diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-08 16:39:36 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-08 18:08:03 +0900 |
| commit | 3e5a009966bd7f806f7180d82cf830a04be28986 (patch) | |
| tree | aede31ead0aa817b4066ffc70211371700f27f47 /test | |
| parent | 579afc4584840644b23b7ccd640d62683fd725e5 (diff) | |
| download | ruby-openssl-3e5a009966bd7f806f7180d82cf830a04be28986.tar.gz | |
ssl: remove unsupported TLS versions from SSLContext::METHODS
Check for all version-specific SSL methods. We do check for existence of
TLSv1_1_method() and TLSv1_2_method(), but not for TLSv1_method(). This
fixes compile error when OpenSSL is configured with no-tls1-method.
Also check the OPENSSL_NO_TLS{1,1_1,1_2} macros for whether OpenSSL
supports the corresponding versions or not. This prevents :TLSv1 from
being in SSLContext::METHODS when OpenSSL is compiled with no-tls1.
In particular, Debian sid has disabled TLS 1.0/1.1 support recently.
The changes in ext/openssl are partial backport of 4eb4b3297a92 ("Remove
support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
Diffstat (limited to 'test')
| -rw-r--r-- | test/test_ssl.rb | 4 | ||||
| -rw-r--r-- | test/test_ssl_session.rb | 6 |
2 files changed, 4 insertions, 6 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index b3efe95a..8c65df95 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -810,7 +810,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) && OpenSSL::SSL::SSLContex end -if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1 +if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) def test_tls_v1_1 start_server_version(:TLSv1_1) { |server, port| @@ -837,7 +837,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1 end -if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2 +if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1) def test_tls_v1_2 start_server_version(:TLSv1_2) { |server, port| diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb index b2643edd..7a99dca5 100644 --- a/test/test_ssl_session.rb +++ b/test/test_ssl_session.rb @@ -48,7 +48,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM= Timeout.timeout(5) do start_server do |server, port| sock = TCPSocket.new("127.0.0.1", port) - ctx = OpenSSL::SSL::SSLContext.new("TLSv1") + ctx = OpenSSL::SSL::SSLContext.new ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true ssl.connect @@ -157,9 +157,7 @@ __EOS__ start_server do |server, port| 2.times do sock = TCPSocket.new("127.0.0.1", port) - # Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?), - # when use default SSLContext. [ruby-dev:36167] - ctx = OpenSSL::SSL::SSLContext.new("TLSv1") + ctx = OpenSSL::SSL::SSLContext.new ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true ssl.session = last_session if last_session |