diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2021-09-27 15:32:39 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-10-19 00:42:47 +0900 |
commit | a175a415291641fe5f0b96b7777bdd326ca1f12a (patch) | |
tree | b4444e65420825fddb3f4854ad96c18b8cb1cf7a | |
parent | 7b66eaa2dbabb6570dbbbdfac24c4dcdcc6793d7 (diff) | |
download | ruby-openssl-a175a415291641fe5f0b96b7777bdd326ca1f12a.tar.gz |
test/openssl/test_ssl: assume TLS 1.2 support
Current versions of OpenSSL and LibreSSL all support TLS 1.2, so there
is no need for checking the availability.
-rw-r--r-- | test/openssl/test_ssl.rb | 66 | ||||
-rw-r--r-- | test/openssl/test_ssl_session.rb | 8 | ||||
-rw-r--r-- | test/openssl/utils.rb | 7 |
3 files changed, 26 insertions, 55 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 2a52f272..e8174532 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -125,7 +125,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_add_certificate_multiple_certs pend "EC is not supported" unless defined?(OpenSSL::PKey::EC) - pend "TLS 1.2 is not supported" unless tls12_supported? ca2_key = Fixtures.pkey("rsa-3") ca2_exts = [ @@ -554,8 +553,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_post_connect_check_with_anon_ciphers - pend "TLS 1.2 is not supported" unless tls12_supported? - ctx_proc = -> ctx { ctx.ssl_version = :TLSv1_2 ctx.ciphers = "aNULL" @@ -1355,7 +1352,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_npn_protocol_selection_ary - pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) @@ -1376,7 +1372,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_npn_protocol_selection_enum - pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) @@ -1401,7 +1396,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_npn_protocol_selection_cancel - pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) @@ -1415,7 +1409,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_npn_advertised_protocol_too_long - pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) @@ -1429,7 +1422,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_npn_selected_protocol_too_long - pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) @@ -1470,40 +1462,36 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_get_ephemeral_key - if tls12_supported? - # kRSA - ctx_proc1 = proc { |ctx| - ctx.ssl_version = :TLSv1_2 - ctx.ciphers = "kRSA" - } - start_server(ctx_proc: ctx_proc1, ignore_listener_error: true) do |port| - ctx = OpenSSL::SSL::SSLContext.new - ctx.ssl_version = :TLSv1_2 - ctx.ciphers = "kRSA" - begin - server_connect(port, ctx) { |ssl| assert_nil ssl.tmp_key } - rescue OpenSSL::SSL::SSLError - # kRSA seems disabled - raise unless $!.message =~ /no cipher/ - end + # kRSA + ctx_proc1 = proc { |ctx| + ctx.ssl_version = :TLSv1_2 + ctx.ciphers = "kRSA" + } + start_server(ctx_proc: ctx_proc1, ignore_listener_error: true) do |port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.ssl_version = :TLSv1_2 + ctx.ciphers = "kRSA" + begin + server_connect(port, ctx) { |ssl| assert_nil ssl.tmp_key } + rescue OpenSSL::SSL::SSLError + # kRSA seems disabled + raise unless $!.message =~ /no cipher/ end end - if defined?(OpenSSL::PKey::DH) && tls12_supported? - # DHE - # TODO: How to test this with TLS 1.3? - ctx_proc2 = proc { |ctx| - ctx.ssl_version = :TLSv1_2 - ctx.ciphers = "EDH" + # DHE + # TODO: How to test this with TLS 1.3? + ctx_proc2 = proc { |ctx| + ctx.ssl_version = :TLSv1_2 + ctx.ciphers = "EDH" + } + start_server(ctx_proc: ctx_proc2) do |port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.ssl_version = :TLSv1_2 + ctx.ciphers = "EDH" + server_connect(port, ctx) { |ssl| + assert_instance_of OpenSSL::PKey::DH, ssl.tmp_key } - start_server(ctx_proc: ctx_proc2) do |port| - ctx = OpenSSL::SSL::SSLContext.new - ctx.ssl_version = :TLSv1_2 - ctx.ciphers = "EDH" - server_connect(port, ctx) { |ssl| - assert_instance_of OpenSSL::PKey::DH, ssl.tmp_key - } - end end if defined?(OpenSSL::PKey::EC) @@ -1633,8 +1621,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_ecdh_curves_tls12 - pend "EC is disabled" unless defined?(OpenSSL::PKey::EC) - ctx_proc = -> ctx { # Enable both ECDHE (~ TLS 1.2) cipher suites and TLS 1.3 ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index a98efdae..b72b10d3 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -5,8 +5,6 @@ if defined?(OpenSSL) class OpenSSL::TestSSLSession < OpenSSL::SSLTestCase def test_session - pend "TLS 1.2 is not supported" unless tls12_supported? - ctx_proc = proc { |ctx| ctx.ssl_version = :TLSv1_2 } start_server(ctx_proc: ctx_proc) do |port| server_connect_with_session(port, nil, nil) { |ssl| @@ -144,8 +142,6 @@ __EOS__ end def test_server_session_cache - pend "TLS 1.2 is not supported" unless tls12_supported? - ctx_proc = Proc.new do |ctx| ctx.ssl_version = :TLSv1_2 ctx.options |= OpenSSL::SSL::OP_NO_TICKET @@ -224,8 +220,6 @@ __EOS__ TEST_SESSION_REMOVE_CB = ENV["OSSL_TEST_ALL"] == "1" def test_ctx_client_session_cb - pend "TLS 1.2 is not supported" unless tls12_supported? - ctx_proc = proc { |ctx| ctx.ssl_version = :TLSv1_2 } start_server(ctx_proc: ctx_proc) do |port| called = {} @@ -257,8 +251,6 @@ __EOS__ end def test_ctx_server_session_cb - pend "TLS 1.2 is not supported" unless tls12_supported? - connections = nil called = {} cctx = OpenSSL::SSL::SSLContext.new diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index ba2338ec..efa831af 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -189,13 +189,6 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase @server = nil end - def tls12_supported? - ctx = OpenSSL::SSL::SSLContext.new - ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION - true - rescue - end - def tls13_supported? return false unless defined?(OpenSSL::SSL::TLS1_3_VERSION) ctx = OpenSSL::SSL::SSLContext.new |