From 55054497934bb9759aa400ef47042f33b34d0b9a Mon Sep 17 00:00:00 2001 From: gotoyuzo Date: Wed, 9 Mar 2005 10:45:42 +0000 Subject: * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks: - SSLContext#client_cert_cb is a Proc. it is called when a client certificate is requested by a server and no certificate was yet set for the SSLContext. it must return an Array which includes OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects. - SSLContext#tmp_dh_callback is called in key exchange with DH algorithm. it must return an OpenSSL::PKey::DH object. * ext/openssl/ossl_ssl.c: (ossl_sslctx_set_ciphers): ignore the argument if it's nil. (ossl_start_ssl, ossl_ssl_write): call rb_sys_fail if errno isn't 0. [ruby-dev:25831] * ext/openssl/ossl_pkey.c (GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first. (DupPrivPKeyPtr): new function. * ext/openssl/ossl_pkey_dh.c: add default DH parameters. * ext/openssl/ossl_pkey.h: ditto. * ext/openssl/lib/openssl/cipher.rb: fix typo. [ruby-dev:24285] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8129 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- test/openssl/ssl_server.rb | 3 +- test/openssl/test_pair.rb | 192 +-------------------------------------------- test/openssl/test_ssl.rb | 37 +++++++++ 3 files changed, 41 insertions(+), 191 deletions(-) (limited to 'test') diff --git a/test/openssl/ssl_server.rb b/test/openssl/ssl_server.rb index 556c28b84c..6e620629c5 100644 --- a/test/openssl/ssl_server.rb +++ b/test/openssl/ssl_server.rb @@ -64,7 +64,8 @@ $stdout.puts Process.pid $stdout.puts port loop do - Thread.start(ssls.accept) {|ssl| + ssl = ssls.accept rescue next + Thread.start{ q = Queue.new th = Thread.start{ ssl.write(q.shift) while true } while line = ssl.gets diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb index 7dd658b825..7273554362 100644 --- a/test/openssl/test_pair.rb +++ b/test/openssl/test_pair.rb @@ -16,197 +16,8 @@ module SSLPair def server host = "127.0.0.1" port = 0 - key = OpenSSL::PKey::RSA.new(512) - cert = OpenSSL::X509::Certificate.new - cert.version = 2 - cert.serial = 0 - name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]]) - cert.subject = name - cert.issuer = name - cert.not_before = Time.now - cert.not_after = Time.now + 3600 - cert.public_key = key.public_key - ef = OpenSSL::X509::ExtensionFactory.new(nil,cert) - cert.extensions = [ - ef.create_extension("basicConstraints","CA:FALSE"), - ef.create_extension("subjectKeyIdentifier","hash"), - ef.create_extension("extendedKeyUsage","serverAuth"), - ef.create_extension("keyUsage", - "keyEncipherment,dataEncipherment,digitalSignature") - ] - ef.issuer_certificate = cert - cert.add_extension ef.create_extension("authorityKeyIdentifier", - "keyid:always,issuer:always") - cert.sign(key, OpenSSL::Digest::SHA1.new) ctx = OpenSSL::SSL::SSLContext.new() - ctx.key = key - ctx.cert = cert - tcps = TCPServer.new(host, port) - ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) - return ssls - end - - def client(port) - host = "127.0.0.1" - ctx = OpenSSL::SSL::SSLContext.new() - s = TCPSocket.new(host, port) - ssl = OpenSSL::SSL::SSLSocket.new(s, ctx) - ssl.connect - ssl.sync_close = true - ssl - end - - def ssl_pair - ssls = server - th = Thread.new { - ns = ssls.accept - ssls.close - ns - } - port = ssls.to_io.addr[1] - c = client(port) - s = th.value - if block_given? - begin - yield c, s - ensure - c.close unless c.closed? - s.close unless s.closed? - end - else - return c, s - end - end -end - -class OpenSSL::TestEOF1 < Test::Unit::TestCase - include TestEOF - include SSLPair - - def open_file(content) - s1, s2 = ssl_pair - Thread.new { s2 << content; s2.close } - yield s1 - end -end - -class OpenSSL::TestEOF2 < Test::Unit::TestCase - include TestEOF - include SSLPair - - def open_file(content) - s1, s2 = ssl_pair - Thread.new { s1 << content; s1.close } - yield s2 - end -end - -class OpenSSL::TestPair < Test::Unit::TestCase - include SSLPair - - def test_getc - ssl_pair {|s1, s2| - s1 << "a" - assert_equal(?a, s2.getc) - } - end - - def test_readpartial - ssl_pair {|s1, s2| - s2.write "a\nbcd" - assert_equal("a\n", s1.gets) - assert_equal("bcd", s1.readpartial(10)) - s2.write "efg" - assert_equal("efg", s1.readpartial(10)) - s2.close - assert_raise(EOFError) { s1.readpartial(10) } - assert_raise(EOFError) { s1.readpartial(10) } - assert_equal("", s1.readpartial(0)) - } - end - - def test_readall - ssl_pair {|s1, s2| - s2.close - assert_equal("", s1.read) - } - end - - def test_readline - ssl_pair {|s1, s2| - s2.close - assert_raise(EOFError) { s1.readline } - } - end - - def test_puts_meta - ssl_pair {|s1, s2| - begin - old = $/ - $/ = '*' - s1.puts 'a' - ensure - $/ = old - end - s1.close - assert_equal("a\n", s2.read) - } - end - - def test_puts_empty - ssl_pair {|s1, s2| - s1.puts - s1.close - assert_equal("\n", s2.read) - } - end - -end - -end -begin - require "openssl" -rescue LoadError -end -require 'test/unit' - -if defined?(OpenSSL) - -require 'socket' -dir = File.expand_path(__FILE__) -2.times {dir = File.dirname(dir)} -$:.replace([File.join(dir, "ruby")] | $:) -require 'ut_eof' - -module SSLPair - def server - host = "127.0.0.1" - port = 0 - key = OpenSSL::PKey::RSA.new(512) - cert = OpenSSL::X509::Certificate.new - cert.version = 2 - cert.serial = 0 - name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]]) - cert.subject = name - cert.issuer = name - cert.not_before = Time.now - cert.not_after = Time.now + 3600 - cert.public_key = key.public_key - ef = OpenSSL::X509::ExtensionFactory.new(nil,cert) - cert.extensions = [ - ef.create_extension("basicConstraints","CA:FALSE"), - ef.create_extension("subjectKeyIdentifier","hash"), - ef.create_extension("extendedKeyUsage","serverAuth"), - ef.create_extension("keyUsage", - "keyEncipherment,dataEncipherment,digitalSignature") - ] - ef.issuer_certificate = cert - cert.add_extension ef.create_extension("authorityKeyIdentifier", - "keyid:always,issuer:always") - cert.sign(key, OpenSSL::Digest::SHA1.new) - ctx = OpenSSL::SSL::SSLContext.new() - ctx.key = key - ctx.cert = cert + ctx.ciphers = "ADH" tcps = TCPServer.new(host, port) ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) return ssls @@ -215,6 +26,7 @@ module SSLPair def client(port) host = "127.0.0.1" ctx = OpenSSL::SSL::SSLContext.new() + ctx.ciphers = "ADH" s = TCPSocket.new(host, port) ssl = OpenSSL::SSL::SSLSocket.new(s, ctx) ssl.connect diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 8f440076e8..08c18f440b 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -155,6 +155,43 @@ class OpenSSL::TestSSL < Test::Unit::TestCase } end + def test_client_auth + vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT + start_server(PORT, vflag, true){|s, p| + assert_raises(OpenSSL::SSL::SSLError){ + sock = TCPSocket.new("127.0.0.1", p) + ssl = OpenSSL::SSL::SSLSocket.new(sock) + ssl.connect + } + + ctx = OpenSSL::SSL::SSLContext.new + ctx.key = @cli_key + ctx.cert = @cli_cert + sock = TCPSocket.new("127.0.0.1", p) + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.sync_close = true + ssl.connect + ssl.puts("foo") + assert_equal("foo\n", ssl.gets) + ssl.close + + called = nil + ctx = OpenSSL::SSL::SSLContext.new + ctx.client_cert_cb = Proc.new{|ssl| + called = true + [@cli_cert, @cli_key] + } + sock = TCPSocket.new("127.0.0.1", p) + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.sync_close = true + ssl.connect + assert(called) + ssl.puts("foo") + assert_equal("foo\n", ssl.gets) + ssl.close + } + end + def test_starttls start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|s, p| sock = TCPSocket.new("127.0.0.1", p) -- cgit v1.2.3