diff options
| author | rhe <rhe@ruby-lang.org> | 2016-05-18 04:07:47 +0000 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-31 11:31:27 +0900 |
| commit | 0789643d73334db4cd540d7981faa77c4acca3bc (patch) | |
| tree | 143e5ae1924eeb72d52a3e069c5866367301d4d0 | |
| parent | d69c35f5e06fc8db8bd1e0362023f57861ae5692 (diff) | |
| download | ruby-openssl-0789643d73334db4cd540d7981faa77c4acca3bc.tar.gz | |
openssl: clear OpenSSL error queue before return to Ruby
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
family may put errors on 0 return (0 means verification failure).
Clear OpenSSL error queue before return to Ruby. Since the queue is
thread global, remaining errors in the queue can cause an unexpected
error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215]
* ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.
* ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.
* ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.
* ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
queue before re-raising exception.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
* ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.
* test/openssl: check that OpenSSL.errors is empty every time after
running a test case.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
35 files changed, 99 insertions, 108 deletions
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index 2f79bfb2..19c517fd 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -129,7 +129,11 @@ dh_generate(int size, int gen) if (!gen_arg.result) { DH_free(dh); - if (cb_arg.state) rb_jump_tag(cb_arg.state); + if (cb_arg.state) { + /* Clear OpenSSL error queue before re-raising. */ + ossl_clear_error(); + rb_jump_tag(cb_arg.state); + } return 0; } #else diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index 2e42a0ce..4c0c3f1b 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -135,7 +135,14 @@ dsa_generate(int size) } if (!gen_arg.result) { DSA_free(dsa); - if (cb_arg.state) rb_jump_tag(cb_arg.state); + if (cb_arg.state) { + /* Clear OpenSSL error queue before re-raising. By the way, the + * documentation of DSA_generate_parameters_ex() says the error code + * can be obtained by ERR_get_error(), but the default + * implementation, dsa_builtin_paramgen() doesn't put any error... */ + ossl_clear_error(); + rb_jump_tag(cb_arg.state); + } return 0; } #else diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 20b993ab..6ad9f3ed 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -139,7 +139,11 @@ rsa_generate(int size, unsigned long exp) if (!gen_arg.result) { BN_free(e); RSA_free(rsa); - if (cb_arg.state) rb_jump_tag(cb_arg.state); + if (cb_arg.state) { + /* must clear OpenSSL error stack */ + ossl_clear_error(); + rb_jump_tag(cb_arg.state); + } return 0; } diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 10797109..938e36f1 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -1288,8 +1288,11 @@ ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, VALUE opts) ret = func(ssl); cb_state = rb_ivar_get(self, ID_callback_state); - if (!NIL_P(cb_state)) - rb_jump_tag(NUM2INT(cb_state)); + if (!NIL_P(cb_state)) { + /* must cleanup OpenSSL error stack before re-raising */ + ossl_clear_error(); + rb_jump_tag(NUM2INT(cb_state)); + } if (ret > 0) break; diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 4dafae17..226704ef 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -591,18 +591,19 @@ ossl_x509_verify(VALUE self, VALUE key) { X509 *x509; EVP_PKEY *pkey; - int i; pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ GetX509(self, x509); - if ((i = X509_verify(x509, pkey)) < 0) { - ossl_raise(eX509CertError, NULL); - } - if (i > 0) { + + switch (X509_verify(x509, pkey)) { + case 1: return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509CertError, NULL); } - - return Qfalse; } /* diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index f64712ef..a660ccce 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -360,17 +360,17 @@ static VALUE ossl_x509crl_verify(VALUE self, VALUE key) { X509_CRL *crl; - int ret; GetX509CRL(self, crl); - if ((ret = X509_CRL_verify(crl, GetPKeyPtr(key))) < 0) { - ossl_raise(eX509CRLError, NULL); - } - if (ret == 1) { + switch (X509_CRL_verify(crl, GetPKeyPtr(key))) { + case 1: return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509CRLError, NULL); } - - return Qfalse; } static VALUE diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c index e5ce088a..c1cdca5f 100644 --- a/ext/openssl/ossl_x509req.c +++ b/ext/openssl/ossl_x509req.c @@ -375,18 +375,18 @@ ossl_x509req_verify(VALUE self, VALUE key) { X509_REQ *req; EVP_PKEY *pkey; - int i; GetX509Req(self, req); pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ - if ((i = X509_REQ_verify(req, pkey)) < 0) { - ossl_raise(eX509ReqError, NULL); - } - if (i > 0) { + switch (X509_REQ_verify(req, pkey)) { + case 1: return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509ReqError, NULL); } - - return Qfalse; } static VALUE diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index bb6fe14d..aca25b15 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -464,14 +464,20 @@ static VALUE ossl_x509stctx_verify(VALUE self) { X509_STORE_CTX *ctx; - int result; GetX509StCtx(self, ctx); X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx, - (void*)rb_iv_get(self, "@verify_callback")); - result = X509_verify_cert(ctx); - - return result ? Qtrue : Qfalse; + (void *)rb_iv_get(self, "@verify_callback")); + + switch (X509_verify_cert(ctx)) { + case 1: + return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509CertError, NULL); + } } static VALUE diff --git a/test/test_asn1.rb b/test/test_asn1.rb index fd2118d8..9db9ec51 100644 --- a/test/test_asn1.rb +++ b/test/test_asn1.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false require_relative 'utils' -class OpenSSL::TestASN1 < Test::Unit::TestCase +class OpenSSL::TestASN1 < OpenSSL::TestCase def test_decode subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA") key = OpenSSL::TestUtils::TEST_KEY_RSA1024 diff --git a/test/test_bn.rb b/test/test_bn.rb index 415bd74c..37ba5e55 100644 --- a/test/test_bn.rb +++ b/test/test_bn.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestBN < Test::Unit::TestCase +class OpenSSL::TestBN < OpenSSL::TestCase def test_new_str e1 = OpenSSL::BN.new(999.to_s(16), 16) # OpenSSL::BN.new(str, 16) must be most stable e2 = OpenSSL::BN.new((2**107-1).to_s(16), 16) diff --git a/test/test_buffering.rb b/test/test_buffering.rb index 1f552c93..1f42cd3c 100644 --- a/test/test_buffering.rb +++ b/test/test_buffering.rb @@ -2,7 +2,7 @@ require_relative 'utils' require 'stringio' -class OpenSSL::TestBuffering < Test::Unit::TestCase +class OpenSSL::TestBuffering < OpenSSL::TestCase class IO include OpenSSL::Buffering diff --git a/test/test_cipher.rb b/test/test_cipher.rb index 32f0d118..dab64aa5 100644 --- a/test/test_cipher.rb +++ b/test/test_cipher.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestCipher < Test::Unit::TestCase +class OpenSSL::TestCipher < OpenSSL::TestCase class << self @@ -34,6 +34,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase end def teardown + super @c1 = @c2 = nil end diff --git a/test/test_config.rb b/test/test_config.rb index 812b28b9..3e2e1273 100644 --- a/test/test_config.rb +++ b/test/test_config.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false require_relative 'utils' -class OpenSSL::TestConfig < Test::Unit::TestCase +class OpenSSL::TestConfig < OpenSSL::TestCase def setup file = Tempfile.open("openssl.cnf") file << <<__EOD__ @@ -18,6 +18,7 @@ __EOD__ end def teardown + super @tmpfile.close! end diff --git a/test/test_digest.rb b/test/test_digest.rb index 8b724a03..ba3e974b 100644 --- a/test/test_digest.rb +++ b/test/test_digest.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestDigest < Test::Unit::TestCase +class OpenSSL::TestDigest < OpenSSL::TestCase def setup @d1 = OpenSSL::Digest.new("MD5") @d2 = OpenSSL::Digest::MD5.new @@ -12,6 +12,7 @@ class OpenSSL::TestDigest < Test::Unit::TestCase end def teardown + super @d1 = @d2 = @md = nil end diff --git a/test/test_engine.rb b/test/test_engine.rb index 3521de63..9a0da340 100644 --- a/test/test_engine.rb +++ b/test/test_engine.rb @@ -1,9 +1,10 @@ # frozen_string_literal: false require_relative 'utils' -class OpenSSL::TestEngine < Test::Unit::TestCase +class OpenSSL::TestEngine < OpenSSL::TestCase def teardown + super OpenSSL::Engine.cleanup # [ruby-core:40669] assert_equal(0, OpenSSL::Engine.engines.size) end diff --git a/test/test_fips.rb b/test/test_fips.rb index 33769c93..534dade0 100644 --- a/test/test_fips.rb +++ b/test/test_fips.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestFIPS < Test::Unit::TestCase +class OpenSSL::TestFIPS < OpenSSL::TestCase def test_fips_mode_is_reentrant OpenSSL.fips_mode = false diff --git a/test/test_hmac.rb b/test/test_hmac.rb index 135d26f0..3c90a5de 100644 --- a/test/test_hmac.rb +++ b/test/test_hmac.rb @@ -3,7 +3,7 @@ require_relative 'utils' -class OpenSSL::TestHMAC < Test::Unit::TestCase +class OpenSSL::TestHMAC < OpenSSL::TestCase def setup @digest = OpenSSL::Digest::MD5 @key = "KEY" @@ -12,9 +12,6 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase @h2 = OpenSSL::HMAC.new(@key, "MD5") end - def teardown - end - def test_hmac @h1.update(@data) @h2.update(@data) diff --git a/test/test_ns_spki.rb b/test/test_ns_spki.rb index 4f6e6f59..4740c0b2 100644 --- a/test/test_ns_spki.rb +++ b/test/test_ns_spki.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestNSSPI < Test::Unit::TestCase +class OpenSSL::TestNSSPI < OpenSSL::TestCase def setup # This request data is adopt from the specification of # "Netscape Extensions for User Key Generation". diff --git a/test/test_ocsp.rb b/test/test_ocsp.rb index 1a969fd7..d04b4216 100644 --- a/test/test_ocsp.rb +++ b/test/test_ocsp.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestOCSP < Test::Unit::TestCase +class OpenSSL::TestOCSP < OpenSSL::TestCase def setup ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA") ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024 diff --git a/test/test_pair.rb b/test/test_pair.rb index f815eca0..4251f1ba 100644 --- a/test/test_pair.rb +++ b/test/test_pair.rb @@ -517,36 +517,36 @@ module OpenSSL::TestPairM end end -class OpenSSL::TestEOF1 < Test::Unit::TestCase +class OpenSSL::TestEOF1 < OpenSSL::TestCase include TestEOF include OpenSSL::SSLPair include OpenSSL::TestEOF1M end -class OpenSSL::TestEOF1LowlevelSocket < Test::Unit::TestCase +class OpenSSL::TestEOF1LowlevelSocket < OpenSSL::TestCase include TestEOF include OpenSSL::SSLPairLowlevelSocket include OpenSSL::TestEOF1M end -class OpenSSL::TestEOF2 < Test::Unit::TestCase +class OpenSSL::TestEOF2 < OpenSSL::TestCase include TestEOF include OpenSSL::SSLPair include OpenSSL::TestEOF2M end -class OpenSSL::TestEOF2LowlevelSocket < Test::Unit::TestCase +class OpenSSL::TestEOF2LowlevelSocket < OpenSSL::TestCase include TestEOF include OpenSSL::SSLPairLowlevelSocket include OpenSSL::TestEOF2M end -class OpenSSL::TestPair < Test::Unit::TestCase +class OpenSSL::TestPair < OpenSSL::TestCase include OpenSSL::SSLPair include OpenSSL::TestPairM end -class OpenSSL::TestPairLowlevelSocket < Test::Unit::TestCase +class OpenSSL::TestPairLowlevelSocket < OpenSSL::TestCase include OpenSSL::SSLPairLowlevelSocket include OpenSSL::TestPairM end diff --git a/test/test_pkcs12.rb b/test/test_pkcs12.rb index ba07d767..61fb4474 100644 --- a/test/test_pkcs12.rb +++ b/test/test_pkcs12.rb @@ -4,7 +4,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) module OpenSSL - class TestPKCS12 < Test::Unit::TestCase + class TestPKCS12 < OpenSSL::TestCase include OpenSSL::TestUtils def setup diff --git a/test/test_pkcs5.rb b/test/test_pkcs5.rb index f38fd716..ad8132c2 100644 --- a/test/test_pkcs5.rb +++ b/test/test_pkcs5.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false require_relative 'utils' -class OpenSSL::TestPKCS5 < Test::Unit::TestCase +class OpenSSL::TestPKCS5 < OpenSSL::TestCase def test_pbkdf2_hmac_sha1_rfc6070_c_1_len_20 p ="password" diff --git a/test/test_pkcs7.rb b/test/test_pkcs7.rb index ce99db50..dfe4c6ca 100644 --- a/test/test_pkcs7.rb +++ b/test/test_pkcs7.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestPKCS7 < Test::Unit::TestCase +class OpenSSL::TestPKCS7 < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 diff --git a/test/test_pkey_dh.rb b/test/test_pkey_dh.rb index a0eca53c..afd7a318 100644 --- a/test/test_pkey_dh.rb +++ b/test/test_pkey_dh.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestPKeyDH < Test::Unit::TestCase +class OpenSSL::TestPKeyDH < OpenSSL::TestCase NEW_KEYLEN = 256 diff --git a/test/test_pkey_dsa.rb b/test/test_pkey_dsa.rb index eb3e4f1c..2c0e1fc2 100644 --- a/test/test_pkey_dsa.rb +++ b/test/test_pkey_dsa.rb @@ -4,7 +4,7 @@ require 'base64' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestPKeyDSA < Test::Unit::TestCase +class OpenSSL::TestPKeyDSA < OpenSSL::TestCase def test_private key = OpenSSL::PKey::DSA.new(256) assert(key.private?) @@ -20,7 +20,6 @@ class OpenSSL::TestPKeyDSA < Test::Unit::TestCase key = OpenSSL::PKey::DSA.new 256 pem = key.public_key.to_pem OpenSSL::PKey::DSA.new pem - assert_equal([], OpenSSL.errors) end def test_new_break @@ -84,7 +83,6 @@ end assert_equal(g, key.g) assert_equal(y, key.pub_key) assert_equal(nil, key.priv_key) - assert_equal([], OpenSSL.errors) end def test_read_DSAPublicKey_pem @@ -109,7 +107,6 @@ fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ== assert_equal(g, key.g) assert_equal(y, key.pub_key) assert_equal(nil, key.priv_key) - assert_equal([], OpenSSL.errors) end def test_read_DSA_PUBKEY_pem @@ -135,7 +132,6 @@ YNMbNw== assert_equal(g, key.g) assert_equal(y, key.pub_key) assert_equal(nil, key.priv_key) - assert_equal([], OpenSSL.errors) end def test_export_format_is_DSA_PUBKEY_pem @@ -165,7 +161,6 @@ YNMbNw== pub_key = OpenSSL::ASN1.decode(seq[1].value) assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag) assert_equal(key.pub_key, pub_key.value) - assert_equal([], OpenSSL.errors) end def test_read_private_key_der @@ -174,7 +169,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(der) assert(key2.private?) assert_equal(der, key2.to_der) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem @@ -183,7 +177,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(pem) assert(key2.private?) assert_equal(pem, key2.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_public_key_der @@ -192,7 +185,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(der) assert(!key2.private?) assert_equal(der, key2.to_der) - assert_equal([], OpenSSL.errors) end def test_read_public_key_pem @@ -201,7 +193,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(pem) assert(!key2.private?) assert_equal(pem, key2.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem_pw @@ -216,7 +207,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(pem, 'secret') assert(key2.private?) #omit pem equality check, will be different due to cipher iv - assert_equal([], OpenSSL.errors) end def test_export_password_length diff --git a/test/test_pkey_ec.rb b/test/test_pkey_ec.rb index d3edcc47..c530ee06 100644 --- a/test/test_pkey_ec.rb +++ b/test/test_pkey_ec.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::PKey::EC) -class OpenSSL::TestEC < Test::Unit::TestCase +class OpenSSL::TestEC < OpenSSL::TestCase def setup @data1 = 'foo' @data2 = 'bar' * 1000 # data too long for DSA sig @@ -131,7 +131,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec2 = OpenSSL::PKey.read(der) assert(ec2.private_key?) assert_equal(der, ec2.to_der) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem @@ -140,7 +139,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec2 = OpenSSL::PKey.read(pem) assert(ec2.private_key?) assert_equal(pem, ec2.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_public_key_der @@ -151,7 +149,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec3 = OpenSSL::PKey.read(der) assert(!ec3.private_key?) assert_equal(der, ec3.to_der) - assert_equal([], OpenSSL.errors) end def test_read_public_key_pem @@ -162,7 +159,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec3 = OpenSSL::PKey.read(pem) assert(!ec3.private_key?) assert_equal(pem, ec3.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem_pw @@ -177,7 +173,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec2 = OpenSSL::PKey.read(pem, 'secret') assert(ec2.private_key?) #omit pem equality check, will be different due to cipher iv - assert_equal([], OpenSSL.errors) end def test_export_password_length diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb index 165b1ec9..54fce2f5 100644 --- a/test/test_pkey_rsa.rb +++ b/test/test_pkey_rsa.rb @@ -4,7 +4,7 @@ require 'base64' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestPKeyRSA < Test::Unit::TestCase +class OpenSSL::TestPKeyRSA < OpenSSL::TestCase def test_padding key = OpenSSL::PKey::RSA.new(512, 3) @@ -180,7 +180,6 @@ AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE= assert_equal(nil, key.d) assert_equal(nil, key.p) assert_equal(nil, key.q) - assert_equal([], OpenSSL.errors) end def test_read_RSA_PUBKEY_pem @@ -201,7 +200,6 @@ AwEAAQ== assert_equal(nil, key.d) assert_equal(nil, key.p) assert_equal(nil, key.q) - assert_equal([], OpenSSL.errors) end def test_export_format_is_RSA_PUBKEY @@ -223,7 +221,6 @@ AwEAAQ== key = OpenSSL::PKey.read(der) assert(key.private?) assert_equal(der, key.to_der) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem @@ -231,7 +228,6 @@ AwEAAQ== key = OpenSSL::PKey.read(pem) assert(key.private?) assert_equal(pem, key.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_public_key_der @@ -239,7 +235,6 @@ AwEAAQ== key = OpenSSL::PKey.read(der) assert(!key.private?) assert_equal(der, key.to_der) - assert_equal([], OpenSSL.errors) end def test_read_public_key_pem @@ -247,7 +242,6 @@ AwEAAQ== key = OpenSSL::PKey.read(pem) assert(!key.private?) assert_equal(pem, key.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem_pw @@ -261,7 +255,6 @@ AwEAAQ== key = OpenSSL::PKey.read(pem, 'secret') assert(key.private?) #omit pem equality check, will be different due to cipher iv - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem_pw_exception @@ -272,7 +265,6 @@ AwEAAQ== raise RuntimeError end end - assert_equal([], OpenSSL.errors) end def test_export_password_length @@ -306,7 +298,6 @@ AwEAAQ== assert_equal(key.n, pub_key.value[0].value) assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag) assert_equal(key.e, pub_key.value[1].value) - assert_equal([], OpenSSL.errors) end end diff --git a/test/test_random.rb b/test/test_random.rb index 8c69d543..defa09dd 100644 --- a/test/test_random.rb +++ b/test/test_random.rb @@ -4,7 +4,7 @@ begin rescue LoadError end -class OpenSSL::TestRandom < Test::Unit::TestCase +class OpenSSL::TestRandom < OpenSSL::TestCase def test_random_bytes assert_equal("", OpenSSL::Random.random_bytes(0)) assert_equal(12, OpenSSL::Random.random_bytes(12).bytesize) diff --git a/test/test_x509cert.rb b/test/test_x509cert.rb index 72cb9e60..ae7a0f08 100644 --- a/test/test_x509cert.rb +++ b/test/test_x509cert.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Certificate < Test::Unit::TestCase +class OpenSSL::TestX509Certificate < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @@ -14,9 +14,6 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") end - def teardown - end - def issue_cert(*args) OpenSSL::TestUtils.issue_cert(*args) end diff --git a/test/test_x509crl.rb b/test/test_x509crl.rb index 7994ddea..fd66c975 100644 --- a/test/test_x509crl.rb +++ b/test/test_x509crl.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509CRL < Test::Unit::TestCase +class OpenSSL::TestX509CRL < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @@ -14,9 +14,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") end - def teardown - end - def issue_crl(*args) OpenSSL::TestUtils.issue_crl(*args) end diff --git a/test/test_x509ext.rb b/test/test_x509ext.rb index e6d49bb6..99e2eda5 100644 --- a/test/test_x509ext.rb +++ b/test/test_x509ext.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Extension < Test::Unit::TestCase +class OpenSSL::TestX509Extension < OpenSSL::TestCase def setup @basic_constraints_value = OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::Boolean(true), # CA @@ -16,9 +16,6 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase ]) end - def teardown - end - def test_new ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der) assert_equal("basicConstraints", ext.oid) diff --git a/test/test_x509name.rb b/test/test_x509name.rb index 56e79879..d26174ef 100644 --- a/test/test_x509name.rb +++ b/test/test_x509name.rb @@ -4,7 +4,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Name < Test::Unit::TestCase +class OpenSSL::TestX509Name < OpenSSL::TestCase OpenSSL::ASN1::ObjectId.register( "1.2.840.113549.1.9.1", "emailAddress", "emailAddress") OpenSSL::ASN1::ObjectId.register( @@ -15,9 +15,6 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase @obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE) end - def teardown - end - def test_s_new dn = [ ["C", "JP"], ["O", "example"], ["CN", "www.example.jp"] ] name = OpenSSL::X509::Name.new(dn) diff --git a/test/test_x509req.rb b/test/test_x509req.rb index ee2347b5..c473b47a 100644 --- a/test/test_x509req.rb +++ b/test/test_x509req.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Request < Test::Unit::TestCase +class OpenSSL::TestX509Request < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 diff --git a/test/test_x509store.rb b/test/test_x509store.rb index 9964cc8f..6a443a7c 100644 --- a/test/test_x509store.rb +++ b/test/test_x509store.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Store < Test::Unit::TestCase +class OpenSSL::TestX509Store < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @@ -15,9 +15,6 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") end - def teardown - end - def test_nosegv_on_cleanup cert = OpenSSL::X509::Certificate.new store = OpenSSL::X509::Store.new diff --git a/test/utils.rb b/test/utils.rb index 8e21b977..8ce53290 100644 --- a/test/utils.rb +++ b/test/utils.rb @@ -182,7 +182,14 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC end end - class OpenSSL::SSLTestCase < Test::Unit::TestCase + class OpenSSL::TestCase < Test::Unit::TestCase + def teardown + # OpenSSL error stack must be empty + assert_equal([], OpenSSL.errors) + end + end + + class OpenSSL::SSLTestCase < OpenSSL::TestCase RUBY = EnvUtil.rubybin ITERATIONS = ($0 == __FILE__) ? 100 : 10 @@ -207,9 +214,6 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC @server = nil end - def teardown - end - def issue_cert(*arg) OpenSSL::TestUtils.issue_cert(*arg) end |