From df94c66f71448cf30b34375349fd201d1d035423 Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 10 Aug 2017 09:23:45 +0000
Subject: openssl: import v2.0.5

Import Ruby/OpenSSL 2.0.5. The full commit history since v2.0.4
(imported at r59081) can be found at:

	https://github.com/ruby/openssl/compare/v2.0.4...v2.0.5

This will fix the test failure on latest Debian sid and the "no
OPENSSL_Applink" issue on mswin.

----------------------------------------------------------------
Kazuki Yamaguchi (11):
      test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
      bio: prevent possible GC issue in ossl_obj2bio()
      bio: do not use the FILE BIO method in ossl_obj2bio()
      Rakefile: install_dependencies: install only when needed
      appveyor.yml: test against Ruby 2.4
      ossl_pem_passwd_cb: relax passphrase length constraint
      ossl_pem_passwd_cb: do not check for taintedness
      ossl_pem_passwd_cb: handle nil from the block explicitly
      ssl: remove unsupported TLS versions from SSLContext::METHODS
      ssl: fix compile error with OpenSSL 1.0.0
      Ruby/OpenSSL 2.0.5

Lars Kanis (1):
      Add msys2 library dependency tag in gem metadata

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/openssl/test_pkey_rsa.rb    | 11 +++++++++++
 test/openssl/test_ssl.rb         |  6 +++---
 test/openssl/test_ssl_session.rb |  6 ++----
 test/openssl/test_x509cert.rb    |  9 +++++++++
 4 files changed, 25 insertions(+), 7 deletions(-)

(limited to 'test/openssl')

diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index b24f1d5509..93760f747e 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -242,6 +242,17 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
     assert_equal pem, dup_public(RSA1024).export
   end
 
+  def test_pem_passwd
+    key = RSA1024
+    pem3c = key.to_pem("aes-128-cbc", "key")
+    assert_match (/ENCRYPTED/), pem3c
+    assert_equal key.to_der, OpenSSL::PKey.read(pem3c, "key").to_der
+    assert_equal key.to_der, OpenSSL::PKey.read(pem3c) { "key" }.to_der
+    assert_raise(OpenSSL::PKey::PKeyError) {
+      OpenSSL::PKey.read(pem3c) { nil }
+    }
+  end
+
   def test_dup
     key = OpenSSL::PKey::RSA.generate(256, 17)
     key2 = key.dup
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 1906656635..8c65df953d 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -350,7 +350,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     assert_equal OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode
     ciphers_names = ctx.ciphers.collect{|v, _, _, _| v }
     assert ciphers_names.all?{|v| /A(EC)?DH/ !~ v }, "anon ciphers are disabled"
-    assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES)/ !~ v }, "weak ciphers are disabled"
+    assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES(?!-EDE|-CBC3))/ !~ v }, "weak ciphers are disabled"
     assert_equal 0, ctx.options & OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
     if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) # >= 1.0.0
       assert_equal OpenSSL::SSL::OP_NO_COMPRESSION,
@@ -810,7 +810,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) && OpenSSL::SSL::SSLContex
 
 end
 
-if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
+if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1)
 
   def test_tls_v1_1
     start_server_version(:TLSv1_1) { |server, port|
@@ -837,7 +837,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
 
 end
 
-if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
+if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1)
 
   def test_tls_v1_2
     start_server_version(:TLSv1_2) { |server, port|
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
index b2643edd8c..7a99dca5ed 100644
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@@ -48,7 +48,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM=
     Timeout.timeout(5) do
       start_server do |server, port|
         sock = TCPSocket.new("127.0.0.1", port)
-        ctx = OpenSSL::SSL::SSLContext.new("TLSv1")
+        ctx = OpenSSL::SSL::SSLContext.new
         ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
         ssl.sync_close = true
         ssl.connect
@@ -157,9 +157,7 @@ __EOS__
     start_server do |server, port|
       2.times do
         sock = TCPSocket.new("127.0.0.1", port)
-        # Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?),
-        # when use default SSLContext. [ruby-dev:36167]
-        ctx = OpenSSL::SSL::SSLContext.new("TLSv1")
+        ctx = OpenSSL::SSL::SSLContext.new
         ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
         ssl.sync_close = true
         ssl.session = last_session if last_session
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb
index 0cfe4402ec..5b2e712d2a 100644
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@@ -178,6 +178,15 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
     assert_equal(true, cert.check_private_key(@rsa2048))
   end
 
+  def test_read_from_file
+    cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
+    Tempfile.create("cert") { |f|
+      f << cert.to_pem
+      f.rewind
+      assert_equal cert.to_der, OpenSSL::X509::Certificate.new(f).to_der
+    }
+  end
+
   private
 
   def certificate_error_returns_false
-- 
cgit v1.2.3