diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2018-08-08 19:03:30 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2018-08-08 19:03:30 +0900 |
commit | 7929b53d7916bbe8827744e21a7f055cfafe6baf (patch) | |
tree | 3fc607ab4c303d36fee08f5de59c064262c76b1a | |
parent | b3a689438a3d51901aca756ff2f3cf00eb71d710 (diff) | |
parent | ce4022d4502fa6896db762403213d3267593446d (diff) | |
download | ruby-openssl-7929b53d7916bbe8827744e21a7f055cfafe6baf.tar.gz |
Merge branch 'maint'
* maint:
x509name: fix handling of X509_NAME_{oneline,print_ex}() return value
x509name: refactor OpenSSL::X509::Name#to_s
test/test_x509name: change script encoding to ASCII-8BIT
reduce LibreSSL warnings
openssl_missing.h: constified
openssl: search winsock
search winsock libraries explicitly
no ID cache in Init functions
test/test_ssl: fix test failure with TLS 1.3
tool/ruby-openssl-docker: update to latest versions
pkey: resume key generation after interrupt
-rw-r--r-- | .travis.yml | 12 | ||||
-rw-r--r-- | Dockerfile | 2 | ||||
-rw-r--r-- | ext/openssl/extconf.rb | 7 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.h | 4 | ||||
-rw-r--r-- | ext/openssl/ossl.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_asn1.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_pkcs12.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_pkcs7.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey.c | 29 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey.h | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_x509ext.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_x509name.c | 13 | ||||
-rw-r--r-- | ext/openssl/ossl_x509store.c | 1 | ||||
-rw-r--r-- | test/test_ssl.rb | 58 | ||||
-rw-r--r-- | test/test_ssl_session.rb | 1 | ||||
-rw-r--r-- | test/test_x509name.rb | 9 | ||||
-rw-r--r-- | tool/ruby-openssl-docker/Dockerfile | 44 | ||||
-rwxr-xr-x | tool/ruby-openssl-docker/init.sh | 2 |
19 files changed, 145 insertions, 45 deletions
diff --git a/.travis.yml b/.travis.yml index aec0e443..d00e2bdb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,11 +18,14 @@ matrix: fast_finish: true include: - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.2 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.1 - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.2 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.1.0 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.5 - - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.6 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.0.1 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.0.2 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.1.0 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.1.1 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=libressl-2.5 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=libressl-2.6 + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=libressl-2.7 - language: ruby rvm: ruby-head before_install: @@ -33,3 +36,4 @@ matrix: allow_failures: - language: ruby rvm: ruby-head + - env: RUBY_VERSION=ruby-2.5 OPENSSL_VERSION=openssl-1.1.1 @@ -1 +1 @@ -FROM zzak/ruby-openssl-docker:2.0 +FROM zzak/ruby-openssl-docker:testing diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 4242f044..cefa295a 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -33,6 +33,9 @@ end Logging::message "=== Checking for system dependent stuff... ===\n" have_library("nsl", "t_open") have_library("socket", "socket") +if $mswin || $mingw + have_library("ws2_32") +end Logging::message "=== Checking for required stuff... ===\n" result = pkg_config("openssl") && have_header("openssl/ssl.h") @@ -111,6 +114,10 @@ engines.each { |name| OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h") } +if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER") + $defs.push("-DNOCRYPT") +end + # added in 1.0.2 have_func("EC_curve_nist2nid") have_func("X509_REVOKED_dup") diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index debd25ad..69a7df71 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -149,7 +149,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \ return pkey->pkey._name; } #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \ -static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \ +static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \ if (a1) *a1 = obj->a1; \ if (a2) *a2 = obj->a2; } \ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \ @@ -158,7 +158,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \ BN_clear_free(obj->a2); obj->a2 = a2; \ return 1; } #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \ -static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \ +static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \ if (a1) *a1 = obj->a1; \ if (a2) *a2 = obj->a2; \ if (a3) *a3 = obj->a3; } \ diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 245385e7..38e650e1 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -1099,6 +1099,7 @@ static void Init_ossl_locks(void) void Init_openssl(void) { +#undef rb_intern /* * Init timezone info */ diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 7198ec8e..ab45bd83 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1360,6 +1360,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent) void Init_ossl_asn1(void) { +#undef rb_intern VALUE ary; int i; diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c index ddb7d939..45663344 100644 --- a/ext/openssl/ossl_pkcs12.c +++ b/ext/openssl/ossl_pkcs12.c @@ -232,6 +232,7 @@ ossl_pkcs12_to_der(VALUE self) void Init_ossl_pkcs12(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c index 20301e71..28010c81 100644 --- a/ext/openssl/ossl_pkcs7.c +++ b/ext/openssl/ossl_pkcs7.c @@ -1042,6 +1042,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self) void Init_ossl_pkcs7(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 2b96ece5..e1fffb24 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -20,6 +20,21 @@ static ID id_private_q; /* * callback for generating keys */ +static VALUE +call_check_ints0(VALUE arg) +{ + rb_thread_check_ints(); + return Qnil; +} + +static void * +call_check_ints(void *arg) +{ + int state; + rb_protect(call_check_ints0, Qnil, &state); + return (void *)(VALUE)state; +} + int ossl_generate_cb_2(int p, int n, BN_GENCB *cb) { @@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb) */ rb_protect(rb_yield, ary, &state); if (state) { - arg->stop = 1; arg->state = state; + return 0; + } + } + if (arg->interrupted) { + arg->interrupted = 0; + state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL); + if (state) { + arg->state = state; + return 0; } } - if (arg->stop) return 0; return 1; } @@ -50,7 +72,7 @@ void ossl_generate_cb_stop(void *ptr) { struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr; - arg->stop = 1; + arg->interrupted = 1; } static void @@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) void Init_ossl_pkey(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h index 2b17bf53..a2a9fc0d 100644 --- a/ext/openssl/ossl_pkey.h +++ b/ext/openssl/ossl_pkey.h @@ -37,7 +37,7 @@ extern const rb_data_type_t ossl_evp_pkey_type; struct ossl_generate_cb_arg { int yield; - int stop; + int interrupted; int state; }; int ossl_generate_cb_2(int p, int n, BN_GENCB *cb); diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index fbc71a6f..8bb61124 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -1649,6 +1649,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self) void Init_ossl_ec(void) { +#undef rb_intern #if 0 mPKey = rb_define_module_under(mOSSL, "PKey"); cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject); diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c index 2d9a7a31..30ec09d7 100644 --- a/ext/openssl/ossl_x509ext.c +++ b/ext/openssl/ossl_x509ext.c @@ -437,6 +437,7 @@ ossl_x509ext_to_der(VALUE obj) void Init_ossl_x509ext(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index c900bcbe..5869d633 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -250,14 +250,12 @@ ossl_x509name_to_s_old(VALUE self) { X509_NAME *name; char *buf; - VALUE str; GetX509Name(self, name); buf = X509_NAME_oneline(name, NULL, 0); - str = rb_str_new2(buf); - OPENSSL_free(buf); - - return str; + if (!buf) + ossl_raise(eX509NameError, "X509_NAME_oneline"); + return ossl_buf2str(buf, rb_long2int(strlen(buf))); } static VALUE @@ -265,12 +263,14 @@ x509name_print(VALUE self, unsigned long iflag) { X509_NAME *name; BIO *out; + int ret; GetX509Name(self, name); out = BIO_new(BIO_s_mem()); if (!out) ossl_raise(eX509NameError, NULL); - if (!X509_NAME_print_ex(out, name, 0, iflag)) { + ret = X509_NAME_print_ex(out, name, 0, iflag); + if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) { BIO_free(out); ossl_raise(eX509NameError, "X509_NAME_print_ex"); } @@ -502,6 +502,7 @@ ossl_x509name_to_der(VALUE self) void Init_ossl_x509name(void) { +#undef rb_intern VALUE utf8str, ptrstr, ia5str, hash; #if 0 diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index c6cf67ad..2909eeda 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -771,6 +771,7 @@ ossl_x509stctx_set_time(VALUE self, VALUE time) void Init_ossl_x509store(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 186de27d..b8016677 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -47,6 +47,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal 2, ssl.peer_cert_chain.size assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock&.close @@ -65,6 +67,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal @svr_cert.subject, ssl.peer_cert.subject assert_equal [@svr_cert.subject, @ca_cert.subject], ssl.peer_cert_chain.map(&:subject) + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end @@ -157,6 +161,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_not_predicate sock, :closed? ensure @@ -168,6 +173,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.sync_close = true # !! ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_predicate sock, :closed? ensure @@ -259,7 +265,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase client_ca_from_server = sslconn.client_ca [@cli_cert, @cli_key] end - server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) } + server_connect(port, ctx) { |ssl| + assert_equal([@ca], client_ca_from_server) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } end @@ -356,21 +365,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } start_server { |port| - sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER ctx.verify_callback = Proc.new do |preverify_ok, store_ctx| store_ctx.error = OpenSSL::X509::V_OK true end - ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) - ssl.sync_close = true - begin - ssl.connect + server_connect(port, ctx) { |ssl| assert_equal(OpenSSL::X509::V_OK, ssl.verify_result) - ensure - ssl.close - end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } start_server(ignore_listener_error: true) { |port| @@ -455,6 +459,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")} assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert(ssl.post_connection_check("localhost")) @@ -476,6 +482,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert(ssl.post_connection_check("127.0.0.1")) assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -496,6 +504,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase @svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -726,6 +736,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl.connect assert_equal @cli_cert.serial, ssl.peer_cert.serial assert_predicate fooctx, :frozen? + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -737,6 +749,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl.hostname = "bar.example.com" ssl.connect assert_equal @svr_cert.serial, ssl.peer_cert.serial + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -809,7 +823,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.hostname = name if expected_ok - assert_nothing_raised { ssl.connect } + ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets else assert_handshake_error { ssl.connect } end @@ -883,7 +898,9 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } start_server(ctx_proc: ctx_proc, ignore_listener_error: true) do |port| begin - server_connect(port) { } + server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } rescue OpenSSL::SSL::SSLError, Errno::ECONNRESET else supported << ver @@ -941,6 +958,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase if ver == cver server_connect(port, ctx1) { |ssl| assert_equal vmap[cver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } else assert_handshake_error { server_connect(port, ctx1) { } } @@ -954,6 +972,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase if ver == cver server_connect(port, ctx2) { |ssl| assert_equal vmap[cver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } else assert_handshake_error { server_connect(port, ctx2) { } } @@ -966,6 +985,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx3.min_version = ctx3.max_version = nil server_connect(port, ctx3) { |ssl| assert_equal vmap[ver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -984,6 +1004,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx1.min_version = cver server_connect(port, ctx1) { |ssl| assert_equal vmap[supported.last][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } # Client sets max_version @@ -992,6 +1013,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase if cver >= sver server_connect(port, ctx2) { |ssl| assert_equal vmap[cver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } else assert_handshake_error { server_connect(port, ctx2) { } } @@ -1010,6 +1032,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase if cver <= sver server_connect(port, ctx1) { |ssl| assert_equal vmap[sver][:name], ssl.ssl_version + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } else assert_handshake_error { server_connect(port, ctx1) { } } @@ -1024,6 +1047,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase else assert_equal vmap[cver][:name], ssl.ssl_version end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end } @@ -1090,6 +1114,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase start_server_version(:SSLv23, ctx_proc) { |port| server_connect(port) { |ssl| assert_equal(1, num_handshakes) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -1108,6 +1133,7 @@ if openssl?(1, 0, 2) || libressl? ctx.alpn_protocols = advertised server_connect(port, ctx) { |ssl| assert_equal(advertised.first, ssl.alpn_protocol) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -1230,14 +1256,11 @@ end end def test_close_after_socket_close - server_proc = proc { |ctx, ssl| - # Do nothing - } - start_server(server_proc: server_proc) { |port| + start_server { |port| sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) - ssl.sync_close = true ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets sock.close assert_nothing_raised do ssl.close @@ -1302,6 +1325,7 @@ end ctx.ciphers = "DEFAULT:!kRSA:!kEDH" server_connect(port, ctx) { |ssl| assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end @@ -1444,6 +1468,7 @@ end assert_equal "secp384r1", ssl.tmp_key.group.curve_name end end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } if openssl?(1, 0, 2) || libressl?(2, 5, 1) @@ -1459,6 +1484,7 @@ end server_connect(port, ctx) { |ssl| assert_equal "secp521r1", ssl.tmp_key.group.curve_name + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb index 7b0f9aca..e199f86d 100644 --- a/test/test_ssl_session.rb +++ b/test/test_ssl_session.rb @@ -113,6 +113,7 @@ __EOS__ non_resumable = nil start_server { |port| server_connect_with_session(port, nil, nil) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets non_resumable = ssl.session } } diff --git a/test/test_x509name.rb b/test/test_x509name.rb index 2d92e645..aca2d36f 100644 --- a/test/test_x509name.rb +++ b/test/test_x509name.rb @@ -371,6 +371,12 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase assert_equal "DC = org, DC = ruby-lang, " \ "CN = \"\\E3\\83\\95\\E3\\83\\BC, \\E3\\83\\90\\E3\\83\\BC\"", name.to_s(OpenSSL::X509::Name::ONELINE) + + empty = OpenSSL::X509::Name.new + assert_equal "", empty.to_s + assert_equal "", empty.to_s(OpenSSL::X509::Name::COMPAT) + assert_equal "", empty.to_s(OpenSSL::X509::Name::RFC2253) + assert_equal "", empty.to_s(OpenSSL::X509::Name::ONELINE) end def test_to_utf8 @@ -386,6 +392,9 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase expected = "CN=フー\\, バー,DC=ruby-lang,DC=org".force_encoding("UTF-8") assert_equal expected, str assert_equal Encoding.find("UTF-8"), str.encoding + + empty = OpenSSL::X509::Name.new + assert_equal "", empty.to_utf8 end def test_equals2 diff --git a/tool/ruby-openssl-docker/Dockerfile b/tool/ruby-openssl-docker/Dockerfile index b8ed4bca..4e28493a 100644 --- a/tool/ruby-openssl-docker/Dockerfile +++ b/tool/ruby-openssl-docker/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:16.04 +FROM ubuntu:18.04 RUN apt-get update && apt-get install -y --no-install-recommends \ autoconf \ @@ -29,21 +29,29 @@ RUN curl -s https://www.openssl.org/source/openssl-1.0.1u.tar.gz | tar -C /build shared linux-x86_64 && \ make && make install_sw -RUN curl -s https://www.openssl.org/source/openssl-1.0.2l.tar.gz | tar -C /build/openssl -xzf - && \ - cd /build/openssl/openssl-1.0.2l && \ +RUN curl -s https://www.openssl.org/source/openssl-1.0.2o.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/openssl-1.0.2o && \ ./Configure \ --openssldir=/opt/openssl/openssl-1.0.2 \ shared linux-x86_64 && \ make && make install_sw -RUN curl -s https://www.openssl.org/source/openssl-1.1.0f.tar.gz | tar -C /build/openssl -xzf - && \ - cd /build/openssl/openssl-1.1.0f && \ +RUN curl -s https://www.openssl.org/source/openssl-1.1.0h.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/openssl-1.1.0h && \ ./Configure \ --prefix=/opt/openssl/openssl-1.1.0 \ enable-crypto-mdebug enable-crypto-mdebug-backtrace \ linux-x86_64 && \ make && make install_sw +RUN curl -s https://www.openssl.org/source/openssl-1.1.1-pre8.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/openssl-1.1.1-pre8 && \ + ./Configure \ + --prefix=/opt/openssl/openssl-1.1.1 \ + enable-crypto-mdebug enable-crypto-mdebug-backtrace \ + linux-x86_64 && \ + make && make install_sw + # Supported libressl versions: 2.3- RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.10.tar.gz | tar -C /build/openssl -xzf - && \ cd /build/openssl/libressl-2.3.10 && \ @@ -63,30 +71,44 @@ RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.5.tar.gz | --prefix=/opt/openssl/libressl-2.5 && \ make && make install -RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.1.tar.gz | tar -C /build/openssl -xzf - && \ - cd /build/openssl/libressl-2.6.1 && \ +RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/libressl-2.6.5 && \ ./configure \ --prefix=/opt/openssl/libressl-2.6 && \ make && make install +RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/libressl-2.7.4 && \ + ./configure \ + --prefix=/opt/openssl/libressl-2.7 && \ + make && make install + # Supported Ruby versions: 2.3- RUN mkdir -p /build/ruby -RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.5.tar.gz | tar -C /build/ruby -xzf - && \ - cd /build/ruby/ruby-2.3.5 && \ +RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.7.tar.gz | tar -C /build/ruby -xzf - && \ + cd /build/ruby/ruby-2.3.7 && \ autoconf && ./configure \ --without-openssl \ --prefix=/opt/ruby/ruby-2.3 \ --disable-install-doc && \ make && make install -RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.2.tar.gz | tar -C /build/ruby -xzf - && \ - cd /build/ruby/ruby-2.4.2 && \ +RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.gz | tar -C /build/ruby -xzf - && \ + cd /build/ruby/ruby-2.4.4 && \ autoconf && ./configure \ --without-openssl \ --prefix=/opt/ruby/ruby-2.4 \ --disable-install-doc && \ make && make install +RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.1.tar.gz | tar -C /build/ruby -xzf - && \ + cd /build/ruby/ruby-2.5.1 && \ + autoconf && ./configure \ + --without-openssl \ + --prefix=/opt/ruby/ruby-2.5 \ + --disable-install-doc && \ + make && make install + ONBUILD ADD . /home/openssl/code ONBUILD WORKDIR /home/openssl/code diff --git a/tool/ruby-openssl-docker/init.sh b/tool/ruby-openssl-docker/init.sh index 4d97e28c..a6bc6607 100755 --- a/tool/ruby-openssl-docker/init.sh +++ b/tool/ruby-openssl-docker/init.sh @@ -2,7 +2,7 @@ if [[ "$RUBY_VERSION" = "" ]] then - RUBY_VERSION=ruby-2.4 + RUBY_VERSION=ruby-2.5 fi if [[ "$OPENSSL_VERSION" = "" ]] |