diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2018-05-11 14:12:39 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2018-05-11 14:28:04 +0900 |
| commit | a5e26bc1345fe325bdc619f9b1768b7ad3c94214 (patch) | |
| tree | 6dacc616c0f9af47ac4199bbe6d6c98ec673bb04 | |
| parent | 71057ca5963108bac1e2c31bd0e8e205ba74cc19 (diff) | |
| download | ruby-openssl-a5e26bc1345fe325bdc619f9b1768b7ad3c94214.tar.gz | |
test/test_ssl_session: set client protocol version explicitlyky/openssl-1.1.1
Clients that implement TLS 1.3's Middlebox Compatibility Mode will
always provide a non-empty session ID in the ClientHello. This means
the "get" callback for the server-side session caching may be called
for the initial connection.
| -rw-r--r-- | test/test_ssl_session.rb | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb index af8c65b1..6db0c2d1 100644 --- a/test/test_ssl_session.rb +++ b/test/test_ssl_session.rb @@ -198,7 +198,9 @@ __EOS__ first_session = nil 10.times do |i| connections = i - server_connect_with_session(port, nil, first_session) { |ssl| + cctx = OpenSSL::SSL::SSLContext.new + cctx.ssl_version = :TLSv1_2 + server_connect_with_session(port, cctx, first_session) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets first_session ||= ssl.session @@ -257,6 +259,8 @@ __EOS__ connections = nil called = {} + cctx = OpenSSL::SSL::SSLContext.new + cctx.ssl_version = :TLSv1_2 sctx = nil ctx_proc = Proc.new { |ctx| sctx = ctx @@ -292,7 +296,7 @@ __EOS__ } start_server(ctx_proc: ctx_proc) do |port| connections = 0 - sess0 = server_connect_with_session(port, nil, nil) { |ssl| + sess0 = server_connect_with_session(port, cctx, nil) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal false, ssl.session_reused? ssl.session @@ -307,7 +311,7 @@ __EOS__ # Internal cache hit connections = 1 - server_connect_with_session(port, nil, sess0.dup) { |ssl| + server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal true, ssl.session_reused? ssl.session @@ -328,7 +332,7 @@ __EOS__ # External cache hit connections = 2 - sess2 = server_connect_with_session(port, nil, sess0.dup) { |ssl| + sess2 = server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets if !ssl.session_reused? && openssl?(1, 1, 0) && !openssl?(1, 1, 0, 7) # OpenSSL >= 1.1.0, < 1.1.0g @@ -355,7 +359,7 @@ __EOS__ # Cache miss connections = 3 - sess3 = server_connect_with_session(port, nil, sess0.dup) { |ssl| + sess3 = server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal false, ssl.session_reused? ssl.session |