diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-28 22:20:51 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-09-03 11:22:54 +0900 |
commit | 5653599e150bd92d8631858fe6e0def1f9a3c33d (patch) | |
tree | a257929b8e5e099f6a9fcd02790d76e065a26597 /test | |
parent | 18603949d3161e109803b7c379936c3a487ef8d0 (diff) | |
download | ruby-openssl-5653599e150bd92d8631858fe6e0def1f9a3c33d.tar.gz |
ssl: rework SSLContext#ssl_version=
Reimplement SSLContext#ssl_version= as a wrapper around
SSLContext#min_version= and #max_version=.
SSLContext#ssl_version= used to call SSL_CTX_set_ssl_version() which
replaces the SSL method used for the connections created from the SSL
context. This is mainly used for forcing a specific SSL/TLS protocol
version.
As of OpenSSL 1.1.0, however, use of the version-specific SSL methods
such as TLSv1_method() is deprecated. Follow the current recommendation
-- to use the generic SSL method always and to control the supported
version range by SSL_CTX_set_{min,max}_proto_version(). Actually, we
have already started doing a similar thing when the extension is
compiled with OpenSSL 1.1.0.
OpenSSL::SSL::SSLContext::METHODS, which contained the possible names of
SSL methods, is not useful anymore. It is now deprecate_constant-ed.
Diffstat (limited to 'test')
-rw-r--r-- | test/test_ssl.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 0bf2352c..3f17ab0d 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -969,6 +969,17 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end end + def test_ssl_methods_constant + EnvUtil.suppress_warning { # Deprecated in v2.1.0 + base = [:TLSv1_2, :TLSv1_1, :TLSv1, :SSLv3, :SSLv2, :SSLv23] + base.each do |name| + assert_include OpenSSL::SSL::SSLContext::METHODS, name + assert_include OpenSSL::SSL::SSLContext::METHODS, :"#{name}_client" + assert_include OpenSSL::SSL::SSLContext::METHODS, :"#{name}_server" + end + } + end + def test_renegotiation_cb num_handshakes = 0 renegotiation_cb = Proc.new { |ssl| num_handshakes += 1 } |