diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-11-28 23:37:01 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-11-29 00:01:24 +0900 |
commit | 33b02f363b1a090fdcc4d0691cff7e2db1fbcf27 (patch) | |
tree | 02336192f02b43d924f14999626b84bbbbd318cc /test | |
parent | e94d3f3f2aef96a632ba0bf50e1a84f3c82a3825 (diff) | |
download | ruby-openssl-33b02f363b1a090fdcc4d0691cff7e2db1fbcf27.tar.gz |
ssl: make OpenSSL::SSL::SSLContext#freeze an alias of #setuptopic/ssl-make-sslctx-freeze-alias-of-setup
SSLSocket#setup uses the frozen state as "SSL_CTX is already set up".
If an user manually freeze the context, it misunderstands as if #setup
is already called, leading to unexpected behaviors because parameters
the user set won't be actually set to the underlying SSL_CTX and thus
ignored.
Ideally, #setup should go and be replaced with setters. But we don't
do this now because it is not that simple: some of them would produce
new ordering issues, e.g. 'ca_file' property which loads a file into
SSL_CTX::cert_store and 'cert_store' which replaces SSL_CTX::cert_store
would conflict. Fixing this properly would require deprecating 'ca_file'
first.
So, let's take the second best way: make it "just work" instead of
break silently.
Fixes: https://github.com/ruby/openssl/issues/85
Diffstat (limited to 'test')
-rw-r--r-- | test/test_ssl.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 7f0b939c..ccdbf8e1 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -1252,6 +1252,18 @@ end sock2.close end + def test_freeze_calls_setup + bug = "[ruby/openssl#85]" + start_server(ignore_listener_error: true) { |server, port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER + ctx.freeze + assert_raise(OpenSSL::SSL::SSLError, bug) { + server_connect(port, ctx) + } + } + end + private def start_server_version(version, ctx_proc = nil, |