diff options
author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-03-09 10:45:42 +0000 |
---|---|---|
committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-03-09 10:45:42 +0000 |
commit | 55054497934bb9759aa400ef47042f33b34d0b9a (patch) | |
tree | d8da2900eaf273ead61714a96337bcedb9a74411 /test/openssl/test_ssl.rb | |
parent | f43cae2b057622e6812e370f2c7cb3efa06f6665 (diff) | |
download | ruby-55054497934bb9759aa400ef47042f33b34d0b9a.tar.gz |
* ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
- SSLContext#client_cert_cb is a Proc. it is called when a client
certificate is requested by a server and no certificate was yet
set for the SSLContext. it must return an Array which includes
OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects.
- SSLContext#tmp_dh_callback is called in key exchange with DH
algorithm. it must return an OpenSSL::PKey::DH object.
* ext/openssl/ossl_ssl.c:
(ossl_sslctx_set_ciphers): ignore the argument if it's nil.
(ossl_start_ssl, ossl_ssl_write): call rb_sys_fail if errno isn't 0.
[ruby-dev:25831]
* ext/openssl/ossl_pkey.c
(GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first.
(DupPrivPKeyPtr): new function.
* ext/openssl/ossl_pkey_dh.c: add default DH parameters.
* ext/openssl/ossl_pkey.h: ditto.
* ext/openssl/lib/openssl/cipher.rb: fix typo. [ruby-dev:24285]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8129 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl/test_ssl.rb')
-rw-r--r-- | test/openssl/test_ssl.rb | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 8f440076e8..08c18f440b 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -155,6 +155,43 @@ class OpenSSL::TestSSL < Test::Unit::TestCase } end + def test_client_auth + vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT + start_server(PORT, vflag, true){|s, p| + assert_raises(OpenSSL::SSL::SSLError){ + sock = TCPSocket.new("127.0.0.1", p) + ssl = OpenSSL::SSL::SSLSocket.new(sock) + ssl.connect + } + + ctx = OpenSSL::SSL::SSLContext.new + ctx.key = @cli_key + ctx.cert = @cli_cert + sock = TCPSocket.new("127.0.0.1", p) + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.sync_close = true + ssl.connect + ssl.puts("foo") + assert_equal("foo\n", ssl.gets) + ssl.close + + called = nil + ctx = OpenSSL::SSL::SSLContext.new + ctx.client_cert_cb = Proc.new{|ssl| + called = true + [@cli_cert, @cli_key] + } + sock = TCPSocket.new("127.0.0.1", p) + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.sync_close = true + ssl.connect + assert(called) + ssl.puts("foo") + assert_equal("foo\n", ssl.gets) + ssl.close + } + end + def test_starttls start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|s, p| sock = TCPSocket.new("127.0.0.1", p) |