diff options
author | nobu <nobu@ruby-lang.org> | 2016-04-04 15:06:46 +0000 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-31 11:31:27 +0900 |
commit | bd6a4954382b7b742575d5688bd9b93a597bcc24 (patch) | |
tree | 77518e1befc98e83809b62656c556cedba8e84e0 /test/test_ssl.rb | |
parent | b0996b86f60389184a9c9f10040ceb820f2b9401 (diff) | |
download | ruby-openssl-bd6a4954382b7b742575d5688bd9b93a597bcc24.tar.gz |
openssl: Access to ephemeral TLS session key
* ext/openssl/ossl_ssl.c (ossl_ssl_tmp_key): Access to ephemeral
TLS session key in case of forward secrecy cipher. Only
available since OpenSSL 1.0.2. [Fix GH-1318]
* ext/openssl/extconf.rb: Check for SSL_get_server_tmp_key.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/test_ssl.rb')
-rw-r--r-- | test/test_ssl.rb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 7132dcc1..db7ce33e 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -1169,6 +1169,29 @@ end } end + def test_get_ephemeral_key + return unless OpenSSL::SSL::SSLSocket.method_defined?(:tmp_key) + ciphers = { + 'ECDHE-RSA-AES128-SHA' => OpenSSL::PKey::EC, + 'DHE-RSA-AES128-SHA' => OpenSSL::PKey::DH, + 'AES128-SHA' => nil + } + conf_proc = Proc.new { |ctx| ctx.ciphers = 'ALL' } + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => conf_proc) do |server, port| + ciphers.each do |cipher, ephemeral| + ctx = OpenSSL::SSL::SSLContext.new + ctx.ciphers = cipher + server_connect(port, ctx) do |ssl| + if ephemeral + assert_equal(ephemeral, ssl.tmp_key.class) + else + assert_nil(ssl.tmp_key) + end + end + end + end + end + private def start_server_version(version, ctx_proc=nil, server_proc=nil, &blk) |