diff options
| author | twkmd12 <95775763+twkmd12@users.noreply.github.com> | 2022-02-01 04:12:23 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-01 18:12:23 +0900 |
| commit | 12250c7cef8e93863f0c248bdef37bb76ee454a0 (patch) | |
| tree | a9bfacb7f27043c0738915c8fa8885e69889e0a8 /test | |
| parent | ee64d93cb20e7fca80eddbf711c56ae2fac9a825 (diff) | |
| download | ruby-openssl-12250c7cef8e93863f0c248bdef37bb76ee454a0.tar.gz | |
Add 'ciphersuites=' method to allow setting of TLSv1.3 cipher suites along with some unit tests (#493)
Add OpenSSL::SSL::SSLContext#ciphersuites= method along with unit tests.
Diffstat (limited to 'test')
| -rw-r--r-- | test/openssl/test_ssl.rb | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 39964bf4..b3d7cba6 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -1569,6 +1569,95 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end end + def test_ciphersuites_method_tls_connection + ssl_ctx = OpenSSL::SSL::SSLContext.new + if !tls13_supported? || !ssl_ctx.respond_to?(:ciphersuites=) + pend 'TLS 1.3 not supported' + end + + csuite = ['TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128, 128] + inputs = [csuite[0], [csuite[0]], [csuite]] + + start_server do |port| + inputs.each do |input| + cli_ctx = OpenSSL::SSL::SSLContext.new + cli_ctx.min_version = cli_ctx.max_version = OpenSSL::SSL::TLS1_3_VERSION + cli_ctx.ciphersuites = input + + server_connect(port, cli_ctx) do |ssl| + assert_equal('TLSv1.3', ssl.ssl_version) + assert_equal(csuite[0], ssl.cipher[0]) + ssl.puts('abc'); assert_equal("abc\n", ssl.gets) + end + end + end + end + + def test_ciphersuites_method_nil_argument + ssl_ctx = OpenSSL::SSL::SSLContext.new + pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=) + + assert_nothing_raised { ssl_ctx.ciphersuites = nil } + end + + def test_ciphersuites_method_frozen_object + ssl_ctx = OpenSSL::SSL::SSLContext.new + pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=) + + ssl_ctx.freeze + assert_raise(FrozenError) { ssl_ctx.ciphersuites = 'TLS_AES_256_GCM_SHA384' } + end + + def test_ciphersuites_method_bogus_csuite + ssl_ctx = OpenSSL::SSL::SSLContext.new + pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=) + + assert_raise_with_message( + OpenSSL::SSL::SSLError, + /SSL_CTX_set_ciphersuites: no cipher match/i + ) { ssl_ctx.ciphersuites = 'BOGUS' } + end + + def test_ciphers_method_tls_connection + csuite = ['ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256, 256] + inputs = [csuite[0], [csuite[0]], [csuite]] + + start_server do |port| + inputs.each do |input| + cli_ctx = OpenSSL::SSL::SSLContext.new + cli_ctx.min_version = cli_ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION + cli_ctx.ciphers = input + + server_connect(port, cli_ctx) do |ssl| + assert_equal('TLSv1.2', ssl.ssl_version) + assert_equal(csuite[0], ssl.cipher[0]) + ssl.puts('abc'); assert_equal("abc\n", ssl.gets) + end + end + end + end + + def test_ciphers_method_nil_argument + ssl_ctx = OpenSSL::SSL::SSLContext.new + assert_nothing_raised { ssl_ctx.ciphers = nil } + end + + def test_ciphers_method_frozen_object + ssl_ctx = OpenSSL::SSL::SSLContext.new + + ssl_ctx.freeze + assert_raise(FrozenError) { ssl_ctx.ciphers = 'ECDHE-RSA-AES128-SHA' } + end + + def test_ciphers_method_bogus_csuite + ssl_ctx = OpenSSL::SSL::SSLContext.new + + assert_raise_with_message( + OpenSSL::SSL::SSLError, + /SSL_CTX_set_cipher_list: no cipher match/i + ) { ssl_ctx.ciphers = 'BOGUS' } + end + def test_connect_works_when_setting_dh_callback_to_nil ctx_proc = -> ctx { ctx.max_version = :TLS1_2 |