From 1e760c0be3ed35874204114e7454509f740c0fe2 Mon Sep 17 00:00:00 2001 From: shyouhei Date: Wed, 22 Aug 2007 01:53:51 +0000 Subject: add tag v1_8_6_71 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v1_8_5_71@13189 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ruby_1_8_6/test/soap/ssl/README | 1 + ruby_1_8_6/test/soap/ssl/ca.cert | 23 ++++ ruby_1_8_6/test/soap/ssl/client.cert | 19 ++++ ruby_1_8_6/test/soap/ssl/client.key | 15 +++ ruby_1_8_6/test/soap/ssl/server.cert | 19 ++++ ruby_1_8_6/test/soap/ssl/server.key | 15 +++ ruby_1_8_6/test/soap/ssl/sslsvr.rb | 57 ++++++++++ ruby_1_8_6/test/soap/ssl/subca.cert | 21 ++++ ruby_1_8_6/test/soap/ssl/test_ssl.rb | 204 +++++++++++++++++++++++++++++++++++ 9 files changed, 374 insertions(+) create mode 100644 ruby_1_8_6/test/soap/ssl/README create mode 100644 ruby_1_8_6/test/soap/ssl/ca.cert create mode 100644 ruby_1_8_6/test/soap/ssl/client.cert create mode 100644 ruby_1_8_6/test/soap/ssl/client.key create mode 100644 ruby_1_8_6/test/soap/ssl/server.cert create mode 100644 ruby_1_8_6/test/soap/ssl/server.key create mode 100644 ruby_1_8_6/test/soap/ssl/sslsvr.rb create mode 100644 ruby_1_8_6/test/soap/ssl/subca.cert create mode 100644 ruby_1_8_6/test/soap/ssl/test_ssl.rb (limited to 'ruby_1_8_6/test/soap/ssl') diff --git a/ruby_1_8_6/test/soap/ssl/README b/ruby_1_8_6/test/soap/ssl/README new file mode 100644 index 0000000000..98ebcf7c23 --- /dev/null +++ b/ruby_1_8_6/test/soap/ssl/README @@ -0,0 +1 @@ +* certificates and keys in this directory is copied from http-access2 test. diff --git a/ruby_1_8_6/test/soap/ssl/ca.cert b/ruby_1_8_6/test/soap/ssl/ca.cert new file mode 100644 index 0000000000..bcabbee4ad --- /dev/null +++ b/ruby_1_8_6/test/soap/ssl/ca.cert @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES +MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X +DTA0MDEzMDAwNDIzMloXDTM2MDEyMjAwNDIzMlowPDELMAkGA1UEBgwCSlAxEjAQ +BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQswCQYDVQQDDAJDQTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbv0x42BTKFEQOE+KJ2XmiSdZpR +wjzQLAkPLRnLB98tlzs4xo+y4RyY/rd5TT9UzBJTIhP8CJi5GbS1oXEerQXB3P0d +L5oSSMwGGyuIzgZe5+vZ1kgzQxMEKMMKlzA73rbMd4Jx3u5+jdbP0EDrPYfXSvLY +bS04n2aX7zrN3x5KdDrNBfwBio2/qeaaj4+9OxnwRvYP3WOvqdW0h329eMfHw0pi +JI0drIVdsEqClUV4pebT/F+CPUPkEh/weySgo9wANockkYu5ujw2GbLFcO5LXxxm +dEfcVr3r6t6zOA4bJwL0W/e6LBcrwiG/qPDFErhwtgTLYf6Er67SzLyA66UCAwEA +AaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09w +ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJ7Xd380KzBV7f +USKIQ+O/vKbhDzAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0wW4AUSe13d/NCswVe +31EiiEPjv7ym4Q+hQKQ+MDwxCzAJBgNVBAYMAkpQMRIwEAYDVQQKDAlKSU4uR1Iu +SlAxDDAKBgNVBAsMA1JSUjELMAkGA1UEAwwCQ0GCAQAwDQYJKoZIhvcNAQEFBQAD +ggEBAIu/mfiez5XN5tn2jScgShPgHEFJBR0BTJBZF6xCk0jyqNx/g9HMj2ELCuK+ +r/Y7KFW5c5M3AQ+xWW0ZSc4kvzyTcV7yTVIwj2jZ9ddYMN3nupZFgBK1GB4Y05GY +MJJFRkSu6d/Ph5ypzBVw2YMT/nsOo5VwMUGLgS7YVjU+u/HNWz80J3oO17mNZllj +PvORJcnjwlroDnS58KoJ7GDgejv3ESWADvX1OHLE4cRkiQGeLoEU4pxdCxXRqX0U +PbwIkZN9mXVcrmPHq8MWi4eC/V7hnbZETMHuWhUoiNdOEfsAXr3iP4KjyyRdwc7a +d/xgcK06UVQRL/HbEYGiQL056mc= +-----END CERTIFICATE----- diff --git a/ruby_1_8_6/test/soap/ssl/client.cert b/ruby_1_8_6/test/soap/ssl/client.cert new file mode 100644 index 0000000000..ad13c4b735 --- /dev/null +++ b/ruby_1_8_6/test/soap/ssl/client.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDKDCCAhCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES +MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X +DTA0MDEzMTAzMTQ1OFoXDTM1MDEyMzAzMTQ1OFowZTELMAkGA1UEBgwCSlAxEjAQ +BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMRAwDgYDVQQDDAdleGFtcGxl +MSIwIAYJKoZIhvcNAQkBDBNleGFtcGxlQGV4YW1wbGUub3JnMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDRWssrK8Gyr+500hpLjCGR3+AHL8/hEJM5zKi/MgLW +jTkvsgOwbYwXOiNtAbR9y4/ucDq7EY+cMUMHES4uFaPTcOaAV0aZRmk8AgslN1tQ +gNS6ew7/Luq3DcVeWkX8PYgR9VG0mD1MPfJ6+IFA5d3vKpdBkBgN4l46jjO0/2Xf +ewIDAQABo4GPMIGMMAwGA1UdEwEB/wQCMAAwMQYJYIZIAYb4QgENBCQWIlJ1Ynkv +T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOFvay0H7lr2 +xUx6waYEV2bVDYQhMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYI +KwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADggEBABd2dYWqbDIWf5sWFvslezxJv8gI +w64KCJBuyJAiDuf+oazr3016kMzAlt97KecLZDusGNagPrq02UX7YMoQFsWJBans +cDtHrkM0al5r6/WGexNMgtYbNTYzt/IwodISGBgZ6dsOuhznwms+IBsTNDAvWeLP +lt2tOqD8kEmjwMgn0GDRuKjs4EoboA3kMULb1p9akDV9ZESU3eOtpS5/G5J5msLI +9WXbYBjcjvkLuJH9VsJhb+R58Vl0ViemvAHhPilSl1SPWVunGhv6FcIkdBEi1k9F +e8BNMmsEjFiANiIRvpdLRbiGBt0KrKTndVfsmoKCvY48oCOvnzxtahFxfs8= +-----END CERTIFICATE----- diff --git a/ruby_1_8_6/test/soap/ssl/client.key b/ruby_1_8_6/test/soap/ssl/client.key new file mode 100644 index 0000000000..37bc62f259 --- /dev/null +++ b/ruby_1_8_6/test/soap/ssl/client.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQDRWssrK8Gyr+500hpLjCGR3+AHL8/hEJM5zKi/MgLWjTkvsgOw +bYwXOiNtAbR9y4/ucDq7EY+cMUMHES4uFaPTcOaAV0aZRmk8AgslN1tQgNS6ew7/ +Luq3DcVeWkX8PYgR9VG0mD1MPfJ6+IFA5d3vKpdBkBgN4l46jjO0/2XfewIDAQAB +AoGAZcz8llWErtsV3QB9gNb3S/PNADGjqBFjReva8n3jG2k4sZSibpwWTwUaTNtT +ZQgjSRKRvH1hk9XwffNAvXAQZNNkuj/16gO2oO45nyLj4dO365ujLptWnVIWDHOE +uN0GeiZO+VzcCisT0WCq4tvtLeH8svrxzA8cbXIEyOK7NiECQQDwo2zPFyKAZ/Cu +lDJ6zKT+RjfWwW7DgWzirAlTrt4ViMaW+IaDH29TmQpb4V4NuR3Xi+2Xl4oicu6S +36TW9+/FAkEA3rgfOQJuLlWSnw1RTGwvnC816a/W7iYYY7B+0U4cDbfWl7IoXT4y +M8nV/HESooviZLqBwzAYSoj3fFKYBKpGPwJAUO8GN5iWWA2dW3ooiDiv/X1sZmRk +dojfMFWgRW747tEzya8Ivq0h6kH8w+5GjeMG8Gn1nRiwsulo6Ckj7dEx6QJACyui +7UIQ8qP6GZ4aYMHgVW4Mvy7Bkeo5OO7GPYs0Xv/EdJFL8vlGnVBXOjUVoS9w6Gpu +TbLg1QQvnX2rADjmEwJANxZO2GUkaWGsEif8aGW0x5g/IdaMGG27pTWk5zqix7P3 +1UDrdo/JOXhptovhRi06EppIxAxYmbh9vd9VN8Itlw== +-----END RSA PRIVATE KEY----- diff --git a/ruby_1_8_6/test/soap/ssl/server.cert b/ruby_1_8_6/test/soap/ssl/server.cert new file mode 100644 index 0000000000..998ccc5892 --- /dev/null +++ b/ruby_1_8_6/test/soap/ssl/server.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGDAJKUDES +MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxDjAMBgNVBAMMBVN1YkNB +MB4XDTA0MDEzMTAzMTMxNloXDTMzMDEyMzAzMTMxNlowQzELMAkGA1UEBgwCSlAx +EjAQBgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMRIwEAYDVQQDDAlsb2Nh +bGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANFJTxWqup3nV9dsJAku +p+WaXnPNIzcpAA3qMGZDJTJsfa8Du7ZxTP0XJK5mETttBrn711cJxAuP3KjqnW9S +vtZ9lY2sXJ6Zj62sN5LwG3VVe25dI28yR1EsbHjJ5Zjf9tmggMC6am52dxuHbt5/ +vHo4ngJuKE/U+eeGRivMn6gFAgMBAAGjgYUwgYIwDAYDVR0TAQH/BAIwADAxBglg +hkgBhvhCAQ0EJBYiUnVieS9PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd +BgNVHQ4EFgQUpZIyygD9JxFYHHOTEuWOLbCKfckwCwYDVR0PBAQDAgWgMBMGA1Ud +JQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBwAIj5SaBHaA5X31IP +CFCJiep96awfp7RANO0cuUj+ZpGoFn9d6FXY0g+Eg5wAkCNIzZU5NHN9xsdOpnUo +zIBbyTfQEPrge1CMWMvL6uGaoEXytq84VTitF/xBTky4KtTn6+es4/e7jrrzeUXQ +RC46gkHObmDT91RkOEGjHLyld2328jo3DIN/VTHIryDeVHDWjY5dENwpwdkhhm60 +DR9IrNBbXWEe9emtguNXeN0iu1ux0lG1Hc6pWGQxMlRKNvGh0yZB9u5EVe38tOV0 +jQaoNyL7qzcQoXD3Dmbi1p0iRmg/+HngISsz8K7k7MBNVsSclztwgCzTZOBiVtkM +rRlQ +-----END CERTIFICATE----- diff --git a/ruby_1_8_6/test/soap/ssl/server.key b/ruby_1_8_6/test/soap/ssl/server.key new file mode 100644 index 0000000000..9ba2218a03 --- /dev/null +++ b/ruby_1_8_6/test/soap/ssl/server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDRSU8Vqrqd51fXbCQJLqflml5zzSM3KQAN6jBmQyUybH2vA7u2 +cUz9FySuZhE7bQa5+9dXCcQLj9yo6p1vUr7WfZWNrFyemY+trDeS8Bt1VXtuXSNv +MkdRLGx4yeWY3/bZoIDAumpudncbh27ef7x6OJ4CbihP1PnnhkYrzJ+oBQIDAQAB +AoGBAIf4CstW2ltQO7+XYGoex7Hh8s9lTSW/G2vu5Hbr1LTHy3fzAvdq8MvVR12O +rk9fa+lU9vhzPc0NMB0GIDZ9GcHuhW5hD1Wg9OSCbTOkZDoH3CAFqonjh4Qfwv5W +IPAFn9KHukdqGXkwEMdErsUaPTy9A1V/aROVEaAY+HJgq/eZAkEA/BP1QMV04WEZ +Oynzz7/lLizJGGxp2AOvEVtqMoycA/Qk+zdKP8ufE0wbmCE3Qd6GoynavsHb6aGK +gQobb8zDZwJBANSK6MrXlrZTtEaeZuyOB4mAmRzGzOUVkUyULUjEx2GDT93ujAma +qm/2d3E+wXAkNSeRpjUmlQXy/2oSqnGvYbMCQQDRM+cYyEcGPUVpWpnj0shrF/QU +9vSot/X1G775EMTyaw6+BtbyNxVgOIu2J+rqGbn3c+b85XqTXOPL0A2RLYkFAkAm +syhSDtE9X55aoWsCNZY/vi+i4rvaFoQ/WleogVQAeGVpdo7/DK9t9YWoFBIqth0L +mGSYFu9ZhvZkvQNV8eYrAkBJ+rOIaLDsmbrgkeDruH+B/9yrm4McDtQ/rgnOGYnH +LjLpLLOrgUxqpzLWe++EwSLwK2//dHO+SPsQJ4xsyQJy +-----END RSA PRIVATE KEY----- diff --git a/ruby_1_8_6/test/soap/ssl/sslsvr.rb b/ruby_1_8_6/test/soap/ssl/sslsvr.rb new file mode 100644 index 0000000000..4f67eb9485 --- /dev/null +++ b/ruby_1_8_6/test/soap/ssl/sslsvr.rb @@ -0,0 +1,57 @@ +require 'webrick/https' +require 'logger' +require 'rbconfig' + +require 'soap/rpc/httpserver' + +class HelloWorldServer < SOAP::RPC::HTTPServer +private + + def on_init + self.level = Logger::Severity::FATAL + @default_namespace = 'urn:ssltst' + add_method(self, 'hello_world', 'from') + end + + def hello_world(from) + "Hello World, from #{ from }" + end +end + + +if $0 == __FILE__ + PORT = 17171 + DIR = File.dirname(File.expand_path(__FILE__)) + + def cert(filename) + OpenSSL::X509::Certificate.new(File.open(File.join(DIR, filename)) { |f| + f.read + }) + end + + def key(filename) + OpenSSL::PKey::RSA.new(File.open(File.join(DIR, filename)) { |f| + f.read + }) + end + + $server = HelloWorldServer.new( + :BindAddress => "0.0.0.0", + :Port => PORT, + :AccessLog => [], + :SSLEnable => true, + :SSLCACertificateFile => File.join(DIR, 'ca.cert'), + :SSLCertificate => cert('server.cert'), + :SSLPrivateKey => key('server.key'), + :SSLVerifyClient => nil, #OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT|OpenSSL::SSL::VERIFY_PEER, + :SSLClientCA => cert('ca.cert'), + :SSLCertName => nil + ) + t = Thread.new { + Thread.current.abort_on_exception = true + $server.start + } + STDOUT.sync = true + puts $$ + t.join +end diff --git a/ruby_1_8_6/test/soap/ssl/subca.cert b/ruby_1_8_6/test/soap/ssl/subca.cert new file mode 100644 index 0000000000..1e471851b8 --- /dev/null +++ b/ruby_1_8_6/test/soap/ssl/subca.cert @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES +MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X +DTA0MDEzMDAwNDMyN1oXDTM1MDEyMjAwNDMyN1owPzELMAkGA1UEBgwCSlAxEjAQ +BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQ4wDAYDVQQDDAVTdWJDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0Ou7AyRcRXnB/kVHv/6kwe +ANzgg/DyJfsAUqW90m7Lu1nqyug8gK0RBd77yU0w5HOAMHTVSdpjZK0g2sgx4Mb1 +d/213eL9TTl5MRVEChTvQr8q5DVG/8fxPPE7fMI8eOAzd98/NOAChk+80r4Sx7fC +kGVEE1bKwY1MrUsUNjOY2d6t3M4HHV3HX1V8ShuKfsHxgCmLzdI8U+5CnQedFgkm +3e+8tr8IX5RR1wA1Ifw9VadF7OdI/bGMzog/Q8XCLf+WPFjnK7Gcx6JFtzF6Gi4x +4dp1Xl45JYiVvi9zQ132wu8A1pDHhiNgQviyzbP+UjcB/tsOpzBQF8abYzgEkWEC +AwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAxBglghkgBhvhCAQ0EJBYiUnVieS9P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlCjXWLsReYzH +LzsxwVnCXmKoB/owCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJ/OyN +rT8Cq2Y+G2yA/L1EMRvvxwFBqxavqaqHl/6rwsIBFlB3zbqGA/0oec6MAVnYynq4 +c4AcHTjx3bQ/S4r2sNTZq0DH4SYbQzIobx/YW8PjQUJt8KQdKMcwwi7arHP7A/Ha +LKu8eIC2nsUBnP4NhkYSGhbmpJK+PFD0FVtD0ZIRlY/wsnaZNjWWcnWF1/FNuQ4H +ySjIblqVQkPuzebv3Ror6ZnVDukn96Mg7kP4u6zgxOeqlJGRe1M949SS9Vudjl8X +SF4aZUUB9pQGhsqQJVqaz2OlhGOp9D0q54xko/rekjAIcuDjl1mdX4F2WRrzpUmZ +uY/bPeOBYiVsOYVe +-----END CERTIFICATE----- diff --git a/ruby_1_8_6/test/soap/ssl/test_ssl.rb b/ruby_1_8_6/test/soap/ssl/test_ssl.rb new file mode 100644 index 0000000000..f0a1e18971 --- /dev/null +++ b/ruby_1_8_6/test/soap/ssl/test_ssl.rb @@ -0,0 +1,204 @@ +require 'test/unit' +begin + require 'http-access2' +rescue LoadError +end +require 'soap/rpc/driver' + +if defined?(HTTPAccess2) and defined?(OpenSSL) + +module SOAP; module SSL + + +class TestSSL < Test::Unit::TestCase + PORT = 17171 + + DIR = File.dirname(File.expand_path(__FILE__)) + require 'rbconfig' + RUBY = File.join( + Config::CONFIG["bindir"], + Config::CONFIG["ruby_install_name"] + Config::CONFIG["EXEEXT"] + ) + + def setup + @url = "https://localhost:#{PORT}/hello" + @serverpid = @client = nil + @verify_callback_called = false + setup_server + setup_client + end + + def teardown + teardown_client + teardown_server + end + + def test_options + cfg = @client.streamhandler.client.ssl_config + assert_nil(cfg.client_cert) + assert_nil(cfg.client_key) + assert_nil(cfg.client_ca) + assert_equal(OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT, cfg.verify_mode) + assert_nil(cfg.verify_callback) + assert_nil(cfg.timeout) + assert_equal(OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2, cfg.options) + assert_equal("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH", cfg.ciphers) + assert_instance_of(OpenSSL::X509::Store, cfg.cert_store) + # dummy call to ensure sslsvr initialization finished. + assert_raise(OpenSSL::SSL::SSLError) do + @client.hello_world("ssl client") + end + end + + def test_verification + cfg = @client.options + cfg["protocol.http.ssl_config.verify_callback"] = method(:verify_callback).to_proc + @verify_callback_called = false + ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")} + assert_equal("certificate verify failed", ssle.message) + assert(@verify_callback_called) + # + cfg["protocol.http.ssl_config.client_cert"] = File.join(DIR, "client.cert") + cfg["protocol.http.ssl_config.client_key"] = File.join(DIR, "client.key") + @verify_callback_called = false + ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")} + assert_equal("certificate verify failed", ssle.message) + assert(@verify_callback_called) + # + cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "ca.cert") + @verify_callback_called = false + ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")} + assert_equal("certificate verify failed", ssle.message) + assert(@verify_callback_called) + # + cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "subca.cert") + @verify_callback_called = false + assert_equal("Hello World, from ssl client", @client.hello_world("ssl client")) + assert(@verify_callback_called) + # + cfg["protocol.http.ssl_config.verify_depth"] = "1" + @verify_callback_called = false + ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")} + assert_equal("certificate verify failed", ssle.message) + assert(@verify_callback_called) + # + cfg["protocol.http.ssl_config.verify_depth"] = "" + cfg["protocol.http.ssl_config.cert_store"] = OpenSSL::X509::Store.new + cfg["protocol.http.ssl_config.verify_mode"] = OpenSSL::SSL::VERIFY_PEER.to_s + ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")} + assert_equal("certificate verify failed", ssle.message) + # + cfg["protocol.http.ssl_config.verify_mode"] = "" + assert_equal("Hello World, from ssl client", @client.hello_world("ssl client")) + end + + def test_property + testpropertyname = File.join(DIR, 'soapclient.properties') + File.open(testpropertyname, "w") do |f| + f <<<<__EOP__ +protocol.http.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER +# depth: 1 causes an error (intentional) +protocol.http.ssl_config.verify_depth = 1 +protocol.http.ssl_config.client_cert = #{File.join(DIR, 'client.cert')} +protocol.http.ssl_config.client_key = #{File.join(DIR, 'client.key')} +protocol.http.ssl_config.ca_file = #{File.join(DIR, 'ca.cert')} +protocol.http.ssl_config.ca_file = #{File.join(DIR, 'subca.cert')} +protocol.http.ssl_config.ciphers = ALL +__EOP__ + end + begin + @client.loadproperty(testpropertyname) + @client.options["protocol.http.ssl_config.verify_callback"] = method(:verify_callback).to_proc + @verify_callback_called = false + # NG with String + ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")} + assert_equal("certificate verify failed", ssle.message) + assert(@verify_callback_called) + # NG with Integer + @client.options["protocol.http.ssl_config.verify_depth"] = 0 + ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")} + assert_equal("certificate verify failed", ssle.message) + assert(@verify_callback_called) + # OK with empty + @client.options["protocol.http.ssl_config.verify_depth"] = "" + @verify_callback_called = false + assert_equal("Hello World, from ssl client", @client.hello_world("ssl client")) + assert(@verify_callback_called) + # OK with nil + @client.options["protocol.http.ssl_config.verify_depth"] = nil + @verify_callback_called = false + assert_equal("Hello World, from ssl client", @client.hello_world("ssl client")) + assert(@verify_callback_called) + # OK with String + @client.options["protocol.http.ssl_config.verify_depth"] = "3" + @verify_callback_called = false + assert_equal("Hello World, from ssl client", @client.hello_world("ssl client")) + assert(@verify_callback_called) + # OK with Integer + @client.options["protocol.http.ssl_config.verify_depth"] = 3 + @verify_callback_called = false + assert_equal("Hello World, from ssl client", @client.hello_world("ssl client")) + assert(@verify_callback_called) + ensure + File.unlink(testpropertyname) + end + end + + def test_ciphers + cfg = @client.options + cfg["protocol.http.ssl_config.client_cert"] = File.join(DIR, 'client.cert') + cfg["protocol.http.ssl_config.client_key"] = File.join(DIR, 'client.key') + cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "ca.cert") + cfg["protocol.http.ssl_config.ca_file"] = File.join(DIR, "subca.cert") + #cfg.timeout = 123 + cfg["protocol.http.ssl_config.ciphers"] = "!ALL" + # + ssle = assert_raise(OpenSSL::SSL::SSLError) {@client.hello_world("ssl client")} + # depends on OpenSSL version. (?:0.9.8|0.9.7) + assert_match(/\A(?:SSL_CTX_set_cipher_list:: no cipher match|no ciphers available)\z/, ssle.message) + # + cfg["protocol.http.ssl_config.ciphers"] = "ALL" + assert_equal("Hello World, from ssl client", @client.hello_world("ssl client")) + end + +private + + def q(str) + %Q["#{str}"] + end + + def setup_server + svrcmd = "#{q(RUBY)} " + #svrcmd << "-d " if $DEBUG + svrcmd << File.join(DIR, "sslsvr.rb") + svrout = IO.popen(svrcmd) + @serverpid = Integer(svrout.gets.chomp) + end + + def setup_client + @client = SOAP::RPC::Driver.new(@url, 'urn:ssltst') + @client.add_method("hello_world", "from") + end + + def teardown_server + if @serverpid + Process.kill('KILL', @serverpid) + Process.waitpid(@serverpid) + end + end + + def teardown_client + @client.reset_stream if @client + end + + def verify_callback(ok, cert) + @verify_callback_called = true + p ["client", ok, cert] if $DEBUG + ok + end +end + + +end; end + +end -- cgit v1.2.3