aboutsummaryrefslogtreecommitdiffstats
path: root/test/test_x509store.rb
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'maint'Kazuki Yamaguchi2017-08-261-1/+5
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also restores 'if defined?(OpenSSL)-end' wrapping the test code. They have been removed erroneously by commit 4eb4b3297a92 ("Remove support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30). * maint: test/test_ssl: explicitly accept TLS 1.1 in corresponding test ssl: remove useless call to rb_thread_wait_fd() test/test_pair, test/test_ssl: fix for TLS 1.3 test/test_ssl_session: rearrange tests test/test_ssl: move test_multibyte_read_write to test_pair test/test_ssl: remove test_invalid_shutdown_by_gc test/utils: do not use DSA certificates in SSL tests test/utils: add OpenSSL::TestUtils.openssl? and .libressl? test/utils: improve error handling in start_server test/utils: let server_loop close socket test/utils: do not set ecdh_curves in start_server test/utils: have start_server yield only the port number test/utils: add SSLTestCase#tls12_supported? test/utils: remove OpenSSL::TestUtils.silent test: fix formatting Rakefile: let sync:to_ruby know about test/openssl/fixtures cipher: update the documentation for Cipher#auth_tag= Backport "Merge branch 'topic/test-memory-leak'" to maint ssl: do not call session_remove_cb during GC
| * test/utils: add OpenSSL::TestUtils.openssl? and .libressl?Kazuki Yamaguchi2017-08-241-12/+4
| | | | | | | | | | | | Add methods that check whether the running OpenSSL is an OpenSSL or a LibreSSL, and optionally check whether the version is newer or equal to the given version number.
| * Backport "Merge branch 'topic/test-memory-leak'" to maintKazuki Yamaguchi2017-08-241-12/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * topic/test-memory-leak: Enable OSSL_MDEBUG on CI builds Add OpenSSL.print_mem_leaks test: prepare test PKey instances on demand test: let OpenSSL::TestCase include OpenSSL::TestUtils Don't define main() when built with --enable-debug (cherry picked from commit 5c586acc387834ab4e09260937dc21064fc59de4) Note that fix for new test cases that use the old constants removed by this is squashed in.
* | Merge branch 'maint'bpointKazuki Yamaguchi2017-06-141-0/+24
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.4 History.md: add entries for 2.0.1-2.0.3 History.md: wrap at 80 characters extconf.rb: simplify searching libraries logic Search SSL libraries by testing various filename patterns openssl: fix broken openssl check openssl: fix broken openssl check x509store: clear error queue after calling X509_LOOKUP_load_file() tool/sync-with-trunk: 'LASY' -> 'LAST' Update .travis.yml and Dockerfile test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors Fix documentation for OpenSSL::Cipher#final Fix typos ssl: check return value of SSL_set_fd() test/test_ssl: fix typo in test_sysread_and_syswrite Fix typos test/test_pkey_ec: do not use dummy 0 order
| * x509store: clear error queue after calling X509_LOOKUP_load_file()Kazuki Yamaguchi2017-06-141-0/+23
| | | | | | | | | | | | | | | | | | | | | | X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file() internally, may leave error entries in the queue even when it returns non-zero value (which indicates success). This will be fixed by OpenSSL 1.1.1, but can be worked around by clearing the error queue ourselves. Fixes: https://bugs.ruby-lang.org/issues/11033
| * test/test_x509store: skip OpenSSL::TestX509Store#test_set_errorsKazuki Yamaguchi2017-04-281-0/+1
| | | | | | | | | | | | | | X509_STORE_add_{cert,crl}() will no longer fail with 'cert already in hash table' if they are called twice, since the (unreleased) next version of OpenSSL. Don't test that if we are built with OpenSSL >= 1.1.0.
* | test: prepare test PKey instances on demandKazuki Yamaguchi2017-01-171-4/+4
| | | | | | | | | | | | Preparing for the introduction of the memory leak checker. Do not leave OpenSSL objects in constants that wouldn't be GCed in order to avoid false positives.
* | test: let OpenSSL::TestCase include OpenSSL::TestUtilsKazuki Yamaguchi2017-01-161-8/+0
| | | | | | | | | | OpenSSL::TestPKCS12 is already doing this - let's apply to all test files. This allows removing redundant 'issue_cert' declarations.
* | Remove support for OpenSSL 0.9.8 and 1.0.0topic/drop-openssl-098-and-100Kazuki Yamaguchi2016-12-221-15/+3
|/ | | | | | | | | | They are no longer receiving security updates from the OpenSSL development team since 2015-12. We have kept basic compatibility until now because RHEL 5 still uses an (heavily modified) OpenSSL 0.9.8e. The RHEL 5 will reach EOL on 2017-03, thus it is now safe to assume nobody is still using such old versions of OpenSSL.
* test: call super from each test case's 'setup' methodKazuki Yamaguchi2016-12-051-0/+1
| | | | | | Just like we already do for 'teardown' method, though we don't have OpenSSL::TestCase#setup yet. This will be useful when we want to inject GC.stress = true.
* test: fix fragile test casesKazuki Yamaguchi2016-11-301-15/+13
| | | | | | | | | | | | | | | | | | | Fix the fragile test cases that are sensitive to the difference between Time.now.to_i and time(2). When issuing test certificates, we are typically setting the current time fetched by Time.now to the notBefore field. Time.now uses clock_gettime(2) with CLOCK_REALTIME. On the other hand, OpenSSL uses time(2) in its certificate verification code. On Linux/x86-64, time(2) is implemented not to return the adjusted 'current time' like Time.now, but to return the wall clock seconds at the last tick. This results in that time(2) called later may return an earlier time, causing the certificate verification to fail with 'certificate is not yet valid' error. So, create test certificates with notBefore<Time.now to avoid this. Since it's awful to do "Time.now - 1" everywhere, make the notBefore and notAfter fields optional with defaults with margin.
* Implement missing initialize_copytopic/fix-initialize-copyKazuki Yamaguchi2016-08-041-0/+7
| | | | | | | | | | | | | | | | | | | | | Implement initialize_copy for: - OpenSSL::PKCS12 - OpenSSL::SSL::SSLSession - OpenSSL::X509::Attribute - OpenSSL::X509::Extension - OpenSSL::X509::Name - OpenSSL::X509::Revoked Remove initialize_copy from: - OpenSSL::SSL::SSLContext - OpenSSL::SSL::SSLSocket - OpenSSL::Engine - OpenSSL::X509::Store - OpenSSL::X509::StoreContext [Bug #12381]
* openssl: drop OpenSSL 0.9.6/0.9.7 supportrhe2016-05-311-2/+0
| | | | | | * ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: clear OpenSSL error queue before return to Rubyrhe2016-05-311-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Sync trunkZachary Scott2016-02-021-0/+1
|
* Sync tests with trunkZachary Scott2015-01-061-2/+1
|
* rake test works now.SHIBATA Hiroshi2014-10-271-1/+1
|
* import ruby trunkSHIBATA Hiroshi2014-10-271-0/+232
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-02 18:50:16 +0000