diff options
Diffstat (limited to 'test/net/http/test_https.rb')
| -rw-r--r-- | test/net/http/test_https.rb | 79 |
1 files changed, 49 insertions, 30 deletions
diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb index 72a69af1a5..7b97e39586 100644 --- a/test/net/http/test_https.rb +++ b/test/net/http/test_https.rb @@ -1,8 +1,10 @@ # frozen_string_literal: false require "test/unit" -require_relative "utils" begin require 'net/https' + require 'stringio' + require 'timeout' + require File.expand_path("utils", File.dirname(__FILE__)) rescue LoadError # should skip this test end @@ -14,8 +16,6 @@ class TestNetHTTPS < Test::Unit::TestCase File.read(File.expand_path("../fixtures/#{key}", __dir__)) end - HOST = 'localhost' - HOST_IP = '127.0.0.1' CA_CERT = OpenSSL::X509::Certificate.new(read_fixture("cacert.pem")) SERVER_KEY = OpenSSL::PKey.read(read_fixture("server.key")) SERVER_CERT = OpenSSL::X509::Certificate.new(read_fixture("server.crt")) @@ -23,7 +23,7 @@ class TestNetHTTPS < Test::Unit::TestCase TEST_STORE = OpenSSL::X509::Store.new.tap {|s| s.add_cert(CA_CERT) } CONFIG = { - 'host' => HOST, + 'host' => '127.0.0.1', 'proxy_host' => nil, 'proxy_port' => nil, 'ssl_enable' => true, @@ -33,7 +33,7 @@ class TestNetHTTPS < Test::Unit::TestCase } def test_get - http = Net::HTTP.new(HOST, config("port")) + http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true http.cert_store = TEST_STORE certs = [] @@ -45,13 +45,15 @@ class TestNetHTTPS < Test::Unit::TestCase assert_equal($test_net_http_data, res.body) } # TODO: OpenSSL 1.1.1h seems to yield only SERVER_CERT; need to check the incompatibility - certs.zip([CA_CERT, SERVER_CERT][-certs.size..-1]) do |actual, expected| + certs.zip([CA_CERT, SERVER_CERT][-certs.size..]) do |actual, expected| assert_equal(expected.to_der, actual.to_der) end + rescue SystemCallError + skip $! end def test_get_SNI - http = Net::HTTP.new(HOST, config("port")) + http = Net::HTTP.new("localhost", config("port")) http.ipaddr = config('host') http.use_ssl = true http.cert_store = TEST_STORE @@ -64,16 +66,16 @@ class TestNetHTTPS < Test::Unit::TestCase assert_equal($test_net_http_data, res.body) } # TODO: OpenSSL 1.1.1h seems to yield only SERVER_CERT; need to check the incompatibility - certs.zip([CA_CERT, SERVER_CERT][-certs.size..-1]) do |actual, expected| + certs.zip([CA_CERT, SERVER_CERT][-certs.size..]) do |actual, expected| assert_equal(expected.to_der, actual.to_der) end end def test_get_SNI_proxy - TCPServer.open(HOST_IP, 0) {|serv| + TCPServer.open("127.0.0.1", 0) {|serv| _, port, _, _ = serv.addr client_thread = Thread.new { - proxy = Net::HTTP.Proxy(HOST_IP, port, 'user', 'password') + proxy = Net::HTTP.Proxy("127.0.0.1", port, 'user', 'password') http = proxy.new("foo.example.org", 8000) http.ipaddr = "192.0.2.1" http.use_ssl = true @@ -125,21 +127,28 @@ class TestNetHTTPS < Test::Unit::TestCase end def test_post - http = Net::HTTP.new(HOST, config("port")) + http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true http.cert_store = TEST_STORE data = config('ssl_private_key').to_der http.request_post("/", data, {'content-type' => 'application/x-www-form-urlencoded'}) {|res| assert_equal(data, res.body) } + rescue SystemCallError + skip $! end def test_session_reuse # FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h. # See https://github.com/openssl/openssl/pull/5967 for details. - omit if OpenSSL::OPENSSL_LIBRARY_VERSION.include?('OpenSSL 1.1.0h') + skip if OpenSSL::OPENSSL_LIBRARY_VERSION =~ /OpenSSL 1.1.0h/ - http = Net::HTTP.new(HOST, config("port")) + # FIXME: GitHub Actions for MinGW failed. Maybe it's because of OpenSSL on MiNGW + if /mingw/ =~ RUBY_PLATFORM + skip "Skip net/https test using openssl on MinGW" + end + + http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true http.cert_store = TEST_STORE @@ -152,23 +161,25 @@ class TestNetHTTPS < Test::Unit::TestCase end http.start - session_reused = http.instance_variable_get(:@socket).io.session_reused? - assert_false session_reused unless session_reused.nil? # can not detect re-use under JRuby http.get("/") http.finish http.start - session_reused = http.instance_variable_get(:@socket).io.session_reused? - assert_true session_reused unless session_reused.nil? # can not detect re-use under JRuby - assert_equal $test_net_http_data, http.get("/").body + http.get("/") + + socket = http.instance_variable_get(:@socket).io + assert_equal true, socket.session_reused? + http.finish + rescue SystemCallError + skip $! end def test_session_reuse_but_expire # FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h. - omit if OpenSSL::OPENSSL_LIBRARY_VERSION.include?('OpenSSL 1.1.0h') + skip if OpenSSL::OPENSSL_LIBRARY_VERSION =~ /OpenSSL 1.1.0h/ - http = Net::HTTP.new(HOST, config("port")) + http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true http.cert_store = TEST_STORE @@ -184,6 +195,8 @@ class TestNetHTTPS < Test::Unit::TestCase assert_equal false, socket.session_reused? http.finish + rescue SystemCallError + skip $! end if ENV["RUBY_OPENSSL_TEST_ALL"] @@ -198,12 +211,14 @@ class TestNetHTTPS < Test::Unit::TestCase end def test_verify_none - http = Net::HTTP.new(HOST, config("port")) + http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE http.request_get("/") {|res| assert_equal($test_net_http_data, res.body) } + rescue SystemCallError + skip $! end def test_skip_hostname_verification @@ -232,10 +247,14 @@ class TestNetHTTPS < Test::Unit::TestCase end def test_certificate_verify_failure - http = Net::HTTP.new(HOST, config("port")) + http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true ex = assert_raise(OpenSSL::SSL::SSLError){ - http.request_get("/") {|res| } + begin + http.request_get("/") {|res| } + rescue SystemCallError + skip $! + end } assert_match(/certificate verify failed/, ex.message) unless /mswin|mingw/ =~ RUBY_PLATFORM @@ -250,14 +269,14 @@ class TestNetHTTPS < Test::Unit::TestCase def test_identity_verify_failure # the certificate's subject has CN=localhost - http = Net::HTTP.new(HOST_IP, config("port")) + http = Net::HTTP.new("127.0.0.1", config("port")) http.use_ssl = true http.cert_store = TEST_STORE @log_tester = lambda {|_| } ex = assert_raise(OpenSSL::SSL::SSLError){ http.request_get("/") {|res| } } - re_msg = /certificate verify failed|hostname \"#{HOST_IP}\" does not match/ + re_msg = /certificate verify failed|hostname \"127.0.0.1\" does not match/ assert_match(re_msg, ex.message) end @@ -265,10 +284,10 @@ class TestNetHTTPS < Test::Unit::TestCase bug4246 = "expected the SSL connection to have timed out but have not. [ruby-core:34203]" # listen for connections... but deliberately do not complete SSL handshake - TCPServer.open(HOST, 0) {|server| + TCPServer.open('localhost', 0) {|server| port = server.addr[1] - conn = Net::HTTP.new(HOST, port) + conn = Net::HTTP.new('localhost', port) conn.use_ssl = true conn.read_timeout = 0.01 conn.open_timeout = 0.01 @@ -283,7 +302,7 @@ class TestNetHTTPS < Test::Unit::TestCase end def test_min_version - http = Net::HTTP.new(HOST, config("port")) + http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true http.min_version = :TLS1 http.cert_store = TEST_STORE @@ -293,7 +312,7 @@ class TestNetHTTPS < Test::Unit::TestCase end def test_max_version - http = Net::HTTP.new(HOST_IP, config("port")) + http = Net::HTTP.new("127.0.0.1", config("port")) http.use_ssl = true http.max_version = :SSL2 http.verify_callback = Proc.new do |preverify_ok, store_ctx| @@ -303,7 +322,7 @@ class TestNetHTTPS < Test::Unit::TestCase ex = assert_raise(OpenSSL::SSL::SSLError){ http.request_get("/") {|res| } } - re_msg = /\ASSL_connect returned=1 errno=0 |SSL_CTX_set_max_proto_version|No appropriate protocol/ + re_msg = /\ASSL_connect returned=1 errno=0 |SSL_CTX_set_max_proto_version/ assert_match(re_msg, ex.message) end |