diff options
| author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-08 14:13:53 +0000 |
|---|---|---|
| committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-08 14:13:53 +0000 |
| commit | a0f292bbcd6421b0cb87b84cb34887c7e020727b (patch) | |
| tree | f70e6c1c635698cc26fc89de1fb1585f48207fd1 /test | |
| parent | 4b13656e39fa5da58af9df534570965d5692e9c3 (diff) | |
| download | bundler-a0f292bbcd6421b0cb87b84cb34887c7e020727b.tar.gz | |
openssl: sync with upstream repository
Sync with the current tip of master branch, 62436385306c of
ruby/openssl.git. Changes can be found at:
https://github.com/ruby/openssl/compare/v2.1.1...62436385306c
----------------------------------------------------------------
Brian Cunnie (1):
Correctly verify abbreviated IPv6 SANs
Janko Marohnić (1):
Reduce memory allocation when writing to SSLSocket
Jeremy Evans (1):
Move rb_global_variable call to directly after assignment
Kazuki Yamaguchi (7):
pkcs7: allow recipient's certificate to be omitted for PKCS7#decrypt
pkey: resume key generation after interrupt
tool/ruby-openssl-docker: update to latest versions
test/test_ssl: fix test failure with TLS 1.3
test/test_x509name: change script encoding to ASCII-8BIT
x509name: refactor OpenSSL::X509::Name#to_s
x509name: fix handling of X509_NAME_{oneline,print_ex}() return value
ahadc (1):
Update CONTRIBUTING.md
nobu (6):
no ID cache in Init functions
search winsock libraries explicitly
openssl: search winsock
openssl_missing.h: constified
reduce LibreSSL warnings
openssl/buffering.rb: no RS when output
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
| -rw-r--r-- | test/openssl/test_pkcs7.rb | 2 | ||||
| -rw-r--r-- | test/openssl/test_ssl.rb | 64 | ||||
| -rw-r--r-- | test/openssl/test_ssl_session.rb | 1 | ||||
| -rw-r--r-- | test/openssl/test_x509name.rb | 9 |
4 files changed, 59 insertions, 17 deletions
diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb index 149d3b9b5d..6437112b74 100644 --- a/test/openssl/test_pkcs7.rb +++ b/test/openssl/test_pkcs7.rb @@ -133,6 +133,8 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s) assert_equal(3, recip[1].serial) assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert)) + + assert_equal(data, p7.decrypt(@rsa1024)) end def test_graceful_parsing_failure #[ruby-core:43250] diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 3b063d2e11..b8016677d3 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -47,6 +47,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal 2, ssl.peer_cert_chain.size assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock&.close @@ -65,6 +67,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal @svr_cert.subject, ssl.peer_cert.subject assert_equal [@svr_cert.subject, @ca_cert.subject], ssl.peer_cert_chain.map(&:subject) + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end @@ -157,6 +161,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_not_predicate sock, :closed? ensure @@ -168,6 +173,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.sync_close = true # !! ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_predicate sock, :closed? ensure @@ -259,7 +265,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase client_ca_from_server = sslconn.client_ca [@cli_cert, @cli_key] end - server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) } + server_connect(port, ctx) { |ssl| + assert_equal([@ca], client_ca_from_server) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } end @@ -356,21 +365,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } start_server { |port| - sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER ctx.verify_callback = Proc.new do |preverify_ok, store_ctx| store_ctx.error = OpenSSL::X509::V_OK true end - ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) - ssl.sync_close = true - begin - ssl.connect + server_connect(port, ctx) { |ssl| assert_equal(OpenSSL::X509::V_OK, ssl.verify_result) - ensure - ssl.close - end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } start_server(ignore_listener_error: true) { |port| @@ -455,6 +459,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")} assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert(ssl.post_connection_check("localhost")) @@ -476,6 +482,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert(ssl.post_connection_check("127.0.0.1")) assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -496,6 +504,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase @svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -516,8 +526,12 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, "www.example.com\0.evil.com")) assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255')) assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1')) - assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13::17')) + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::18')) assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17')) + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '44:0:0:0:0:0:0:17')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '0013:0000:0000:0000:0000:0000:0000:0017')) + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '1313:0000:0000:0000:0000:0000:0000:0017')) end end @@ -722,6 +736,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl.connect assert_equal @cli_cert.serial, ssl.peer_cert.serial assert_predicate fooctx, :frozen? + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -733,6 +749,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl.hostname = "bar.example.com" ssl.connect assert_equal @svr_cert.serial, ssl.peer_cert.serial + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -805,7 +823,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.hostname = name if expected_ok - assert_nothing_raised { ssl.connect } + ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets else assert_handshake_error { ssl.connect } end @@ -879,7 +898,9 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } start_server(ctx_proc: ctx_proc, ignore_listener_error: true) do |port| begin - server_connect(port) { } + server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } rescue OpenSSL::SSL::SSLError, Errno::ECONNRESET else supported << ver @@ -937,6 +958,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase if ver == cver server_connect(port, ctx1) { |ssl| assert_equal vmap[cver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } else assert_handshake_error { server_connect(port, ctx1) { } } @@ -950,6 +972,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase if ver == cver server_connect(port, ctx2) { |ssl| assert_equal vmap[cver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } else assert_handshake_error { server_connect(port, ctx2) { } } @@ -962,6 +985,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx3.min_version = ctx3.max_version = nil server_connect(port, ctx3) { |ssl| assert_equal vmap[ver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -980,6 +1004,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx1.min_version = cver server_connect(port, ctx1) { |ssl| assert_equal vmap[supported.last][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } # Client sets max_version @@ -988,6 +1013,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase if cver >= sver server_connect(port, ctx2) { |ssl| assert_equal vmap[cver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } else assert_handshake_error { server_connect(port, ctx2) { } } @@ -1006,6 +1032,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase if cver <= sver server_connect(port, ctx1) { |ssl| assert_equal vmap[sver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } else assert_handshake_error { server_connect(port, ctx1) { } } @@ -1020,6 +1047,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase else assert_equal vmap[cver][:name], ssl.ssl_version end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end } @@ -1086,6 +1114,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase start_server_version(:SSLv23, ctx_proc) { |port| server_connect(port) { |ssl| assert_equal(1, num_handshakes) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -1104,6 +1133,7 @@ if openssl?(1, 0, 2) || libressl? ctx.alpn_protocols = advertised server_connect(port, ctx) { |ssl| assert_equal(advertised.first, ssl.alpn_protocol) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -1226,14 +1256,11 @@ end end def test_close_after_socket_close - server_proc = proc { |ctx, ssl| - # Do nothing - } - start_server(server_proc: server_proc) { |port| + start_server { |port| sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) - ssl.sync_close = true ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets sock.close assert_nothing_raised do ssl.close @@ -1298,6 +1325,7 @@ end ctx.ciphers = "DEFAULT:!kRSA:!kEDH" server_connect(port, ctx) { |ssl| assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end @@ -1440,6 +1468,7 @@ end assert_equal "secp384r1", ssl.tmp_key.group.curve_name end end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } if openssl?(1, 0, 2) || libressl?(2, 5, 1) @@ -1455,6 +1484,7 @@ end server_connect(port, ctx) { |ssl| assert_equal "secp521r1", ssl.tmp_key.group.curve_name + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index 7b0f9acaed..e199f86d2b 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -113,6 +113,7 @@ __EOS__ non_resumable = nil start_server { |port| server_connect_with_session(port, nil, nil) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets non_resumable = ssl.session } } diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb index 2d92e645be..aca2d36fb0 100644 --- a/test/openssl/test_x509name.rb +++ b/test/openssl/test_x509name.rb @@ -371,6 +371,12 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase assert_equal "DC = org, DC = ruby-lang, " \ "CN = \"\\E3\\83\\95\\E3\\83\\BC, \\E3\\83\\90\\E3\\83\\BC\"", name.to_s(OpenSSL::X509::Name::ONELINE) + + empty = OpenSSL::X509::Name.new + assert_equal "", empty.to_s + assert_equal "", empty.to_s(OpenSSL::X509::Name::COMPAT) + assert_equal "", empty.to_s(OpenSSL::X509::Name::RFC2253) + assert_equal "", empty.to_s(OpenSSL::X509::Name::ONELINE) end def test_to_utf8 @@ -386,6 +392,9 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase expected = "CN=フー\\, バー,DC=ruby-lang,DC=org".force_encoding("UTF-8") assert_equal expected, str assert_equal Encoding.find("UTF-8"), str.encoding + + empty = OpenSSL::X509::Name.new + assert_equal "", empty.to_utf8 end def test_equals2 |