diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2018-08-08 17:11:45 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-08-08 17:11:45 +0900 |
| commit | 54adb0dd7c33d863341570bdc781ead25e2c3a78 (patch) | |
| tree | f616310088e666df4265593dd7462d893dd1c1a6 | |
| parent | e092ed92cb04980318c229b811d01c346ee44cfb (diff) | |
| parent | 6fcc6c0efc42d1c6325cf4bb0ca16e2a448cdbed (diff) | |
| download | ruby-openssl-54adb0dd7c33d863341570bdc781ead25e2c3a78.tar.gz | |
Merge pull request #209 from rhenium/ky/openssl-1.1.1-part2
Test matrix update and additional test fixes for OpenSSL 1.1.1
| -rw-r--r-- | .travis.yml | 18 | ||||
| -rw-r--r-- | Dockerfile | 2 | ||||
| -rw-r--r-- | test/test_ssl.rb | 45 | ||||
| -rw-r--r-- | test/test_ssl_session.rb | 1 | ||||
| -rw-r--r-- | tool/ruby-openssl-docker/Dockerfile | 44 | ||||
| -rwxr-xr-x | tool/ruby-openssl-docker/init.sh | 2 |
6 files changed, 77 insertions, 35 deletions
diff --git a/.travis.yml b/.travis.yml index 1342da6d..e6b18af3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,14 +18,17 @@ matrix: fast_finish: true include: - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.2 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.0 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.1 - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.2 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.1.0 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.3 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.4 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.5 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.6 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.0.0 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.0.1 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.0.2 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.1.0 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.1.1 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=libressl-2.3 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=libressl-2.4 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=libressl-2.5 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=libressl-2.6 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=libressl-2.7 - language: ruby rvm: ruby-head before_install: @@ -36,3 +39,4 @@ matrix: allow_failures: - language: ruby rvm: ruby-head + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.1.1 @@ -1 +1 @@ -FROM zzak/ruby-openssl-docker:2.0 +FROM zzak/ruby-openssl-docker:testing diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 7bb32adf..408c7d82 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -48,6 +48,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal 2, ssl.peer_cert_chain.size assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock&.close @@ -77,6 +79,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_not_predicate sock, :closed? ensure @@ -88,6 +91,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.sync_close = true # !! ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_predicate sock, :closed? ensure @@ -179,7 +183,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase client_ca_from_server = sslconn.client_ca [@cli_cert, @cli_key] end - server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) } + server_connect(port, ctx) { |ssl| + assert_equal([@ca], client_ca_from_server) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } end @@ -276,21 +283,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } start_server { |port| - sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER ctx.verify_callback = Proc.new do |preverify_ok, store_ctx| store_ctx.error = OpenSSL::X509::V_OK true end - ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) - ssl.sync_close = true - begin - ssl.connect + server_connect(port, ctx) { |ssl| assert_equal(OpenSSL::X509::V_OK, ssl.verify_result) - ensure - ssl.close - end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } start_server(ignore_listener_error: true) { |port| @@ -377,6 +379,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")} assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert(ssl.post_connection_check("localhost")) @@ -398,6 +402,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert(ssl.post_connection_check("127.0.0.1")) assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -418,6 +424,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase @svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -644,6 +652,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl.connect assert_equal @cli_cert.serial, ssl.peer_cert.serial assert_predicate fooctx, :frozen? + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -655,6 +665,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl.hostname = "bar.example.com" ssl.connect assert_equal @svr_cert.serial, ssl.peer_cert.serial + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -727,7 +739,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.hostname = name if expected_ok - assert_nothing_raised { ssl.connect } + ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets else assert_handshake_error { ssl.connect } end @@ -856,6 +869,7 @@ end start_server_version(:SSLv23, ctx_proc) { |port| server_connect(port) { |ssl| assert_equal(1, num_handshakes) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -874,6 +888,7 @@ if openssl?(1, 0, 2) || libressl? ctx.alpn_protocols = advertised server_connect(port, ctx) { |ssl| assert_equal(advertised.first, ssl.alpn_protocol) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -996,14 +1011,11 @@ end end def test_close_after_socket_close - server_proc = proc { |ctx, ssl| - # Do nothing - } - start_server(server_proc: server_proc) { |port| + start_server { |port| sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) - ssl.sync_close = true ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets sock.close assert_nothing_raised do ssl.close @@ -1068,6 +1080,7 @@ end ctx.ciphers = "DEFAULT:!kRSA:!kEDH" server_connect(port, ctx) { |ssl| assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end @@ -1158,6 +1171,7 @@ end assert_equal "secp384r1", ssl.tmp_key.group.curve_name end end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } if openssl?(1, 0, 2) || libressl?(2, 5, 1) @@ -1173,6 +1187,7 @@ end server_connect(port, ctx) { |ssl| assert_equal "secp521r1", ssl.tmp_key.group.curve_name + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb index 6db0c2d1..78b160ed 100644 --- a/test/test_ssl_session.rb +++ b/test/test_ssl_session.rb @@ -113,6 +113,7 @@ __EOS__ non_resumable = nil start_server { |port| server_connect_with_session(port, nil, nil) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets non_resumable = ssl.session } } diff --git a/tool/ruby-openssl-docker/Dockerfile b/tool/ruby-openssl-docker/Dockerfile index b8ed4bca..4e28493a 100644 --- a/tool/ruby-openssl-docker/Dockerfile +++ b/tool/ruby-openssl-docker/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:16.04 +FROM ubuntu:18.04 RUN apt-get update && apt-get install -y --no-install-recommends \ autoconf \ @@ -29,21 +29,29 @@ RUN curl -s https://www.openssl.org/source/openssl-1.0.1u.tar.gz | tar -C /build shared linux-x86_64 && \ make && make install_sw -RUN curl -s https://www.openssl.org/source/openssl-1.0.2l.tar.gz | tar -C /build/openssl -xzf - && \ - cd /build/openssl/openssl-1.0.2l && \ +RUN curl -s https://www.openssl.org/source/openssl-1.0.2o.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/openssl-1.0.2o && \ ./Configure \ --openssldir=/opt/openssl/openssl-1.0.2 \ shared linux-x86_64 && \ make && make install_sw -RUN curl -s https://www.openssl.org/source/openssl-1.1.0f.tar.gz | tar -C /build/openssl -xzf - && \ - cd /build/openssl/openssl-1.1.0f && \ +RUN curl -s https://www.openssl.org/source/openssl-1.1.0h.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/openssl-1.1.0h && \ ./Configure \ --prefix=/opt/openssl/openssl-1.1.0 \ enable-crypto-mdebug enable-crypto-mdebug-backtrace \ linux-x86_64 && \ make && make install_sw +RUN curl -s https://www.openssl.org/source/openssl-1.1.1-pre8.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/openssl-1.1.1-pre8 && \ + ./Configure \ + --prefix=/opt/openssl/openssl-1.1.1 \ + enable-crypto-mdebug enable-crypto-mdebug-backtrace \ + linux-x86_64 && \ + make && make install_sw + # Supported libressl versions: 2.3- RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.10.tar.gz | tar -C /build/openssl -xzf - && \ cd /build/openssl/libressl-2.3.10 && \ @@ -63,30 +71,44 @@ RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.5.tar.gz | --prefix=/opt/openssl/libressl-2.5 && \ make && make install -RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.1.tar.gz | tar -C /build/openssl -xzf - && \ - cd /build/openssl/libressl-2.6.1 && \ +RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/libressl-2.6.5 && \ ./configure \ --prefix=/opt/openssl/libressl-2.6 && \ make && make install +RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/libressl-2.7.4 && \ + ./configure \ + --prefix=/opt/openssl/libressl-2.7 && \ + make && make install + # Supported Ruby versions: 2.3- RUN mkdir -p /build/ruby -RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.5.tar.gz | tar -C /build/ruby -xzf - && \ - cd /build/ruby/ruby-2.3.5 && \ +RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.7.tar.gz | tar -C /build/ruby -xzf - && \ + cd /build/ruby/ruby-2.3.7 && \ autoconf && ./configure \ --without-openssl \ --prefix=/opt/ruby/ruby-2.3 \ --disable-install-doc && \ make && make install -RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.2.tar.gz | tar -C /build/ruby -xzf - && \ - cd /build/ruby/ruby-2.4.2 && \ +RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.gz | tar -C /build/ruby -xzf - && \ + cd /build/ruby/ruby-2.4.4 && \ autoconf && ./configure \ --without-openssl \ --prefix=/opt/ruby/ruby-2.4 \ --disable-install-doc && \ make && make install +RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.1.tar.gz | tar -C /build/ruby -xzf - && \ + cd /build/ruby/ruby-2.5.1 && \ + autoconf && ./configure \ + --without-openssl \ + --prefix=/opt/ruby/ruby-2.5 \ + --disable-install-doc && \ + make && make install + ONBUILD ADD . /home/openssl/code ONBUILD WORKDIR /home/openssl/code diff --git a/tool/ruby-openssl-docker/init.sh b/tool/ruby-openssl-docker/init.sh index 4d97e28c..a6bc6607 100755 --- a/tool/ruby-openssl-docker/init.sh +++ b/tool/ruby-openssl-docker/init.sh @@ -2,7 +2,7 @@ if [[ "$RUBY_VERSION" = "" ]] then - RUBY_VERSION=ruby-2.4 + RUBY_VERSION=ruby-2.5 fi if [[ "$OPENSSL_VERSION" = "" ]] |