summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorgotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2005-04-08 09:26:54 +0000
committergotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2005-04-08 09:26:54 +0000
commit0c25a62834bee7ad2e92464f4ac71538cddbe275 (patch)
treef96428613017306fc8b0e628a7be4b2e2001b438 /test
parentb5c627e2df4db84f9d2dfcf196ee84024b10ff45 (diff)
* ext/openssl/ossl_ssl.c: add callbacks to OpenSSL::SSL::SSLContexts.
- SSLContext#client_cert_cb=(aProc). it is called when a client certificate is requested by a server and no certificate was not set for the SSLContext. it must return an Array which includes OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects. - SSLContext#tmp_dh_callback=(aProc). it is called in key exchange with DH algorithm. it must return an OpenSSL::PKey::DH object. * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): ignore the argument if it's nil. * ext/openssl/ossl_pkey.c (GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first. (DupPrivPKeyPtr): new function. * ext/openssl/ossl_pkey_dh.c: add default DH parameters. * ext/openssl/ossl_pkey.h: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
-rw-r--r--test/openssl/ssl_server.rb2
-rw-r--r--test/openssl/test_pair.rb26
-rw-r--r--test/openssl/test_ssl.rb37
3 files changed, 40 insertions, 25 deletions
diff --git a/test/openssl/ssl_server.rb b/test/openssl/ssl_server.rb
index 5e13033..6e62062 100644
--- a/test/openssl/ssl_server.rb
+++ b/test/openssl/ssl_server.rb
@@ -64,7 +64,7 @@ $stdout.puts Process.pid
$stdout.puts port
loop do
- ssl = ssls.accept
+ ssl = ssls.accept rescue next
Thread.start{
q = Queue.new
th = Thread.start{ ssl.write(q.shift) while true }
diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb
index 2b48471..7273554 100644
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@@ -16,31 +16,8 @@ module SSLPair
def server
host = "127.0.0.1"
port = 0
- key = OpenSSL::PKey::RSA.new(512)
- cert = OpenSSL::X509::Certificate.new
- cert.version = 2
- cert.serial = 0
- name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
- cert.subject = name
- cert.issuer = name
- cert.not_before = Time.now
- cert.not_after = Time.now + 3600
- cert.public_key = key.public_key
- ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
- cert.extensions = [
- ef.create_extension("basicConstraints","CA:FALSE"),
- ef.create_extension("subjectKeyIdentifier","hash"),
- ef.create_extension("extendedKeyUsage","serverAuth"),
- ef.create_extension("keyUsage",
- "keyEncipherment,dataEncipherment,digitalSignature")
- ]
- ef.issuer_certificate = cert
- cert.add_extension ef.create_extension("authorityKeyIdentifier",
- "keyid:always,issuer:always")
- cert.sign(key, OpenSSL::Digest::SHA1.new)
ctx = OpenSSL::SSL::SSLContext.new()
- ctx.key = key
- ctx.cert = cert
+ ctx.ciphers = "ADH"
tcps = TCPServer.new(host, port)
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
return ssls
@@ -49,6 +26,7 @@ module SSLPair
def client(port)
host = "127.0.0.1"
ctx = OpenSSL::SSL::SSLContext.new()
+ ctx.ciphers = "ADH"
s = TCPSocket.new(host, port)
ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
ssl.connect
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index abc9859..e80f32f 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -151,6 +151,43 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
}
end
+ def test_client_auth
+ vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+ start_server(PORT, vflag, true){|s, p|
+ assert_raises(OpenSSL::SSL::SSLError){
+ sock = TCPSocket.new("127.0.0.1", p)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
+ ssl.connect
+ }
+
+ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.key = @cli_key
+ ctx.cert = @cli_cert
+ sock = TCPSocket.new("127.0.0.1", p)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+ ssl.sync_close = true
+ ssl.connect
+ ssl.puts("foo")
+ assert_equal("foo\n", ssl.gets)
+ ssl.close
+
+ called = nil
+ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.client_cert_cb = Proc.new{|ssl|
+ called = true
+ [@cli_cert, @cli_key]
+ }
+ sock = TCPSocket.new("127.0.0.1", p)
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+ ssl.sync_close = true
+ ssl.connect
+ assert(called)
+ ssl.puts("foo")
+ assert_equal("foo\n", ssl.gets)
+ ssl.close
+ }
+ end
+
def test_starttls
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|s, p|
sock = TCPSocket.new("127.0.0.1", p)