diff options
| author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-08-17 08:30:08 +0000 |
|---|---|---|
| committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-08-17 08:30:08 +0000 |
| commit | d3cd7b4813dcaf4022d8d70b8dd9f2bd17812d56 (patch) | |
| tree | 6a5fd125518a2a0c223fa77ad7cca10373b22783 /test | |
| parent | bd929bb48aa0daa237cbda73bef33c0c6adc75fd (diff) | |
merge revision(s) 51409,51453: [Backport #10910]
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): raise a more
helpful exception when verifying the peer connection and an
anonymous cipher has been selected. [ruby-core:68330] [Bug #10910]
Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch.
* test/openssl/test_ssl.rb (class OpenSSL): test for change
* .travis.yml: update libssl before running tests.
Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for figuring out the
travis settings!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@51608 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
| -rw-r--r-- | test/openssl/test_ssl.rb | 14 | ||||
| -rw-r--r-- | test/openssl/utils.rb | 2 |
2 files changed, 16 insertions, 0 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index bae3dcfc2f..aa61e385d5 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -284,6 +284,20 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end + def test_post_connect_check_with_anon_ciphers + sslerr = OpenSSL::SSL::SSLError + + start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, {use_anon_cipher: true}){|server, port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.ciphers = "aNULL" + server_connect(port, ctx) { |ssl| + msg = "Peer verification enabled, but no certificate received. Anonymous cipher suite " \ + "ADH-AES256-GCM-SHA384 was negotiated. Anonymous suites must be disabled to use peer verification." + assert_raise_with_message(sslerr,msg){ssl.post_connection_check("localhost.localdomain")} + } + } + end + def test_post_connection_check sslerr = OpenSSL::SSL::SSLError diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index ba9714b3fc..da281610b6 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -259,6 +259,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC def start_server(port0, verify_mode, start_immediately, args = {}, &block) ctx_proc = args[:ctx_proc] + use_anon_cipher = args.fetch(:use_anon_cipher, false) server_proc = args[:server_proc] server_proc ||= method(:readwrite_loop) @@ -266,6 +267,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC store.add_cert(@ca_cert) store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT ctx = OpenSSL::SSL::SSLContext.new + ctx.ciphers = "ADH-AES256-GCM-SHA384" if use_anon_cipher ctx.cert_store = store #ctx.extra_chain_cert = [ ca_cert ] ctx.cert = @svr_cert |