diff options
| author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-08 14:13:55 +0000 |
|---|---|---|
| committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-08 14:13:55 +0000 |
| commit | 1dfc377ae3b174b043d3f0ed36de57b0296b34d0 (patch) | |
| tree | 88227c69fed008bdf8302805af933dfd4dbb9844 /test | |
| parent | a0f292bbcd6421b0cb87b84cb34887c7e020727b (diff) | |
| download | ruby-1dfc377ae3b174b043d3f0ed36de57b0296b34d0.tar.gz | |
net/http, net/ftp: fix session resumption with TLS 1.3
When TLS 1.3 is in use, the session ticket may not have been sent yet
even though a handshake has finished. Also, the ticket could change if
multiple session ticket messages are sent by the server. Use
SSLContext#session_new_cb instead of calling SSLSocket#session
immediately after a handshake. This way also works with earlier protocol
versions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
| -rw-r--r-- | test/net/http/test_https.rb | 35 |
1 files changed, 10 insertions, 25 deletions
diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb index 8004d5c5f2..a5182a1fe9 100644 --- a/test/net/http/test_https.rb +++ b/test/net/http/test_https.rb @@ -73,18 +73,9 @@ class TestNetHTTPS < Test::Unit::TestCase http.start http.get("/") - http.finish # three times due to possible bug in OpenSSL 0.9.8 - - sid = http.instance_variable_get(:@ssl_session).id - - http.start - http.get("/") socket = http.instance_variable_get(:@socket).io - - assert socket.session_reused? - - assert_equal sid, http.instance_variable_get(:@ssl_session).id + assert_equal true, socket.session_reused? http.finish rescue SystemCallError @@ -101,16 +92,12 @@ class TestNetHTTPS < Test::Unit::TestCase http.get("/") http.finish - sid = http.instance_variable_get(:@ssl_session).id - http.start http.get("/") socket = http.instance_variable_get(:@socket).io assert_equal false, socket.session_reused? - assert_not_equal sid, http.instance_variable_get(:@ssl_session).id - http.finish rescue SystemCallError skip $! @@ -160,15 +147,16 @@ class TestNetHTTPS < Test::Unit::TestCase end def test_identity_verify_failure + # the certificate's subject has CN=localhost http = Net::HTTP.new("127.0.0.1", config("port")) http.use_ssl = true - http.verify_callback = Proc.new do |preverify_ok, store_ctx| - true - end + http.cert_store = TEST_STORE + @log_tester = lambda {|_| } ex = assert_raise(OpenSSL::SSL::SSLError){ http.request_get("/") {|res| } } - assert_match(/hostname \"127.0.0.1\" does not match/, ex.message) + re_msg = /certificate verify failed|hostname \"127.0.0.1\" does not match/ + assert_match(re_msg, ex.message) end def test_timeout_during_SSL_handshake @@ -193,16 +181,13 @@ class TestNetHTTPS < Test::Unit::TestCase end def test_min_version - http = Net::HTTP.new("127.0.0.1", config("port")) + http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true http.min_version = :TLS1 - http.verify_callback = Proc.new do |preverify_ok, store_ctx| - true - end - ex = assert_raise(OpenSSL::SSL::SSLError){ - http.request_get("/") {|res| } + http.cert_store = TEST_STORE + http.request_get("/") {|res| + assert_equal($test_net_http_data, res.body) } - assert_match(/hostname \"127.0.0.1\" does not match/, ex.message) end def test_max_version |