* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): raise a more

  helpful exception when verifying the peer connection and an
  anonymous cipher has been selected. [ruby-core:68330] [Bug #10910]
  Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch.

* test/openssl/test_ssl.rb (class OpenSSL): test for change

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 14 insertions, 0 deletions

diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 232747dffa..d319ba9aaa 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -365,6 +365,20 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     }
   end
 
+  def test_post_connect_check_with_anon_ciphers
+    sslerr = OpenSSL::SSL::SSLError
+
+    start_server(OpenSSL::SSL::VERIFY_NONE, true, {use_anon_cipher: true}){|server, port|
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.ciphers = "aNULL"
+      server_connect(port, ctx) { |ssl|
+        msg = "Peer verification enabled, but no certificate received. Anonymous cipher suite " \
+          "ADH-AES256-GCM-SHA384 was negotiated. Anonymous suites must be disabled to use peer verification."
+        assert_raise_with_message(sslerr,msg){ssl.post_connection_check("localhost.localdomain")}
+      }
+    }
+  end
+
   def test_post_connection_check
     sslerr = OpenSSL::SSL::SSLError