diff options
Diffstat (limited to 'test/openssl/test_ssl.rb')
-rw-r--r-- | test/openssl/test_ssl.rb | 82 |
1 files changed, 80 insertions, 2 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index db76f1dc4c..1471b0cb36 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -117,6 +117,30 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end + def test_socket_close_write + server_proc = proc do |ctx, ssl| + message = ssl.read + ssl.write(message) + ssl.close_write + ensure + ssl.close + end + + start_server(server_proc: server_proc) do |port| + ctx = OpenSSL::SSL::SSLContext.new + ssl = OpenSSL::SSL::SSLSocket.open("127.0.0.1", port, context: ctx) + ssl.sync_close = true + ssl.connect + + message = "abc"*1024 + ssl.write message + ssl.close_write + assert_equal message, ssl.read + ensure + ssl&.close + end + end + def test_add_certificate ctx_proc = -> ctx { # Unset values set by start_server @@ -193,6 +217,24 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end + def test_read_with_timeout + omit "does not support timeout" unless IO.method_defined?(:timeout) + + start_server do |port| + server_connect(port) do |ssl| + str = +("x" * 100 + "\n") + ssl.syswrite(str) + assert_equal(str, ssl.sysread(str.bytesize)) + + ssl.timeout = 1 + assert_raise(IO::TimeoutError) {ssl.read(1)} + + ssl.syswrite(str) + assert_equal(str, ssl.sysread(str.bytesize)) + end + end + end + def test_getbyte start_server { |port| server_connect(port) { |ssl| @@ -481,6 +523,40 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end + def test_ca_file + start_server(ignore_listener_error: true) { |port| + # X509_STORE is shared; setting ca_file to SSLContext affects store + store = OpenSSL::X509::Store.new + assert_equal false, store.verify(@svr_cert) + + ctx = Tempfile.create("ca_cert.pem") { |f| + f.puts(@ca_cert.to_pem) + f.close + + ctx = OpenSSL::SSL::SSLContext.new + ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER + ctx.cert_store = store + ctx.ca_file = f.path + ctx.setup + ctx + } + assert_nothing_raised { + server_connect(port, ctx) { |ssl| ssl.puts("abc"); ssl.gets } + } + assert_equal true, store.verify(@svr_cert) + } + end + + def test_ca_file_not_found + path = Tempfile.create("ca_cert.pem") { |f| f.path } + ctx = OpenSSL::SSL::SSLContext.new + ctx.ca_file = path + # OpenSSL >= 1.1.0: /no certificate or crl found/ + assert_raise(OpenSSL::SSL::SSLError) { + ctx.setup + } + end + def test_finished_messages server_finished = nil server_peer_finished = nil @@ -639,7 +715,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal(true, OpenSSL::SSL.verify_wildcard("xn--qdk4b9b", "xn--qdk4b9b")) end - # Comments in this test is excerpted from http://tools.ietf.org/html/rfc6125#page-27 + # Comments in this test is excerpted from https://www.rfc-editor.org/rfc/rfc6125#page-27 def test_post_connection_check_wildcard_san # case-insensitive ASCII comparison # RFC 6125, section 6.4.1 @@ -1046,7 +1122,9 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase start_server(ignore_listener_error: true) { |port| ctx = OpenSSL::SSL::SSLContext.new ctx.set_params - assert_raise_with_message(OpenSSL::SSL::SSLError, /certificate/) { + # OpenSSL <= 1.1.0: "self signed certificate in certificate chain" + # OpenSSL >= 3.0.0: "self-signed certificate in certificate chain" + assert_raise_with_message(OpenSSL::SSL::SSLError, /self.signed/) { server_connect(port, ctx) } } |