Add :ssl_min_version and :ssl_max_version options

Replace :ssl_version option with these two new options. These provide access to OpenSSL::SSL::SSLContext#{min,max}_version=, which is the recommended way to specify SSL/TLS protocol versions.
author: Kazuki Yamaguchi <k@rhe.jp> 2022-10-08 01:54:35 +0900
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2022-10-12 10:36:51 +0900
commit: 4e29ca0c4093133838eda852879b23ed4fad56b5 (patch)
tree: ab7aa278579daf757a6c20da5f00de87ebfe9857 /test/open-uri
parent: ced1d172804b6dfe39aa31a323ffab80a25223b9 (diff)
download: ruby-4e29ca0c4093133838eda852879b23ed4fad56b5.tar.gz
1 files changed, 18 insertions, 19 deletions
diff --git a/test/open-uri/test_ssl.rb b/test/open-uri/test_ssl.rb
index 2d6149e654..3f94cab40f 100644
--- a/test/open-uri/test_ssl.rb
+++ b/test/open-uri/test_ssl.rb
@@ -92,38 +92,37 @@ class TestOpenURISSL
     }
   end
 
-  def test_validation_ssl_version
-    with_https {|srv, dr, url|
-      setup_validation(srv, dr)
-      URI.open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE, :ssl_version => :TLSv1_2) {|f|
-        assert_equal("200", f.status[0])
-        assert_equal("ddd", f.read)
+  def test_validation_failure
+    unless /mswin|mingw/ =~ RUBY_PLATFORM
+      # on Windows, Errno::ECONNRESET will be raised, and it'll be eaten by
+      # WEBrick
+      log_tester = lambda {|server_log|
+        assert_equal(1, server_log.length)
+        assert_match(/ERROR OpenSSL::SSL::SSLError:/, server_log[0])
       }
+    end
+    with_https(log_tester) {|srv, dr, url, server_thread, server_log|
+      setup_validation(srv, dr)
+      assert_raise(OpenSSL::SSL::SSLError) { URI.open("#{url}/data") {} }
     }
   end
 
-  def test_validate_bad_ssl_version_silently
+  def test_ssl_min_version
     with_https {|srv, dr, url|
       setup_validation(srv, dr)
-      URI.open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE, :ssl_version => :TLS_no_such_version) {|f|
+      URI.open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE, :ssl_min_version => :TLS1_2) {|f|
         assert_equal("200", f.status[0])
         assert_equal("ddd", f.read)
       }
     }
   end
 
-  def test_validation_failure
-    unless /mswin|mingw/ =~ RUBY_PLATFORM
-      # on Windows, Errno::ECONNRESET will be raised, and it'll be eaten by
-      # WEBrick
-      log_tester = lambda {|server_log|
-        assert_equal(1, server_log.length)
-        assert_match(/ERROR OpenSSL::SSL::SSLError:/, server_log[0])
-      }
-    end
-    with_https(log_tester) {|srv, dr, url, server_thread, server_log|
+  def test_bad_ssl_version
+    with_https(nil) {|srv, dr, url|
       setup_validation(srv, dr)
-      assert_raise(OpenSSL::SSL::SSLError) { URI.open("#{url}/data") {} }
+      assert_raise(ArgumentError) {
+        URI.open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE, :ssl_min_version => :TLS_no_such_version) {}
+      }
     }
   end
author	Kazuki Yamaguchi <k@rhe.jp>	2022-10-08 01:54:35 +0900
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2022-10-12 10:36:51 +0900
commit	4e29ca0c4093133838eda852879b23ed4fad56b5 (patch)
tree	ab7aa278579daf757a6c20da5f00de87ebfe9857 /test/open-uri
parent	ced1d172804b6dfe39aa31a323ffab80a25223b9 (diff)
download	ruby-4e29ca0c4093133838eda852879b23ed4fad56b5.tar.gz