summaryrefslogtreecommitdiff
path: root/test/openssl
diff options
context:
space:
mode:
authorgotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2005-03-09 10:45:42 +0000
committergotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2005-03-09 10:45:42 +0000
commit55054497934bb9759aa400ef47042f33b34d0b9a (patch)
treed8da2900eaf273ead61714a96337bcedb9a74411 /test/openssl
parentf43cae2b057622e6812e370f2c7cb3efa06f6665 (diff)
* ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
- SSLContext#client_cert_cb is a Proc. it is called when a client certificate is requested by a server and no certificate was yet set for the SSLContext. it must return an Array which includes OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects. - SSLContext#tmp_dh_callback is called in key exchange with DH algorithm. it must return an OpenSSL::PKey::DH object. * ext/openssl/ossl_ssl.c: (ossl_sslctx_set_ciphers): ignore the argument if it's nil. (ossl_start_ssl, ossl_ssl_write): call rb_sys_fail if errno isn't 0. [ruby-dev:25831] * ext/openssl/ossl_pkey.c (GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first. (DupPrivPKeyPtr): new function. * ext/openssl/ossl_pkey_dh.c: add default DH parameters. * ext/openssl/ossl_pkey.h: ditto. * ext/openssl/lib/openssl/cipher.rb: fix typo. [ruby-dev:24285] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8129 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl')
-rw-r--r--test/openssl/ssl_server.rb3
-rw-r--r--test/openssl/test_pair.rb192
-rw-r--r--test/openssl/test_ssl.rb37
3 files changed, 41 insertions, 191 deletions
diff --git a/test/openssl/ssl_server.rb b/test/openssl/ssl_server.rb
index 556c28b..6e62062 100644
--- a/test/openssl/ssl_server.rb
+++ b/test/openssl/ssl_server.rb
@@ -64,7 +64,8 @@ $stdout.puts Process.pid
$stdout.puts port
loop do
- Thread.start(ssls.accept) {|ssl|
+ ssl = ssls.accept rescue next
+ Thread.start{
q = Queue.new
th = Thread.start{ ssl.write(q.shift) while true }
while line = ssl.gets
diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb
index 7dd658b..7273554 100644
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@@ -16,197 +16,8 @@ module SSLPair
def server
host = "127.0.0.1"
port = 0
- key = OpenSSL::PKey::RSA.new(512)
- cert = OpenSSL::X509::Certificate.new
- cert.version = 2
- cert.serial = 0
- name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
- cert.subject = name
- cert.issuer = name
- cert.not_before = Time.now
- cert.not_after = Time.now + 3600
- cert.public_key = key.public_key
- ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
- cert.extensions = [
- ef.create_extension("basicConstraints","CA:FALSE"),
- ef.create_extension("subjectKeyIdentifier","hash"),
- ef.create_extension("extendedKeyUsage","serverAuth"),
- ef.create_extension("keyUsage",
- "keyEncipherment,dataEncipherment,digitalSignature")
- ]
- ef.issuer_certificate = cert
- cert.add_extension ef.create_extension("authorityKeyIdentifier",
- "keyid:always,issuer:always")
- cert.sign(key, OpenSSL::Digest::SHA1.new)
ctx = OpenSSL::SSL::SSLContext.new()
- ctx.key = key
- ctx.cert = cert
- tcps = TCPServer.new(host, port)
- ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
- return ssls
- end
-
- def client(port)
- host = "127.0.0.1"
- ctx = OpenSSL::SSL::SSLContext.new()
- s = TCPSocket.new(host, port)
- ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
- ssl.connect
- ssl.sync_close = true
- ssl
- end
-
- def ssl_pair
- ssls = server
- th = Thread.new {
- ns = ssls.accept
- ssls.close
- ns
- }
- port = ssls.to_io.addr[1]
- c = client(port)
- s = th.value
- if block_given?
- begin
- yield c, s
- ensure
- c.close unless c.closed?
- s.close unless s.closed?
- end
- else
- return c, s
- end
- end
-end
-
-class OpenSSL::TestEOF1 < Test::Unit::TestCase
- include TestEOF
- include SSLPair
-
- def open_file(content)
- s1, s2 = ssl_pair
- Thread.new { s2 << content; s2.close }
- yield s1
- end
-end
-
-class OpenSSL::TestEOF2 < Test::Unit::TestCase
- include TestEOF
- include SSLPair
-
- def open_file(content)
- s1, s2 = ssl_pair
- Thread.new { s1 << content; s1.close }
- yield s2
- end
-end
-
-class OpenSSL::TestPair < Test::Unit::TestCase
- include SSLPair
-
- def test_getc
- ssl_pair {|s1, s2|
- s1 << "a"
- assert_equal(?a, s2.getc)
- }
- end
-
- def test_readpartial
- ssl_pair {|s1, s2|
- s2.write "a\nbcd"
- assert_equal("a\n", s1.gets)
- assert_equal("bcd", s1.readpartial(10))
- s2.write "efg"
- assert_equal("efg", s1.readpartial(10))
- s2.close
- assert_raise(EOFError) { s1.readpartial(10) }
- assert_raise(EOFError) { s1.readpartial(10) }
- assert_equal("", s1.readpartial(0))
- }
- end
-
- def test_readall
- ssl_pair {|s1, s2|
- s2.close
- assert_equal("", s1.read)
- }
- end
-
- def test_readline
- ssl_pair {|s1, s2|
- s2.close
- assert_raise(EOFError) { s1.readline }
- }
- end
-
- def test_puts_meta
- ssl_pair {|s1, s2|
- begin
- old = $/
- $/ = '*'
- s1.puts 'a'
- ensure
- $/ = old
- end
- s1.close
- assert_equal("a\n", s2.read)
- }
- end
-
- def test_puts_empty
- ssl_pair {|s1, s2|
- s1.puts
- s1.close
- assert_equal("\n", s2.read)
- }
- end
-
-end
-
-end
-begin
- require "openssl"
-rescue LoadError
-end
-require 'test/unit'
-
-if defined?(OpenSSL)
-
-require 'socket'
-dir = File.expand_path(__FILE__)
-2.times {dir = File.dirname(dir)}
-$:.replace([File.join(dir, "ruby")] | $:)
-require 'ut_eof'
-
-module SSLPair
- def server
- host = "127.0.0.1"
- port = 0
- key = OpenSSL::PKey::RSA.new(512)
- cert = OpenSSL::X509::Certificate.new
- cert.version = 2
- cert.serial = 0
- name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
- cert.subject = name
- cert.issuer = name
- cert.not_before = Time.now
- cert.not_after = Time.now + 3600
- cert.public_key = key.public_key
- ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
- cert.extensions = [
- ef.create_extension("basicConstraints","CA:FALSE"),
- ef.create_extension("subjectKeyIdentifier","hash"),
- ef.create_extension("extendedKeyUsage","serverAuth"),
- ef.create_extension("keyUsage",
- "keyEncipherment,dataEncipherment,digitalSignature")
- ]
- ef.issuer_certificate = cert
- cert.add_extension ef.create_extension("authorityKeyIdentifier",
- "keyid:always,issuer:always")
- cert.sign(key, OpenSSL::Digest::SHA1.new)
- ctx = OpenSSL::SSL::SSLContext.new()
- ctx.key = key
- ctx.cert = cert
+ ctx.ciphers = "ADH"
tcps = TCPServer.new(host, port)
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
return ssls
@@ -215,6 +26,7 @@ module SSLPair
def client(port)
host = "127.0.0.1"
ctx = OpenSSL::SSL::SSLContext.new()
+ ctx.ciphers = "ADH"
s = TCPSocket.new(host, port)
ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
ssl.connect
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 8f44007..08c18f4 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -155,6 +155,43 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
}
end
+ def test_client_auth
+ vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+ start_server(PORT, vflag, true){|s, p|
+ assert_raises(OpenSSL::SSL::SSLError){
+ sock = TCPSocket.new("127.0.0.1", p)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
+ ssl.connect
+ }
+
+ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.key = @cli_key
+ ctx.cert = @cli_cert
+ sock = TCPSocket.new("127.0.0.1", p)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+ ssl.sync_close = true
+ ssl.connect
+ ssl.puts("foo")
+ assert_equal("foo\n", ssl.gets)
+ ssl.close
+
+ called = nil
+ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.client_cert_cb = Proc.new{|ssl|
+ called = true
+ [@cli_cert, @cli_key]
+ }
+ sock = TCPSocket.new("127.0.0.1", p)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+ ssl.sync_close = true
+ ssl.connect
+ assert(called)
+ ssl.puts("foo")
+ assert_equal("foo\n", ssl.gets)
+ ssl.close
+ }
+ end
+
def test_starttls
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|s, p|
sock = TCPSocket.new("127.0.0.1", p)