diff options
-rw-r--r-- | History.md | 13 | ||||
-rw-r--r-- | Rakefile | 9 | ||||
-rw-r--r-- | appveyor.yml | 25 | ||||
-rw-r--r-- | ext/openssl/ossl.c | 26 | ||||
-rw-r--r-- | ext/openssl/ossl_bio.c | 37 | ||||
-rw-r--r-- | ext/openssl/ossl_bio.h | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_config.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_pkcs12.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_pkcs7.c | 14 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_dh.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_dsa.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 6 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_rsa.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl_session.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509cert.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509crl.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509req.c | 2 | ||||
-rw-r--r-- | openssl.gemspec | 2 | ||||
-rw-r--r-- | test/test_pkey_rsa.rb | 11 | ||||
-rw-r--r-- | test/test_ssl.rb | 6 | ||||
-rw-r--r-- | test/test_ssl_session.rb | 6 | ||||
-rw-r--r-- | test/test_x509cert.rb | 9 |
23 files changed, 102 insertions, 84 deletions
@@ -23,6 +23,19 @@ Deprecations ------------ +Version 2.0.5 +============= + +Bug fixes +--------- + +* Reading a PEM/DER-encoded private key or certificate from an IO object did + not work properly on mswin platforms. + [[ruby/openssl#128]](https://github.com/ruby/openssl/issues/128) +* Broken length check in the PEM passphrase callback is fixed. +* It failed to compile when OpenSSL is configured without TLS 1.0 support. + + Version 2.0.4 ============= @@ -34,8 +34,13 @@ task :install_dependencies do gemspec = eval(File.read("openssl.gemspec")) gemspec.development_dependencies.each do |dep| print "Installing #{dep.name} (#{dep.requirement}) ... " - gem = Gem.install(dep.name, dep.requirement, force: true) - puts "#{gem[0].version}" + installed = dep.matching_specs + if installed.empty? + installed = Gem.install(dep.name, dep.requirement) + puts "#{installed[0].version}" + else + puts "(found #{installed[0].version})" + end end end diff --git a/appveyor.yml b/appveyor.yml index ccfbeca7..9ff363fc 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,16 +1,27 @@ --- clone_depth: 10 install: - - SET PATH=C:\Ruby%ruby_version%\bin;%PATH% - - appveyor DownloadFile http://dl.bintray.com/oneclick/OpenKnapsack/x64/openssl-1.0.2j-x64-windows.tar.lzma - - 7z e openssl-1.0.2j-x64-windows.tar.lzma - - 7z x -y -oC:\Ruby%ruby_version% openssl-1.0.2j-x64-windows.tar - - ruby -S rake install_dependencies + - ps: | + $Env:PATH = "C:\Ruby${Env:ruby_version}\bin;${Env:PATH}" + if ($Env:ruby_version -match "^23" ) { + # RubyInstaller; download OpenSSL headers from OpenKnapsack Project + $Env:openssl_dir = "C:\Ruby${Env:ruby_version}" + appveyor DownloadFile http://dl.bintray.com/oneclick/OpenKnapsack/x64/openssl-1.0.2j-x64-windows.tar.lzma + 7z e openssl-1.0.2j-x64-windows.tar.lzma + 7z x -y -oC:\Ruby${Env:ruby_version} openssl-1.0.2j-x64-windows.tar + } else { + # RubyInstaller2; openssl package seems to be installed already + $Env:openssl_dir = "C:\msys64\mingw64" + } + - ruby -v + - openssl version + - rake install_dependencies build_script: - - rake -rdevkit compile -- --with-openssl-dir=C:\Ruby%ruby_version% --enable-debug + - rake -rdevkit compile -- --with-openssl-dir=%openssl_dir% --enable-debug test_script: - rake test OSSL_MDEBUG=1 deploy: off environment: matrix: - - ruby_version: "23-x64" + - ruby_version: "23-x64" # RI + - ruby_version: "24-x64" # RI2 diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 542f1422..6ec5e91c 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -147,13 +147,6 @@ ossl_bin2hex(unsigned char *in, char *out, size_t inlen) /* * our default PEM callback */ - -/* - * OpenSSL requires passwords for PEM-encoded files to be at least four - * characters long. See crypto/pem/pem_lib.c (as of 1.0.2h) - */ -#define OSSL_MIN_PWD_LEN 4 - VALUE ossl_pem_passwd_value(VALUE pass) { @@ -162,8 +155,6 @@ ossl_pem_passwd_value(VALUE pass) StringValue(pass); - if (RSTRING_LEN(pass) < OSSL_MIN_PWD_LEN) - ossl_raise(eOSSLError, "password must be at least %d bytes", OSSL_MIN_PWD_LEN); /* PEM_BUFSIZE is currently used as the second argument of pem_password_cb, * that is +max_len+ of ossl_pem_passwd_cb() */ if (RSTRING_LEN(pass) > PEM_BUFSIZE) @@ -175,11 +166,10 @@ ossl_pem_passwd_value(VALUE pass) static VALUE ossl_pem_passwd_cb0(VALUE flag) { - VALUE pass; - - pass = rb_yield(flag); - SafeStringValue(pass); - + VALUE pass = rb_yield(flag); + if (NIL_P(pass)) + return Qnil; + StringValue(pass); return pass; } @@ -196,7 +186,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_) * bytes silently if the input is over 1024 bytes */ if (RB_TYPE_P(pass, T_STRING)) { len = RSTRING_LEN(pass); - if (len >= OSSL_MIN_PWD_LEN && len <= max_len) { + if (len <= max_len) { memcpy(buf, RSTRING_PTR(pass), len); return (int)len; } @@ -222,11 +212,9 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_) rb_set_errinfo(Qnil); return -1; } + if (NIL_P(pass)) + return -1; len = RSTRING_LEN(pass); - if (len < OSSL_MIN_PWD_LEN) { - rb_warning("password must be at least %d bytes", OSSL_MIN_PWD_LEN); - continue; - } if (len > max_len) { rb_warning("password must not be longer than %d bytes", max_len); continue; diff --git a/ext/openssl/ossl_bio.c b/ext/openssl/ossl_bio.c index 5f3f65a5..42833d90 100644 --- a/ext/openssl/ossl_bio.c +++ b/ext/openssl/ossl_bio.c @@ -10,37 +10,18 @@ #include "ossl.h" BIO * -ossl_obj2bio(VALUE obj) +ossl_obj2bio(volatile VALUE *pobj) { + VALUE obj = *pobj; BIO *bio; - if (RB_TYPE_P(obj, T_FILE)) { - rb_io_t *fptr; - FILE *fp; - int fd; - - GetOpenFile(obj, fptr); - rb_io_check_readable(fptr); - if ((fd = rb_cloexec_dup(fptr->fd)) < 0){ - rb_sys_fail(0); - } - rb_update_max_fd(fd); - if (!(fp = fdopen(fd, "r"))){ - int e = errno; - close(fd); - rb_syserr_fail(e, 0); - } - if (!(bio = BIO_new_fp(fp, BIO_CLOSE))){ - fclose(fp); - ossl_raise(eOSSLError, NULL); - } - } - else { - StringValue(obj); - bio = BIO_new_mem_buf(RSTRING_PTR(obj), RSTRING_LENINT(obj)); - if (!bio) ossl_raise(eOSSLError, NULL); - } - + if (RB_TYPE_P(obj, T_FILE)) + obj = rb_funcallv(obj, rb_intern("read"), 0, NULL); + StringValue(obj); + bio = BIO_new_mem_buf(RSTRING_PTR(obj), RSTRING_LENINT(obj)); + if (!bio) + ossl_raise(eOSSLError, "BIO_new_mem_buf"); + *pobj = obj; return bio; } diff --git a/ext/openssl/ossl_bio.h b/ext/openssl/ossl_bio.h index 1b8020cb..da68c5e5 100644 --- a/ext/openssl/ossl_bio.h +++ b/ext/openssl/ossl_bio.h @@ -10,7 +10,7 @@ #if !defined(_OSSL_BIO_H_) #define _OSSL_BIO_H_ -BIO *ossl_obj2bio(VALUE); +BIO *ossl_obj2bio(volatile VALUE *); VALUE ossl_membio2str(BIO*); #endif diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c index ebf6ae2a..28392e20 100644 --- a/ext/openssl/ossl_config.c +++ b/ext/openssl/ossl_config.c @@ -41,7 +41,7 @@ DupConfigPtr(VALUE obj) OSSL_Check_Kind(obj, cConfig); str = rb_funcall(obj, rb_intern("to_s"), 0); - bio = ossl_obj2bio(str); + bio = ossl_obj2bio(&str); conf = NCONF_new(NULL); if(!conf){ BIO_free(bio); diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c index af032bfe..ddb7d939 100644 --- a/ext/openssl/ossl_pkcs12.c +++ b/ext/openssl/ossl_pkcs12.c @@ -173,7 +173,7 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self) if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) return self; passphrase = NIL_P(pass) ? NULL : StringValueCStr(pass); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); d2i_PKCS12_bio(in, &pkcs); DATA_PTR(self) = pkcs; BIO_free(in); diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c index e41fb1f0..6395fa6f 100644 --- a/ext/openssl/ossl_pkcs7.c +++ b/ext/openssl/ossl_pkcs7.c @@ -197,7 +197,7 @@ ossl_pkcs7_s_read_smime(VALUE klass, VALUE arg) VALUE ret, data; ret = NewPKCS7(cPKCS7); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); out = NULL; pkcs7 = SMIME_read_PKCS7(in, &out); BIO_free(in); @@ -229,7 +229,7 @@ ossl_pkcs7_s_write_smime(int argc, VALUE *argv, VALUE klass) GetPKCS7(pkcs7, p7); if(!NIL_P(data) && PKCS7_is_detached(p7)) flg |= PKCS7_DETACHED; - in = NIL_P(data) ? NULL : ossl_obj2bio(data); + in = NIL_P(data) ? NULL : ossl_obj2bio(&data); if(!(out = BIO_new(BIO_s_mem()))){ BIO_free(in); ossl_raise(ePKCS7Error, NULL); @@ -266,7 +266,7 @@ ossl_pkcs7_s_sign(int argc, VALUE *argv, VALUE klass) pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ flg = NIL_P(flags) ? 0 : NUM2INT(flags); ret = NewPKCS7(cPKCS7); - in = ossl_obj2bio(data); + in = ossl_obj2bio(&data); if(NIL_P(certs)) x509s = NULL; else{ x509s = ossl_protect_x509_ary2sk(certs, &status); @@ -322,7 +322,7 @@ ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass) else ciph = ossl_evp_get_cipherbyname(cipher); flg = NIL_P(flags) ? 0 : NUM2INT(flags); ret = NewPKCS7(cPKCS7); - in = ossl_obj2bio(data); + in = ossl_obj2bio(&data); x509s = ossl_protect_x509_ary2sk(certs, &status); if(status){ BIO_free(in); @@ -373,7 +373,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self) if(rb_scan_args(argc, argv, "01", &arg) == 0) return self; arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL); if (!p7) { OSSL_BIO_reset(in); @@ -765,7 +765,7 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self) x509st = GetX509StorePtr(store); flg = NIL_P(flags) ? 0 : NUM2INT(flags); if(NIL_P(indata)) indata = ossl_pkcs7_get_data(self); - in = NIL_P(indata) ? NULL : ossl_obj2bio(indata); + in = NIL_P(indata) ? NULL : ossl_obj2bio(&indata); if(NIL_P(certs)) x509s = NULL; else{ x509s = ossl_protect_x509_ary2sk(certs, &status); @@ -832,7 +832,7 @@ ossl_pkcs7_add_data(VALUE self, VALUE data) if(!PKCS7_content_new(pkcs7, NID_pkcs7_data)) ossl_raise(ePKCS7Error, NULL); } - in = ossl_obj2bio(data); + in = ossl_obj2bio(&data); if(!(out = PKCS7_dataInit(pkcs7, NULL))) goto err; for(;;){ if((len = BIO_read(in, buf, sizeof(buf))) <= 0) diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 4b7e4828..23e21154 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -144,7 +144,7 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self) rb_scan_args(argc, argv, "11", &data, &pass); pass = ossl_pem_passwd_value(pass); - bio = ossl_obj2bio(data); + bio = ossl_obj2bio(&data); if (!(pkey = d2i_PrivateKey_bio(bio, NULL))) { OSSL_BIO_reset(bio); if (!(pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, (void *)pass))) { diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index fea7c56b..31f3b8e7 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -222,7 +222,7 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self) } else { arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); if (!dh){ OSSL_BIO_reset(in); diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index f6b3563d..56cc9dd4 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -229,7 +229,7 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self) else { pass = ossl_pem_passwd_value(pass); arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); if (!dsa) { OSSL_BIO_reset(in); diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index d1515306..9c406931 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -205,7 +205,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self) BIO *in; pass = ossl_pem_passwd_value(pass); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); if (!ec) { @@ -763,7 +763,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self) if ((group = EC_GROUP_dup(arg1_group)) == NULL) ossl_raise(eEC_GROUP, "EC_GROUP_dup"); } else { - BIO *in = ossl_obj2bio(arg1); + BIO *in = ossl_obj2bio(&arg1); group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); if (!group) { @@ -1369,7 +1369,7 @@ static VALUE ossl_ec_point_initialize(int argc, VALUE *argv, VALUE self) point = EC_POINT_bn2point(group, bn, NULL, ossl_bn_ctx); } else { - BIO *in = ossl_obj2bio(arg1); + BIO *in = ossl_obj2bio(&arg1); /* BUG: finish me */ diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 5122a77e..26397bd0 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -236,7 +236,7 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self) else { pass = ossl_pem_passwd_value(pass); arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); if (!rsa) { OSSL_BIO_reset(in); diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index ba4310a3..55140873 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -49,7 +49,7 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1) if ((ctx = SSL_get1_session(ssl)) == NULL) ossl_raise(eSSLSession, "no session available"); } else { - BIO *in = ossl_obj2bio(arg1); + BIO *in = ossl_obj2bio(&arg1); ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL); diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 53c646cf..003a9c19 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -123,7 +123,7 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self) return self; } arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); x509 = PEM_read_bio_X509(in, &x, NULL, NULL); DATA_PTR(self) = x; if (!x509) { diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index d6b588fc..5ecd7ea0 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -100,7 +100,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self) return self; } arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL); DATA_PTR(self) = x; if (!crl) { diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c index 8214fdc5..9f20dba3 100644 --- a/ext/openssl/ossl_x509req.c +++ b/ext/openssl/ossl_x509req.c @@ -86,7 +86,7 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self) return self; } arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL); DATA_PTR(self) = x; if (!req) { diff --git a/openssl.gemspec b/openssl.gemspec index 821b6c7f..470837dd 100644 --- a/openssl.gemspec +++ b/openssl.gemspec @@ -21,4 +21,6 @@ Gem::Specification.new do |spec| spec.add_development_dependency "rake-compiler" spec.add_development_dependency "test-unit", "~> 3.0" spec.add_development_dependency "rdoc" + + spec.metadata["msys2_mingw_dependencies"] = "openssl" end diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb index a4ade134..fed5aa9d 100644 --- a/test/test_pkey_rsa.rb +++ b/test/test_pkey_rsa.rb @@ -243,6 +243,17 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase assert_equal pem, dup_public(rsa1024).export end + def test_pem_passwd + key = Fixtures.pkey("rsa1024") + pem3c = key.to_pem("aes-128-cbc", "key") + assert_match (/ENCRYPTED/), pem3c + assert_equal key.to_der, OpenSSL::PKey.read(pem3c, "key").to_der + assert_equal key.to_der, OpenSSL::PKey.read(pem3c) { "key" }.to_der + assert_raise(OpenSSL::PKey::PKeyError) { + OpenSSL::PKey.read(pem3c) { nil } + } + end + def test_dup key = OpenSSL::PKey::RSA.generate(256, 17) key2 = key.dup diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 9a28b5dd..a519c6af 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -348,7 +348,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode ciphers_names = ctx.ciphers.collect{|v, _, _, _| v } assert ciphers_names.all?{|v| /A(EC)?DH/ !~ v }, "anon ciphers are disabled" - assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES)/ !~ v }, "weak ciphers are disabled" + assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES(?!-EDE|-CBC3))/ !~ v }, "weak ciphers are disabled" assert_equal 0, ctx.options & OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS assert_equal OpenSSL::SSL::OP_NO_COMPRESSION, ctx.options & OpenSSL::SSL::OP_NO_COMPRESSION @@ -830,7 +830,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) && OpenSSL::SSL::SSLContex end -if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1 +if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) def test_tls_v1_1 start_server_version(:TLSv1_1) { |server, port| @@ -857,7 +857,7 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1 end -if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2 +if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) && OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_1) def test_tls_v1_2 start_server_version(:TLSv1_2) { |server, port| diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb index 2f633b03..f89732ab 100644 --- a/test/test_ssl_session.rb +++ b/test/test_ssl_session.rb @@ -46,7 +46,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM= Timeout.timeout(5) do start_server do |server, port| sock = TCPSocket.new("127.0.0.1", port) - ctx = OpenSSL::SSL::SSLContext.new("TLSv1") + ctx = OpenSSL::SSL::SSLContext.new ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true ssl.connect @@ -155,9 +155,7 @@ __EOS__ start_server do |server, port| 2.times do sock = TCPSocket.new("127.0.0.1", port) - # Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?), - # when use default SSLContext. [ruby-dev:36167] - ctx = OpenSSL::SSL::SSLContext.new("TLSv1") + ctx = OpenSSL::SSL::SSLContext.new ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true ssl.session = last_session if last_session diff --git a/test/test_x509cert.rb b/test/test_x509cert.rb index 7f8426f7..5a992119 100644 --- a/test/test_x509cert.rb +++ b/test/test_x509cert.rb @@ -158,6 +158,15 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase assert_equal(true, cert.check_private_key(@rsa2048)) end + def test_read_from_file + cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil) + Tempfile.create("cert") { |f| + f << cert.to_pem + f.rewind + assert_equal cert.to_der, OpenSSL::X509::Certificate.new(f).to_der + } + end + private def certificate_error_returns_false |