diff options
-rw-r--r-- | ext/openssl/History.md | 23 | ||||
-rw-r--r-- | ext/openssl/extconf.rb | 7 | ||||
-rw-r--r-- | ext/openssl/openssl.gemspec | 8 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.h | 4 | ||||
-rw-r--r-- | ext/openssl/ossl.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_asn1.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_pkcs12.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_pkcs7.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey.c | 29 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey.h | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_version.h | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509ext.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_x509name.c | 51 | ||||
-rw-r--r-- | ext/openssl/ossl_x509store.c | 1 | ||||
-rw-r--r-- | test/openssl/test_ssl.rb | 45 | ||||
-rw-r--r-- | test/openssl/test_ssl_session.rb | 1 | ||||
-rw-r--r-- | test/openssl/test_x509name.rb | 44 | ||||
-rw-r--r-- | version.h | 2 |
19 files changed, 170 insertions, 55 deletions
diff --git a/ext/openssl/History.md b/ext/openssl/History.md index db7d98e2a4..eb7b272204 100644 --- a/ext/openssl/History.md +++ b/ext/openssl/History.md @@ -1,3 +1,26 @@ +Version 2.0.9 +============= + +Security fixes +-------------- + +* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal + objects. CVE-2018-16395 is assigned for this issue. + https://hackerone.com/reports/387250 + +Bug fixes +--------- + +* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is + interrupted. + [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882) + [[GitHub #205]](https://github.com/ruby/openssl/pull/205) +* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if + called against an empty instance. + [[GitHub #200]](https://github.com/ruby/openssl/issues/200) + [[GitHub #211]](https://github.com/ruby/openssl/pull/211) + + Version 2.0.8 ============= diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 998d91049c..b00b3a5969 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -33,6 +33,9 @@ end Logging::message "=== Checking for system dependent stuff... ===\n" have_library("nsl", "t_open") have_library("socket", "socket") +if $mswin || $mingw + have_library("ws2_32") +end Logging::message "=== Checking for required stuff... ===\n" result = pkg_config("openssl") && have_header("openssl/ssl.h") @@ -122,6 +125,10 @@ engines.each { |name| OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h") } +if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h") + $defs.push("-DNOCRYPT") +end + # added in 0.9.8X have_func("EVP_CIPHER_CTX_new") have_func("EVP_CIPHER_CTX_free") diff --git a/ext/openssl/openssl.gemspec b/ext/openssl/openssl.gemspec index 0e0e1512c1..5dadfc5c04 100644 --- a/ext/openssl/openssl.gemspec +++ b/ext/openssl/openssl.gemspec @@ -1,20 +1,20 @@ # -*- encoding: utf-8 -*- -# stub: openssl 2.0.8 ruby lib +# stub: openssl 2.0.9 ruby lib # stub: ext/openssl/extconf.rb Gem::Specification.new do |s| s.name = "openssl".freeze - s.version = "2.0.8" + s.version = "2.0.9" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata= s.require_paths = ["lib".freeze] s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze] - s.date = "2018-05-12" + s.date = "2018-10-17" s.description = "It wraps the OpenSSL library.".freeze s.email = ["ruby-core@ruby-lang.org".freeze] s.extensions = ["ext/openssl/extconf.rb".freeze] - s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "History.md".freeze, "README.md".freeze] + s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "README.md".freeze, "History.md".freeze] s.files = ["BSDL".freeze, "CONTRIBUTING.md".freeze, "History.md".freeze, "LICENSE.txt".freeze, "README.md".freeze, "ext/openssl/deprecation.rb".freeze, "ext/openssl/extconf.rb".freeze, "ext/openssl/openssl_missing.c".freeze, "ext/openssl/openssl_missing.h".freeze, "ext/openssl/ossl.c".freeze, "ext/openssl/ossl.h".freeze, "ext/openssl/ossl_asn1.c".freeze, "ext/openssl/ossl_asn1.h".freeze, "ext/openssl/ossl_bio.c".freeze, "ext/openssl/ossl_bio.h".freeze, "ext/openssl/ossl_bn.c".freeze, "ext/openssl/ossl_bn.h".freeze, "ext/openssl/ossl_cipher.c".freeze, "ext/openssl/ossl_cipher.h".freeze, "ext/openssl/ossl_config.c".freeze, "ext/openssl/ossl_config.h".freeze, "ext/openssl/ossl_digest.c".freeze, "ext/openssl/ossl_digest.h".freeze, "ext/openssl/ossl_engine.c".freeze, "ext/openssl/ossl_engine.h".freeze, "ext/openssl/ossl_hmac.c".freeze, "ext/openssl/ossl_hmac.h".freeze, "ext/openssl/ossl_ns_spki.c".freeze, "ext/openssl/ossl_ns_spki.h".freeze, "ext/openssl/ossl_ocsp.c".freeze, "ext/openssl/ossl_ocsp.h".freeze, "ext/openssl/ossl_pkcs12.c".freeze, "ext/openssl/ossl_pkcs12.h".freeze, "ext/openssl/ossl_pkcs5.c".freeze, "ext/openssl/ossl_pkcs5.h".freeze, "ext/openssl/ossl_pkcs7.c".freeze, "ext/openssl/ossl_pkcs7.h".freeze, "ext/openssl/ossl_pkey.c".freeze, "ext/openssl/ossl_pkey.h".freeze, "ext/openssl/ossl_pkey_dh.c".freeze, "ext/openssl/ossl_pkey_dsa.c".freeze, "ext/openssl/ossl_pkey_ec.c".freeze, "ext/openssl/ossl_pkey_rsa.c".freeze, "ext/openssl/ossl_rand.c".freeze, "ext/openssl/ossl_rand.h".freeze, "ext/openssl/ossl_ssl.c".freeze, "ext/openssl/ossl_ssl.h".freeze, "ext/openssl/ossl_ssl_session.c".freeze, "ext/openssl/ossl_version.h".freeze, "ext/openssl/ossl_x509.c".freeze, "ext/openssl/ossl_x509.h".freeze, "ext/openssl/ossl_x509attr.c".freeze, "ext/openssl/ossl_x509cert.c".freeze, "ext/openssl/ossl_x509crl.c".freeze, "ext/openssl/ossl_x509ext.c".freeze, "ext/openssl/ossl_x509name.c".freeze, "ext/openssl/ossl_x509req.c".freeze, "ext/openssl/ossl_x509revoked.c".freeze, "ext/openssl/ossl_x509store.c".freeze, "ext/openssl/ruby_missing.h".freeze, "lib/openssl.rb".freeze, "lib/openssl/bn.rb".freeze, "lib/openssl/buffering.rb".freeze, "lib/openssl/cipher.rb".freeze, "lib/openssl/config.rb".freeze, "lib/openssl/digest.rb".freeze, "lib/openssl/pkey.rb".freeze, "lib/openssl/ssl.rb".freeze, "lib/openssl/x509.rb".freeze] s.homepage = "https://www.ruby-lang.org/".freeze s.licenses = ["Ruby".freeze] diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 3d11aec2d2..3c2bce9c43 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -196,7 +196,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \ return pkey->pkey._name; } #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \ -static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \ +static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \ if (a1) *a1 = obj->a1; \ if (a2) *a2 = obj->a2; } \ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \ @@ -205,7 +205,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \ BN_clear_free(obj->a2); obj->a2 = a2; \ return 1; } #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \ -static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \ +static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \ if (a1) *a1 = obj->a1; \ if (a2) *a2 = obj->a2; \ if (a3) *a3 = obj->a3; } \ diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 88bb8f2101..9776f61df9 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -1078,6 +1078,7 @@ static void Init_ossl_locks(void) void Init_openssl(void) { +#undef rb_intern /* * Init timezone info */ diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 0225597334..9053643e2c 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1412,6 +1412,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent) void Init_ossl_asn1(void) { +#undef rb_intern VALUE ary; int i; diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c index 8502a6de0d..c90a723709 100644 --- a/ext/openssl/ossl_pkcs12.c +++ b/ext/openssl/ossl_pkcs12.c @@ -237,6 +237,7 @@ ossl_pkcs12_to_der(VALUE self) void Init_ossl_pkcs12(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c index 40cc5f230e..c18dff1403 100644 --- a/ext/openssl/ossl_pkcs7.c +++ b/ext/openssl/ossl_pkcs7.c @@ -1054,6 +1054,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self) void Init_ossl_pkcs7(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index aad3e2e47c..b4a412c166 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -20,6 +20,21 @@ static ID id_private_q; /* * callback for generating keys */ +static VALUE +call_check_ints0(VALUE arg) +{ + rb_thread_check_ints(); + return Qnil; +} + +static void * +call_check_ints(void *arg) +{ + int state; + rb_protect(call_check_ints0, Qnil, &state); + return (void *)(VALUE)state; +} + int ossl_generate_cb_2(int p, int n, BN_GENCB *cb) { @@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb) */ rb_protect(rb_yield, ary, &state); if (state) { - arg->stop = 1; arg->state = state; + return 0; + } + } + if (arg->interrupted) { + arg->interrupted = 0; + state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL); + if (state) { + arg->state = state; + return 0; } } - if (arg->stop) return 0; return 1; } @@ -50,7 +72,7 @@ void ossl_generate_cb_stop(void *ptr) { struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr; - arg->stop = 1; + arg->interrupted = 1; } static void @@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) void Init_ossl_pkey(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h index a0b497440c..5c8ccc0f26 100644 --- a/ext/openssl/ossl_pkey.h +++ b/ext/openssl/ossl_pkey.h @@ -41,7 +41,7 @@ extern const rb_data_type_t ossl_evp_pkey_type; struct ossl_generate_cb_arg { int yield; - int stop; + int interrupted; int state; }; int ossl_generate_cb_2(int p, int n, BN_GENCB *cb); diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 5262d3b206..201b7dff6a 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -1676,6 +1676,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self) void Init_ossl_ec(void) { +#undef rb_intern #if 0 mPKey = rb_define_module_under(mOSSL, "PKey"); cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject); diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h index a4b99e80e3..1ac6b4c666 100644 --- a/ext/openssl/ossl_version.h +++ b/ext/openssl/ossl_version.h @@ -10,6 +10,6 @@ #if !defined(_OSSL_VERSION_H_) #define _OSSL_VERSION_H_ -#define OSSL_VERSION "2.0.8" +#define OSSL_VERSION "2.0.9" #endif /* _OSSL_VERSION_H_ */ diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c index b92b0786b2..a6184d32ce 100644 --- a/ext/openssl/ossl_x509ext.c +++ b/ext/openssl/ossl_x509ext.c @@ -441,6 +441,7 @@ ossl_x509ext_to_der(VALUE obj) void Init_ossl_x509ext(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index ac98c1b94c..fe84559313 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -239,14 +239,31 @@ ossl_x509name_to_s_old(VALUE self) { X509_NAME *name; char *buf; - VALUE str; GetX509Name(self, name); buf = X509_NAME_oneline(name, NULL, 0); - str = rb_str_new2(buf); - OPENSSL_free(buf); + if (!buf) + ossl_raise(eX509NameError, "X509_NAME_oneline"); + return ossl_buf2str(buf, rb_long2int(strlen(buf))); +} - return str; +static VALUE +x509name_print(VALUE self, unsigned long iflag) +{ + X509_NAME *name; + BIO *out; + int ret; + + GetX509Name(self, name); + out = BIO_new(BIO_s_mem()); + if (!out) + ossl_raise(eX509NameError, NULL); + ret = X509_NAME_print_ex(out, name, 0, iflag); + if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) { + BIO_free(out); + ossl_raise(eX509NameError, "X509_NAME_print_ex"); + } + return ossl_membio2str(out); } /* @@ -264,25 +281,12 @@ ossl_x509name_to_s_old(VALUE self) static VALUE ossl_x509name_to_s(int argc, VALUE *argv, VALUE self) { - X509_NAME *name; - VALUE flag, str; - BIO *out; - unsigned long iflag; - - rb_scan_args(argc, argv, "01", &flag); - if (NIL_P(flag)) + rb_check_arity(argc, 0, 1); + /* name.to_s(nil) was allowed */ + if (!argc || NIL_P(argv[0])) return ossl_x509name_to_s_old(self); - else iflag = NUM2ULONG(flag); - if (!(out = BIO_new(BIO_s_mem()))) - ossl_raise(eX509NameError, NULL); - GetX509Name(self, name); - if (!X509_NAME_print_ex(out, name, 0, iflag)){ - BIO_free(out); - ossl_raise(eX509NameError, NULL); - } - str = ossl_membio2str(out); - - return str; + else + return x509name_print(self, NUM2ULONG(argv[0])); } /* @@ -358,7 +362,7 @@ ossl_x509name_cmp(VALUE self, VALUE other) result = ossl_x509name_cmp0(self, other); if (result < 0) return INT2FIX(-1); - if (result > 1) return INT2FIX(1); + if (result > 0) return INT2FIX(1); return INT2FIX(0); } @@ -462,6 +466,7 @@ ossl_x509name_to_der(VALUE self) void Init_ossl_x509name(void) { +#undef rb_intern VALUE utf8str, ptrstr, ia5str, hash; #if 0 diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 4becc8e3cd..3cddcc495a 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -800,6 +800,7 @@ ossl_x509stctx_set_time(VALUE self, VALUE time) void Init_ossl_x509store(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 7bb32adf92..408c7d8208 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -48,6 +48,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal 2, ssl.peer_cert_chain.size assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock&.close @@ -77,6 +79,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_not_predicate sock, :closed? ensure @@ -88,6 +91,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.sync_close = true # !! ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_predicate sock, :closed? ensure @@ -179,7 +183,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase client_ca_from_server = sslconn.client_ca [@cli_cert, @cli_key] end - server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) } + server_connect(port, ctx) { |ssl| + assert_equal([@ca], client_ca_from_server) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } end @@ -276,21 +283,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } start_server { |port| - sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER ctx.verify_callback = Proc.new do |preverify_ok, store_ctx| store_ctx.error = OpenSSL::X509::V_OK true end - ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) - ssl.sync_close = true - begin - ssl.connect + server_connect(port, ctx) { |ssl| assert_equal(OpenSSL::X509::V_OK, ssl.verify_result) - ensure - ssl.close - end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } start_server(ignore_listener_error: true) { |port| @@ -377,6 +379,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")} assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert(ssl.post_connection_check("localhost")) @@ -398,6 +402,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert(ssl.post_connection_check("127.0.0.1")) assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -418,6 +424,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase @svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -644,6 +652,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl.connect assert_equal @cli_cert.serial, ssl.peer_cert.serial assert_predicate fooctx, :frozen? + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -655,6 +665,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl.hostname = "bar.example.com" ssl.connect assert_equal @svr_cert.serial, ssl.peer_cert.serial + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -727,7 +739,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.hostname = name if expected_ok - assert_nothing_raised { ssl.connect } + ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets else assert_handshake_error { ssl.connect } end @@ -856,6 +869,7 @@ end start_server_version(:SSLv23, ctx_proc) { |port| server_connect(port) { |ssl| assert_equal(1, num_handshakes) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -874,6 +888,7 @@ if openssl?(1, 0, 2) || libressl? ctx.alpn_protocols = advertised server_connect(port, ctx) { |ssl| assert_equal(advertised.first, ssl.alpn_protocol) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -996,14 +1011,11 @@ end end def test_close_after_socket_close - server_proc = proc { |ctx, ssl| - # Do nothing - } - start_server(server_proc: server_proc) { |port| + start_server { |port| sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) - ssl.sync_close = true ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets sock.close assert_nothing_raised do ssl.close @@ -1068,6 +1080,7 @@ end ctx.ciphers = "DEFAULT:!kRSA:!kEDH" server_connect(port, ctx) { |ssl| assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end @@ -1158,6 +1171,7 @@ end assert_equal "secp384r1", ssl.tmp_key.group.curve_name end end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } if openssl?(1, 0, 2) || libressl?(2, 5, 1) @@ -1173,6 +1187,7 @@ end server_connect(port, ctx) { |ssl| assert_equal "secp521r1", ssl.tmp_key.group.curve_name + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index 6db0c2d196..78b160eda6 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -113,6 +113,7 @@ __EOS__ non_resumable = nil start_server { |port| server_connect_with_session(port, nil, nil) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets non_resumable = ssl.session } } diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb index c1dacf4fa1..b12812317b 100644 --- a/test/openssl/test_x509name.rb +++ b/test/openssl/test_x509name.rb @@ -1,4 +1,4 @@ -# coding: US-ASCII +# coding: ASCII-8BIT # frozen_string_literal: false require_relative 'utils' @@ -322,6 +322,34 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase assert_equal("Namiki", ary[5][1]) end + def test_to_s + dn = [ + ["DC", "org"], + ["DC", "ruby-lang"], + ["CN", "フー, バー"], + ] + name = OpenSSL::X509::Name.new + dn.each { |x| name.add_entry(*x) } + + assert_equal "/DC=org/DC=ruby-lang/" \ + "CN=\\xE3\\x83\\x95\\xE3\\x83\\xBC, \\xE3\\x83\\x90\\xE3\\x83\\xBC", + name.to_s + # OpenSSL escapes characters with MSB by default + assert_equal \ + "CN=\\E3\\83\\95\\E3\\83\\BC\\, \\E3\\83\\90\\E3\\83\\BC," \ + "DC=ruby-lang,DC=org", + name.to_s(OpenSSL::X509::Name::RFC2253) + assert_equal "DC = org, DC = ruby-lang, " \ + "CN = \"\\E3\\83\\95\\E3\\83\\BC, \\E3\\83\\90\\E3\\83\\BC\"", + name.to_s(OpenSSL::X509::Name::ONELINE) + + empty = OpenSSL::X509::Name.new + assert_equal "", empty.to_s + assert_equal "", empty.to_s(OpenSSL::X509::Name::COMPAT) + assert_equal "", empty.to_s(OpenSSL::X509::Name::RFC2253) + assert_equal "", empty.to_s(OpenSSL::X509::Name::ONELINE) + end + def test_equals2 n1 = OpenSSL::X509::Name.parse 'CN=a' n2 = OpenSSL::X509::Name.parse 'CN=a' @@ -330,10 +358,16 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase end def test_spaceship - n1 = OpenSSL::X509::Name.parse 'CN=a' - n2 = OpenSSL::X509::Name.parse 'CN=b' - - assert_equal(-1, n1 <=> n2) + n1 = OpenSSL::X509::Name.new([["CN", "a"]]) + n2 = OpenSSL::X509::Name.new([["CN", "a"]]) + n3 = OpenSSL::X509::Name.new([["CN", "ab"]]) + + assert_equal 0, n1 <=> n2 + assert_equal -1, n1 <=> n3 + assert_equal 0, n2 <=> n1 + assert_equal -1, n2 <=> n3 + assert_equal 1, n3 <=> n1 + assert_equal 1, n3 <=> n2 end def name_hash(name) @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.4.5" #define RUBY_RELEASE_DATE "2018-10-18" -#define RUBY_PATCHLEVEL 334 +#define RUBY_PATCHLEVEL 335 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 10 |