aboutsummaryrefslogtreecommitdiffstats
path: root/test/openssl/test_ssl.rb
Commit message (Collapse)AuthorAgeFilesLines
* ext/openssl: remove SHA, DSS, DSS1 if using OpenSSL 1.1.0Kazuki Yamaguchi2016-05-051-1/+1
|
* ext/openssl: add SSLContext#security_level, #security_level=Kazuki Yamaguchi2016-05-051-0/+11
| | | | | | | | OpenSSL 1.1.0 introduced "security level" and these methods deal with it. This patch includes many test changes: setting the level to 0. The default security level is 1 and this prohibits aNULL ciphers.
* test_ssl.rb: skip unsupported ciphersnobu2016-04-071-1/+6
| | | | | | | * test/openssl/test_ssl.rb (test_get_ephemeral_key): skip unsupported ciphers. [GH-1318] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54506 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_ssl.rb: skip unavailable pkeysnobu2016-04-061-2/+3
| | | | | | | * test/openssl/test_ssl.rb (test_get_ephemeral_key): skip unavailable public keys. [GH-1318] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54498 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_get_ephemeral_key: use assert_instance_ofnobu2016-04-041-1/+1
| | | | | | | * test/openssl/test_ssl.rb (test_get_ephemeral_key): should use assert_instance_of instead of comparison of classes. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54487 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: Access to ephemeral TLS session keynobu2016-04-041-0/+23
| | | | | | | | | * ext/openssl/ossl_ssl.c (ossl_ssl_tmp_key): Access to ephemeral TLS session key in case of forward secrecy cipher. Only available since OpenSSL 1.0.2. [Fix GH-1318] * ext/openssl/extconf.rb: Check for SSL_get_server_tmp_key. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: fix build when NPN is disabled by OpenSSLnobu2016-03-251-1/+3
| | | | | | | | | | | * ext/openssl/extconf.rb: check SSL_CTX_set_next_proto_select_cb function rather than OPENSSL_NPN_NEGOTIATED macro. it exists even if it is disabled by OpenSSL configuration. [ruby-core:74384] [Bug #12182] * ext/openssl/ossl_ssl.c: update #ifdef(s) as above. * test/openssl/test_ssl.rb: skip NPN tests if NPN is disabled. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54258 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test: use assert_not_*nobu2016-02-191-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Add frozen_string_literal: false for all filesnaruse2015-12-161-0/+1
| | | | | | When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_ssl.rb: fix ssl option flags testsnobu2015-12-111-1/+1
| | | | | | | * test/openssl/test_ssl.rb (test_setting_twice): ignore fixed flags. some flags like SSL_OP_NO_SSL_MASK cannot change. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53035 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_ssl.rb: fix ssl option flags testsnobu2015-12-091-2/+2
| | | | | | | | | | * test/openssl/test_ssl.rb (test_setting_twice): ignore fixed falgs. some flags like SSL_OP_NO_SSL_MASK cannot change. * test/openssl/test_ssl.rb (test_options_setting_nil_means_all): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53010 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/openssl/test_ssl.rb (test_copy_stream): new testnormal2015-11-251-0/+14
| | | | | | | | | | I was worried r52750 would break IO.copy_stream with things like OpenSSL sockets which wrap IOs, but require data to be run through through encryption/decryption filters. Apparently my worry was unfounded, but perhaps this test will ensure this case continues to work. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52751 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Merge ruby/openssl@81e1a30zzak2015-11-131-1/+1
| | | | | | | * test/openssl/test_ssl.rb: ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52555 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 supporttenderlove2015-08-291-1/+1
| | | | | | | | | | | | | if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be> [Bug #11376] * ext/openssl/extconf.rb: check for SSLv3 support in the SSL implementation. * test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3 if there is no support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51722 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): add OP_ALL totenderlove2015-08-191-2/+2
| | | | | | | | | | | | existing options rather than just setting it. Some vendors apply custom patches to their versions of OpenSSL that set default values for options. This commit respects the custom patches they've applied. * test/openssl/test_ssl.rb (class OpenSSL): check that OP_ALL has been added to the options. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51642 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ossl_ssl.c: check SSL method namenobu2015-08-151-0/+10
| | | | | | | * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): SSL method name must not contain NUL. preserve the encoding of message. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* use assert_raisenobu2015-08-151-4/+4
| | | | | | | * test/openssl/test_ssl.rb: use assert_raise instead of a deprecated method. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51587 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Fix LocalJumpErrors being raisedhsbt2015-08-111-1/+1
| | | | | | in OpenSSL tests. [ruby-core:70020][Bug #11368] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implementtenderlove2015-08-011-0/+28
| | | | | | | | | | | SSLContext#options and options= using SSL_CTX_set_options and SSL_CTX_get_options. This reduces the number of ivars we need and simplifies `ossl_sslctx_setup`. * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options` to SSL_OP_ALL git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): raise a moretenderlove2015-07-271-0/+14
| | | | | | | | | | helpful exception when verifying the peer connection and an anonymous cipher has been selected. [ruby-core:68330] [Bug #10910] Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch. * test/openssl/test_ssl.rb (class OpenSSL): test for change git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* commit missusa2015-07-271-5/+13
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_call_servername_cb): set the ssl contexttenderlove2015-07-261-0/+33
| | | | | | | | | | | object returned by the servername callback on to the socket as an instance variable. If the callback allocated a new context object and didn't keep a reference to it, it could be GC'd out from under the socket object. * test/openssl/test_ssl.rb (class OpenSSL): test for change. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (class OpenSSL): add test coverage aroundtenderlove2015-07-261-0/+129
| | | | | | OpenSSL::SSL::SSLContext#servername_cb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51386 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: add ALPN support. [Feature #9390]tenderlove2015-07-221-0/+32
| | | | | | | | * ext/openssl/extconf.rb: detect ALPN support in OpenSSL * test/openssl/test_ssl.rb: test for ALPN git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ssl.c: raise if kwargs given in blocking modenormal2015-06-241-0/+14
| | | | | | | | | | | OpenSSL::SSL::SSLSocket#sysread does not accept kwargs in blocking mode, inform users if they make an error. * ext/openssl/ossl_ssl.c (ossl_ssl_read_internal): do not process kwargs in blocking mode * test/openssl/test_ssl.rb: test sysread git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51016 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb: stricter hostname verificationnagachika2015-04-131-0/+150
| | | | | | | | following RFC 6125. with the patch provided by Tony Arcieri and Hiroshi Nakamura [ruby-core:61545] [Bug #9644] * test/openssl/test_ssl.rb: add tests for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50292 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/openssl: skip old OpenSSLnobu2014-12-131-1/+1
| | | | | | | * test/openssl/utils.rb (OpenSSL::TestUtils): ignore out-of-date OpenSSL before 1.0. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl: Don't specify port number.akr2014-11-131-24/+23
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/utils.rb: The default of :ignore_listener_error isakr2014-11-031-23/+24
| | | | | | | | changed to false. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Don't ignore errors on listener threads,akr2014-11-011-19/+28
| | | | | | | | | | | | as much as possible. * test/openssl/test_ssl_session.rb: Ditto. * test/openssl/test_partial_record_read.rb: Ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48232 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Add certificate verification chainheadius2014-10-311-0/+7
| | | | | | test from JRuby community. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48216 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (OpenSSL::TestSSL#test_verify_result):usa2014-06-031-0/+4
| | | | | | | | | shouldn't use same server for respective tests, because the 1st test sometimes kills the server main loop silently. [Bug #9881] [ruby-dev:48266] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46325 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Suppress warnings.akr2014-06-011-21/+21
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46297 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (SSLServer#accept): Close a socketakr2014-05-291-14/+43
| | | | | | | | if any exception occur. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_ssl_close): Fix sync_close to workakr2014-05-281-0/+9
| | | | | | | | | | when SSL is not started. This fix the fd leak by test_https_proxy_authentication in test/net/http/test_https_proxy.rb. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46209 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_pair.rb: Modify TestSSL#test_read_and_writehsbt2014-05-271-2/+6
| | | | | | | to handle partial sysreads. [Bug #7398][ruby-core:49563] * test/openssl/test_ssl.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46164 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Reuse TLS default options fromemboss2014-03-071-9/+1
| | | | | | | OpenSSL::SSL::SSLContext::DEFAULT_PARAMS. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45280 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* fix r45274; it change default but doesn't change tests [Bug #9424]naruse2014-03-061-3/+7
| | | | | | RUN TESTS BEFORE COMMIT!!! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45278 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: pass read_nonblock options to underlying IOtenderlove2014-01-281-0/+18
| | | | | | | | when SSL session has not been started. * test/openssl/test_ssl.rb: test for change. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44732 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/buffering.rb: Return ASCII-8BIT strings fromdrbrain2013-12-031-0/+14
| | | | | | | | SSLSocket methods. [ruby-trunk - Bug #9028] * test/openssl/test_ssl.rb: Test for the above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Fix test for CVE-2013-4073.charliesome2013-08-071-2/+2
| | | | | | Patch by Antonio Terceiro. [Bug #8750] [ruby-core:56437] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42429 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * lib/openssl/ssl.rb: Fix SSL client connection crash for SAN markedemboss2013-07-051-10/+17
| | | | | | | | | | | | | | | | | | | critical. The patch for CVE-2013-4073 caused SSL crash when a SSL server returns the certificate that has critical SAN value. X509 extension could include 2 or 3 elements in it: [id, criticality, octet_string] if critical, [id, octet_string] if not. Making sure to pick the last element of X509 extension and use it as SAN value. [ruby-core:55685] [Bug #8575] Thank you @nahi for providing the patch! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (verify_certificate_identity): fixnagachika2013-06-271-0/+22
| | | | | | | | | hostname verification. Patched by nahi. * test/openssl/test_ssl.rb (test_verify_certificate_identity): test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41671 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Correct shutdown behavior w.r.t GC.emboss2013-04-151-0/+27
| | | | | | | | | * test/openssl/test_ssl.rb: Add tests to verify correct behavior. [Bug #8240] Patch provided by Shugo Maeda. Thanks! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40304 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Use :TLSv1_2_client explicitly inemboss2012-12-181-1/+3
| | | | | | | | | test_tls_v1_2 to prevent upstream bug. [Bug #7197] [ruby-dev:46240] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38436 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Improve my grammar.emboss2012-12-181-3/+2
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38434 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/ssl.rb: Enable insertion of empty fragments as aemboss2012-12-181-2/+10
| | | | | | | | | | | | | | | countermeasure for the BEAST attack by default. The default options of OpenSSL::SSL:SSLContext are now: OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS [Bug #5353] [ruby-core:39673] * test/openssl/test_ssl.rb: Adapt tests to new SSLContext default. * NEWS: Announce the new default. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_asn1_rb:emboss2012-09-031-1/+1
| | | | | | | | | | | | | test/openssl/test_ssl_session.rb: test/openssl/test_x509name.rb: test/openssl/test_buffering.rb: test/openssl/test_x509cert.rb: test/openssl/test_ssl.rb: Refactor code that leads to warnings on Ruby CI. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36894 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.emboss2012-08-311-9/+76
| | | | | | | | | | | | | | | ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be advertised by the server can be set in the SSLContext by using SSLContext#npn_protocols=, protocol selection on the client is supported by providing a selection callback with SSLContext#npn_select_cb. The protocol that was finally negotiated is available through SSL#npn_protocol. test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation. NEWS: add news about NPN support. [Feature #6503] [ruby-core:45272] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* remove trainling spaces.nobu2012-08-211-7/+7
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-13 20:19:06 +0000