| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also restores 'if defined?(OpenSSL)-end' wrapping the test code.
They have been removed erroneously by commit 4eb4b3297a92 ("Remove
support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
* maint:
test/test_ssl: explicitly accept TLS 1.1 in corresponding test
ssl: remove useless call to rb_thread_wait_fd()
test/test_pair, test/test_ssl: fix for TLS 1.3
test/test_ssl_session: rearrange tests
test/test_ssl: move test_multibyte_read_write to test_pair
test/test_ssl: remove test_invalid_shutdown_by_gc
test/utils: do not use DSA certificates in SSL tests
test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
test/utils: improve error handling in start_server
test/utils: let server_loop close socket
test/utils: do not set ecdh_curves in start_server
test/utils: have start_server yield only the port number
test/utils: add SSLTestCase#tls12_supported?
test/utils: remove OpenSSL::TestUtils.silent
test: fix formatting
Rakefile: let sync:to_ruby know about test/openssl/fixtures
cipher: update the documentation for Cipher#auth_tag=
Backport "Merge branch 'topic/test-memory-leak'" to maint
ssl: do not call session_remove_cb during GC
|
| |
| |
| |
| |
| |
| | |
Add methods that check whether the running OpenSSL is an OpenSSL or a
LibreSSL, and optionally check whether the version is newer or equal to
the given version number.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* topic/test-memory-leak:
Enable OSSL_MDEBUG on CI builds
Add OpenSSL.print_mem_leaks
test: prepare test PKey instances on demand
test: let OpenSSL::TestCase include OpenSSL::TestUtils
Don't define main() when built with --enable-debug
(cherry picked from commit 5c586acc387834ab4e09260937dc21064fc59de4)
Note that fix for new test cases that use the old constants removed by
this is squashed in.
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.4
History.md: add entries for 2.0.1-2.0.3
History.md: wrap at 80 characters
extconf.rb: simplify searching libraries logic
Search SSL libraries by testing various filename patterns
openssl: fix broken openssl check
openssl: fix broken openssl check
x509store: clear error queue after calling X509_LOOKUP_load_file()
tool/sync-with-trunk: 'LASY' -> 'LAST'
Update .travis.yml and Dockerfile
test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
Fix documentation for OpenSSL::Cipher#final
Fix typos
ssl: check return value of SSL_set_fd()
test/test_ssl: fix typo in test_sysread_and_syswrite
Fix typos
test/test_pkey_ec: do not use dummy 0 order
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: https://bugs.ruby-lang.org/issues/11033
|
| |
| |
| |
| |
| |
| |
| | |
X509_STORE_add_{cert,crl}() will no longer fail with 'cert already in
hash table' if they are called twice, since the (unreleased) next
version of OpenSSL. Don't test that if we are built with OpenSSL >=
1.1.0.
|
| |
| |
| |
| |
| |
| | |
Preparing for the introduction of the memory leak checker. Do not leave
OpenSSL objects in constants that wouldn't be GCed in order to avoid
false positives.
|
| |
| |
| |
| |
| | |
OpenSSL::TestPKCS12 is already doing this - let's apply to all test
files. This allows removing redundant 'issue_cert' declarations.
|
|/
|
|
|
|
|
|
|
|
| |
They are no longer receiving security updates from the OpenSSL
development team since 2015-12.
We have kept basic compatibility until now because RHEL 5 still uses an
(heavily modified) OpenSSL 0.9.8e. The RHEL 5 will reach EOL on 2017-03,
thus it is now safe to assume nobody is still using such old versions of
OpenSSL.
|
|
|
|
|
|
| |
Just like we already do for 'teardown' method, though we don't have
OpenSSL::TestCase#setup yet. This will be useful when we want to inject
GC.stress = true.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the fragile test cases that are sensitive to the difference between
Time.now.to_i and time(2).
When issuing test certificates, we are typically setting the current
time fetched by Time.now to the notBefore field. Time.now uses
clock_gettime(2) with CLOCK_REALTIME. On the other hand, OpenSSL uses
time(2) in its certificate verification code. On Linux/x86-64, time(2)
is implemented not to return the adjusted 'current time' like Time.now,
but to return the wall clock seconds at the last tick. This results in
that time(2) called later may return an earlier time, causing the
certificate verification to fail with 'certificate is not yet valid'
error.
So, create test certificates with notBefore<Time.now to avoid this.
Since it's awful to do "Time.now - 1" everywhere, make the notBefore and
notAfter fields optional with defaults with margin.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement initialize_copy for:
- OpenSSL::PKCS12
- OpenSSL::SSL::SSLSession
- OpenSSL::X509::Attribute
- OpenSSL::X509::Extension
- OpenSSL::X509::Name
- OpenSSL::X509::Revoked
Remove initialize_copy from:
- OpenSSL::SSL::SSLContext
- OpenSSL::SSL::SSLSocket
- OpenSSL::Engine
- OpenSSL::X509::Store
- OpenSSL::X509::StoreContext
[Bug #12381]
|
|
|
|
|
|
| |
* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
family may put errors on 0 return (0 means verification failure).
Clear OpenSSL error queue before return to Ruby. Since the queue is
thread global, remaining errors in the queue can cause an unexpected
error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215]
* ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.
* ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.
* ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.
* ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
queue before re-raising exception.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
* ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.
* test/openssl: check that OpenSSL.errors is empty every time after
running a test case.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
| |
|
| |
|
|
|