diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-13 23:26:12 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-24 21:01:09 +0900 |
commit | 9e2b5dc78a4e123425b4ff5eb30e64dd37ad9fb8 (patch) | |
tree | e7c57192e8a94b47dca11cf95b01454cd8889d62 /test | |
parent | 8fea1ed5ede36a5b7269698a0718b186fb101fbf (diff) | |
download | ruby-openssl-9e2b5dc78a4e123425b4ff5eb30e64dd37ad9fb8.tar.gz |
test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
Add methods that check whether the running OpenSSL is an OpenSSL or a
LibreSSL, and optionally check whether the version is newer or equal to
the given version number.
Diffstat (limited to 'test')
-rw-r--r-- | test/test_digest.rb | 65 | ||||
-rw-r--r-- | test/test_ocsp.rb | 2 | ||||
-rw-r--r-- | test/test_pkey_dsa.rb | 2 | ||||
-rw-r--r-- | test/test_ssl.rb | 7 | ||||
-rw-r--r-- | test/test_ssl_session.rb | 2 | ||||
-rw-r--r-- | test/test_x509name.rb | 1 | ||||
-rw-r--r-- | test/test_x509store.rb | 16 | ||||
-rw-r--r-- | test/utils.rb | 13 |
8 files changed, 49 insertions, 59 deletions
diff --git a/test/test_digest.rb b/test/test_digest.rb index 9891d99a..c8817395 100644 --- a/test/test_digest.rb +++ b/test/test_digest.rb @@ -54,13 +54,10 @@ class OpenSSL::TestDigest < OpenSSL::TestCase end def test_digest_constants - algs = %w(MD4 MD5 RIPEMD160 SHA1) - if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000 + algs = %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512) + if !libressl? && !openssl?(1, 1, 0) algs += %w(DSS1 SHA) end - if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000 - algs += %w(SHA224 SHA256 SHA384 SHA512) - end algs.each do |alg| assert_not_nil(OpenSSL::Digest.new(alg)) klass = OpenSSL::Digest.const_get(alg) @@ -73,34 +70,32 @@ class OpenSSL::TestDigest < OpenSSL::TestCase check_digest(OpenSSL::ASN1::ObjectId.new("SHA1")) end - if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000 - def encode16(str) - str.unpack("H*").first - end + def encode16(str) + str.unpack("H*").first + end - def test_098_features - sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5" - sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb" - sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31" - sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75" - - assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a")) - assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a")) - assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a")) - assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a")) - - assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a"))) - assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a"))) - assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a"))) - assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a"))) - end + def test_sha2 + sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5" + sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb" + sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31" + sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75" + + assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a")) + assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a")) + assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a")) + assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a")) + + assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a"))) + assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a"))) + assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a"))) + assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a"))) + end - def test_digest_by_oid_and_name_sha2 - check_digest(OpenSSL::ASN1::ObjectId.new("SHA224")) - check_digest(OpenSSL::ASN1::ObjectId.new("SHA256")) - check_digest(OpenSSL::ASN1::ObjectId.new("SHA384")) - check_digest(OpenSSL::ASN1::ObjectId.new("SHA512")) - end + def test_digest_by_oid_and_name_sha2 + check_digest(OpenSSL::ASN1::ObjectId.new("SHA224")) + check_digest(OpenSSL::ASN1::ObjectId.new("SHA256")) + check_digest(OpenSSL::ASN1::ObjectId.new("SHA384")) + check_digest(OpenSSL::ASN1::ObjectId.new("SHA512")) end def test_openssl_digest @@ -121,14 +116,6 @@ class OpenSSL::TestDigest < OpenSSL::TestCase d = OpenSSL::Digest.new(oid.oid) assert_not_nil(d) end - - def libressl? - OpenSSL::OPENSSL_VERSION.include?('LibreSSL') - end - - def version_since(verary) - (OpenSSL::OPENSSL_LIBRARY_VERSION.scan(/\d+/).map(&:to_i) <=> verary) != -1 - end end end diff --git a/test/test_ocsp.rb b/test/test_ocsp.rb index 865bb523..0440634a 100644 --- a/test/test_ocsp.rb +++ b/test/test_ocsp.rb @@ -122,7 +122,7 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase assert_equal true, req.verify([@cert], store, OpenSSL::OCSP::NOINTERN) ret = req.verify([@cert], store) - if ret || OpenSSL::OPENSSL_VERSION =~ /OpenSSL/ && OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10002000 + if ret || openssl?(1, 0, 2) || libressl?(2, 4, 2) assert_equal true, ret else # RT2560; OCSP_request_verify() does not find signer cert from 'certs' when diff --git a/test/test_pkey_dsa.rb b/test/test_pkey_dsa.rb index 3fb4dc4c..474f2388 100644 --- a/test/test_pkey_dsa.rb +++ b/test/test_pkey_dsa.rb @@ -41,7 +41,7 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase assert_equal true, dsa512.verify(OpenSSL::Digest::DSS1.new, signature, data) end - return if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x010000000 + return unless openssl?(1, 0, 0) signature = dsa512.sign("SHA1", data) assert_equal true, dsa512.verify("SHA1", signature, data) diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 3917793e..872dd226 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -839,7 +839,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) && OpenSSL::SSL::SSLCont ctx.ssl_version = :TLSv1_2_client server_connect(port, ctx) { |ssl| assert_equal("TLSv1.2", ssl.ssl_version) } } - end if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10001000 + end def test_forbid_tls_v1_1_for_client ctx_proc = Proc.new { |ctx| ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_TLSv1_1 } @@ -888,7 +888,7 @@ end } end -if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10002000 +if openssl?(1, 0, 2) || libressl? def test_alpn_protocol_selection_ary advertised = ["http/1.1", "spdy/2"] ctx_proc = Proc.new { |ctx| @@ -1216,8 +1216,7 @@ end end } - if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10002000 && - !OpenSSL::OPENSSL_VERSION.include?("LibreSSL") + if openssl?(1, 0, 2) || libressl?(2, 5, 1) ctx = OpenSSL::SSL::SSLContext.new ctx.ecdh_curves = "P-256" diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb index d4a8941b..aadbc3b7 100644 --- a/test/test_ssl_session.rb +++ b/test/test_ssl_session.rb @@ -150,7 +150,7 @@ __EOS__ def test_session_exts_read assert(OpenSSL::SSL::Session.new(DUMMY_SESSION)) - end if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x009080bf + end def test_client_session last_session = nil diff --git a/test/test_x509name.rb b/test/test_x509name.rb index 60e8ddb8..c1dacf4f 100644 --- a/test/test_x509name.rb +++ b/test/test_x509name.rb @@ -306,7 +306,6 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase end def test_add_entry_street - return if OpenSSL::OPENSSL_VERSION_NUMBER < 0x009080df # 0.9.8m # openssl/crypto/objects/obj_mac.h 1.83 dn = [ ["DC", "org"], diff --git a/test/test_x509store.rb b/test/test_x509store.rb index 983437e7..b40534c6 100644 --- a/test/test_x509store.rb +++ b/test/test_x509store.rb @@ -209,7 +209,7 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase end def test_set_errors - return if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000 + return if openssl?(1, 1, 0) || libressl? now = Time.now ca1_cert = issue_cert(@ca1, @rsa2048, 1, [], nil, nil) store = OpenSSL::X509::Store.new @@ -225,17 +225,9 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [], ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new) store.add_crl(crl1) - if /0\.9\.8.*-rhel/ =~ OpenSSL::OPENSSL_VERSION - # RedHat is distributing a patched version of OpenSSL that allows - # multiple CRL for a key (multi-crl.patch) - assert_nothing_raised do - store.add_crl(crl2) # add CRL issued by same CA twice. - end - else - assert_raise(OpenSSL::X509::StoreError){ - store.add_crl(crl2) # add CRL issued by same CA twice. - } - end + assert_raise(OpenSSL::X509::StoreError){ + store.add_crl(crl2) # add CRL issued by same CA twice. + } end def test_dup diff --git a/test/utils.rb b/test/utils.rb index 6d551164..b6cca79e 100644 --- a/test/utils.rb +++ b/test/utils.rb @@ -122,6 +122,19 @@ module OpenSSL::TestUtils pkvalue = publickey.value OpenSSL::Digest::SHA1.hexdigest(pkvalue).scan(/../).join(":").upcase end + + def openssl?(major = nil, minor = nil, fix = nil, patch = 0) + return false if OpenSSL::OPENSSL_VERSION.include?("LibreSSL") + return true unless major + OpenSSL::OPENSSL_VERSION_NUMBER >= + major * 0x10000000 + minor * 0x100000 + fix * 0x1000 + patch * 0x10 + end + + def libressl?(major = nil, minor = nil, fix = nil) + version = OpenSSL::OPENSSL_VERSION.scan(/LibreSSL (\d+)\.(\d+)\.(\d+).*/)[0] + return false unless version + !major || (version.map(&:to_i) <=> [major, minor, fix]) >= 0 + end end class OpenSSL::TestCase < Test::Unit::TestCase |