diff options
Diffstat (limited to 'test/openssl')
| -rw-r--r-- | test/openssl/test_pkey_rsa.rb | 11 | ||||
| -rw-r--r-- | test/openssl/test_ssl.rb | 6 | ||||
| -rw-r--r-- | test/openssl/test_ssl_session.rb | 6 | ||||
| -rw-r--r-- | test/openssl/test_x509cert.rb | 9 |
4 files changed, 25 insertions, 7 deletions
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index b24f1d5509..93760f747e 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -242,6 +242,17 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase assert_equal pem, dup_public(RSA1024).export end + def test_pem_passwd + key = RSA1024 + pem3c = key.to_pem("aes-128-cbc", "key") + assert_match (/ENCRYPTED/), pem3c + assert_equal key.to_der, OpenSSL::PKey.read(pem3c, "key").to_der + assert_equal key.to_der, OpenSSL::PKey.read(pem3c) { "key" }.to_der + assert_raise(OpenSSL::PKey::PKeyError) { + OpenSSL::PKey.read(pem3c) { nil } + } + end + def test_dup key = OpenSSL::PKey::RSA.generate(256, 17) key2 = key.dup diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 1906656635..8c65df953d 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -350,7 +350,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode ciphers_names = ctx.ciphers.collect{|v, _, _, _| v } assert ciphers_names.all?{|v| /A(EC)?DH/ !~ v }, "anon ciphers are disabled" - assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES)/ !~ v }, "weak ciphers are disabled" + assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES(?!-EDE|-CBC3))/ !~ v }, "weak ciphers are disabled" assert_equal 0, ctx.options & OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) # >= 1.0.0 assert_equal OpenSSL::SSL::OP_NO_COMPRESSION, @@ -810,7 +810,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) && OpenSSL::SSL::SSLContex end -if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1 +if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) def test_tls_v1_1 start_server_version(:TLSv1_1) { |server, port| @@ -837,7 +837,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1 end -if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2 +if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1) def test_tls_v1_2 start_server_version(:TLSv1_2) { |server, port| diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index b2643edd8c..7a99dca5ed 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -48,7 +48,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM= Timeout.timeout(5) do start_server do |server, port| sock = TCPSocket.new("127.0.0.1", port) - ctx = OpenSSL::SSL::SSLContext.new("TLSv1") + ctx = OpenSSL::SSL::SSLContext.new ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true ssl.connect @@ -157,9 +157,7 @@ __EOS__ start_server do |server, port| 2.times do sock = TCPSocket.new("127.0.0.1", port) - # Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?), - # when use default SSLContext. [ruby-dev:36167] - ctx = OpenSSL::SSL::SSLContext.new("TLSv1") + ctx = OpenSSL::SSL::SSLContext.new ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true ssl.session = last_session if last_session diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb index 0cfe4402ec..5b2e712d2a 100644 --- a/test/openssl/test_x509cert.rb +++ b/test/openssl/test_x509cert.rb @@ -178,6 +178,15 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase assert_equal(true, cert.check_private_key(@rsa2048)) end + def test_read_from_file + cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil) + Tempfile.create("cert") { |f| + f << cert.to_pem + f.rewind + assert_equal cert.to_der, OpenSSL::X509::Certificate.new(f).to_der + } + end + private def certificate_error_returns_false |