diff options
author | Jeremy Evans <code@jeremyevans.net> | 2020-12-03 09:12:12 -0800 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-03-16 19:37:06 +0900 |
commit | e2ce3830447b95fbb7d9b8dff80b8c1716688da0 (patch) | |
tree | d7873e50522a7ae01c3510d73e6b33fda0d00175 /test/openssl/test_ts.rb | |
parent | 4756ac00b7c016dfd85b69720486141a7c78d661 (diff) |
[ruby/openssl] Enhance TLS 1.3 support on LibreSSL 3.2/3.3
This defines TLS1_3_VERSION when using LibreSSL 3.2+. LibreSSL 3.2/3.3
doesn't advertise this by default, even though it will use TLS 1.3
in both client and server modes.
Changes between LibreSSL 3.1 and 3.2/3.3 broke a few tests, Defining
TLS1_3_VERSION by itself fixes 1 test failure. A few tests now
fail on LibreSSL 3.2/3.3 unless TLS 1.2 is set as the maximum version,
and this adjusts those tests. The client CA test doesn't work in
LibreSSL 3.2+, so I've marked that as pending.
For the hostname verification, LibreSSL 3.2.2+ has a new stricter
hostname verifier that doesn't like subjectAltName such as
c*.example.com and d.*.example.com, so adjust the related tests.
With these changes, the tests pass on LibreSSL 3.2/3.3.
https://github.com/ruby/openssl/commit/a0e98d48c9
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
Diffstat (limited to 'test/openssl/test_ts.rb')
-rw-r--r-- | test/openssl/test_ts.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/test/openssl/test_ts.rb b/test/openssl/test_ts.rb index 6e9c30894b..d39f3d3afd 100644 --- a/test/openssl/test_ts.rb +++ b/test/openssl/test_ts.rb @@ -382,6 +382,7 @@ _end_of_pem_ end def test_verify_ee_wrong_root_no_intermediate + pend "LibreSSL 3.2.2 Timestamp Issue" if libressl?(3, 2, 2) assert_raise(OpenSSL::Timestamp::TimestampError) do ts, req = timestamp_ee ts.verify(req, intermediate_store) @@ -389,6 +390,7 @@ _end_of_pem_ end def test_verify_ee_wrong_root_wrong_intermediate + pend "LibreSSL 3.2.2 Timestamp Issue" if libressl?(3, 2, 2) assert_raise(OpenSSL::Timestamp::TimestampError) do ts, req = timestamp_ee ts.verify(req, intermediate_store, [ca_cert]) |