diff options
| author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-11-04 06:56:16 +0000 |
|---|---|---|
| committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-11-04 06:56:16 +0000 |
| commit | 51423bd9ce1e7ec1404045a8f9fec4cd3466cfc2 (patch) | |
| tree | dc28ddb57b76ce4b708725e9b6b5d8d73393e51c /test/openssl | |
| parent | 96eefc0f44139656b923a2dc894dffff28a47cc2 (diff) | |
openssl: pull test case from upstream commit 62af0446569a
The test case added by r60310 ("fix OpenSSL::SSL::SSLContext#min_version
doesn't work", 2017-10-21) does not pass with OpenSSL >= 1.1.0 or
LibreSSL >= 2.6.0. Check that the default 'min_version' value is
properly enforced by actually attempting a handshake rather than by
inspecting the SSL option flags. [ruby-core:83479] [Bug #14039]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60636 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl')
| -rw-r--r-- | test/openssl/test_ssl.rb | 37 |
1 files changed, 14 insertions, 23 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index f1c21d3940..4f3df9dd1d 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -811,31 +811,22 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase supported end - def test_min_version + def test_set_params_min_version supported = check_supported_protocol_versions + store = OpenSSL::X509::Store.new + store.add_cert(@ca_cert) - ctx = OpenSSL::SSL::SSLContext.new - ctx.set_params - orig_options = ctx.options - - ctx.set_params(min_version: 999) - assert_not_equal(ctx.options, orig_options) - - ctx.min_version = :TLSv1_2 - assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1) - assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_1) - end - - def test_max_version - supported = check_supported_protocol_versions - - ctx = OpenSSL::SSL::SSLContext.new - ctx.set_params - orig_options = ctx.options - - ctx.max_version = :TLSv1 - assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_1) - assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_2) + if supported.include?(OpenSSL::SSL::SSL3_VERSION) + # SSLContext#set_params properly disables SSL 3.0 by default + ctx_proc = proc { |ctx| + ctx.min_version = ctx.max_version = OpenSSL::SSL::SSL3_VERSION + } + start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.set_params(cert_store: store, verify_hostname: false) + assert_handshake_error { server_connect(port, ctx) { } } + } + end end def test_minmax_version |