summaryrefslogtreecommitdiff
path: root/test/net/http/test_https.rb
diff options
context:
space:
mode:
authorrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-08-08 14:13:55 +0000
committerrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-08-08 14:13:55 +0000
commit1dfc377ae3b174b043d3f0ed36de57b0296b34d0 (patch)
tree88227c69fed008bdf8302805af933dfd4dbb9844 /test/net/http/test_https.rb
parenta0f292bbcd6421b0cb87b84cb34887c7e020727b (diff)
downloadruby-1dfc377ae3b174b043d3f0ed36de57b0296b34d0.tar.gz
net/http, net/ftp: fix session resumption with TLS 1.3
When TLS 1.3 is in use, the session ticket may not have been sent yet even though a handshake has finished. Also, the ticket could change if multiple session ticket messages are sent by the server. Use SSLContext#session_new_cb instead of calling SSLSocket#session immediately after a handshake. This way also works with earlier protocol versions. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/net/http/test_https.rb')
-rw-r--r--test/net/http/test_https.rb35
1 files changed, 10 insertions, 25 deletions
diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb
index 8004d5c5f2..a5182a1fe9 100644
--- a/test/net/http/test_https.rb
+++ b/test/net/http/test_https.rb
@@ -73,18 +73,9 @@ class TestNetHTTPS < Test::Unit::TestCase
http.start
http.get("/")
- http.finish # three times due to possible bug in OpenSSL 0.9.8
-
- sid = http.instance_variable_get(:@ssl_session).id
-
- http.start
- http.get("/")
socket = http.instance_variable_get(:@socket).io
-
- assert socket.session_reused?
-
- assert_equal sid, http.instance_variable_get(:@ssl_session).id
+ assert_equal true, socket.session_reused?
http.finish
rescue SystemCallError
@@ -101,16 +92,12 @@ class TestNetHTTPS < Test::Unit::TestCase
http.get("/")
http.finish
- sid = http.instance_variable_get(:@ssl_session).id
-
http.start
http.get("/")
socket = http.instance_variable_get(:@socket).io
assert_equal false, socket.session_reused?
- assert_not_equal sid, http.instance_variable_get(:@ssl_session).id
-
http.finish
rescue SystemCallError
skip $!
@@ -160,15 +147,16 @@ class TestNetHTTPS < Test::Unit::TestCase
end
def test_identity_verify_failure
+ # the certificate's subject has CN=localhost
http = Net::HTTP.new("127.0.0.1", config("port"))
http.use_ssl = true
- http.verify_callback = Proc.new do |preverify_ok, store_ctx|
- true
- end
+ http.cert_store = TEST_STORE
+ @log_tester = lambda {|_| }
ex = assert_raise(OpenSSL::SSL::SSLError){
http.request_get("/") {|res| }
}
- assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
+ re_msg = /certificate verify failed|hostname \"127.0.0.1\" does not match/
+ assert_match(re_msg, ex.message)
end
def test_timeout_during_SSL_handshake
@@ -193,16 +181,13 @@ class TestNetHTTPS < Test::Unit::TestCase
end
def test_min_version
- http = Net::HTTP.new("127.0.0.1", config("port"))
+ http = Net::HTTP.new("localhost", config("port"))
http.use_ssl = true
http.min_version = :TLS1
- http.verify_callback = Proc.new do |preverify_ok, store_ctx|
- true
- end
- ex = assert_raise(OpenSSL::SSL::SSLError){
- http.request_get("/") {|res| }
+ http.cert_store = TEST_STORE
+ http.request_get("/") {|res|
+ assert_equal($test_net_http_data, res.body)
}
- assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
end
def test_max_version