diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-09-06 07:36:17 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-09-07 09:11:19 +0900 |
| commit | c9d1659f4027049af451acce8f3240b5fe74cfd8 (patch) | |
| tree | df5c9734f7a5a377e4fd31772dd94628f5349d16 | |
| parent | ad2e76adfb2a609cd53c4904b5a810e2b7f332ca (diff) | |
| download | ruby-openssl-c9d1659f4027049af451acce8f3240b5fe74cfd8.tar.gz | |
test/utils: remove use_anon_cipher option from SSLTestCase#start_servertopic/ssl-test-cleanup
Only TestSSL#test_post_connect_check_with_anon_ciphers uses it. The
option just sets 'ADH-AES256-GCM-SHA384' as the available cipher suites
and set the security level of the context to 0 - both can be achieved
using ctx_proc option of start_server. And we don't have to stick to the
cipher suite 'ADH-AES256-GCM-SHA384' so specify 'aNULL' instead. This
allows removing the cipher suite existence check.
| -rw-r--r-- | test/test_ssl.rb | 11 | ||||
| -rw-r--r-- | test/utils.rb | 4 |
2 files changed, 8 insertions, 7 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 23c508c0..0af93a8b 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -356,19 +356,22 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_post_connect_check_with_anon_ciphers - sslerr = OpenSSL::SSL::SSLError + ctx_proc = -> ctx { + ctx.ciphers = "aNULL" + ctx.security_level = 0 + } - start_server(use_anon_cipher: true) { |server, port| + start_server(ctx_proc: ctx_proc) { |server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.ciphers = "aNULL" ctx.security_level = 0 server_connect(port, ctx) { |ssl| - assert_raise_with_message(sslerr, /anonymous cipher suite/i){ + assert_raise_with_message(OpenSSL::SSL::SSLError, /anonymous cipher suite/i) { ssl.post_connection_check("localhost.localdomain") } } } - end if OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384 + end def test_post_connection_check sslerr = OpenSSL::SSL::SSLError diff --git a/test/utils.rb b/test/utils.rb index 45ea8766..6f3a3c6d 100644 --- a/test/utils.rb +++ b/test/utils.rb @@ -279,14 +279,12 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC def start_server(verify_mode: OpenSSL::SSL::VERIFY_NONE, start_immediately: true, ctx_proc: nil, server_proc: method(:readwrite_loop), - use_anon_cipher: false, ignore_listener_error: false, &block) + ignore_listener_error: false, &block) IO.pipe {|stop_pipe_r, stop_pipe_w| store = OpenSSL::X509::Store.new store.add_cert(@ca_cert) store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT ctx = OpenSSL::SSL::SSLContext.new - ctx.ciphers = "ADH-AES256-GCM-SHA384" if use_anon_cipher - ctx.security_level = 0 if use_anon_cipher ctx.cert_store = store ctx.cert = @svr_cert ctx.key = @svr_key |