b7f0b9 /test/openssl/test_ssl.rb | |
parent | 0e805e73cedbce3748c979049c17c74f3f0eca43 (diff) |
[ruby/openssl] test/openssl/test_ssl: assume ECC support
Disabling ECC support of OpenSSL is impractical nowadays.
We still try to have the C extension compile on no-ec builds (as well
as no-dh or no-engine, etc.) as long as we can, but keeping test cases
for such an extreme scenario is not worth the effort.
https://github.com/ruby/openssl/commit/2cd01d4676
Diffstat (limited to 'test/openssl/test_ssl.rb')
-rw-r--r-- | test/openssl/test_ssl.rb | 32 |
1 files changed, 13 insertions, 19 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index e81745321b..1a8ae3bd68 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -124,8 +124,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_add_certificate_multiple_certs - pend "EC is not supported" unless defined?(OpenSSL::PKey::EC) - ca2_key = Fixtures.pkey("rsa-3") ca2_exts = [ ["basicConstraints", "CA:TRUE", true], @@ -556,6 +554,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx_proc = -> ctx { ctx.ssl_version = :TLSv1_2 ctx.ciphers = "aNULL" + ctx.tmp_dh = Fixtures.pkey("dh-1") ctx.security_level = 0 } @@ -830,7 +829,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_tlsext_hostname fooctx = OpenSSL::SSL::SSLContext.new - fooctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } fooctx.cert = @cli_cert fooctx.key = @cli_key @@ -882,7 +880,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx2 = OpenSSL::SSL::SSLContext.new ctx2.cert = @svr_cert ctx2.key = @svr_key - ctx2.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } ctx2.servername_cb = lambda { |args| Object.new } sock1, sock2 = socketpair @@ -1329,7 +1326,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx1 = OpenSSL::SSL::SSLContext.new ctx1.cert = @svr_cert ctx1.key = @svr_key - ctx1.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } ctx1.alpn_select_cb = -> (protocols) { nil } ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) @@ -1484,6 +1480,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx_proc2 = proc { |ctx| ctx.ssl_version = :TLSv1_2 ctx.ciphers = "EDH" + ctx.tmp_dh = Fixtures.pkey("dh-1") } start_server(ctx_proc: ctx_proc2) do |port| ctx = OpenSSL::SSL::SSLContext.new @@ -1494,20 +1491,18 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end - if defined?(OpenSSL::PKey::EC) - # ECDHE - ctx_proc3 = proc { |ctx| - ctx.ciphers = "DEFAULT:!kRSA:!kEDH" - ctx.ecdh_curves = "P-256" + # ECDHE + ctx_proc3 = proc { |ctx| + ctx.ciphers = "DEFAULT:!kRSA:!kEDH" + ctx.ecdh_curves = "P-256" + } + start_server(ctx_proc: ctx_proc3) do |port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.ciphers = "DEFAULT:!kRSA:!kEDH" + server_connect(port, ctx) { |ssl| + assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } - start_server(ctx_proc: ctx_proc3) do |port| - ctx = OpenSSL::SSL::SSLContext.new - ctx.ciphers = "DEFAULT:!kRSA:!kEDH" - server_connect(port, ctx) { |ssl| - assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key - ssl.puts "abc"; assert_equal "abc\n", ssl.gets - } - end end end @@ -1656,7 +1651,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_ecdh_curves_tls13 - pend "EC is disabled" unless defined?(OpenSSL::PKey::EC) pend "TLS 1.3 not supported" unless tls13_supported? ctx_proc = -> ctx { |