diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-06-09 15:05:50 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-06-09 15:21:14 +0900 |
commit | 2267c7478dfd2d120008b2b97ae484fa11a78d26 (patch) | |
tree | 59ece4c54fa409eb439e7bb5b4be150db2426e7f /test | |
parent | c99c41a1d5e13468290b8a974fd12063bf992f2a (diff) | |
parent | 3f037dc1b4717b63ad293356477768a011cb5473 (diff) | |
download | ruby-openssl-2267c7478dfd2d120008b2b97ae484fa11a78d26.tar.gz |
Merge changes from Ruby trunk r55224..r55335
And adjust tests for test-unit.
* ruby-trunk r55224..r55335: (16 commits)
(r55335) openssl: fix build with OpenSSL 1.1.0 and no pkg-config
(r55314) openssl: adjust tests for OpenSSL 1.1.0
(r55309) openssl: add SSL::SSLContext#security_level{=,}
(r55304) openssl: avoid deprecated version-specific ssl methods if n..
(r55294) openssl: fix free function of OpenSSL::Cipher
(r55291) openssl: fix compile on VC
(r55289) openssl: use SSL_is_server()
(r55288) openssl: avoid d2i_ASN1_BOOLEAN()
(r55287) openssl: adapt to OpenSSL 1.1.0 opaque structs
(r55285) openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
(r55283) openssl: support OpenSSL 1.1.0's new multi-threading API
(r55282) openssl: check existence of RAND_pseudo_bytes()
(r55273) openssl: avoid deprecated BN_*prime* functions
(r55252) ossl_asn1.c: check overflow
(r55249) openssl: fix the Year 2038 problem
(r55229) openssl: add missing test for r55219
Sync-with-trunk: r55335
Diffstat (limited to 'test')
-rw-r--r-- | test/envutil.rb | 7 | ||||
-rw-r--r-- | test/test_asn1.rb | 8 | ||||
-rw-r--r-- | test/test_digest.rb | 6 | ||||
-rw-r--r-- | test/test_engine.rb | 114 | ||||
-rw-r--r-- | test/test_hmac.rb | 7 | ||||
-rw-r--r-- | test/test_pair.rb | 17 | ||||
-rw-r--r-- | test/test_pkey_dsa.rb | 6 | ||||
-rw-r--r-- | test/test_pkey_ec.rb | 4 | ||||
-rw-r--r-- | test/test_random.rb | 3 | ||||
-rw-r--r-- | test/test_ssl.rb | 30 | ||||
-rw-r--r-- | test/test_ssl_session.rb | 8 | ||||
-rw-r--r-- | test/test_x509cert.rb | 2 | ||||
-rw-r--r-- | test/test_x509name.rb | 5 | ||||
-rw-r--r-- | test/test_x509req.rb | 2 | ||||
-rw-r--r-- | test/utils.rb | 21 |
15 files changed, 166 insertions, 74 deletions
diff --git a/test/envutil.rb b/test/envutil.rb index 39d13301..ac2a3c0c 100644 --- a/test/envutil.rb +++ b/test/envutil.rb @@ -368,9 +368,10 @@ module Test line -= 5 # lines until src src = <<eom # -*- coding: #{src.encoding}; -*- - require #{__dir__.dump}'/test/unit';include Test::Unit::Assertions + require 'test/unit';include Test::Unit::Assertions END { - puts [Marshal.dump($!)].pack('m'), "assertions=\#{self._assertions}" + puts [Marshal.dump($!)].pack('m')#, "assertions=\#{self._assertions}" + exit } #{src} class Test::Unit::Runner @@ -382,7 +383,7 @@ eom stdout, stderr, status = EnvUtil.invoke_ruby(args, src, true, true, **opt) abort = status.coredump? || (status.signaled? && ABORT_SIGNALS.include?(status.termsig)) assert(!abort, FailDesc[status, nil, stderr]) - self._assertions += stdout[/^assertions=(\d+)/, 1].to_i + #self._assertions += stdout[/^assertions=(\d+)/, 1].to_i begin res = Marshal.load(stdout.unpack("m")[0]) rescue => marshal_error diff --git a/test/test_asn1.rb b/test/test_asn1.rb index 9db9ec51..96c0859c 100644 --- a/test/test_asn1.rb +++ b/test/test_asn1.rb @@ -272,6 +272,14 @@ rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoombwYBRIUChGCYV0GnJcan2Zm assert_equal expected, OpenSSL::ASN1.decode("\x17\r130722232317Z").value end + def test_encode_utctime_2k38 + encoded = OpenSSL::ASN1::UTCTime(2 ** 31 - 1).to_der + assert_equal 2 ** 31 - 1, OpenSSL::ASN1.decode(encoded).value.to_i + + encoded = OpenSSL::ASN1::UTCTime(2 ** 31).to_der + assert_equal 2 ** 31, OpenSSL::ASN1.decode(encoded).value.to_i + end + def test_create_inf_length_primitive expected = %w{ 24 80 04 01 61 00 00 } raw = [expected.join('')].pack('H*') diff --git a/test/test_digest.rb b/test/test_digest.rb index ba3e974b..51fc03bb 100644 --- a/test/test_digest.rb +++ b/test/test_digest.rb @@ -59,9 +59,9 @@ class OpenSSL::TestDigest < OpenSSL::TestCase end def test_digest_constants - algs = %w(DSS1 MD4 MD5 RIPEMD160 SHA1) - if !libressl? || !version_since([2,3]) - algs += %w(SHA) + algs = %w(MD4 MD5 RIPEMD160 SHA1) + if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000 + algs += %w(DSS1 SHA) end if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000 algs += %w(SHA224 SHA256 SHA384 SHA512) diff --git a/test/test_engine.rb b/test/test_engine.rb index 9a0da340..77f6e1a9 100644 --- a/test/test_engine.rb +++ b/test/test_engine.rb @@ -3,75 +3,93 @@ require_relative 'utils' class OpenSSL::TestEngine < OpenSSL::TestCase - def teardown - super - OpenSSL::Engine.cleanup # [ruby-core:40669] - assert_equal(0, OpenSSL::Engine.engines.size) - end - def test_engines_free # [ruby-dev:44173] - OpenSSL::Engine.load("openssl") - OpenSSL::Engine.engines - OpenSSL::Engine.engines + with_openssl <<-'end;' + OpenSSL::Engine.load("openssl") + OpenSSL::Engine.engines + OpenSSL::Engine.engines + end; end def test_openssl_engine_builtin - engine = OpenSSL::Engine.load("openssl") - assert_equal(true, engine) - assert_equal(1, OpenSSL::Engine.engines.size) + with_openssl <<-'end;' + engine = OpenSSL::Engine.load("openssl") + assert_equal(true, engine) + assert_equal(1, OpenSSL::Engine.engines.size) + end; end def test_openssl_engine_by_id_string - engine = get_engine - assert_not_nil(engine) - assert_equal(1, OpenSSL::Engine.engines.size) + with_openssl <<-'end;' + engine = get_engine + assert_not_nil(engine) + assert_equal(1, OpenSSL::Engine.engines.size) + end; end def test_openssl_engine_id_name_inspect - engine = get_engine - assert_equal("openssl", engine.id) - assert_not_nil(engine.name) - assert_not_nil(engine.inspect) + with_openssl <<-'end;' + engine = get_engine + assert_equal("openssl", engine.id) + assert_not_nil(engine.name) + assert_not_nil(engine.inspect) + end; end def test_openssl_engine_digest_sha1 - engine = get_engine - digest = engine.digest("SHA1") - assert_not_nil(digest) - data = "test" - assert_equal(OpenSSL::Digest::SHA1.digest(data), digest.digest(data)) + with_openssl <<-'end;' + engine = get_engine + digest = engine.digest("SHA1") + assert_not_nil(digest) + data = "test" + assert_equal(OpenSSL::Digest::SHA1.digest(data), digest.digest(data)) + end; end def test_openssl_engine_cipher_rc4 - engine = get_engine - algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e) - data = "a" * 1000 - key = OpenSSL::Random.random_bytes(16) - # suppress message from openssl Engine's RC4 cipher [ruby-core:41026] - err_back = $stderr.dup - $stderr.reopen(IO::NULL) - encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) } - decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) } - assert_equal(data, decrypted) - ensure - if err_back - $stderr.reopen(err_back) - err_back.close - end + with_openssl <<-'end;' + begin + engine = get_engine + algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e) + data = "a" * 1000 + key = OpenSSL::Random.random_bytes(16) + # suppress message from openssl Engine's RC4 cipher [ruby-core:41026] + err_back = $stderr.dup + $stderr.reopen(IO::NULL) + encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) } + decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) } + assert_equal(data, decrypted) + ensure + if err_back + $stderr.reopen(err_back) + err_back.close + end + end + end; end private - def get_engine - OpenSSL::Engine.by_id("openssl") + # this is required because OpenSSL::Engine methods change global state + def with_openssl(code) + assert_separately(["-ropenssl"], <<~"end;") + require #{__FILE__.dump} + include OpenSSL::TestEngine::Utils + #{code} + end; end - def crypt_data(data, key, mode) - cipher = yield - cipher.send mode - cipher.key = key - cipher.update(data) + cipher.final - end + module Utils + def get_engine + OpenSSL::Engine.by_id("openssl") + end -end if defined?(OpenSSL::TestUtils) + def crypt_data(data, key, mode) + cipher = yield + cipher.send mode + cipher.key = key + cipher.update(data) + cipher.final + end + end +end if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::Engine) diff --git a/test/test_hmac.rb b/test/test_hmac.rb index 3c90a5de..dd58e4ac 100644 --- a/test/test_hmac.rb +++ b/test/test_hmac.rb @@ -36,4 +36,11 @@ class OpenSSL::TestHMAC < OpenSSL::TestCase result = hmac.update(data).hexdigest assert_equal "a13984b929a07912e4e21c5720876a8e150d6f67f854437206e7f86547248396", result end + + def test_reset_keep_key + first = @h1.update("test").hexdigest + @h2.reset + second = @h2.update("test").hexdigest + assert_equal first, second + end end if defined?(OpenSSL::TestUtils) diff --git a/test/test_pair.rb b/test/test_pair.rb index c8770690..88e52a71 100644 --- a/test/test_pair.rb +++ b/test/test_pair.rb @@ -12,6 +12,7 @@ module OpenSSL::SSLPairM port = 0 ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" + ctx.security_level = 0 ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } tcps = create_tcp_server(host, port) ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) @@ -22,6 +23,7 @@ module OpenSSL::SSLPairM host = "127.0.0.1" ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" + ctx.security_level = 0 s = create_tcp_client(host, port) ssl = OpenSSL::SSL::SSLSocket.new(s, ctx) ssl.connect @@ -324,6 +326,7 @@ module OpenSSL::TestPairM def test_connect_works_when_setting_dh_callback_to_nil ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" + ctx2.security_level = 0 ctx2.tmp_dh_callback = nil sock1, sock2 = tcp_pair s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) @@ -331,6 +334,7 @@ module OpenSSL::TestPairM ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 ctx1.tmp_dh_callback = nil s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) t = Thread.new { s1.connect } @@ -350,12 +354,14 @@ module OpenSSL::TestPairM def test_connect_without_setting_dh_callback ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" + ctx2.security_level = 0 sock1, sock2 = tcp_pair s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) accepted = s2.accept_nonblock(exception: false) ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) t = Thread.new { s1.connect } @@ -378,6 +384,8 @@ module OpenSSL::TestPairM called = false ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "ECDH" + # OpenSSL 1.1.0 doesn't have tmp_ecdh_callback so this shouldn't be required + ctx2.security_level = 0 ctx2.tmp_ecdh_callback = ->(*args) { called = true OpenSSL::PKey::EC.new "prime256v1" @@ -388,6 +396,7 @@ module OpenSSL::TestPairM s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "ECDH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) th = Thread.new do @@ -406,7 +415,7 @@ module OpenSSL::TestPairM assert called, 'ecdh callback should be called' rescue OpenSSL::SSL::SSLError => e if e.message =~ /no cipher match/ - skip "ECDH cipher not supported." + pend "ECDH cipher not supported." else raise e end @@ -426,11 +435,13 @@ module OpenSSL::TestPairM ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "ECDH" ctx1.ecdh_curves = "P-384:P-521" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "ECDH" ctx2.ecdh_curves = "P-256:P-384" + ctx2.security_level = 0 s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) th = Thread.new { s1.accept } @@ -451,6 +462,7 @@ module OpenSSL::TestPairM def test_connect_accept_nonblock_no_exception ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "ADH" + ctx2.security_level = 0 ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } sock1, sock2 = tcp_pair @@ -461,6 +473,7 @@ module OpenSSL::TestPairM ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "ADH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) th = Thread.new do rets = [] @@ -499,6 +512,7 @@ module OpenSSL::TestPairM def test_connect_accept_nonblock ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" + ctx.security_level = 0 ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } sock1, sock2 = tcp_pair @@ -522,6 +536,7 @@ module OpenSSL::TestPairM sleep 0.1 ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" + ctx.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx) begin sleep 0.2 diff --git a/test/test_pkey_dsa.rb b/test/test_pkey_dsa.rb index 680a1239..211c0342 100644 --- a/test/test_pkey_dsa.rb +++ b/test/test_pkey_dsa.rb @@ -39,7 +39,7 @@ class OpenSSL::TestPKeyDSA < OpenSSL::TestCase def test_sign_verify check_sign_verify(OpenSSL::Digest::DSS1.new) - end + end if defined?(OpenSSL::Digest::DSS1) if (OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000) def test_sign_verify_sha1 @@ -53,8 +53,8 @@ end def test_digest_state_irrelevant_verify key = OpenSSL::TestUtils::TEST_KEY_DSA256 - digest1 = OpenSSL::Digest::DSS1.new - digest2 = OpenSSL::Digest::DSS1.new + digest1 = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new + digest2 = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new data = 'Sign me!' sig = key.sign(digest1, data) digest1.reset diff --git a/test/test_pkey_ec.rb b/test/test_pkey_ec.rb index 4161e9b0..e05b70ac 100644 --- a/test/test_pkey_ec.rb +++ b/test/test_pkey_ec.rb @@ -12,12 +12,14 @@ class OpenSSL::TestEC < OpenSSL::TestCase @keys = [] OpenSSL::PKey::EC.builtin_curves.each do |curve, comment| - next if curve.start_with?("Oakley") # Oakley curves are not suitable for ECDSA group = OpenSSL::PKey::EC::Group.new(curve) key = OpenSSL::PKey::EC.new(group) key.generate_key! + # Oakley curves and X25519 are not suitable for signing + next if ["Oakley", "X25519"].any? { |n| curve.start_with?(n) } + @groups << group @keys << key end diff --git a/test/test_random.rb b/test/test_random.rb index ca8427f7..60794619 100644 --- a/test/test_random.rb +++ b/test/test_random.rb @@ -8,7 +8,8 @@ class OpenSSL::TestRandom < OpenSSL::TestCase end def test_pseudo_bytes + # deprecated as of OpenSSL 1.1.0 assert_equal("", OpenSSL::Random.pseudo_bytes(0)) assert_equal(12, OpenSSL::Random.pseudo_bytes(12).bytesize) - end + end if OpenSSL::Random.methods.include?(:pseudo_bytes) end if defined?(OpenSSL::TestCase) diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 164a6aac..e7f3348c 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -405,7 +405,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ciphers = ctx.ciphers ciphers_versions = ciphers.collect{|_, v, _, _| v } ciphers_names = ciphers.collect{|v, _, _, _| v } - assert(ciphers_names.all?{|v| /ADH/ !~ v }) + assert(ciphers_names.all?{|v| /A(EC)?DH/ !~ v }) assert(ciphers_versions.all?{|v| /SSLv2/ !~ v }) ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true @@ -424,6 +424,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase start_server(OpenSSL::SSL::VERIFY_NONE, true, {use_anon_cipher: true}){|server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.ciphers = "aNULL" + ctx.security_level = 0 server_connect(port, ctx) { |ssl| msg = "Peer verification enabled, but no certificate received. Anonymous cipher suite " \ "ADH-AES256-GCM-SHA384 was negotiated. Anonymous suites must be disabled to use peer verification." @@ -687,6 +688,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx3 = OpenSSL::SSL::SSLContext.new ctx3.ciphers = "DH" + ctx3.security_level = 0 ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" @@ -698,6 +700,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) s1.hostname = hostname @@ -720,6 +723,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" + ctx2.security_level = 0 ctx2.servername_cb = lambda { |args| Object.new } sock1, sock2 = socketpair @@ -728,6 +732,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) s1.hostname = hostname @@ -752,6 +757,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx3 = OpenSSL::SSL::SSLContext.new ctx3.ciphers = "DH" + ctx3.security_level = 0 assert_not_predicate ctx3, :frozen? ctx2 = OpenSSL::SSL::SSLContext.new @@ -764,6 +770,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) s1.hostname = hostname @@ -785,6 +792,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" + ctx2.security_level = 0 ctx2.servername_cb = lambda { |args| nil } sock1, sock2 = socketpair @@ -793,6 +801,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) s1.hostname = hostname @@ -815,6 +824,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" + ctx2.security_level = 0 ctx2.servername_cb = lambda do |args| cb_socket = args[0] lambda_called = args[1] @@ -827,6 +837,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) s1.hostname = hostname @@ -1171,6 +1182,7 @@ end # test it doesn't cause a segmentation fault ctx = OpenSSL::SSL::SSLContext.new ctx.ciphers = "aNULL" + ctx.security_level = 0 sock1, sock2 = socketpair ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx) @@ -1218,6 +1230,22 @@ end end end + def test_security_level + ctx = OpenSSL::SSL::SSLContext.new + begin + ctx.security_level = 1 + rescue NotImplementedError + assert_equal(0, ctx.security_level) + return + end + assert_equal(1, ctx.security_level) + # assert_raise(OpenSSL::SSL::SSLError) { ctx.key = OpenSSL::TestUtils::TEST_KEY_DSA512 } + # ctx.key = OpenSSL::TestUtils::TEST_KEY_RSA1024 + # ctx.security_level = 2 + # assert_raise(OpenSSL::SSL::SSLError) { ctx.key = OpenSSL::TestUtils::TEST_KEY_RSA1024 } + pend "FIXME: SSLContext#key= currently does not raise because SSL_CTX_use_certificate() is delayed" + end + private def start_server_version(version, ctx_proc=nil, server_proc=nil, &blk) diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb index cdcab02f..84686f6b 100644 --- a/test/test_ssl_session.rb +++ b/test/test_ssl_session.rb @@ -211,25 +211,25 @@ __EOS__ assert_equal(stats[:cache_misses], 0) assert(ssl.session_reused?) ctx.session_remove(session) - saved_session = session + saved_session = session.to_der when 2 assert_equal(stats[:cache_num], 1) assert_equal(stats[:cache_hits], 1) assert_equal(stats[:cache_misses], 1) assert(!ssl.session_reused?) - ctx.session_add(saved_session) + ctx.session_add(OpenSSL::SSL::Session.new(saved_session)) when 3 assert_equal(stats[:cache_num], 2) assert_equal(stats[:cache_hits], 2) assert_equal(stats[:cache_misses], 1) assert(ssl.session_reused?) - ctx.flush_sessions(Time.now + 5000) + ctx.flush_sessions(Time.now + 10000) when 4 assert_equal(stats[:cache_num], 1) assert_equal(stats[:cache_hits], 2) assert_equal(stats[:cache_misses], 2) assert(!ssl.session_reused?) - ctx.session_add(saved_session) + ctx.session_add(OpenSSL::SSL::Session.new(saved_session)) end connections += 1 diff --git a/test/test_x509cert.rb b/test/test_x509cert.rb index ae7a0f08..269d0172 100644 --- a/test/test_x509cert.rb +++ b/test/test_x509cert.rb @@ -168,7 +168,7 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) rescue OpenSSL::X509::CertificateError - end + end if defined?(OpenSSL::Digest::DSS1) def test_sign_and_verify_dsa_md5 assert_raise(OpenSSL::X509::CertificateError){ diff --git a/test/test_x509name.rb b/test/test_x509name.rb index d26174ef..b87d415d 100644 --- a/test/test_x509name.rb +++ b/test/test_x509name.rb @@ -5,11 +5,6 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Name < OpenSSL::TestCase - OpenSSL::ASN1::ObjectId.register( - "1.2.840.113549.1.9.1", "emailAddress", "emailAddress") - OpenSSL::ASN1::ObjectId.register( - "2.5.4.5", "serialNumber", "serialNumber") - def setup @obj_type_tmpl = Hash.new(OpenSSL::ASN1::PRINTABLESTRING) @obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE) diff --git a/test/test_x509req.rb b/test/test_x509req.rb index c473b47a..287e2c18 100644 --- a/test/test_x509req.rb +++ b/test/test_x509req.rb @@ -140,7 +140,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase assert_equal(false, req.verify(@rsa1024)) rescue OpenSSL::X509::RequestError pend - end + end if defined?(OpenSSL::Digest::DSS1) def test_sign_and_verify_dsa_md5 assert_raise(OpenSSL::X509::RequestError){ diff --git a/test/utils.rb b/test/utils.rb index b6cf6377..88a02391 100644 --- a/test/utils.rb +++ b/test/utils.rb @@ -86,6 +86,21 @@ Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S -----END DSA PRIVATE KEY----- _end_of_pem_ + TEST_KEY_DSA1024 = OpenSSL::PKey::DSA.new <<-_end_of_pem_ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBAAKBgQCH9aAoXvWWThIjkA6D+nI1F9ksF9iDq594rkiGNOT9sPDOdB+n +D+qeeeeloRlj19ymCSADPI0ZLRgkchkAEnY2RnqnhHOjVf/roGgRbW+iQDMbQ9wa +/pvc6/fAbsu1goE1hBYjm98/sZEeXavj8tR56IXnjF1b6Nx0+sgeUKFKEQIVAMiz +4BJUFeTtddyM4uadBM7HKLPRAoGAZdLBSYNGiij7vAjesF5mGUKTIgPd+JKuBEDx +OaBclsgfdoyoF/TMOkIty+PVlYD+//Vl2xnoUEIRaMXHwHfm0r2xUX++oeRaSScg +YizJdUxe5jvBuBszGPRc/mGpb9YvP0sB+FL1KmuxYmdODfCe51zl8uM/CVhouJ3w +DjmRGscCgYAuFlfC7p+e8huCKydfcv/beftqjewiOPpQ3u5uI6KPCtCJPpDhs3+4 +IihH2cPsAlqwGF4tlibW1+/z/OZ1AZinPK3y7b2jSJASEaPeEltVzB92hcd1khk2 +jTYcmSsV4VddplOPK9czytR/GbbibxsrhhgZUbd8LPbvIgaiadJ1PgIUBnJ/5vN2 +CVArsEzlPUCbohPvZnE= +-----END DSA PRIVATE KEY----- + _end_of_pem_ + if defined?(OpenSSL::PKey::EC) TEST_KEY_EC_P256V1 = OpenSSL::PKey::EC.new <<-_end_of_pem_ @@ -106,7 +121,8 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC -----END DH PARAMETERS----- _end_of_pem_ - TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16) + TEST_KEY_DH1024.set_key(OpenSSL::BN.new("556AF1598AE69899867CEBA9F29CE4862B884C2B43C9019EA0231908F6EFA785E3C462A6ECB16DF676866E997FFB72B487DC7967C58C3CA38CE974473BF19B2AA5DCBF102735572EBA6F353F6F0BBE7FF1DE1B07FE1381A355C275C33405004317F9491B5955F191F6615A63B30E55A027FB88A1A4B25608E09EEE68A7DF32D", 16), + OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)) DSA_SIGNATURE_DIGEST = OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000 ? OpenSSL::Digest::SHA1 : @@ -196,7 +212,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC def setup @ca_key = OpenSSL::TestUtils::TEST_KEY_RSA2048 @svr_key = OpenSSL::TestUtils::TEST_KEY_RSA1024 - @cli_key = OpenSSL::TestUtils::TEST_KEY_DSA256 + @cli_key = OpenSSL::TestUtils::TEST_KEY_DSA1024 @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") @svr = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost") @cli = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost") @@ -277,6 +293,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT ctx = OpenSSL::SSL::SSLContext.new ctx.ciphers = "ADH-AES256-GCM-SHA384" if use_anon_cipher + ctx.security_level = 0 if use_anon_cipher ctx.cert_store = store #ctx.extra_chain_cert = [ ca_cert ] ctx.cert = @svr_cert |