summaryrefslogtreecommitdiff
path: root/test/openssl
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-04-04 15:06:46 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-04-04 15:06:46 +0000
commit176976db33fd8dd7b03c3dc23006b56d06cf1e8f (patch)
tree1d7b341793099e68419425a1bcb877fbb7a79dfc /test/openssl
parent990d709eeb04640f1909ba23ec81031c75408bac (diff)
openssl: Access to ephemeral TLS session key
* ext/openssl/ossl_ssl.c (ossl_ssl_tmp_key): Access to ephemeral TLS session key in case of forward secrecy cipher. Only available since OpenSSL 1.0.2. [Fix GH-1318] * ext/openssl/extconf.rb: Check for SSL_get_server_tmp_key. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl')
-rw-r--r--test/openssl/test_ssl.rb23
-rw-r--r--test/openssl/utils.rb1
2 files changed, 24 insertions, 0 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 28f5141cb0..b3f5661e5c 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -1169,6 +1169,29 @@ end
}
end
+ def test_get_ephemeral_key
+ return unless OpenSSL::SSL::SSLSocket.method_defined?(:tmp_key)
+ ciphers = {
+ 'ECDHE-RSA-AES128-SHA' => OpenSSL::PKey::EC,
+ 'DHE-RSA-AES128-SHA' => OpenSSL::PKey::DH,
+ 'AES128-SHA' => nil
+ }
+ conf_proc = Proc.new { |ctx| ctx.ciphers = 'ALL' }
+ start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => conf_proc) do |server, port|
+ ciphers.each do |cipher, ephemeral|
+ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.ciphers = cipher
+ server_connect(port, ctx) do |ssl|
+ if ephemeral
+ assert_equal(ephemeral, ssl.tmp_key.class)
+ else
+ assert_nil(ssl.tmp_key)
+ end
+ end
+ end
+ end
+ end
+
private
def start_server_version(version, ctx_proc=nil, server_proc=nil, &blk)
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
index d4f0443511..6909854cad 100644
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@@ -277,6 +277,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
ctx.cert = @svr_cert
ctx.key = @svr_key
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
+ ctx.tmp_ecdh_callback = proc { OpenSSL::TestUtils::TEST_KEY_EC_P256V1 }
ctx.verify_mode = verify_mode
ctx_proc.call(ctx) if ctx_proc