diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2018-08-16 20:04:13 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-09-26 19:18:15 +0900 |
commit | 109ec7a53d57fabc78d3bc54c584b0b1c581d176 (patch) | |
tree | c03f19f1c316447b82181dcf8044b2624b32c97e /test/test_ssl.rb | |
parent | 4266b899773a8320876e5dc0e838b45d34a02383 (diff) | |
download | ruby-openssl-109ec7a53d57fabc78d3bc54c584b0b1c581d176.tar.gz |
test: use larger keys for SSL tests
[ This is a backport to the 2.1 branch. ]
Some systems enforce a system-wide policy to restrict key sizes used in
SSL/TLS. Use larger ones if possible so that the test suite runs
successfully.
New PEM files test/fixtures/pkey/{dh-1,rsa-1,rsa-2,rsa-3}.pem are added
to the tree, and SSL tests now use them instead of the fixed-size keys.
Reference: https://github.com/ruby/openssl/issues/215
(cherry picked from commit 5ba99ad7ae1267ed964f53906530579299f3fcc6)
Diffstat (limited to 'test/test_ssl.rb')
-rw-r--r-- | test/test_ssl.rb | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 1ddc7913..c194e504 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -712,7 +712,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_tlsext_hostname fooctx = OpenSSL::SSL::SSLContext.new - fooctx.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") } + fooctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } fooctx.cert = @cli_cert fooctx.key = @cli_key @@ -764,7 +764,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx2 = OpenSSL::SSL::SSLContext.new ctx2.cert = @svr_cert ctx2.key = @svr_key - ctx2.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") } + ctx2.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } ctx2.servername_cb = lambda { |args| Object.new } sock1, sock2 = socketpair @@ -1184,7 +1184,7 @@ if openssl?(1, 0, 2) || libressl? ctx1 = OpenSSL::SSL::SSLContext.new ctx1.cert = @svr_cert ctx1.key = @svr_key - ctx1.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") } + ctx1.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } ctx1.alpn_select_cb = -> (protocols) { nil } ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) @@ -1426,20 +1426,21 @@ end def test_dh_callback pend "TLS 1.2 is not supported" unless tls12_supported? + dh = Fixtures.pkey("dh-1") called = false ctx_proc = -> ctx { ctx.ssl_version = :TLSv1_2 ctx.ciphers = "DH:!NULL" ctx.tmp_dh_callback = ->(*args) { called = true - Fixtures.pkey_dh("dh1024") + dh } } start_server(ctx_proc: ctx_proc) do |port| server_connect(port) { |ssl| assert called, "dh callback should be called" if ssl.respond_to?(:tmp_key) - assert_equal Fixtures.pkey_dh("dh1024").to_der, ssl.tmp_key.to_der + assert_equal dh.to_der, ssl.tmp_key.to_der end } end |