aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-05-18 01:06:14 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-05-18 13:05:33 +0900
commite0bf4c6884a6e3f92998fa34a13ec4a15a464516 (patch)
treed2b44188726eae2ab06a875f2a1a1779aad28ed5
parentf7bfb15529d25cf247dcaaa8ccad431c11779c3e (diff)
downloadruby-topic/openssl-clear-error-queue.tar.gz
openssl: clear OpenSSL error queue before return to Rubytopic/openssl-clear-error-queue
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case.
-rw-r--r--ChangeLog26
-rw-r--r--ext/openssl/ossl_pkey_dh.c6
-rw-r--r--ext/openssl/ossl_pkey_dsa.c9
-rw-r--r--ext/openssl/ossl_pkey_rsa.c6
-rw-r--r--ext/openssl/ossl_ssl.c7
-rw-r--r--ext/openssl/ossl_x509cert.c15
-rw-r--r--ext/openssl/ossl_x509crl.c14
-rw-r--r--ext/openssl/ossl_x509req.c14
-rw-r--r--ext/openssl/ossl_x509store.c16
-rw-r--r--test/openssl/test_asn1.rb2
-rw-r--r--test/openssl/test_bn.rb2
-rw-r--r--test/openssl/test_buffering.rb2
-rw-r--r--test/openssl/test_cipher.rb3
-rw-r--r--test/openssl/test_config.rb3
-rw-r--r--test/openssl/test_digest.rb3
-rw-r--r--test/openssl/test_engine.rb3
-rw-r--r--test/openssl/test_fips.rb2
-rw-r--r--test/openssl/test_hmac.rb5
-rw-r--r--test/openssl/test_ns_spki.rb2
-rw-r--r--test/openssl/test_ocsp.rb2
-rw-r--r--test/openssl/test_pair.rb12
-rw-r--r--test/openssl/test_pkcs12.rb2
-rw-r--r--test/openssl/test_pkcs5.rb2
-rw-r--r--test/openssl/test_pkcs7.rb2
-rw-r--r--test/openssl/test_pkey_dh.rb2
-rw-r--r--test/openssl/test_pkey_dsa.rb12
-rw-r--r--test/openssl/test_pkey_ec.rb7
-rw-r--r--test/openssl/test_pkey_rsa.rb11
-rw-r--r--test/openssl/test_random.rb2
-rw-r--r--test/openssl/test_x509cert.rb5
-rw-r--r--test/openssl/test_x509crl.rb5
-rw-r--r--test/openssl/test_x509ext.rb5
-rw-r--r--test/openssl/test_x509name.rb5
-rw-r--r--test/openssl/test_x509req.rb2
-rw-r--r--test/openssl/test_x509store.rb5
-rw-r--r--test/openssl/utils.rb12
36 files changed, 125 insertions, 108 deletions
diff --git a/ChangeLog b/ChangeLog
index 0940f98..5663cf3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,29 @@
+Wed May 18 13:03:07 2016 Kazuki Yamaguchi <k@rhe.jp>
+
+ * ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
+ family may put errors on 0 return (0 means verification failure).
+ Clear OpenSSL error queue before return to Ruby. Since the queue is
+ thread global, remaining errors in the queue can cause an unexpected
+ error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215]
+
+ * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.
+
+ * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.
+
+ * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.
+
+ * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
+ queue before re-raising exception.
+
+ * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.
+
+ * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
+
+ * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.
+
+ * test/openssl: check that OpenSSL.errors is empty every time after
+ running a test case.
+
Wed May 18 12:07:42 2016 Kazuki Yamaguchi <k@rhe.jp>
* ext/openssl/ossl.c (ossl_clear_error): Extracted from
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index 2f79bfb..19c517f 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -129,7 +129,11 @@ dh_generate(int size, int gen)
if (!gen_arg.result) {
DH_free(dh);
- if (cb_arg.state) rb_jump_tag(cb_arg.state);
+ if (cb_arg.state) {
+ /* Clear OpenSSL error queue before re-raising. */
+ ossl_clear_error();
+ rb_jump_tag(cb_arg.state);
+ }
return 0;
}
#else
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index 2e42a0c..4c0c3f1 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -135,7 +135,14 @@ dsa_generate(int size)
}
if (!gen_arg.result) {
DSA_free(dsa);
- if (cb_arg.state) rb_jump_tag(cb_arg.state);
+ if (cb_arg.state) {
+ /* Clear OpenSSL error queue before re-raising. By the way, the
+ * documentation of DSA_generate_parameters_ex() says the error code
+ * can be obtained by ERR_get_error(), but the default
+ * implementation, dsa_builtin_paramgen() doesn't put any error... */
+ ossl_clear_error();
+ rb_jump_tag(cb_arg.state);
+ }
return 0;
}
#else
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index 20b993a..6ad9f3e 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -139,7 +139,11 @@ rsa_generate(int size, unsigned long exp)
if (!gen_arg.result) {
BN_free(e);
RSA_free(rsa);
- if (cb_arg.state) rb_jump_tag(cb_arg.state);
+ if (cb_arg.state) {
+ /* must clear OpenSSL error stack */
+ ossl_clear_error();
+ rb_jump_tag(cb_arg.state);
+ }
return 0;
}
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 1079710..938e36f 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1288,8 +1288,11 @@ ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, VALUE opts)
ret = func(ssl);
cb_state = rb_ivar_get(self, ID_callback_state);
- if (!NIL_P(cb_state))
- rb_jump_tag(NUM2INT(cb_state));
+ if (!NIL_P(cb_state)) {
+ /* must cleanup OpenSSL error stack before re-raising */
+ ossl_clear_error();
+ rb_jump_tag(NUM2INT(cb_state));
+ }
if (ret > 0)
break;
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index 4dafae1..226704e 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -591,18 +591,19 @@ ossl_x509_verify(VALUE self, VALUE key)
{
X509 *x509;
EVP_PKEY *pkey;
- int i;
pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
GetX509(self, x509);
- if ((i = X509_verify(x509, pkey)) < 0) {
- ossl_raise(eX509CertError, NULL);
- }
- if (i > 0) {
+
+ switch (X509_verify(x509, pkey)) {
+ case 1:
return Qtrue;
+ case 0:
+ ossl_clear_error();
+ return Qfalse;
+ default:
+ ossl_raise(eX509CertError, NULL);
}
-
- return Qfalse;
}
/*
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index f64712e..a660ccc 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -360,17 +360,17 @@ static VALUE
ossl_x509crl_verify(VALUE self, VALUE key)
{
X509_CRL *crl;
- int ret;
GetX509CRL(self, crl);
- if ((ret = X509_CRL_verify(crl, GetPKeyPtr(key))) < 0) {
- ossl_raise(eX509CRLError, NULL);
- }
- if (ret == 1) {
+ switch (X509_CRL_verify(crl, GetPKeyPtr(key))) {
+ case 1:
return Qtrue;
+ case 0:
+ ossl_clear_error();
+ return Qfalse;
+ default:
+ ossl_raise(eX509CRLError, NULL);
}
-
- return Qfalse;
}
static VALUE
diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c
index e5ce088..c1cdca5 100644
--- a/ext/openssl/ossl_x509req.c
+++ b/ext/openssl/ossl_x509req.c
@@ -375,18 +375,18 @@ ossl_x509req_verify(VALUE self, VALUE key)
{
X509_REQ *req;
EVP_PKEY *pkey;
- int i;
GetX509Req(self, req);
pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
- if ((i = X509_REQ_verify(req, pkey)) < 0) {
- ossl_raise(eX509ReqError, NULL);
- }
- if (i > 0) {
+ switch (X509_REQ_verify(req, pkey)) {
+ case 1:
return Qtrue;
+ case 0:
+ ossl_clear_error();
+ return Qfalse;
+ default:
+ ossl_raise(eX509ReqError, NULL);
}
-
- return Qfalse;
}
static VALUE
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index bb6fe14..aca25b1 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -464,14 +464,20 @@ static VALUE
ossl_x509stctx_verify(VALUE self)
{
X509_STORE_CTX *ctx;
- int result;
GetX509StCtx(self, ctx);
X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx,
- (void*)rb_iv_get(self, "@verify_callback"));
- result = X509_verify_cert(ctx);
-
- return result ? Qtrue : Qfalse;
+ (void *)rb_iv_get(self, "@verify_callback"));
+
+ switch (X509_verify_cert(ctx)) {
+ case 1:
+ return Qtrue;
+ case 0:
+ ossl_clear_error();
+ return Qfalse;
+ default:
+ ossl_raise(eX509CertError, NULL);
+ }
}
static VALUE
diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb
index fd2118d..9db9ec5 100644
--- a/test/openssl/test_asn1.rb
+++ b/test/openssl/test_asn1.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: false
require_relative 'utils'
-class OpenSSL::TestASN1 < Test::Unit::TestCase
+class OpenSSL::TestASN1 < OpenSSL::TestCase
def test_decode
subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
diff --git a/test/openssl/test_bn.rb b/test/openssl/test_bn.rb
index 415bd74..37ba5e5 100644
--- a/test/openssl/test_bn.rb
+++ b/test/openssl/test_bn.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestBN < Test::Unit::TestCase
+class OpenSSL::TestBN < OpenSSL::TestCase
def test_new_str
e1 = OpenSSL::BN.new(999.to_s(16), 16) # OpenSSL::BN.new(str, 16) must be most stable
e2 = OpenSSL::BN.new((2**107-1).to_s(16), 16)
diff --git a/test/openssl/test_buffering.rb b/test/openssl/test_buffering.rb
index 1f552c9..1f42cd3 100644
--- a/test/openssl/test_buffering.rb
+++ b/test/openssl/test_buffering.rb
@@ -2,7 +2,7 @@
require_relative 'utils'
require 'stringio'
-class OpenSSL::TestBuffering < Test::Unit::TestCase
+class OpenSSL::TestBuffering < OpenSSL::TestCase
class IO
include OpenSSL::Buffering
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index 32f0d11..dab64aa 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestCipher < Test::Unit::TestCase
+class OpenSSL::TestCipher < OpenSSL::TestCase
class << self
@@ -34,6 +34,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
end
def teardown
+ super
@c1 = @c2 = nil
end
diff --git a/test/openssl/test_config.rb b/test/openssl/test_config.rb
index 1a5dfe6..bedd1d0 100644
--- a/test/openssl/test_config.rb
+++ b/test/openssl/test_config.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: false
require_relative 'utils'
-class OpenSSL::TestConfig < Test::Unit::TestCase
+class OpenSSL::TestConfig < OpenSSL::TestCase
def setup
file = Tempfile.open("openssl.cnf")
file << <<__EOD__
@@ -18,6 +18,7 @@ __EOD__
end
def teardown
+ super
@tmpfile.close!
end
diff --git a/test/openssl/test_digest.rb b/test/openssl/test_digest.rb
index 8b724a0..ba3e974 100644
--- a/test/openssl/test_digest.rb
+++ b/test/openssl/test_digest.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestDigest < Test::Unit::TestCase
+class OpenSSL::TestDigest < OpenSSL::TestCase
def setup
@d1 = OpenSSL::Digest.new("MD5")
@d2 = OpenSSL::Digest::MD5.new
@@ -12,6 +12,7 @@ class OpenSSL::TestDigest < Test::Unit::TestCase
end
def teardown
+ super
@d1 = @d2 = @md = nil
end
diff --git a/test/openssl/test_engine.rb b/test/openssl/test_engine.rb
index 3521de6..9a0da34 100644
--- a/test/openssl/test_engine.rb
+++ b/test/openssl/test_engine.rb
@@ -1,9 +1,10 @@
# frozen_string_literal: false
require_relative 'utils'
-class OpenSSL::TestEngine < Test::Unit::TestCase
+class OpenSSL::TestEngine < OpenSSL::TestCase
def teardown
+ super
OpenSSL::Engine.cleanup # [ruby-core:40669]
assert_equal(0, OpenSSL::Engine.engines.size)
end
diff --git a/test/openssl/test_fips.rb b/test/openssl/test_fips.rb
index 33769c9..534dade 100644
--- a/test/openssl/test_fips.rb
+++ b/test/openssl/test_fips.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestFIPS < Test::Unit::TestCase
+class OpenSSL::TestFIPS < OpenSSL::TestCase
def test_fips_mode_is_reentrant
OpenSSL.fips_mode = false
diff --git a/test/openssl/test_hmac.rb b/test/openssl/test_hmac.rb
index 135d26f..3c90a5d 100644
--- a/test/openssl/test_hmac.rb
+++ b/test/openssl/test_hmac.rb
@@ -3,7 +3,7 @@
require_relative 'utils'
-class OpenSSL::TestHMAC < Test::Unit::TestCase
+class OpenSSL::TestHMAC < OpenSSL::TestCase
def setup
@digest = OpenSSL::Digest::MD5
@key = "KEY"
@@ -12,9 +12,6 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
@h2 = OpenSSL::HMAC.new(@key, "MD5")
end
- def teardown
- end
-
def test_hmac
@h1.update(@data)
@h2.update(@data)
diff --git a/test/openssl/test_ns_spki.rb b/test/openssl/test_ns_spki.rb
index 4f6e6f5..4740c0b 100644
--- a/test/openssl/test_ns_spki.rb
+++ b/test/openssl/test_ns_spki.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestNSSPI < Test::Unit::TestCase
+class OpenSSL::TestNSSPI < OpenSSL::TestCase
def setup
# This request data is adopt from the specification of
# "Netscape Extensions for User Key Generation".
diff --git a/test/openssl/test_ocsp.rb b/test/openssl/test_ocsp.rb
index 1a969fd..d04b421 100644
--- a/test/openssl/test_ocsp.rb
+++ b/test/openssl/test_ocsp.rb
@@ -3,7 +3,7 @@ require_relative "utils"
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestOCSP < Test::Unit::TestCase
+class OpenSSL::TestOCSP < OpenSSL::TestCase
def setup
ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb
index 06c3444..38b33a4 100644
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@@ -517,36 +517,36 @@ module OpenSSL::TestPairM
end
end
-class OpenSSL::TestEOF1 < Test::Unit::TestCase
+class OpenSSL::TestEOF1 < OpenSSL::TestCase
include TestEOF
include OpenSSL::SSLPair
include OpenSSL::TestEOF1M
end
-class OpenSSL::TestEOF1LowlevelSocket < Test::Unit::TestCase
+class OpenSSL::TestEOF1LowlevelSocket < OpenSSL::TestCase
include TestEOF
include OpenSSL::SSLPairLowlevelSocket
include OpenSSL::TestEOF1M
end
-class OpenSSL::TestEOF2 < Test::Unit::TestCase
+class OpenSSL::TestEOF2 < OpenSSL::TestCase
include TestEOF
include OpenSSL::SSLPair
include OpenSSL::TestEOF2M
end
-class OpenSSL::TestEOF2LowlevelSocket < Test::Unit::TestCase
+class OpenSSL::TestEOF2LowlevelSocket < OpenSSL::TestCase
include TestEOF
include OpenSSL::SSLPairLowlevelSocket
include OpenSSL::TestEOF2M
end
-class OpenSSL::TestPair < Test::Unit::TestCase
+class OpenSSL::TestPair < OpenSSL::TestCase
include OpenSSL::SSLPair
include OpenSSL::TestPairM
end
-class OpenSSL::TestPairLowlevelSocket < Test::Unit::TestCase
+class OpenSSL::TestPairLowlevelSocket < OpenSSL::TestCase
include OpenSSL::SSLPairLowlevelSocket
include OpenSSL::TestPairM
end
diff --git a/test/openssl/test_pkcs12.rb b/test/openssl/test_pkcs12.rb
index ba07d76..61fb447 100644
--- a/test/openssl/test_pkcs12.rb
+++ b/test/openssl/test_pkcs12.rb
@@ -4,7 +4,7 @@ require_relative "utils"
if defined?(OpenSSL::TestUtils)
module OpenSSL
- class TestPKCS12 < Test::Unit::TestCase
+ class TestPKCS12 < OpenSSL::TestCase
include OpenSSL::TestUtils
def setup
diff --git a/test/openssl/test_pkcs5.rb b/test/openssl/test_pkcs5.rb
index f38fd71..ad8132c 100644
--- a/test/openssl/test_pkcs5.rb
+++ b/test/openssl/test_pkcs5.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: false
require_relative 'utils'
-class OpenSSL::TestPKCS5 < Test::Unit::TestCase
+class OpenSSL::TestPKCS5 < OpenSSL::TestCase
def test_pbkdf2_hmac_sha1_rfc6070_c_1_len_20
p ="password"
diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
index ce99db5..dfe4c6c 100644
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestPKCS7 < Test::Unit::TestCase
+class OpenSSL::TestPKCS7 < OpenSSL::TestCase
def setup
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
index a0eca53..afd7a31 100644
--- a/test/openssl/test_pkey_dh.rb
+++ b/test/openssl/test_pkey_dh.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestPKeyDH < Test::Unit::TestCase
+class OpenSSL::TestPKeyDH < OpenSSL::TestCase
NEW_KEYLEN = 256
diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb
index eb3e4f1..2c0e1fc 100644
--- a/test/openssl/test_pkey_dsa.rb
+++ b/test/openssl/test_pkey_dsa.rb
@@ -4,7 +4,7 @@ require 'base64'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestPKeyDSA < Test::Unit::TestCase
+class OpenSSL::TestPKeyDSA < OpenSSL::TestCase
def test_private
key = OpenSSL::PKey::DSA.new(256)
assert(key.private?)
@@ -20,7 +20,6 @@ class OpenSSL::TestPKeyDSA < Test::Unit::TestCase
key = OpenSSL::PKey::DSA.new 256
pem = key.public_key.to_pem
OpenSSL::PKey::DSA.new pem
- assert_equal([], OpenSSL.errors)
end
def test_new_break
@@ -84,7 +83,6 @@ end
assert_equal(g, key.g)
assert_equal(y, key.pub_key)
assert_equal(nil, key.priv_key)
- assert_equal([], OpenSSL.errors)
end
def test_read_DSAPublicKey_pem
@@ -109,7 +107,6 @@ fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ==
assert_equal(g, key.g)
assert_equal(y, key.pub_key)
assert_equal(nil, key.priv_key)
- assert_equal([], OpenSSL.errors)
end
def test_read_DSA_PUBKEY_pem
@@ -135,7 +132,6 @@ YNMbNw==
assert_equal(g, key.g)
assert_equal(y, key.pub_key)
assert_equal(nil, key.priv_key)
- assert_equal([], OpenSSL.errors)
end
def test_export_format_is_DSA_PUBKEY_pem
@@ -165,7 +161,6 @@ YNMbNw==
pub_key = OpenSSL::ASN1.decode(seq[1].value)
assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag)
assert_equal(key.pub_key, pub_key.value)
- assert_equal([], OpenSSL.errors)
end
def test_read_private_key_der
@@ -174,7 +169,6 @@ YNMbNw==
key2 = OpenSSL::PKey.read(der)
assert(key2.private?)
assert_equal(der, key2.to_der)
- assert_equal([], OpenSSL.errors)
end
def test_read_private_key_pem
@@ -183,7 +177,6 @@ YNMbNw==
key2 = OpenSSL::PKey.read(pem)
assert(key2.private?)
assert_equal(pem, key2.to_pem)
- assert_equal([], OpenSSL.errors)
end
def test_read_public_key_der
@@ -192,7 +185,6 @@ YNMbNw==
key2 = OpenSSL::PKey.read(der)
assert(!key2.private?)
assert_equal(der, key2.to_der)
- assert_equal([], OpenSSL.errors)
end
def test_read_public_key_pem
@@ -201,7 +193,6 @@ YNMbNw==
key2 = OpenSSL::PKey.read(pem)
assert(!key2.private?)
assert_equal(pem, key2.to_pem)
- assert_equal([], OpenSSL.errors)
end
def test_read_private_key_pem_pw
@@ -216,7 +207,6 @@ YNMbNw==
key2 = OpenSSL::PKey.read(pem, 'secret')
assert(key2.private?)
#omit pem equality check, will be different due to cipher iv
- assert_equal([], OpenSSL.errors)
end
def test_export_password_length
diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb
index d3edcc4..c530ee0 100644
--- a/test/openssl/test_pkey_ec.rb
+++ b/test/openssl/test_pkey_ec.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::PKey::EC)
-class OpenSSL::TestEC < Test::Unit::TestCase
+class OpenSSL::TestEC < OpenSSL::TestCase
def setup
@data1 = 'foo'
@data2 = 'bar' * 1000 # data too long for DSA sig
@@ -131,7 +131,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec2 = OpenSSL::PKey.read(der)
assert(ec2.private_key?)
assert_equal(der, ec2.to_der)
- assert_equal([], OpenSSL.errors)
end
def test_read_private_key_pem
@@ -140,7 +139,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec2 = OpenSSL::PKey.read(pem)
assert(ec2.private_key?)
assert_equal(pem, ec2.to_pem)
- assert_equal([], OpenSSL.errors)
end
def test_read_public_key_der
@@ -151,7 +149,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec3 = OpenSSL::PKey.read(der)
assert(!ec3.private_key?)
assert_equal(der, ec3.to_der)
- assert_equal([], OpenSSL.errors)
end
def test_read_public_key_pem
@@ -162,7 +159,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec3 = OpenSSL::PKey.read(pem)
assert(!ec3.private_key?)
assert_equal(pem, ec3.to_pem)
- assert_equal([], OpenSSL.errors)
end
def test_read_private_key_pem_pw
@@ -177,7 +173,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec2 = OpenSSL::PKey.read(pem, 'secret')
assert(ec2.private_key?)
#omit pem equality check, will be different due to cipher iv
- assert_equal([], OpenSSL.errors)
end
def test_export_password_length
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index 165b1ec..54fce2f 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -4,7 +4,7 @@ require 'base64'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
+class OpenSSL::TestPKeyRSA < OpenSSL::TestCase
def test_padding
key = OpenSSL::PKey::RSA.new(512, 3)
@@ -180,7 +180,6 @@ AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE=
assert_equal(nil, key.d)
assert_equal(nil, key.p)
assert_equal(nil, key.q)
- assert_equal([], OpenSSL.errors)
end
def test_read_RSA_PUBKEY_pem
@@ -201,7 +200,6 @@ AwEAAQ==
assert_equal(nil, key.d)
assert_equal(nil, key.p)
assert_equal(nil, key.q)
- assert_equal([], OpenSSL.errors)
end
def test_export_format_is_RSA_PUBKEY
@@ -223,7 +221,6 @@ AwEAAQ==
key = OpenSSL::PKey.read(der)
assert(key.private?)
assert_equal(der, key.to_der)
- assert_equal([], OpenSSL.errors)
end
def test_read_private_key_pem
@@ -231,7 +228,6 @@ AwEAAQ==
key = OpenSSL::PKey.read(pem)
assert(key.private?)
assert_equal(pem, key.to_pem)
- assert_equal([], OpenSSL.errors)
end
def test_read_public_key_der
@@ -239,7 +235,6 @@ AwEAAQ==
key = OpenSSL::PKey.read(der)
assert(!key.private?)
assert_equal(der, key.to_der)
- assert_equal([], OpenSSL.errors)
end
def test_read_public_key_pem
@@ -247,7 +242,6 @@ AwEAAQ==
key = OpenSSL::PKey.read(pem)
assert(!key.private?)
assert_equal(pem, key.to_pem)
- assert_equal([], OpenSSL.errors)
end
def test_read_private_key_pem_pw
@@ -261,7 +255,6 @@ AwEAAQ==
key = OpenSSL::PKey.read(pem, 'secret')
assert(key.private?)
#omit pem equality check, will be different due to cipher iv
- assert_equal([], OpenSSL.errors)
end
def test_read_private_key_pem_pw_exception
@@ -272,7 +265,6 @@ AwEAAQ==
raise RuntimeError
end
end
- assert_equal([], OpenSSL.errors)
end
def test_export_password_length
@@ -306,7 +298,6 @@ AwEAAQ==
assert_equal(key.n, pub_key.value[0].value)
assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag)
assert_equal(key.e, pub_key.value[1].value)
- assert_equal([], OpenSSL.errors)
end
end
diff --git a/test/openssl/test_random.rb b/test/openssl/test_random.rb
index 8c69d54..defa09d 100644
--- a/test/openssl/test_random.rb
+++ b/test/openssl/test_random.rb
@@ -4,7 +4,7 @@ begin
rescue LoadError
end
-class OpenSSL::TestRandom < Test::Unit::TestCase
+class OpenSSL::TestRandom < OpenSSL::TestCase
def test_random_bytes
assert_equal("", OpenSSL::Random.random_bytes(0))
assert_equal(12, OpenSSL::Random.random_bytes(12).bytesize)
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb
index 72cb9e6..ae7a0f0 100644
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@@ -3,7 +3,7 @@ require_relative "utils"
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Certificate < Test::Unit::TestCase
+class OpenSSL::TestX509Certificate < OpenSSL::TestCase
def setup
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@@ -14,9 +14,6 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
@ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
end
- def teardown
- end
-
def issue_cert(*args)
OpenSSL::TestUtils.issue_cert(*args)
end
diff --git a/test/openssl/test_x509crl.rb b/test/openssl/test_x509crl.rb
index 7994dde..fd66c97 100644
--- a/test/openssl/test_x509crl.rb
+++ b/test/openssl/test_x509crl.rb
@@ -3,7 +3,7 @@ require_relative "utils"
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509CRL < Test::Unit::TestCase
+class OpenSSL::TestX509CRL < OpenSSL::TestCase
def setup
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@@ -14,9 +14,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
@ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
end
- def teardown
- end
-
def issue_crl(*args)
OpenSSL::TestUtils.issue_crl(*args)
end
diff --git a/test/openssl/test_x509ext.rb b/test/openssl/test_x509ext.rb
index e6d49bb..99e2eda 100644
--- a/test/openssl/test_x509ext.rb
+++ b/test/openssl/test_x509ext.rb
@@ -3,7 +3,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Extension < Test::Unit::TestCase
+class OpenSSL::TestX509Extension < OpenSSL::TestCase
def setup
@basic_constraints_value = OpenSSL::ASN1::Sequence([
OpenSSL::ASN1::Boolean(true), # CA
@@ -16,9 +16,6 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
])
end
- def teardown
- end
-
def test_new
ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
assert_equal("basicConstraints", ext.oid)
diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb
index 56e7987..d26174e 100644
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@@ -4,7 +4,7 @@ require_relative 'utils'
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Name < Test::Unit::TestCase
+class OpenSSL::TestX509Name < OpenSSL::TestCase
OpenSSL::ASN1::ObjectId.register(
"1.2.840.113549.1.9.1", "emailAddress", "emailAddress")
OpenSSL::ASN1::ObjectId.register(
@@ -15,9 +15,6 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
@obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE)
end
- def teardown
- end
-
def test_s_new
dn = [ ["C", "JP"], ["O", "example"], ["CN", "www.example.jp"] ]
name = OpenSSL::X509::Name.new(dn)
diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb
index f1bf184..7ceff58 100644
--- a/test/openssl/test_x509req.rb
+++ b/test/openssl/test_x509req.rb
@@ -3,7 +3,7 @@ require_relative "utils"
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Request < Test::Unit::TestCase
+class OpenSSL::TestX509Request < OpenSSL::TestCase
def setup
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb
index 9964cc8..6a443a7 100644
--- a/test/openssl/test_x509store.rb
+++ b/test/openssl/test_x509store.rb
@@ -3,7 +3,7 @@ require_relative "utils"
if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Store < Test::Unit::TestCase
+class OpenSSL::TestX509Store < OpenSSL::TestCase
def setup
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@@ -15,9 +15,6 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
@ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
end
- def teardown
- end
-
def test_nosegv_on_cleanup
cert = OpenSSL::X509::Certificate.new
store = OpenSSL::X509::Store.new
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
index 6909854..4502501 100644
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@@ -181,7 +181,14 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
end
end
- class OpenSSL::SSLTestCase < Test::Unit::TestCase
+ class OpenSSL::TestCase < Test::Unit::TestCase
+ def teardown
+ # OpenSSL error stack must be empty
+ assert_equal([], OpenSSL.errors)
+ end
+ end
+
+ class OpenSSL::SSLTestCase < OpenSSL::TestCase
RUBY = EnvUtil.rubybin
ITERATIONS = ($0 == __FILE__) ? 100 : 10
@@ -206,9 +213,6 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
@server = nil
end
- def teardown
- end
-
def issue_cert(*arg)
OpenSSL::TestUtils.issue_cert(*arg)
end