summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/openssl/test_pkey_rsa.rb11
-rw-r--r--test/openssl/test_ssl.rb6
-rw-r--r--test/openssl/test_ssl_session.rb6
-rw-r--r--test/openssl/test_x509cert.rb9
4 files changed, 25 insertions, 7 deletions
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index b24f1d5..93760f7 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -242,6 +242,17 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
assert_equal pem, dup_public(RSA1024).export
end
+ def test_pem_passwd
+ key = RSA1024
+ pem3c = key.to_pem("aes-128-cbc", "key")
+ assert_match (/ENCRYPTED/), pem3c
+ assert_equal key.to_der, OpenSSL::PKey.read(pem3c, "key").to_der
+ assert_equal key.to_der, OpenSSL::PKey.read(pem3c) { "key" }.to_der
+ assert_raise(OpenSSL::PKey::PKeyError) {
+ OpenSSL::PKey.read(pem3c) { nil }
+ }
+ end
+
def test_dup
key = OpenSSL::PKey::RSA.generate(256, 17)
key2 = key.dup
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 1906656..8c65df9 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -350,7 +350,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_equal OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode
ciphers_names = ctx.ciphers.collect{|v, _, _, _| v }
assert ciphers_names.all?{|v| /A(EC)?DH/ !~ v }, "anon ciphers are disabled"
- assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES)/ !~ v }, "weak ciphers are disabled"
+ assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES(?!-EDE|-CBC3))/ !~ v }, "weak ciphers are disabled"
assert_equal 0, ctx.options & OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) # >= 1.0.0
assert_equal OpenSSL::SSL::OP_NO_COMPRESSION,
@@ -810,7 +810,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) && OpenSSL::SSL::SSLContex
end
-if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
+if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1)
def test_tls_v1_1
start_server_version(:TLSv1_1) { |server, port|
@@ -837,7 +837,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
end
-if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
+if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1)
def test_tls_v1_2
start_server_version(:TLSv1_2) { |server, port|
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
index b2643ed..7a99dca 100644
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@@ -48,7 +48,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM=
Timeout.timeout(5) do
start_server do |server, port|
sock = TCPSocket.new("127.0.0.1", port)
- ctx = OpenSSL::SSL::SSLContext.new("TLSv1")
+ ctx = OpenSSL::SSL::SSLContext.new
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.sync_close = true
ssl.connect
@@ -157,9 +157,7 @@ __EOS__
start_server do |server, port|
2.times do
sock = TCPSocket.new("127.0.0.1", port)
- # Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?),
- # when use default SSLContext. [ruby-dev:36167]
- ctx = OpenSSL::SSL::SSLContext.new("TLSv1")
+ ctx = OpenSSL::SSL::SSLContext.new
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.sync_close = true
ssl.session = last_session if last_session
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb
index 0cfe440..5b2e712 100644
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@@ -178,6 +178,15 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
assert_equal(true, cert.check_private_key(@rsa2048))
end
+ def test_read_from_file
+ cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
+ Tempfile.create("cert") { |f|
+ f << cert.to_pem
+ f.rewind
+ assert_equal cert.to_der, OpenSSL::X509::Certificate.new(f).to_der
+ }
+ end
+
private
def certificate_error_returns_false