9 files changed, 374 insertions, 0 deletions

diff --git a/ruby_1_8_6/test/soap/ssl/README b/ruby_1_8_6/test/soap/ssl/README
new file mode 100644
index 0000000000..98ebcf7c23
--- /dev/null
+++ b/ruby_1_8_6/test/soap/ssl/README
@@ -0,0 +1 @@
+* certificates and keys in this directory is copied from http-access2 test.
diff --git a/ruby_1_8_6/test/soap/ssl/ca.cert b/ruby_1_8_6/test/soap/ssl/ca.cert
new file mode 100644
index 0000000000..bcabbee4ad
--- /dev/null
+++ b/ruby_1_8_6/test/soap/ssl/ca.cert
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
+MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
+DTA0MDEzMDAwNDIzMloXDTM2MDEyMjAwNDIzMlowPDELMAkGA1UEBgwCSlAxEjAQ
+BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQswCQYDVQQDDAJDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbv0x42BTKFEQOE+KJ2XmiSdZpR
+wjzQLAkPLRnLB98tlzs4xo+y4RyY/rd5TT9UzBJTIhP8CJi5GbS1oXEerQXB3P0d
+L5oSSMwGGyuIzgZe5+vZ1kgzQxMEKMMKlzA73rbMd4Jx3u5+jdbP0EDrPYfXSvLY
+bS04n2aX7zrN3x5KdDrNBfwBio2/qeaaj4+9OxnwRvYP3WOvqdW0h329eMfHw0pi
+JI0drIVdsEqClUV4pebT/F+CPUPkEh/weySgo9wANockkYu5ujw2GbLFcO5LXxxm
+dEfcVr3r6t6zOA4bJwL0W/e6LBcrwiG/qPDFErhwtgTLYf6Er67SzLyA66UCAwEA
+AaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09w
+ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJ7Xd380KzBV7f
+USKIQ+O/vKbhDzAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0wW4AUSe13d/NCswVe
+31EiiEPjv7ym4Q+hQKQ+MDwxCzAJBgNVBAYMAkpQMRIwEAYDVQQKDAlKSU4uR1Iu
+SlAxDDAKBgNVBAsMA1JSUjELMAkGA1UEAwwCQ0GCAQAwDQYJKoZIhvcNAQEFBQAD
+ggEBAIu/mfiez5XN5tn2jScgShPgHEFJBR0BTJBZF6xCk0jyqNx/g9HMj2ELCuK+
+r/Y7KFW5c5M3AQ+xWW0ZSc4kvzyTcV7yTVIwj2jZ9ddYMN3nupZFgBK1GB4Y05GY
+MJJFRkSu6d/Ph5ypzBVw2YMT/nsOo5VwMUGLgS7YVjU+u/HNWz80J3oO17mNZllj
+PvORJcnjwlroDnS58KoJ7GDgejv3ESWADvX1OHLE4cRkiQGeLoEU4pxdCxXRqX0U
+PbwIkZN9mXVcrmPHq8MWi4eC/V7hnbZETMHuWhUoiNdOEfsAXr3iP4KjyyRdwc7a
+d/xgcK06UVQRL/HbEYGiQL056mc=
+-----END CERTIFICATE-----
diff --git a/ruby_1_8_6/test/soap/ssl/client.cert b/ruby_1_8_6/test/soap/ssl/client.cert
new file mode 100644
index 0000000000..ad13c4b735
--- /dev/null
+++ b/ruby_1_8_6/test/soap/ssl/client.cert
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKDCCAhCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
+MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
+DTA0MDEzMTAzMTQ1OFoXDTM1MDEyMzAzMTQ1OFowZTELMAkGA1UEBgwCSlAxEjAQ
+BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMRAwDgYDVQQDDAdleGFtcGxl
+MSIwIAYJKoZIhvcNAQkBDBNleGFtcGxlQGV4YW1wbGUub3JnMIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDRWssrK8Gyr+500hpLjCGR3+AHL8/hEJM5zKi/MgLW
+jTkvsgOwbYwXOiNtAbR9y4/ucDq7EY+cMUMHES4uFaPTcOaAV0aZRmk8AgslN1tQ
+gNS6ew7/Luq3DcVeWkX8PYgR9VG0mD1MPfJ6+IFA5d3vKpdBkBgN4l46jjO0/2Xf
+ewIDAQABo4GPMIGMMAwGA1UdEwEB/wQCMAAwMQYJYIZIAYb4QgENBCQWIlJ1Ynkv
+T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOFvay0H7lr2
+xUx6waYEV2bVDYQhMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
+KwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADggEBABd2dYWqbDIWf5sWFvslezxJv8gI
+w64KCJBuyJAiDuf+oazr3016kMzAlt97KecLZDusGNagPrq02UX7YMoQFsWJBans
+cDtHrkM0al5r6/WGexNMgtYbNTYzt/IwodISGBgZ6dsOuhznwms+IBsTNDAvWeLP
+lt2tOqD8kEmjwMgn0GDRuKjs4EoboA3kMULb1p9akDV9ZESU3eOtpS5/G5J5msLI
+9WXbYBjcjvkLuJH9VsJhb+R58Vl0ViemvAHhPilSl1SPWVunGhv6FcIkdBEi1k9F
+e8BNMmsEjFiANiIRvpdLRbiGBt0KrKTndVfsmoKCvY48oCOvnzxtahFxfs8=
+-----END CERTIFICATE-----
diff --git a/ruby_1_8_6/test/soap/ssl/client.key b/ruby_1_8_6/test/soap/ssl/client.key
new file mode 100644
index 0000000000..37bc62f259
--- /dev/null
+++ b/ruby_1_8_6/test/soap/ssl/client.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDRWssrK8Gyr+500hpLjCGR3+AHL8/hEJM5zKi/MgLWjTkvsgOw
+bYwXOiNtAbR9y4/ucDq7EY+cMUMHES4uFaPTcOaAV0aZRmk8AgslN1tQgNS6ew7/
+Luq3DcVeWkX8PYgR9VG0mD1MPfJ6+IFA5d3vKpdBkBgN4l46jjO0/2XfewIDAQAB
+AoGAZcz8llWErtsV3QB9gNb3S/PNADGjqBFjReva8n3jG2k4sZSibpwWTwUaTNtT
+ZQgjSRKRvH1hk9XwffNAvXAQZNNkuj/16gO2oO45nyLj4dO365ujLptWnVIWDHOE
+uN0GeiZO+VzcCisT0WCq4tvtLeH8svrxzA8cbXIEyOK7NiECQQDwo2zPFyKAZ/Cu
+lDJ6zKT+RjfWwW7DgWzirAlTrt4ViMaW+IaDH29TmQpb4V4NuR3Xi+2Xl4oicu6S
+36TW9+/FAkEA3rgfOQJuLlWSnw1RTGwvnC816a/W7iYYY7B+0U4cDbfWl7IoXT4y
+M8nV/HESooviZLqBwzAYSoj3fFKYBKpGPwJAUO8GN5iWWA2dW3ooiDiv/X1sZmRk
+dojfMFWgRW747tEzya8Ivq0h6kH8w+5GjeMG8Gn1nRiwsulo6Ckj7dEx6QJACyui
+7UIQ8qP6GZ4aYMHgVW4Mvy7Bkeo5OO7GPYs0Xv/EdJFL8vlGnVBXOjUVoS9w6Gpu
+TbLg1QQvnX2rADjmEwJANxZO2GUkaWGsEif8aGW0x5g/IdaMGG27pTWk5zqix7P3
+1UDrdo/JOXhptovhRi06EppIxAxYmbh9vd9VN8Itlw==
+-----END RSA PRIVATE KEY-----
diff --git a/ruby_1_8_6/test/soap/ssl/server.cert b/ruby_1_8_6/test/soap/ssl/server.cert
new file mode 100644
index 0000000000..998ccc5892
--- /dev/null
+++ b/ruby_1_8_6/test/soap/ssl/server.cert
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGDAJKUDES
+MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxDjAMBgNVBAMMBVN1YkNB
+MB4XDTA0MDEzMTAzMTMxNloXDTMzMDEyMzAzMTMxNlowQzELMAkGA1UEBgwCSlAx
+EjAQBgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMRIwEAYDVQQDDAlsb2Nh
+bGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANFJTxWqup3nV9dsJAku
+p+WaXnPNIzcpAA3qMGZDJTJsfa8Du7ZxTP0XJK5mETttBrn711cJxAuP3KjqnW9S
+vtZ9lY2sXJ6Zj62sN5LwG3VVe25dI28yR1EsbHjJ5Zjf9tmggMC6am52dxuHbt5/
+vHo4ngJuKE/U+eeGRivMn6gFAgMBAAGjgYUwgYIwDAYDVR0TAQH/BAIwADAxBglg
+hkgBhvhCAQ0EJBYiUnVieS9PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUpZIyygD9JxFYHHOTEuWOLbCKfckwCwYDVR0PBAQDAgWgMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBwAIj5SaBHaA5X31IP
+CFCJiep96awfp7RANO0cuUj+ZpGoFn9d6FXY0g+Eg5wAkCNIzZU5NHN9xsdOpnUo
+zIBbyTfQEPrge1CMWMvL6uGaoEXytq84VTitF/xBTky4KtTn6+es4/e7jrrzeUXQ
+RC46gkHObmDT91RkOEGjHLyld2328jo3DIN/VTHIryDeVHDWjY5dENwpwdkhhm60
+DR9IrNBbXWEe9emtguNXeN0iu1ux0lG1Hc6pWGQxMlRKNvGh0yZB9u5EVe38tOV0
+jQaoNyL7qzcQoXD3Dmbi1p0iRmg/+HngISsz8K7k7MBNVsSclztwgCzTZOBiVtkM
+rRlQ
+-----END CERTIFICATE-----
diff --git a/ruby_1_8_6/test/soap/ssl/server.key b/ruby_1_8_6/test/soap/ssl/server.key
new file mode 100644
index 0000000000..9ba2218a03
--- /dev/null
+++ b/ruby_1_8_6/test/soap/ssl/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDRSU8Vqrqd51fXbCQJLqflml5zzSM3KQAN6jBmQyUybH2vA7u2
+cUz9FySuZhE7bQa5+9dXCcQLj9yo6p1vUr7WfZWNrFyemY+trDeS8Bt1VXtuXSNv
+MkdRLGx4yeWY3/bZoIDAumpudncbh27ef7x6OJ4CbihP1PnnhkYrzJ+oBQIDAQAB
+AoGBAIf4CstW2ltQO7+XYGoex7Hh8s9lTSW/G2vu5Hbr1LTHy3fzAvdq8MvVR12O
+rk9fa+lU9vhzPc0NMB0GIDZ9GcHuhW5hD1Wg9OSCbTOkZDoH3CAFqonjh4Qfwv5W
+IPAFn9KHukdqGXkwEMdErsUaPTy9A1V/aROVEaAY+HJgq/eZAkEA/BP1QMV04WEZ
+Oynzz7/lLizJGGxp2AOvEVtqMoycA/Qk+zdKP8ufE0wbmCE3Qd6GoynavsHb6aGK
+gQobb8zDZwJBANSK6MrXlrZTtEaeZuyOB4mAmRzGzOUVkUyULUjEx2GDT93ujAma
+qm/2d3E+wXAkNSeRpjUmlQXy/2oSqnGvYbMCQQDRM+cYyEcGPUVpWpnj0shrF/QU
+9vSot/X1G775EMTyaw6+BtbyNxVgOIu2J+rqGbn3c+b85XqTXOPL0A2RLYkFAkAm
+syhSDtE9X55aoWsCNZY/vi+i4rvaFoQ/WleogVQAeGVpdo7/DK9t9YWoFBIqth0L
+mGSYFu9ZhvZkvQNV8eYrAkBJ+rOIaLDsmbrgkeDruH+B/9yrm4McDtQ/rgnOGYnH
+LjLpLLOrgUxqpzLWe++EwSLwK2//dHO+SPsQJ4xsyQJy
+-----END RSA PRIVATE KEY-----
diff --git a/ruby_1_8_6/test/soap/ssl/sslsvr.rb b/ruby_1_8_6/test/soap/ssl/sslsvr.rb
new file mode 100644
index 0000000000..4f67eb9485
--- /dev/null
+++ b/ruby_1_8_6/test/soap/ssl/sslsvr.rb
@@ -0,0 +1,57 @@
+require 'webrick/https'
+require 'logger'
+require 'rbconfig'
+
+require 'soap/rpc/httpserver'
+
+class HelloWorldServer < SOAP::RPC::HTTPServer
+private
+
+  def on_init
+    self.level = Logger::Severity::FATAL
+    @default_namespace = 'urn:ssltst'
+    add_method(self, 'hello_world', 'from')
+  end
+
+  def hello_world(from)
+    "Hello World, from #{ from }"
+  end
+end
+
+
+if $0 == __FILE__
+  PORT = 17171
+  DIR = File.dirname(File.expand_path(__FILE__))
+
+  def cert(filename)
+    OpenSSL::X509::Certificate.new(File.open(File.join(DIR, filename)) { |f|
+      f.read
+    })
+  end
+
+  def key(filename)
+    OpenSSL::PKey::RSA.new(File.open(File.join(DIR, filename)) { |f|
+      f.read
+    })
+  end
+
+  $server = HelloWorldServer.new(
+    :BindAddress => "0.0.0.0",
+    :Port => PORT,
+    :AccessLog => [],
+    :SSLEnable => true,
+    :SSLCACertificateFile => File.join(DIR, 'ca.cert'),
+    :SSLCertificate => cert('server.cert'),
+    :SSLPrivateKey => key('server.key'),
+    :SSLVerifyClient => nil, #OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT|OpenSSL::SSL::VERIFY_PEER,
+    :SSLClientCA => cert('ca.cert'),
+    :SSLCertName => nil
+  )
+  t = Thread.new {
+    Thread.current.abort_on_exception = true
+    $server.start
+  }
+  STDOUT.sync = true
+  puts $$
+  t.join
+end
diff --git a/ruby_1_8_6/test/soap/ssl/subca.cert b/ruby_1_8_6/test/soap/ssl/subca.cert
new file mode 100644
index 0000000000..1e471851b8
--- /dev/null
+++ b/ruby_1_8_6/test/soap/ssl/subca.cert
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
+MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
+DTA0MDEzMDAwNDMyN1oXDTM1MDEyMjAwNDMyN1owPzELMAkGA1UEBgwCSlAxEjAQ
+BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQ4wDAYDVQQDDAVTdWJDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0Ou7AyRcRXnB/kVHv/6kwe
+ANzgg/DyJfsAUqW90m7Lu1nqyug8gK0RBd77yU0w5HOAMHTVSdpjZK0g2sgx4Mb1
+d/213eL9TTl5MRVEChTvQr8q5DVG/8fxPPE7fMI8eOAzd98/NOAChk+80r4Sx7fC
+kGVEE1bKwY1MrUsUNjOY2d6t3M4HHV3HX1V8ShuKfsHxgCmLzdI8U+5CnQedFgkm
+3e+8tr8IX5RR1wA1Ifw9VadF7OdI/bGMzog/Q8XCLf+WPFjnK7Gcx6JFtzF6Gi4x
+4dp1Xl45JYiVvi9zQ132wu8A1pDHhiNgQviyzbP+UjcB/tsOpzBQF8abYzgEkWEC
+AwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAxBglghkgBhvhCAQ0EJBYiUnVieS9P
+cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlCjXWLsReYzH
+LzsxwVnCXmKoB/owCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJ/OyN
+rT8Cq2Y+G2yA/L1EMRvvxwFBqxavqaqHl/6rwsIBFlB3zbqGA/0oec6MAVnYynq4
+c4AcHTjx3bQ/S4r2sNTZq0DH4SYbQzIobx/YW8PjQUJt8KQdKMcwwi7arHP7A/Ha
+LKu8eIC2nsUBnP4NhkYSGhbmpJK+PFD0FVtD0ZIRlY/wsnaZNjWWcnWF1/FNuQ4H
+ySjIblqVQkPuzebv3Ror6ZnVDukn96Mg7kP4u6zgxOeqlJGRe1M949SS9Vudjl8X
+SF4aZUUB9pQGhsqQJVqaz2OlhGOp9D0q54xko/rekjAIcuDjl1mdX4F2WRrzpUmZ
+uY/bPeOBYiVsOYVe
+-----END CERTIFICATE-----
diff --git a/ruby_1_8_6/test/soap/ssl/test_ssl.rb b/ruby_1_8_6/test/soap/ssl/test_ssl.rb
new file mode 100644
index 0000000000..f0a1e18971
--- /dev/null
+++ b/ruby_1_8_6/test/soap/ssl/test_ssl.rb
@@ -0,0 +1,204 @@
+require 'test/unit'
+begin
+  require 'http-access2'
+rescue LoadError
+end
+require 'soap/rpc/driver'
+
+if defined?(HTTPAccess2) and defined?(OpenSSL)
+
+module SOAP; module SSL
+
+
+class TestSSL < Test::Unit::TestCase
+  PORT = 17171
+
+  DIR = File.dirname(File.expand_path(__FILE__))
+  require 'rbconfig'
+  RUBY = File.join(
+    Config::CONFIG["bindir"],
+    Config::CONFIG["ruby_install_name"] + Config::CONFIG["EXEEXT"]
+  )
+
+  def setup
+    @url = "https://localhost:#{PORT}/hello"
+    @serverpid = @client = nil
+    @verify_callback_called = false
+    setup_server
+    setup_client
+  end
+
+  def teardown
+    teardown_client
+    teardown_server
+  end
+
+  def test_options
+    cfg = @client.streamhandler.client.ssl_config
+    assert_nil(cfg.client_cert)
+    assert_nil(cfg.client_key)
+    assert_nil(cfg.client_ca)
+    assert_equal(OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT, cfg.verify_mode)
+    assert_nil(cfg.verify_callback)
+    assert_nil(cfg.timeout)
+    assert_equal(OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2, cfg.options)
+    assert_equal("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH", cfg.ciphers)
+    assert_instance_of(OpenSSL::X509::Store, cfg.cert_store)
+    # dummy call to ensure sslsvr initialization finished.
+    assert_raise(OpenSSL::SSL::SSLError) do
+      @client.hello_world("ssl client")
+    end
+  end
+
+  def test_verification
+    cfg = @client.options
+    cfg["protocol.http.ssl_config.verify_callback"] = method(:verify_callback).to_proc
+    @verify_callback_called = false
+    ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
+    assert_equal("certificate verify failed", ssle.message)
+    assert(@verify_callback_called)
+    #
+    cfg["protocol.http.ssl_config.client_cert"] = File.join(DIR, "client.cert")
+    cfg["protocol.http.ssl_config.client_key"] = File.join(DIR, "client.key")
+    @verify_callback_called = false
+    ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
+    assert_equal("certificate verify failed", ssle.message)
+    assert(@verify_callback_called)
+    #
+    cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "ca.cert")
+    @verify_callback_called = false
+    ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
+    assert_equal("certificate verify failed", ssle.message)
+    assert(@verify_callback_called)
+    #
+    cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "subca.cert")
+    @verify_callback_called = false
+    assert_equal("Hello World, from ssl client", @client.hello_world("ssl client"))
+    assert(@verify_callback_called)
+    #
+    cfg["protocol.http.ssl_config.verify_depth"] = "1"
+    @verify_callback_called = false
+    ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
+    assert_equal("certificate verify failed", ssle.message)
+    assert(@verify_callback_called)
+    #
+    cfg["protocol.http.ssl_config.verify_depth"] = ""
+    cfg["protocol.http.ssl_config.cert_store"] = OpenSSL::X509::Store.new
+    cfg["protocol.http.ssl_config.verify_mode"] = OpenSSL::SSL::VERIFY_PEER.to_s
+    ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
+    assert_equal("certificate verify failed", ssle.message)
+    #
+    cfg["protocol.http.ssl_config.verify_mode"] = ""
+    assert_equal("Hello World, from ssl client", @client.hello_world("ssl client"))
+  end
+
+  def test_property
+    testpropertyname = File.join(DIR, 'soapclient.properties')
+    File.open(testpropertyname, "w") do |f|
+      f <<<<__EOP__
+protocol.http.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER
+# depth: 1 causes an error (intentional)
+protocol.http.ssl_config.verify_depth = 1
+protocol.http.ssl_config.client_cert = #{File.join(DIR, 'client.cert')}
+protocol.http.ssl_config.client_key = #{File.join(DIR, 'client.key')}
+protocol.http.ssl_config.ca_file = #{File.join(DIR, 'ca.cert')}
+protocol.http.ssl_config.ca_file = #{File.join(DIR, 'subca.cert')}
+protocol.http.ssl_config.ciphers = ALL
+__EOP__
+    end
+    begin
+      @client.loadproperty(testpropertyname)
+      @client.options["protocol.http.ssl_config.verify_callback"] = method(:verify_callback).to_proc
+      @verify_callback_called = false
+      # NG with String
+      ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
+      assert_equal("certificate verify failed", ssle.message)
+      assert(@verify_callback_called)
+      # NG with Integer
+      @client.options["protocol.http.ssl_config.verify_depth"] = 0
+      ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
+      assert_equal("certificate verify failed", ssle.message)
+      assert(@verify_callback_called)
+      # OK with empty
+      @client.options["protocol.http.ssl_config.verify_depth"] = ""
+      @verify_callback_called = false
+      assert_equal("Hello World, from ssl client", @client.hello_world("ssl client"))
+      assert(@verify_callback_called)
+      # OK with nil
+      @client.options["protocol.http.ssl_config.verify_depth"] = nil
+      @verify_callback_called = false
+      assert_equal("Hello World, from ssl client", @client.hello_world("ssl client"))
+      assert(@verify_callback_called)
+      # OK with String
+      @client.options["protocol.http.ssl_config.verify_depth"] = "3"
+      @verify_callback_called = false
+      assert_equal("Hello World, from ssl client", @client.hello_world("ssl client"))
+      assert(@verify_callback_called)
+      # OK with Integer
+      @client.options["protocol.http.ssl_config.verify_depth"] = 3
+      @verify_callback_called = false
+      assert_equal("Hello World, from ssl client", @client.hello_world("ssl client"))
+      assert(@verify_callback_called)
+    ensure
+      File.unlink(testpropertyname)
+    end
+  end
+
+  def test_ciphers
+    cfg = @client.options
+    cfg["protocol.http.ssl_config.client_cert"] = File.join(DIR, 'client.cert')
+    cfg["protocol.http.ssl_config.client_key"] = File.join(DIR, 'client.key')
+    cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "ca.cert")
+    cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "subca.cert")
+    #cfg.timeout = 123
+    cfg["protocol.http.ssl_config.ciphers"] = "!ALL"
+    #
+    ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")}
+    # depends on OpenSSL version. (?:0.9.8|0.9.7)
+    assert_match(/\A(?:SSL_CTX_set_cipher_list:: no cipher match|no ciphers available)\z/, ssle.message)
+    #
+    cfg["protocol.http.ssl_config.ciphers"] = "ALL"
+    assert_equal("Hello World, from ssl client", @client.hello_world("ssl client"))
+  end
+
+private
+
+  def q(str)
+    %Q["#{str}"]
+  end
+
+  def setup_server
+    svrcmd = "#{q(RUBY)} "
+    #svrcmd << "-d " if $DEBUG
+    svrcmd << File.join(DIR, "sslsvr.rb")
+    svrout = IO.popen(svrcmd)
+    @serverpid = Integer(svrout.gets.chomp)
+  end
+
+  def setup_client
+    @client = SOAP::RPC::Driver.new(@url, 'urn:ssltst')
+    @client.add_method("hello_world", "from")
+  end
+
+  def teardown_server
+    if @serverpid
+      Process.kill('KILL', @serverpid)
+      Process.waitpid(@serverpid)
+    end
+  end
+
+  def teardown_client
+    @client.reset_stream if @client
+  end
+
+  def verify_callback(ok, cert)
+    @verify_callback_called = true
+    p ["client", ok, cert] if $DEBUG
+    ok
+  end
+end
+
+
+end; end
+
+end