From 0c25a62834bee7ad2e92464f4ac71538cddbe275 Mon Sep 17 00:00:00 2001
From: gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 8 Apr 2005 09:26:54 +0000
Subject: * ext/openssl/ossl_ssl.c: add callbacks to OpenSSL::SSL::SSLContexts.
   - SSLContext#client_cert_cb=(aProc). it is called when a client    
 certificate is requested by a server and no certificate was not     set for
 the SSLContext. it must return an Array which includes    
 OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects.   -
 SSLContext#tmp_dh_callback=(aProc). it is called in key     exchange with DH
 algorithm. it must return an OpenSSL::PKey::DH     object.

* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): ignore the
  argument if it's nil.

* ext/openssl/ossl_pkey.c
  (GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first.
  (DupPrivPKeyPtr): new function.

* ext/openssl/ossl_pkey_dh.c: add default DH parameters.

* ext/openssl/ossl_pkey.h: ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/openssl/ssl_server.rb |  2 +-
 test/openssl/test_pair.rb  | 26 ++------------------------
 test/openssl/test_ssl.rb   | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 25 deletions(-)

(limited to 'test/openssl')

diff --git a/test/openssl/ssl_server.rb b/test/openssl/ssl_server.rb
index 5e1303379f..6e620629c5 100644
--- a/test/openssl/ssl_server.rb
+++ b/test/openssl/ssl_server.rb
@@ -64,7 +64,7 @@ $stdout.puts Process.pid
 $stdout.puts port
 
 loop do
-  ssl = ssls.accept
+  ssl = ssls.accept rescue next
   Thread.start{
     q = Queue.new
     th = Thread.start{ ssl.write(q.shift) while true }
diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb
index 2b48471d86..7273554362 100644
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@@ -16,31 +16,8 @@ module SSLPair
   def server
     host = "127.0.0.1"
     port = 0
-    key = OpenSSL::PKey::RSA.new(512)
-    cert = OpenSSL::X509::Certificate.new
-    cert.version = 2
-    cert.serial = 0
-    name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
-    cert.subject = name
-    cert.issuer = name
-    cert.not_before = Time.now
-    cert.not_after = Time.now + 3600
-    cert.public_key = key.public_key
-    ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
-    cert.extensions = [
-      ef.create_extension("basicConstraints","CA:FALSE"),
-      ef.create_extension("subjectKeyIdentifier","hash"),
-      ef.create_extension("extendedKeyUsage","serverAuth"),
-      ef.create_extension("keyUsage",
-                          "keyEncipherment,dataEncipherment,digitalSignature")
-    ]
-    ef.issuer_certificate = cert
-    cert.add_extension ef.create_extension("authorityKeyIdentifier",
-                                           "keyid:always,issuer:always")
-    cert.sign(key, OpenSSL::Digest::SHA1.new)
     ctx = OpenSSL::SSL::SSLContext.new()
-    ctx.key = key
-    ctx.cert = cert
+    ctx.ciphers = "ADH"
     tcps = TCPServer.new(host, port)
     ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
     return ssls
@@ -49,6 +26,7 @@ module SSLPair
   def client(port)
     host = "127.0.0.1"
     ctx = OpenSSL::SSL::SSLContext.new()
+    ctx.ciphers = "ADH"
     s = TCPSocket.new(host, port)
     ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
     ssl.connect
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index abc9859484..e80f32f234 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -151,6 +151,43 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
     }
   end
 
+  def test_client_auth
+    vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+    start_server(PORT, vflag, true){|s, p|
+      assert_raises(OpenSSL::SSL::SSLError){
+        sock = TCPSocket.new("127.0.0.1", p)
+        ssl = OpenSSL::SSL::SSLSocket.new(sock)
+        ssl.connect
+      }
+
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.key = @cli_key
+      ctx.cert = @cli_cert
+      sock = TCPSocket.new("127.0.0.1", p)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      ssl.sync_close = true
+      ssl.connect
+      ssl.puts("foo")
+      assert_equal("foo\n", ssl.gets)
+      ssl.close
+
+      called = nil
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.client_cert_cb = Proc.new{|ssl|
+        called = true
+        [@cli_cert, @cli_key]
+      }
+      sock = TCPSocket.new("127.0.0.1", p)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      ssl.sync_close = true
+      ssl.connect
+      assert(called)
+      ssl.puts("foo")
+      assert_equal("foo\n", ssl.gets)
+      ssl.close
+    }
+  end
+
   def test_starttls
     start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|s, p|
       sock = TCPSocket.new("127.0.0.1", p)
-- 
cgit v1.2.3