diff options
author | Zachary Scott <e@zzak.io> | 2015-01-06 16:35:02 -0800 |
---|---|---|
committer | Zachary Scott <e@zzak.io> | 2015-01-06 16:35:02 -0800 |
commit | 8c20f4435f1e09ff797bf6683c47d4a9d1869bca (patch) | |
tree | 44a98a14570834e5ecb89b82ced6f796228fff64 | |
parent | 2953dfd4ad925a669110fed1993d6e83b24e420f (diff) | |
download | ruby-openssl-8c20f4435f1e09ff797bf6683c47d4a9d1869bca.tar.gz |
Sync tests with trunk
-rw-r--r-- | test/test_asn1.rb | 2 | ||||
-rw-r--r-- | test/test_bn.rb | 2 | ||||
-rw-r--r-- | test/test_buffering.rb | 2 | ||||
-rw-r--r-- | test/test_cipher.rb | 2 | ||||
-rw-r--r-- | test/test_config.rb | 4 | ||||
-rw-r--r-- | test/test_digest.rb | 2 | ||||
-rw-r--r-- | test/test_engine.rb | 2 | ||||
-rw-r--r-- | test/test_fips.rb | 2 | ||||
-rw-r--r-- | test/test_hmac.rb | 2 | ||||
-rw-r--r-- | test/test_ns_spki.rb | 2 | ||||
-rw-r--r-- | test/test_ocsp.rb | 2 | ||||
-rw-r--r-- | test/test_pair.rb | 4 | ||||
-rw-r--r-- | test/test_partial_record_read.rb | 6 | ||||
-rw-r--r-- | test/test_pkcs12.rb | 2 | ||||
-rw-r--r-- | test/test_pkcs5.rb | 2 | ||||
-rw-r--r-- | test/test_pkcs7.rb | 2 | ||||
-rw-r--r-- | test/test_pkey_dh.rb | 2 | ||||
-rw-r--r-- | test/test_pkey_dsa.rb | 2 | ||||
-rw-r--r-- | test/test_pkey_ec.rb | 2 | ||||
-rw-r--r-- | test/test_pkey_rsa.rb | 2 | ||||
-rw-r--r-- | test/test_ssl.rb | 70 | ||||
-rw-r--r-- | test/test_ssl_session.rb | 77 | ||||
-rw-r--r-- | test/test_x509cert.rb | 2 | ||||
-rw-r--r-- | test/test_x509crl.rb | 2 | ||||
-rw-r--r-- | test/test_x509ext.rb | 2 | ||||
-rw-r--r-- | test/test_x509name.rb | 2 | ||||
-rw-r--r-- | test/test_x509req.rb | 4 | ||||
-rw-r--r-- | test/test_x509store.rb | 3 | ||||
-rw-r--r-- | test/utils.rb | 139 |
29 files changed, 177 insertions, 172 deletions
diff --git a/test/test_asn1.rb b/test/test_asn1.rb index 3ea2638b..9fb5a551 100644 --- a/test/test_asn1.rb +++ b/test/test_asn1.rb @@ -605,5 +605,5 @@ rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoombwYBRIUChGCYV0GnJcan2Zm assert_equal(:UNIVERSAL, asn1.tag_class) end -end if defined?(OpenSSL) +end if defined?(OpenSSL::TestUtils) diff --git a/test/test_bn.rb b/test/test_bn.rb index 27bbcdfe..667cb296 100644 --- a/test/test_bn.rb +++ b/test/test_bn.rb @@ -1,6 +1,6 @@ require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestBN < Test::Unit::TestCase def test_new_str diff --git a/test/test_buffering.rb b/test/test_buffering.rb index c4894e12..c62dd4d1 100644 --- a/test/test_buffering.rb +++ b/test/test_buffering.rb @@ -84,4 +84,4 @@ class OpenSSL::TestBuffering < Test::Unit::TestCase assert_equal([97, 98, 99], res) end -end if defined?(OpenSSL) +end if defined?(OpenSSL::TestUtils) diff --git a/test/test_cipher.rb b/test/test_cipher.rb index 156fa2a9..30220d16 100644 --- a/test/test_cipher.rb +++ b/test/test_cipher.rb @@ -1,6 +1,6 @@ require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestCipher < Test::Unit::TestCase diff --git a/test/test_config.rb b/test/test_config.rb index 939cae0b..62f9fabc 100644 --- a/test/test_config.rb +++ b/test/test_config.rb @@ -23,7 +23,7 @@ __EOD__ def test_constants assert(defined?(OpenSSL::Config::DEFAULT_CONFIG_FILE)) config_file = OpenSSL::Config::DEFAULT_CONFIG_FILE - pend "DEFAULT_CONFIG_FILE may return a wrong path on your platforms. [Bug #6830]" unless File.readable?(config_file) + skip "DEFAULT_CONFIG_FILE may return a wrong path on your platforms. [Bug #6830]" unless File.readable?(config_file) assert_nothing_raised do OpenSSL::Config.load(config_file) end @@ -294,4 +294,4 @@ __EOC__ @it['newsection'] = {'a' => 'b'} assert_not_equal(@it.sections.sort, c.sections.sort) end -end if defined?(OpenSSL) +end if defined?(OpenSSL::TestUtils) diff --git a/test/test_digest.rb b/test/test_digest.rb index c2a3f705..a23b2ef0 100644 --- a/test/test_digest.rb +++ b/test/test_digest.rb @@ -1,6 +1,6 @@ require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestDigest < Test::Unit::TestCase def setup diff --git a/test/test_engine.rb b/test/test_engine.rb index 46a2948c..a7264d0e 100644 --- a/test/test_engine.rb +++ b/test/test_engine.rb @@ -71,5 +71,5 @@ class OpenSSL::TestEngine < Test::Unit::TestCase cipher.update(data) + cipher.final end -end if defined?(OpenSSL) +end if defined?(OpenSSL::TestUtils) diff --git a/test/test_fips.rb b/test/test_fips.rb index 882647f7..6e4ac6d3 100644 --- a/test/test_fips.rb +++ b/test/test_fips.rb @@ -1,6 +1,6 @@ require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestFIPS < Test::Unit::TestCase diff --git a/test/test_hmac.rb b/test/test_hmac.rb index f1e45365..f709ebd6 100644 --- a/test/test_hmac.rb +++ b/test/test_hmac.rb @@ -38,4 +38,4 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase result = hmac.update(data).hexdigest assert_equal "a13984b929a07912e4e21c5720876a8e150d6f67f854437206e7f86547248396", result end -end if defined?(OpenSSL) +end if defined?(OpenSSL::TestUtils) diff --git a/test/test_ns_spki.rb b/test/test_ns_spki.rb index 7cddefad..ab07bfbe 100644 --- a/test/test_ns_spki.rb +++ b/test/test_ns_spki.rb @@ -1,6 +1,6 @@ require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestNSSPI < Test::Unit::TestCase def setup diff --git a/test/test_ocsp.rb b/test/test_ocsp.rb index b42b57d4..af727d8e 100644 --- a/test/test_ocsp.rb +++ b/test/test_ocsp.rb @@ -1,6 +1,6 @@ require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestOCSP < Test::Unit::TestCase def setup diff --git a/test/test_pair.rb b/test/test_pair.rb index 9154408a..3aca5f48 100644 --- a/test/test_pair.rb +++ b/test/test_pair.rb @@ -1,9 +1,9 @@ require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) require 'socket' -require_relative 'ut_eof' +require_relative '../ruby/ut_eof' module OpenSSL::SSLPairM def server diff --git a/test/test_partial_record_read.rb b/test/test_partial_record_read.rb index f3d83c69..1899a300 100644 --- a/test/test_partial_record_read.rb +++ b/test/test_partial_record_read.rb @@ -1,12 +1,10 @@ require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestPartialRecordRead < OpenSSL::SSLTestCase def test_partial_tls_record_read_nonblock - port = 12345 - - start_server(port, OpenSSL::SSL::VERIFY_NONE, true, :server_proc => + start_server(OpenSSL::SSL::VERIFY_NONE, true, :server_proc => Proc.new do |server_ctx, server_ssl| begin server_ssl.io.write("\x01") # the beginning of a TLS record diff --git a/test/test_pkcs12.rb b/test/test_pkcs12.rb index 25ff6063..4e379041 100644 --- a/test/test_pkcs12.rb +++ b/test/test_pkcs12.rb @@ -1,6 +1,6 @@ require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) module OpenSSL class TestPKCS12 < Test::Unit::TestCase diff --git a/test/test_pkcs5.rb b/test/test_pkcs5.rb index 30fa3e5b..5e85dde9 100644 --- a/test/test_pkcs5.rb +++ b/test/test_pkcs5.rb @@ -94,4 +94,4 @@ class OpenSSL::TestPKCS5 < Test::Unit::TestCase assert_equal(value1, value2) end if OpenSSL::PKCS5.respond_to?(:pbkdf2_hmac) -end if defined?(OpenSSL) +end if defined?(OpenSSL::TestUtils) diff --git a/test/test_pkcs7.rb b/test/test_pkcs7.rb index a1ff0485..47bd4f31 100644 --- a/test/test_pkcs7.rb +++ b/test/test_pkcs7.rb @@ -1,6 +1,6 @@ require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestPKCS7 < Test::Unit::TestCase def setup diff --git a/test/test_pkey_dh.rb b/test/test_pkey_dh.rb index 160a131c..67dd3e7d 100644 --- a/test/test_pkey_dh.rb +++ b/test/test_pkey_dh.rb @@ -1,6 +1,6 @@ require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestPKeyDH < Test::Unit::TestCase diff --git a/test/test_pkey_dsa.rb b/test/test_pkey_dsa.rb index 555637e7..e4ea1b5b 100644 --- a/test/test_pkey_dsa.rb +++ b/test/test_pkey_dsa.rb @@ -1,7 +1,7 @@ require_relative 'utils' require 'base64' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestPKeyDSA < Test::Unit::TestCase def test_private diff --git a/test/test_pkey_ec.rb b/test/test_pkey_ec.rb index 5ceea4c8..1693ace0 100644 --- a/test/test_pkey_ec.rb +++ b/test/test_pkey_ec.rb @@ -1,6 +1,6 @@ require_relative 'utils' -if defined?(OpenSSL::PKey::EC) +if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::PKey::EC) class OpenSSL::TestEC < Test::Unit::TestCase def setup diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb index df0c6090..ea042c27 100644 --- a/test/test_pkey_rsa.rb +++ b/test/test_pkey_rsa.rb @@ -1,7 +1,7 @@ require_relative 'utils' require 'base64' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestPKeyRSA < Test::Unit::TestCase def test_padding diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 778dd8bc..3eddb0a8 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -1,6 +1,6 @@ require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestSSL < OpenSSL::SSLTestCase @@ -19,15 +19,22 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx.options & OpenSSL::SSL::OP_NO_COMPRESSION) end if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) + def test_ctx_setup_with_extra_chain_cert + ctx = OpenSSL::SSL::SSLContext.new + ctx.extra_chain_cert = [@ca_cert, @cli_cert] + assert_equal(ctx.setup, true) + assert_equal(ctx.setup, nil) + end + def test_not_started_session - pend "non socket argument of SSLSocket.new is not supported on this platform" if /mswin|mingw/ =~ RUBY_PLATFORM + skip "non socket argument of SSLSocket.new is not supported on this platform" if /mswin|mingw/ =~ RUBY_PLATFORM open(__FILE__) do |f| assert_nil OpenSSL::SSL::SSLSocket.new(f).cert end end def test_ssl_gets - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) { |server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true) { |server, port| server_connect(port) { |ssl| ssl.write "abc\n" IO.select [ssl] @@ -41,7 +48,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_ssl_read_nonblock - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) { |server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true) { |server, port| server_connect(port) { |ssl| assert_raise(IO::WaitReadable) { ssl.read_nonblock(100) } ssl.write("abc\n") @@ -54,7 +61,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_connect_and_close - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true){|server, port| sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) assert(ssl.connect) @@ -72,7 +79,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_read_and_write - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true){|server, port| server_connect(port) { |ssl| # syswrite and sysread ITERATIONS.times{|i| @@ -119,9 +126,9 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end - def test_client_auth + def test_client_auth_failure vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT - start_server(PORT, vflag, true){|server, port| + start_server(vflag, true, :ignore_listener_error => true){|server, port| assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET){ sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) @@ -132,7 +139,12 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ssl.close end } + } + end + def test_client_auth_success + vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT + start_server(vflag, true){|server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.key = @cli_key ctx.cert = @cli_cert @@ -163,7 +175,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT - start_server(PORT, vflag, true, :ctx_proc => ctx_proc){|server, port| + start_server(vflag, true, :ctx_proc => ctx_proc){|server, port| ctx = OpenSSL::SSL::SSLContext.new client_ca_from_server = nil ctx.client_cert_cb = Proc.new do |sslconn| @@ -176,7 +188,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_read_nonblock_without_session OpenSSL::TestUtils.silent do - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, false){|server, port| sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.sync_close = true @@ -194,7 +206,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_starttls OpenSSL::TestUtils.silent do - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, false){|server, port| sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.sync_close = true @@ -218,7 +230,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_parallel GC.start - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true){|server, port| ssls = [] 10.times{ sock = TCPSocket.new("127.0.0.1", port) @@ -239,7 +251,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_verify_result - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ignore_listener_error => true){|server, port| sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.set_params @@ -253,7 +265,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end } - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true){|server, port| sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.set_params( @@ -272,7 +284,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end } - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ignore_listener_error => true){|server, port| sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.set_params( @@ -293,7 +305,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_exception_in_verify_callback_is_ignored - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ignore_listener_error => true){|server, port| sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.set_params( @@ -317,7 +329,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_sslctx_set_params - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ignore_listener_error => true){|server, port| sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.set_params @@ -342,7 +354,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_post_connection_check sslerr = OpenSSL::SSL::SSLError - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true){|server, port| server_connect(port) { |ssl| assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")} assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} @@ -365,7 +377,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ] @svr_cert = issue_cert(@svr, @svr_key, 4, now, now+1800, exts, @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new) - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true){|server, port| server_connect(port) { |ssl| assert(ssl.post_connection_check("localhost.localdomain")) assert(ssl.post_connection_check("127.0.0.1")) @@ -387,7 +399,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ] @svr_cert = issue_cert(@svr, @svr_key, 5, now, now+1800, exts, @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new) - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true){|server, port| server_connect(port) { |ssl| assert(ssl.post_connection_check("localhost.localdomain")) assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} @@ -453,7 +465,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase readwrite_loop(ctx, ssl) end - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port| 2.times do |i| ctx = OpenSSL::SSL::SSLContext.new if defined?(OpenSSL::SSL::OP_NO_TICKET) @@ -486,7 +498,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal(num_written, raw_size) ssl.close } - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :server_proc => server_proc){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :server_proc => server_proc){|server, port| server_connect(port) { |ssl| str = auml * i num_written = ssl.write(str) @@ -502,7 +514,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase # But it also degrades gracefully, so keep it ctx.options = OpenSSL::SSL::OP_ALL } - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc){|server, port| server_connect(port) { |ssl| ssl.puts('hello') assert_equal("hello\n", ssl.gets) @@ -688,7 +700,7 @@ end def test_invalid_shutdown_by_gc assert_nothing_raised { - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true){|server, port| 10.times { sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) @@ -701,7 +713,7 @@ end end def test_close_after_socket_close - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true){|server, port| sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.sync_close = true @@ -730,11 +742,11 @@ end ctx_proc.call(ctx) if ctx_proc } start_server( - PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_wrap, :server_proc => server_proc, + :ignore_listener_error => true, &blk ) end @@ -746,7 +758,11 @@ end ssl.connect yield ssl ensure - ssl.close + if ssl + ssl.close + elsif sock + sock.close + end end end diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb index 3e89633f..16432bcb 100644 --- a/test/test_ssl_session.rb +++ b/test/test_ssl_session.rb @@ -1,6 +1,6 @@ require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestSSLSession < OpenSSL::SSLTestCase def test_session_equals @@ -26,23 +26,26 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM= -----END SSL SESSION PARAMETERS----- SESSION - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) { |_, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ignore_listener_error => true) { |_, port| ctx = OpenSSL::SSL::SSLContext.new ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT ctx.session_id_context = self.object_id.to_s sock = TCPSocket.new '127.0.0.1', port - ssl = OpenSSL::SSL::SSLSocket.new sock, ctx - ssl.session = session + begin + ssl = OpenSSL::SSL::SSLSocket.new sock, ctx + ssl.session = session - assert_equal session, ssl.session - sock.close + assert_equal session, ssl.session + ensure + sock.close + end } end def test_session timeout(5) do - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true) do |server, port| sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new("TLSv1") ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) @@ -153,7 +156,7 @@ __EOS__ def test_client_session last_session = nil - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true) do |server, port| 2.times do sock = TCPSocket.new("127.0.0.1", port) # Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?), @@ -239,7 +242,7 @@ __EOS__ end first_session = nil - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port| 10.times do |i| sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new @@ -275,7 +278,7 @@ __EOS__ def test_ctx_client_session_cb called = {} - ctx = OpenSSL::SSL::SSLContext.new("SSLv3") + ctx = OpenSSL::SSL::SSLContext.new ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT ctx.session_new_cb = lambda { |ary| @@ -289,18 +292,22 @@ __EOS__ # any resulting value is OK (ignored) } - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true) do |server, port| sock = TCPSocket.new("127.0.0.1", port) - ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) - ssl.sync_close = true - ssl.connect - assert_equal(1, ctx.session_cache_stats[:cache_num]) - assert_equal(1, ctx.session_cache_stats[:connect_good]) - assert_equal([ssl, ssl.session], called[:new]) - assert(ctx.session_remove(ssl.session)) - assert(!ctx.session_remove(ssl.session)) - assert_equal([ctx, ssl.session], called[:remove]) - ssl.close + begin + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.sync_close = true + ssl.connect + assert_equal(1, ctx.session_cache_stats[:cache_num]) + assert_equal(1, ctx.session_cache_stats[:connect_good]) + assert_equal([ssl, ssl.session], called[:new]) + assert(ctx.session_remove(ssl.session)) + assert(!ctx.session_remove(ssl.session)) + assert_equal([ctx, ssl.session], called[:remove]) + ssl.close + ensure + sock.close if !sock.closed? + end end end @@ -343,21 +350,25 @@ __EOS__ c.session_cache_stats readwrite_loop(c, ssl) } - start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port| + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port| last_client_session = nil 3.times do sock = TCPSocket.new("127.0.0.1", port) - ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new("SSLv3")) - ssl.sync_close = true - ssl.session = last_client_session if last_client_session - ssl.connect - last_client_session = ssl.session - ssl.close - timeout(5) do - Thread.pass until called.key?(:new) - assert(called.delete(:new)) - Thread.pass until called.key?(:remove) - assert(called.delete(:remove)) + begin + ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new("SSLv3")) + ssl.sync_close = true + ssl.session = last_client_session if last_client_session + ssl.connect + last_client_session = ssl.session + ssl.close + timeout(5) do + Thread.pass until called.key?(:new) + assert(called.delete(:new)) + Thread.pass until called.key?(:remove) + assert(called.delete(:remove)) + end + ensure + sock.close if !sock.closed? end end end diff --git a/test/test_x509cert.rb b/test/test_x509cert.rb index f13d6456..783677a4 100644 --- a/test/test_x509cert.rb +++ b/test/test_x509cert.rb @@ -1,6 +1,6 @@ require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Certificate < Test::Unit::TestCase def setup diff --git a/test/test_x509crl.rb b/test/test_x509crl.rb index d5024751..9dc1b1cd 100644 --- a/test/test_x509crl.rb +++ b/test/test_x509crl.rb @@ -1,6 +1,6 @@ require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509CRL < Test::Unit::TestCase def setup diff --git a/test/test_x509ext.rb b/test/test_x509ext.rb index 89b45c72..29e9f1dc 100644 --- a/test/test_x509ext.rb +++ b/test/test_x509ext.rb @@ -1,6 +1,6 @@ require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Extension < Test::Unit::TestCase def setup diff --git a/test/test_x509name.rb b/test/test_x509name.rb index de35fc30..a92af534 100644 --- a/test/test_x509name.rb +++ b/test/test_x509name.rb @@ -1,7 +1,7 @@ # coding: US-ASCII require_relative 'utils' -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Name < Test::Unit::TestCase OpenSSL::ASN1::ObjectId.register( diff --git a/test/test_x509req.rb b/test/test_x509req.rb index 458f3079..27040cb7 100644 --- a/test/test_x509req.rb +++ b/test/test_x509req.rb @@ -1,6 +1,6 @@ require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Request < Test::Unit::TestCase def setup @@ -138,7 +138,7 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase req.version = 1 assert_equal(false, req.verify(@rsa1024)) rescue OpenSSL::X509::RequestError - pend + skip end def test_sign_and_verify_dsa_md5 diff --git a/test/test_x509store.rb b/test/test_x509store.rb index 1e46ba19..f3e144fc 100644 --- a/test/test_x509store.rb +++ b/test/test_x509store.rb @@ -1,7 +1,6 @@ -require_relative "envutil" require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Store < Test::Unit::TestCase def setup diff --git a/test/utils.rb b/test/utils.rb index 607daea8..1da3bcf9 100644 --- a/test/utils.rb +++ b/test/utils.rb @@ -12,7 +12,6 @@ require "digest/md5" require 'tempfile' require "rbconfig" require "socket" -require_relative 'envutil' module OpenSSL::TestUtils TEST_KEY_RSA1024 = OpenSSL::PKey::RSA.new <<-_end_of_pem_ @@ -190,8 +189,6 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC class OpenSSL::SSLTestCase < Test::Unit::TestCase RUBY = EnvUtil.rubybin - SSL_SERVER = File.join(File.dirname(__FILE__), "ssl_server.rb") - PORT = 20443 ITERATIONS = ($0 == __FILE__) ? 100 : 10 def setup @@ -240,88 +237,85 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC ssl.close rescue nil end - def server_loop(ctx, ssls, server_proc, threads) + def server_loop(ctx, ssls, stop_pipe_r, ignore_listener_error, server_proc, threads) loop do ssl = nil begin + readable, = IO.select([ssls, stop_pipe_r]) + if readable.include? stop_pipe_r + return + end ssl = ssls.accept rescue OpenSSL::SSL::SSLError - retry + if ignore_listener_error + retry + else + raise + end end th = Thread.start do - Thread.current.abort_on_exception = true server_proc.call(ctx, ssl) end threads << th end rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET - end - - def start_server(port0, verify_mode, start_immediately, args = {}, &block) - ctx_proc = args[:ctx_proc] - server_proc = args[:server_proc] - server_proc ||= method(:readwrite_loop) - threads = [] - - store = OpenSSL::X509::Store.new - store.add_cert(@ca_cert) - store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT - ctx = OpenSSL::SSL::SSLContext.new - ctx.cert_store = store - #ctx.extra_chain_cert = [ ca_cert ] - ctx.cert = @svr_cert - ctx.key = @svr_key - ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } - ctx.verify_mode = verify_mode - ctx_proc.call(ctx) if ctx_proc - - Socket.do_not_reverse_lookup = true - tcps = nil - port = port0 - begin - tcps = TCPServer.new("127.0.0.1", port) - rescue Errno::EADDRINUSE - port += 1 - retry + if !ignore_listener_error + raise end + end - ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) - ssls.start_immediately = start_immediately - - begin - server = Thread.new do - Thread.current.abort_on_exception = true - server_loop(ctx, ssls, server_proc, threads) - end + def start_server(verify_mode, start_immediately, args = {}, &block) + IO.pipe {|stop_pipe_r, stop_pipe_w| + ctx_proc = args[:ctx_proc] + server_proc = args[:server_proc] + ignore_listener_error = args.fetch(:ignore_listener_error, false) + server_proc ||= method(:readwrite_loop) + + store = OpenSSL::X509::Store.new + store.add_cert(@ca_cert) + store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT + ctx = OpenSSL::SSL::SSLContext.new + ctx.cert_store = store + #ctx.extra_chain_cert = [ ca_cert ] + ctx.cert = @svr_cert + ctx.key = @svr_key + ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } + ctx.verify_mode = verify_mode + ctx_proc.call(ctx) if ctx_proc + + Socket.do_not_reverse_lookup = true + tcps = nil + tcps = TCPServer.new("127.0.0.1", 0) + port = tcps.connect_address.ip_port + + ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) + ssls.start_immediately = start_immediately + + threads = [] + begin + server = Thread.new do + begin + server_loop(ctx, ssls, stop_pipe_r, ignore_listener_error, server_proc, threads) + ensure + tcps.close + end + end + threads.unshift server - $stderr.printf("%s started: pid=%d port=%d\n", SSL_SERVER, $$, port) if $DEBUG + $stderr.printf("SSL server started: pid=%d port=%d\n", $$, port) if $DEBUG - block.call(server, port.to_i) - ensure - begin - begin - tcps.shutdown - rescue Errno::ENOTCONN - # when `Errno::ENOTCONN: Socket is not connected' on some platforms, - # call #close instead of #shutdown. - tcps.close - tcps = nil - end if (tcps) - if (server) - server.join(5) - if server.alive? - server.join - flunk("TCPServer was closed and SSLServer is still alive") unless $! + client = Thread.new do + begin + block.call(server, port.to_i) + ensure + stop_pipe_w.close end end + threads.unshift client ensure - tcps.close if (tcps) + assert_join_threads(threads) end - end - ensure - threads.each {|th| - th.join } end @@ -333,18 +327,5 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC end end -end if defined?(OpenSSL) - -module Test - module Unit - class TestCase - def message msg = nil, ending = ".", &default - proc { - msg = msg.call.chomp(".") if Proc === msg - custom_message = "#{msg}.\n" unless msg.nil? or msg.to_s.empty? - "#{custom_message}#{default.call}#{ending}" - } - end - end - end -end +end if defined?(OpenSSL::OPENSSL_LIBRARY_VERSION) and + /\AOpenSSL +0\./ !~ OpenSSL::OPENSSL_LIBRARY_VERSION |