diff options
author | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-05-25 14:44:15 +0000 |
---|---|---|
committer | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-05-25 14:44:15 +0000 |
commit | 6f5582a2ae543eb8000deba997348fda189c166a (patch) | |
tree | a0c8bd618155e1d969a6d4aa833228fe82ed18c8 /test/openssl | |
parent | 913827b6afd701f5f5b7461e3acf15c70ab4f22b (diff) |
* test/openssl/test_ssl.rb: Clarify the intention of errors to be
expected. Two errors are possible when connection is refused due
to a protocol version that was explicitly disallowed,
OpenSSL::SSL::SSLError or Errno::ECONNRESET, depending on the
OpenSSL version in use.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl')
-rw-r--r-- | test/openssl/test_ssl.rb | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index f3f3c9c365..de4bd34c5f 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -408,6 +408,11 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end + # different OpenSSL versions react differently when being faced with a + # SSL/TLS version that has been marked as forbidden, therefore either of + # these may be raised + FORBIDDEN_PROTOCOL_ERRORS = [OpenSSL::SSL::SSLError, Errno::ECONNRESET] + if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1 def test_forbid_ssl_v3_for_client @@ -415,7 +420,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1 start_server_version(:SSLv23, ctx_proc) { |server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.ssl_version = :SSLv3 - assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) } + assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) } } end @@ -423,7 +428,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1 start_server_version(:SSLv3) { |server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv3 - assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) } + assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) } } end @@ -442,7 +447,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1 start_server_version(:SSLv23, ctx_proc) { |server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.ssl_version = :TLSv1 - assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) } + assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) } } end @@ -450,7 +455,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1 start_server_version(:TLSv1) { |server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1 - assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) } + assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) } } end @@ -469,7 +474,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2 start_server_version(:SSLv23, ctx_proc) { |server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.ssl_version = :TLSv1_1 - assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) } + assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) } } end if defined?(OpenSSL::SSL::OP_NO_TLSv1_1) @@ -477,7 +482,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2 start_server_version(:TLSv1_1) { |server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1_1 - assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) } + assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) } } end if defined?(OpenSSL::SSL::OP_NO_TLSv1_1) @@ -486,7 +491,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2 start_server_version(:SSLv23, ctx_proc) { |server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.ssl_version = :TLSv1_2 - assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) } + assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) } } end if defined?(OpenSSL::SSL::OP_NO_TLSv1_2) @@ -494,7 +499,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2 start_server_version(:TLSv1_2) { |server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1_2 - assert_raise(OpenSSL::SSL::SSLError) { server_connect(port, ctx) } + assert_raise(*FORBIDDEN_PROTOCOL_ERRORS) { server_connect(port, ctx) } } end if defined?(OpenSSL::SSL::OP_NO_TLSv1_2) @@ -516,8 +521,6 @@ end ssl.sync_close = true ssl.connect yield ssl - rescue Errno::ECONNRESET => e - raise OpenSSL::SSL::SSLError.new(e.message) ensure ssl.close end |