diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-16 18:10:05 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-16 18:10:05 +0900 |
commit | 241de26fa95161506ddd710341dd760b2f9b136a (patch) | |
tree | baae7a48766512c8f7972793bb19787c6196c3dc /test | |
parent | ea268efa2143799ab3cb53cec285bc61e979b4f2 (diff) | |
parent | b9aea270fbe1b3f8e806e86a28d8a27e242ab251 (diff) | |
download | ruby-openssl-241de26fa95161506ddd710341dd760b2f9b136a.tar.gz |
Merge branch 'topic/ssl-contiditional-explicit-ciphersuites'
* topic/ssl-contiditional-explicit-ciphersuites:
ssl: conditionally set explicit cipher suite list
Diffstat (limited to 'test')
-rw-r--r-- | test/test_ssl.rb | 29 |
1 files changed, 9 insertions, 20 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index b821b2a2..e6964d93 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -413,26 +413,15 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_sslctx_set_params - start_server(OpenSSL::SSL::VERIFY_NONE, true, :ignore_listener_error => true){|server, port| - sock = TCPSocket.new("127.0.0.1", port) - ctx = OpenSSL::SSL::SSLContext.new - ctx.set_params - assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode) - assert_equal(OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options], ctx.options) - ciphers = ctx.ciphers - ciphers_versions = ciphers.collect{|_, v, _, _| v } - ciphers_names = ciphers.collect{|v, _, _, _| v } - assert(ciphers_names.all?{|v| /A(EC)?DH/ !~ v }) - assert(ciphers_versions.all?{|v| /SSLv2/ !~ v }) - ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) - ssl.sync_close = true - begin - assert_raise(OpenSSL::SSL::SSLError){ ssl.connect } - assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result) - ensure - ssl.close - end - } + ctx = OpenSSL::SSL::SSLContext.new + ctx.set_params + assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode) + ciphers = ctx.ciphers + ciphers_versions = ciphers.collect{|_, v, _, _| v } + ciphers_names = ciphers.collect{|v, _, _, _| v } + assert(ciphers_names.all?{|v| /A(EC)?DH/ !~ v }) + assert(ciphers_names.all?{|v| /(RC4|MD5|EXP)/ !~ v }) + assert(ciphers_versions.all?{|v| /SSLv2/ !~ v }) end def test_post_connect_check_with_anon_ciphers |