summaryrefslogtreecommitdiff
path: root/test/openssl/test_ssl.rb
diff options
context:
space:
mode:
authorrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-08-08 14:13:53 +0000
committerrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-08-08 14:13:53 +0000
commita0f292bbcd6421b0cb87b84cb34887c7e020727b (patch)
treef70e6c1c635698cc26fc89de1fb1585f48207fd1 /test/openssl/test_ssl.rb
parent4b13656e39fa5da58af9df534570965d5692e9c3 (diff)
openssl: sync with upstream repository
Sync with the current tip of master branch, 62436385306c of ruby/openssl.git. Changes can be found at: https://github.com/ruby/openssl/compare/v2.1.1...62436385306c ---------------------------------------------------------------- Brian Cunnie (1): Correctly verify abbreviated IPv6 SANs Janko Marohnić (1): Reduce memory allocation when writing to SSLSocket Jeremy Evans (1): Move rb_global_variable call to directly after assignment Kazuki Yamaguchi (7): pkcs7: allow recipient's certificate to be omitted for PKCS7#decrypt pkey: resume key generation after interrupt tool/ruby-openssl-docker: update to latest versions test/test_ssl: fix test failure with TLS 1.3 test/test_x509name: change script encoding to ASCII-8BIT x509name: refactor OpenSSL::X509::Name#to_s x509name: fix handling of X509_NAME_{oneline,print_ex}() return value ahadc (1): Update CONTRIBUTING.md nobu (6): no ID cache in Init functions search winsock libraries explicitly openssl: search winsock openssl_missing.h: constified reduce LibreSSL warnings openssl/buffering.rb: no RS when output git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl/test_ssl.rb')
-rw-r--r--test/openssl/test_ssl.rb64
1 files changed, 47 insertions, 17 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 3b063d2e11b..b8016677d34 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -47,6 +47,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_equal 2, ssl.peer_cert_chain.size
assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der
assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock&.close
@@ -65,6 +67,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_equal @svr_cert.subject, ssl.peer_cert.subject
assert_equal [@svr_cert.subject, @ca_cert.subject],
ssl.peer_cert_chain.map(&:subject)
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end
@@ -157,6 +161,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ssl.close
assert_not_predicate sock, :closed?
ensure
@@ -168,6 +173,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.sync_close = true # !!
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ssl.close
assert_predicate sock, :closed?
ensure
@@ -259,7 +265,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
client_ca_from_server = sslconn.client_ca
[@cli_cert, @cli_key]
end
- server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) }
+ server_connect(port, ctx) { |ssl|
+ assert_equal([@ca], client_ca_from_server)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
}
end
@@ -356,21 +365,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
}
start_server { |port|
- sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.verify_callback = Proc.new do |preverify_ok, store_ctx|
store_ctx.error = OpenSSL::X509::V_OK
true
end
- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
- ssl.sync_close = true
- begin
- ssl.connect
+ server_connect(port, ctx) { |ssl|
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
- ensure
- ssl.close
- end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
}
start_server(ignore_listener_error: true) { |port|
@@ -455,6 +459,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert(ssl.post_connection_check("localhost"))
@@ -476,6 +482,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
@svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert(ssl.post_connection_check("localhost.localdomain"))
assert(ssl.post_connection_check("127.0.0.1"))
assert_raise(sslerr){ssl.post_connection_check("localhost")}
@@ -496,6 +504,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
@svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key)
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert(ssl.post_connection_check("localhost.localdomain"))
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert_raise(sslerr){ssl.post_connection_check("localhost")}
@@ -516,8 +526,12 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, "www.example.com\0.evil.com"))
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255'))
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1'))
- assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17'))
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13::17'))
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::18'))
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17'))
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '44:0:0:0:0:0:0:17'))
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '0013:0000:0000:0000:0000:0000:0000:0017'))
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '1313:0000:0000:0000:0000:0000:0000:0017'))
end
end
@@ -722,6 +736,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl.connect
assert_equal @cli_cert.serial, ssl.peer_cert.serial
assert_predicate fooctx, :frozen?
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock.close
@@ -733,6 +749,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl.hostname = "bar.example.com"
ssl.connect
assert_equal @svr_cert.serial, ssl.peer_cert.serial
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock.close
@@ -805,7 +823,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.hostname = name
if expected_ok
- assert_nothing_raised { ssl.connect }
+ ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
else
assert_handshake_error { ssl.connect }
end
@@ -879,7 +898,9 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) do |port|
begin
- server_connect(port) { }
+ server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
rescue OpenSSL::SSL::SSLError, Errno::ECONNRESET
else
supported << ver
@@ -937,6 +958,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
if ver == cver
server_connect(port, ctx1) { |ssl|
assert_equal vmap[cver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
else
assert_handshake_error { server_connect(port, ctx1) { } }
@@ -950,6 +972,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
if ver == cver
server_connect(port, ctx2) { |ssl|
assert_equal vmap[cver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
else
assert_handshake_error { server_connect(port, ctx2) { } }
@@ -962,6 +985,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ctx3.min_version = ctx3.max_version = nil
server_connect(port, ctx3) { |ssl|
assert_equal vmap[ver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -980,6 +1004,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ctx1.min_version = cver
server_connect(port, ctx1) { |ssl|
assert_equal vmap[supported.last][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
# Client sets max_version
@@ -988,6 +1013,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
if cver >= sver
server_connect(port, ctx2) { |ssl|
assert_equal vmap[cver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
else
assert_handshake_error { server_connect(port, ctx2) { } }
@@ -1006,6 +1032,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
if cver <= sver
server_connect(port, ctx1) { |ssl|
assert_equal vmap[sver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
else
assert_handshake_error { server_connect(port, ctx1) { } }
@@ -1020,6 +1047,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
else
assert_equal vmap[cver][:name], ssl.ssl_version
end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
}
@@ -1086,6 +1114,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
start_server_version(:SSLv23, ctx_proc) { |port|
server_connect(port) { |ssl|
assert_equal(1, num_handshakes)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -1104,6 +1133,7 @@ if openssl?(1, 0, 2) || libressl?
ctx.alpn_protocols = advertised
server_connect(port, ctx) { |ssl|
assert_equal(advertised.first, ssl.alpn_protocol)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -1226,14 +1256,11 @@ end
end
def test_close_after_socket_close
- server_proc = proc { |ctx, ssl|
- # Do nothing
- }
- start_server(server_proc: server_proc) { |port|
+ start_server { |port|
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
- ssl.sync_close = true
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
sock.close
assert_nothing_raised do
ssl.close
@@ -1298,6 +1325,7 @@ end
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
server_connect(port, ctx) { |ssl|
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end
@@ -1440,6 +1468,7 @@ end
assert_equal "secp384r1", ssl.tmp_key.group.curve_name
end
end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
if openssl?(1, 0, 2) || libressl?(2, 5, 1)
@@ -1455,6 +1484,7 @@ end
server_connect(port, ctx) { |ssl|
assert_equal "secp521r1", ssl.tmp_key.group.curve_name
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end