Merge branch 'maint'

* maint: Ruby/OpenSSL 2.0.5 ssl: fix compile error with OpenSSL 1.0.0 ssl: remove unsupported TLS versions from SSLContext::METHODS Add msys2 library dependency tag in gem metadata ossl_pem_passwd_cb: handle nil from the block explicitly ossl_pem_passwd_cb: do not check for taintedness ossl_pem_passwd_cb: relax passphrase length constraint appveyor.yml: test against Ruby 2.4 Rakefile: install_dependencies: install only when needed bio: do not use the FILE BIO method in ossl_obj2bio() bio: prevent possible GC issue in ossl_obj2bio() test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
author: Kazuki Yamaguchi <k@rhe.jp> 2017-08-08 18:37:31 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2017-08-08 18:39:38 +0900
commit: 3ed3fc5dde962615fcf42d0cfa4feba6cb8af9d5 (patch)
tree: f40255ea6be7f6c060f4de1a4c2d999ab716453c /test
parent: d4ded26d4507b36c7364f68635c0c00f37f740ba (diff)
parent: df37b7a22eb0c70ddba4722630662b4c1e73b009 (diff)
download: ruby-openssl-3ed3fc5dde962615fcf42d0cfa4feba6cb8af9d5.tar.gz
4 files changed, 25 insertions, 7 deletions
diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb
index a4ade134..fed5aa9d 100644
--- a/test/test_pkey_rsa.rb
+++ b/test/test_pkey_rsa.rb
@@ -243,6 +243,17 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
     assert_equal pem, dup_public(rsa1024).export
   end
 
+  def test_pem_passwd
+    key = Fixtures.pkey("rsa1024")
+    pem3c = key.to_pem("aes-128-cbc", "key")
+    assert_match (/ENCRYPTED/), pem3c
+    assert_equal key.to_der, OpenSSL::PKey.read(pem3c, "key").to_der
+    assert_equal key.to_der, OpenSSL::PKey.read(pem3c) { "key" }.to_der
+    assert_raise(OpenSSL::PKey::PKeyError) {
+      OpenSSL::PKey.read(pem3c) { nil }
+    }
+  end
+
   def test_dup
     key = OpenSSL::PKey::RSA.generate(256, 17)
     key2 = key.dup
diff --git a/test/test_ssl.rb b/test/test_ssl.rb
index 9a28b5dd..a519c6af 100644
--- a/test/test_ssl.rb
+++ b/test/test_ssl.rb
@@ -348,7 +348,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     assert_equal OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode
     ciphers_names = ctx.ciphers.collect{|v, _, _, _| v }
     assert ciphers_names.all?{|v| /A(EC)?DH/ !~ v }, "anon ciphers are disabled"
-    assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES)/ !~ v }, "weak ciphers are disabled"
+    assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES(?!-EDE|-CBC3))/ !~ v }, "weak ciphers are disabled"
     assert_equal 0, ctx.options & OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
     assert_equal OpenSSL::SSL::OP_NO_COMPRESSION,
                  ctx.options & OpenSSL::SSL::OP_NO_COMPRESSION
@@ -830,7 +830,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) && OpenSSL::SSL::SSLContex
 
 end
 
-if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
+if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1)
 
   def test_tls_v1_1
     start_server_version(:TLSv1_1) { |server, port|
@@ -857,7 +857,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
 
 end
 
-if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
+if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1)
 
   def test_tls_v1_2
     start_server_version(:TLSv1_2) { |server, port|
diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb
index 2f633b03..f89732ab 100644
--- a/test/test_ssl_session.rb
+++ b/test/test_ssl_session.rb
@@ -46,7 +46,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM=
     Timeout.timeout(5) do
       start_server do |server, port|
         sock = TCPSocket.new("127.0.0.1", port)
-        ctx = OpenSSL::SSL::SSLContext.new("TLSv1")
+        ctx = OpenSSL::SSL::SSLContext.new
         ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
         ssl.sync_close = true
         ssl.connect
@@ -155,9 +155,7 @@ __EOS__
     start_server do |server, port|
       2.times do
         sock = TCPSocket.new("127.0.0.1", port)
-        # Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?),
-        # when use default SSLContext. [ruby-dev:36167]
-        ctx = OpenSSL::SSL::SSLContext.new("TLSv1")
+        ctx = OpenSSL::SSL::SSLContext.new
         ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
         ssl.sync_close = true
         ssl.session = last_session if last_session
diff --git a/test/test_x509cert.rb b/test/test_x509cert.rb
index 7f8426f7..5a992119 100644
--- a/test/test_x509cert.rb
+++ b/test/test_x509cert.rb
@@ -158,6 +158,15 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
     assert_equal(true, cert.check_private_key(@rsa2048))
   end
 
+  def test_read_from_file
+    cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
+    Tempfile.create("cert") { |f|
+      f << cert.to_pem
+      f.rewind
+      assert_equal cert.to_der, OpenSSL::X509::Certificate.new(f).to_der
+    }
+  end
+
   private
 
   def certificate_error_returns_false
author	Kazuki Yamaguchi <k@rhe.jp>	2017-08-08 18:37:31 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2017-08-08 18:39:38 +0900
commit	3ed3fc5dde962615fcf42d0cfa4feba6cb8af9d5 (patch)
tree	f40255ea6be7f6c060f4de1a4c2d999ab716453c /test
parent	d4ded26d4507b36c7364f68635c0c00f37f740ba (diff)
parent	df37b7a22eb0c70ddba4722630662b4c1e73b009 (diff)
download	ruby-openssl-3ed3fc5dde962615fcf42d0cfa4feba6cb8af9d5.tar.gz