summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ext/openssl/lib/openssl/buffering.rb13
-rw-r--r--ext/openssl/lib/openssl/ssl.rb11
-rw-r--r--ext/openssl/openssl.gemspec9
-rw-r--r--ext/openssl/openssl_missing.h3
-rw-r--r--ext/openssl/ossl_asn1.c2
-rw-r--r--ext/openssl/ossl_pkcs7.c4
-rw-r--r--ext/openssl/ossl_pkey.c28
-rw-r--r--ext/openssl/ossl_pkey.h2
-rw-r--r--ext/openssl/ossl_x509name.c12
-rw-r--r--test/openssl/test_pkcs7.rb2
-rw-r--r--test/openssl/test_ssl.rb64
-rw-r--r--test/openssl/test_ssl_session.rb1
-rw-r--r--test/openssl/test_x509name.rb9
13 files changed, 110 insertions, 50 deletions
diff --git a/ext/openssl/lib/openssl/buffering.rb b/ext/openssl/lib/openssl/buffering.rb
index 1f2b2a7..5d1586e 100644
--- a/ext/openssl/lib/openssl/buffering.rb
+++ b/ext/openssl/lib/openssl/buffering.rb
@@ -316,20 +316,15 @@ module OpenSSL::Buffering
@wbuffer << s
@wbuffer.force_encoding(Encoding::BINARY)
@sync ||= false
- if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex("\n")
- remain = idx ? idx + 1 : @wbuffer.size
- nwritten = 0
- while remain > 0
- str = @wbuffer[nwritten,remain]
+ if @sync or @wbuffer.size > BLOCK_SIZE
+ until @wbuffer.empty?
begin
- nwrote = syswrite(str)
+ nwrote = syswrite(@wbuffer)
rescue Errno::EAGAIN
retry
end
- remain -= nwrote
- nwritten += nwrote
+ @wbuffer[0, nwrote] = ""
end
- @wbuffer[0,nwritten] = ""
end
end
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index 6a6f2b9..355eb2e 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -12,6 +12,7 @@
require "openssl/buffering"
require "io/nonblock"
+require "ipaddr"
module OpenSSL
module SSL
@@ -272,11 +273,11 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
return true if verify_hostname(hostname, san.value)
when 7 # iPAddress in GeneralName (RFC5280)
should_verify_common_name = false
- # follows GENERAL_NAME_print() in x509v3/v3_alt.c
- if san.value.size == 4
- return true if san.value.unpack('C*').join('.') == hostname
- elsif san.value.size == 16
- return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
+ if san.value.size == 4 || san.value.size == 16
+ begin
+ return true if san.value == IPAddr.new(hostname).hton
+ rescue IPAddr::InvalidAddressError
+ end
end
end
}
diff --git a/ext/openssl/openssl.gemspec b/ext/openssl/openssl.gemspec
index b9b68fc..2f40f5d 100644
--- a/ext/openssl/openssl.gemspec
+++ b/ext/openssl/openssl.gemspec
@@ -10,34 +10,37 @@ Gem::Specification.new do |s|
s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata=
s.require_paths = ["lib".freeze]
s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze]
- s.date = "2018-05-12"
+ s.date = "2018-08-08"
s.description = "It wraps the OpenSSL library.".freeze
s.email = ["ruby-core@ruby-lang.org".freeze]
s.extensions = ["ext/openssl/extconf.rb".freeze]
- s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "History.md".freeze, "README.md".freeze]
+ s.extra_rdoc_files = ["History.md".freeze, "README.md".freeze, "CONTRIBUTING.md".freeze]
s.files = ["BSDL".freeze, "CONTRIBUTING.md".freeze, "History.md".freeze, "LICENSE.txt".freeze, "README.md".freeze, "ext/openssl/deprecation.rb".freeze, "ext/openssl/extconf.rb".freeze, "ext/openssl/openssl_missing.c".freeze, "ext/openssl/openssl_missing.h".freeze, "ext/openssl/ossl.c".freeze, "ext/openssl/ossl.h".freeze, "ext/openssl/ossl_asn1.c".freeze, "ext/openssl/ossl_asn1.h".freeze, "ext/openssl/ossl_bio.c".freeze, "ext/openssl/ossl_bio.h".freeze, "ext/openssl/ossl_bn.c".freeze, "ext/openssl/ossl_bn.h".freeze, "ext/openssl/ossl_cipher.c".freeze, "ext/openssl/ossl_cipher.h".freeze, "ext/openssl/ossl_config.c".freeze, "ext/openssl/ossl_config.h".freeze, "ext/openssl/ossl_digest.c".freeze, "ext/openssl/ossl_digest.h".freeze, "ext/openssl/ossl_engine.c".freeze, "ext/openssl/ossl_engine.h".freeze, "ext/openssl/ossl_hmac.c".freeze, "ext/openssl/ossl_hmac.h".freeze, "ext/openssl/ossl_kdf.c".freeze, "ext/openssl/ossl_kdf.h".freeze, "ext/openssl/ossl_ns_spki.c".freeze, "ext/openssl/ossl_ns_spki.h".freeze, "ext/openssl/ossl_ocsp.c".freeze, "ext/openssl/ossl_ocsp.h".freeze, "ext/openssl/ossl_pkcs12.c".freeze, "ext/openssl/ossl_pkcs12.h".freeze, "ext/openssl/ossl_pkcs7.c".freeze, "ext/openssl/ossl_pkcs7.h".freeze, "ext/openssl/ossl_pkey.c".freeze, "ext/openssl/ossl_pkey.h".freeze, "ext/openssl/ossl_pkey_dh.c".freeze, "ext/openssl/ossl_pkey_dsa.c".freeze, "ext/openssl/ossl_pkey_ec.c".freeze, "ext/openssl/ossl_pkey_rsa.c".freeze, "ext/openssl/ossl_rand.c".freeze, "ext/openssl/ossl_rand.h".freeze, "ext/openssl/ossl_ssl.c".freeze, "ext/openssl/ossl_ssl.h".freeze, "ext/openssl/ossl_ssl_session.c".freeze, "ext/openssl/ossl_version.h".freeze, "ext/openssl/ossl_x509.c".freeze, "ext/openssl/ossl_x509.h".freeze, "ext/openssl/ossl_x509attr.c".freeze, "ext/openssl/ossl_x509cert.c".freeze, "ext/openssl/ossl_x509crl.c".freeze, "ext/openssl/ossl_x509ext.c".freeze, "ext/openssl/ossl_x509name.c".freeze, "ext/openssl/ossl_x509req.c".freeze, "ext/openssl/ossl_x509revoked.c".freeze, "ext/openssl/ossl_x509store.c".freeze, "ext/openssl/ruby_missing.h".freeze, "lib/openssl.rb".freeze, "lib/openssl/bn.rb".freeze, "lib/openssl/buffering.rb".freeze, "lib/openssl/cipher.rb".freeze, "lib/openssl/config.rb".freeze, "lib/openssl/digest.rb".freeze, "lib/openssl/pkcs5.rb".freeze, "lib/openssl/pkey.rb".freeze, "lib/openssl/ssl.rb".freeze, "lib/openssl/x509.rb".freeze]
s.homepage = "https://github.com/ruby/openssl".freeze
s.licenses = ["Ruby".freeze]
s.rdoc_options = ["--main".freeze, "README.md".freeze]
s.required_ruby_version = Gem::Requirement.new(">= 2.3.0".freeze)
- s.rubygems_version = "2.7.6".freeze
+ s.rubygems_version = "3.0.0.beta1".freeze
s.summary = "OpenSSL provides SSL, TLS and general purpose cryptography.".freeze
if s.respond_to? :specification_version then
s.specification_version = 4
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+ s.add_runtime_dependency(%q<ipaddr>.freeze, [">= 0"])
s.add_development_dependency(%q<rake>.freeze, [">= 0"])
s.add_development_dependency(%q<rake-compiler>.freeze, [">= 0"])
s.add_development_dependency(%q<test-unit>.freeze, ["~> 3.0"])
s.add_development_dependency(%q<rdoc>.freeze, [">= 0"])
else
+ s.add_dependency(%q<ipaddr>.freeze, [">= 0"])
s.add_dependency(%q<rake>.freeze, [">= 0"])
s.add_dependency(%q<rake-compiler>.freeze, [">= 0"])
s.add_dependency(%q<test-unit>.freeze, ["~> 3.0"])
s.add_dependency(%q<rdoc>.freeze, [">= 0"])
end
else
+ s.add_dependency(%q<ipaddr>.freeze, [">= 0"])
s.add_dependency(%q<rake>.freeze, [">= 0"])
s.add_dependency(%q<rake-compiler>.freeze, [">= 0"])
s.add_dependency(%q<test-unit>.freeze, ["~> 3.0"])
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 763aa51..69a7df7 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -27,9 +27,6 @@ int ossl_EC_curve_nist2nid(const char *);
#if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
# define X509_STORE_CTX_get0_store(x) ((x)->ctx)
-#elif defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL
-/* old LibreSSL provides this function but lacks the declaration */
-X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *xs);
#endif
#if !defined(HAVE_SSL_IS_SERVER)
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 7b6c973..ab45bd8 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -1824,6 +1824,7 @@ do{\
rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
class_tag_map = rb_hash_new();
+ rb_global_variable(&class_tag_map);
rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
@@ -1847,7 +1848,6 @@ do{\
rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
- rb_global_variable(&class_tag_map);
id_each = rb_intern_const("each");
}
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index 79ba0bd..28010c8 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -803,9 +803,9 @@ ossl_pkcs7_decrypt(int argc, VALUE *argv, VALUE self)
BIO *out;
VALUE str;
- rb_scan_args(argc, argv, "21", &pkey, &cert, &flags);
+ rb_scan_args(argc, argv, "12", &pkey, &cert, &flags);
key = GetPrivPKeyPtr(pkey); /* NO NEED TO DUP */
- x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
+ x509 = NIL_P(cert) ? NULL : GetX509CertPtr(cert); /* NO NEED TO DUP */
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
GetPKCS7(self, p7);
if(!(out = BIO_new(BIO_s_mem())))
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index dbde857..e1fffb2 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -20,6 +20,21 @@ static ID id_private_q;
/*
* callback for generating keys
*/
+static VALUE
+call_check_ints0(VALUE arg)
+{
+ rb_thread_check_ints();
+ return Qnil;
+}
+
+static void *
+call_check_ints(void *arg)
+{
+ int state;
+ rb_protect(call_check_ints0, Qnil, &state);
+ return (void *)(VALUE)state;
+}
+
int
ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
{
@@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
*/
rb_protect(rb_yield, ary, &state);
if (state) {
- arg->stop = 1;
arg->state = state;
+ return 0;
+ }
+ }
+ if (arg->interrupted) {
+ arg->interrupted = 0;
+ state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
+ if (state) {
+ arg->state = state;
+ return 0;
}
}
- if (arg->stop) return 0;
return 1;
}
@@ -50,7 +72,7 @@ void
ossl_generate_cb_stop(void *ptr)
{
struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
- arg->stop = 1;
+ arg->interrupted = 1;
}
static void
diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h
index 2b17bf5..a2a9fc0 100644
--- a/ext/openssl/ossl_pkey.h
+++ b/ext/openssl/ossl_pkey.h
@@ -37,7 +37,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
struct ossl_generate_cb_arg {
int yield;
- int stop;
+ int interrupted;
int state;
};
int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index 0f16736..5869d63 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -250,14 +250,12 @@ ossl_x509name_to_s_old(VALUE self)
{
X509_NAME *name;
char *buf;
- VALUE str;
GetX509Name(self, name);
buf = X509_NAME_oneline(name, NULL, 0);
- str = rb_str_new2(buf);
- OPENSSL_free(buf);
-
- return str;
+ if (!buf)
+ ossl_raise(eX509NameError, "X509_NAME_oneline");
+ return ossl_buf2str(buf, rb_long2int(strlen(buf)));
}
static VALUE
@@ -265,12 +263,14 @@ x509name_print(VALUE self, unsigned long iflag)
{
X509_NAME *name;
BIO *out;
+ int ret;
GetX509Name(self, name);
out = BIO_new(BIO_s_mem());
if (!out)
ossl_raise(eX509NameError, NULL);
- if (!X509_NAME_print_ex(out, name, 0, iflag)) {
+ ret = X509_NAME_print_ex(out, name, 0, iflag);
+ if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
BIO_free(out);
ossl_raise(eX509NameError, "X509_NAME_print_ex");
}
diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
index 149d3b9..6437112 100644
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@@ -133,6 +133,8 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
assert_equal(3, recip[1].serial)
assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
+
+ assert_equal(data, p7.decrypt(@rsa1024))
end
def test_graceful_parsing_failure #[ruby-core:43250]
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 3b063d2..b801667 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -47,6 +47,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_equal 2, ssl.peer_cert_chain.size
assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der
assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock&.close
@@ -65,6 +67,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_equal @svr_cert.subject, ssl.peer_cert.subject
assert_equal [@svr_cert.subject, @ca_cert.subject],
ssl.peer_cert_chain.map(&:subject)
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end
@@ -157,6 +161,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ssl.close
assert_not_predicate sock, :closed?
ensure
@@ -168,6 +173,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.sync_close = true # !!
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ssl.close
assert_predicate sock, :closed?
ensure
@@ -259,7 +265,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
client_ca_from_server = sslconn.client_ca
[@cli_cert, @cli_key]
end
- server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) }
+ server_connect(port, ctx) { |ssl|
+ assert_equal([@ca], client_ca_from_server)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
}
end
@@ -356,21 +365,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
}
start_server { |port|
- sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.verify_callback = Proc.new do |preverify_ok, store_ctx|
store_ctx.error = OpenSSL::X509::V_OK
true
end
- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
- ssl.sync_close = true
- begin
- ssl.connect
+ server_connect(port, ctx) { |ssl|
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
- ensure
- ssl.close
- end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
}
start_server(ignore_listener_error: true) { |port|
@@ -455,6 +459,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert(ssl.post_connection_check("localhost"))
@@ -476,6 +482,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
@svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert(ssl.post_connection_check("localhost.localdomain"))
assert(ssl.post_connection_check("127.0.0.1"))
assert_raise(sslerr){ssl.post_connection_check("localhost")}
@@ -496,6 +504,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
@svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key)
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert(ssl.post_connection_check("localhost.localdomain"))
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert_raise(sslerr){ssl.post_connection_check("localhost")}
@@ -516,8 +526,12 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, "www.example.com\0.evil.com"))
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255'))
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1'))
- assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17'))
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13::17'))
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::18'))
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17'))
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '44:0:0:0:0:0:0:17'))
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '0013:0000:0000:0000:0000:0000:0000:0017'))
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '1313:0000:0000:0000:0000:0000:0000:0017'))
end
end
@@ -722,6 +736,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl.connect
assert_equal @cli_cert.serial, ssl.peer_cert.serial
assert_predicate fooctx, :frozen?
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock.close
@@ -733,6 +749,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl.hostname = "bar.example.com"
ssl.connect
assert_equal @svr_cert.serial, ssl.peer_cert.serial
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock.close
@@ -805,7 +823,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.hostname = name
if expected_ok
- assert_nothing_raised { ssl.connect }
+ ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
else
assert_handshake_error { ssl.connect }
end
@@ -879,7 +898,9 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) do |port|
begin
- server_connect(port) { }
+ server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
rescue OpenSSL::SSL::SSLError, Errno::ECONNRESET
else
supported << ver
@@ -937,6 +958,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
if ver == cver
server_connect(port, ctx1) { |ssl|
assert_equal vmap[cver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
else
assert_handshake_error { server_connect(port, ctx1) { } }
@@ -950,6 +972,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
if ver == cver
server_connect(port, ctx2) { |ssl|
assert_equal vmap[cver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
else
assert_handshake_error { server_connect(port, ctx2) { } }
@@ -962,6 +985,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ctx3.min_version = ctx3.max_version = nil
server_connect(port, ctx3) { |ssl|
assert_equal vmap[ver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -980,6 +1004,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ctx1.min_version = cver
server_connect(port, ctx1) { |ssl|
assert_equal vmap[supported.last][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
# Client sets max_version
@@ -988,6 +1013,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
if cver >= sver
server_connect(port, ctx2) { |ssl|
assert_equal vmap[cver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
else
assert_handshake_error { server_connect(port, ctx2) { } }
@@ -1006,6 +1032,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
if cver <= sver
server_connect(port, ctx1) { |ssl|
assert_equal vmap[sver][:name], ssl.ssl_version
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
else
assert_handshake_error { server_connect(port, ctx1) { } }
@@ -1020,6 +1047,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
else
assert_equal vmap[cver][:name], ssl.ssl_version
end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
}
@@ -1086,6 +1114,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
start_server_version(:SSLv23, ctx_proc) { |port|
server_connect(port) { |ssl|
assert_equal(1, num_handshakes)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -1104,6 +1133,7 @@ if openssl?(1, 0, 2) || libressl?
ctx.alpn_protocols = advertised
server_connect(port, ctx) { |ssl|
assert_equal(advertised.first, ssl.alpn_protocol)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -1226,14 +1256,11 @@ end
end
def test_close_after_socket_close
- server_proc = proc { |ctx, ssl|
- # Do nothing
- }
- start_server(server_proc: server_proc) { |port|
+ start_server { |port|
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
- ssl.sync_close = true
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
sock.close
assert_nothing_raised do
ssl.close
@@ -1298,6 +1325,7 @@ end
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
server_connect(port, ctx) { |ssl|
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end
@@ -1440,6 +1468,7 @@ end
assert_equal "secp384r1", ssl.tmp_key.group.curve_name
end
end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
if openssl?(1, 0, 2) || libressl?(2, 5, 1)
@@ -1455,6 +1484,7 @@ end
server_connect(port, ctx) { |ssl|
assert_equal "secp521r1", ssl.tmp_key.group.curve_name
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
index 7b0f9ac..e199f86 100644
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@@ -113,6 +113,7 @@ __EOS__
non_resumable = nil
start_server { |port|
server_connect_with_session(port, nil, nil) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
non_resumable = ssl.session
}
}
diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb
index 2d92e64..aca2d36 100644
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@@ -371,6 +371,12 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
assert_equal "DC = org, DC = ruby-lang, " \
"CN = \"\\E3\\83\\95\\E3\\83\\BC, \\E3\\83\\90\\E3\\83\\BC\"",
name.to_s(OpenSSL::X509::Name::ONELINE)
+
+ empty = OpenSSL::X509::Name.new
+ assert_equal "", empty.to_s
+ assert_equal "", empty.to_s(OpenSSL::X509::Name::COMPAT)
+ assert_equal "", empty.to_s(OpenSSL::X509::Name::RFC2253)
+ assert_equal "", empty.to_s(OpenSSL::X509::Name::ONELINE)
end
def test_to_utf8
@@ -386,6 +392,9 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
expected = "CN=フー\\, バー,DC=ruby-lang,DC=org".force_encoding("UTF-8")
assert_equal expected, str
assert_equal Encoding.find("UTF-8"), str.encoding
+
+ empty = OpenSSL::X509::Name.new
+ assert_equal "", empty.to_utf8
end
def test_equals2