diff options
author | nobu <nobu@ruby-lang.org> | 2016-04-04 15:06:46 +0000 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-31 11:31:27 +0900 |
commit | bd6a4954382b7b742575d5688bd9b93a597bcc24 (patch) | |
tree | 77518e1befc98e83809b62656c556cedba8e84e0 /test | |
parent | b0996b86f60389184a9c9f10040ceb820f2b9401 (diff) | |
download | ruby-openssl-bd6a4954382b7b742575d5688bd9b93a597bcc24.tar.gz |
openssl: Access to ephemeral TLS session key
* ext/openssl/ossl_ssl.c (ossl_ssl_tmp_key): Access to ephemeral
TLS session key in case of forward secrecy cipher. Only
available since OpenSSL 1.0.2. [Fix GH-1318]
* ext/openssl/extconf.rb: Check for SSL_get_server_tmp_key.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
-rw-r--r-- | test/test_ssl.rb | 23 | ||||
-rw-r--r-- | test/utils.rb | 1 |
2 files changed, 24 insertions, 0 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 7132dcc1..db7ce33e 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -1169,6 +1169,29 @@ end } end + def test_get_ephemeral_key + return unless OpenSSL::SSL::SSLSocket.method_defined?(:tmp_key) + ciphers = { + 'ECDHE-RSA-AES128-SHA' => OpenSSL::PKey::EC, + 'DHE-RSA-AES128-SHA' => OpenSSL::PKey::DH, + 'AES128-SHA' => nil + } + conf_proc = Proc.new { |ctx| ctx.ciphers = 'ALL' } + start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => conf_proc) do |server, port| + ciphers.each do |cipher, ephemeral| + ctx = OpenSSL::SSL::SSLContext.new + ctx.ciphers = cipher + server_connect(port, ctx) do |ssl| + if ephemeral + assert_equal(ephemeral, ssl.tmp_key.class) + else + assert_nil(ssl.tmp_key) + end + end + end + end + end + private def start_server_version(version, ctx_proc=nil, server_proc=nil, &blk) diff --git a/test/utils.rb b/test/utils.rb index 2e9b7395..8e21b977 100644 --- a/test/utils.rb +++ b/test/utils.rb @@ -278,6 +278,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC ctx.cert = @svr_cert ctx.key = @svr_key ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } + ctx.tmp_ecdh_callback = proc { OpenSSL::TestUtils::TEST_KEY_EC_P256V1 } ctx.verify_mode = verify_mode ctx_proc.call(ctx) if ctx_proc |