aboutsummaryrefslogtreecommitdiffstats
path: root/test/openssl/test_ssl.rb
Commit message (Collapse)AuthorAgeFilesLines
* * ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSLnahi2012-02-081-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | option to prevent BEAST attack. See [Bug #5353]. In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent TLS-CBC-IV vulunerability described at http://www.openssl.org/~bodo/tls-cbc.txt It's known issue of TLSv1/SSLv3 but it attracts lots of attention these days as BEAST attack. (CVE-2011-3389) Until now ossl sets OP_ALL at SSLContext allocation and call SSL_CTX_set_options at connection. SSL_CTX_set_options updates the value by using |= so bits set by OP_ALL cannot be unset afterwards. This commit changes to call SSL_CTX_set_options only 1 time for each SSLContext. It sets the specified value if SSLContext#options= are called and sets OP_ALL if not. To help users to unset bits in OP_ALL, this commit also adds several constant to SSL such as OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were not exposed in Ruby because there's no way to unset bits in OP_ALL before. Following is an example to enable 0/n split for BEAST prevention. ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS * test/openssl/test_ssl.rb: Test above option exists. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (test_multibyte_read_write): start serverakr2011-10-221-14/+12
| | | | | | | for each length to avoid race condition. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33508 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * lib/openssl/buffering.rb: Force multi-byte strings to be treated asemboss2011-10-191-0/+30
| | | | | | | | | | | | binary data. * test/openssl/test_ssl.rb: Add test for it. Thanks to Niklas Baumstark for reporting the issue! [Ruby 1.9 - Bug #5233] [ruby-core:39120] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Move duplicated tests for SSL::Session to nahi2011-10-121-50/+0
| | | | | | | test_ssl_session.rb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33458 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Explicitly close the tcp connection.naruse2011-09-201-0/+1
| | | | | | | | Without this, the connection will be alive without GC after exit the block and the test will fail as "TCPServer was closed and SSLServer is still alive" on 64bit Unix: at least CentOS, Ubuntu, and FreeBSD. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33300 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (class OpenSSL): Testdrbrain2011-09-191-0/+49
| | | | | | | OpenSSL::SSL::SSLSocket#session and #session=. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33294 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Support disabling OpenSSL compression.emboss2011-08-151-0/+9
| | | | | | | | | * test/openssl/test_ssl.rb: Add a test for it. Thanks to Eric Wong for the patch. [Ruby 1.9 - Feature #5183] [ruby-core:38911] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32973 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl.c (ossl_verify_cb): trap the exception fromnahi2011-07-141-0/+20
| | | | | | | | | | | | | verify callback of SSLContext and X509Store and make the verification fail normally. Raising exception directly from callback causes orphan resouces in OpenSSL stack. Patched by Ippei Obayashi. See #4445. * test/openssl/test_ssl.rb (test_exception_in_verify_callback_is_ignored): test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32537 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl.c/.h: Added ossl_x509_name_sk2ary.emboss2011-06-301-0/+22
| | | | | | | | | | | | * ext/openssl/ossl.c: Replaced ossl_x509_ary2k by generic macro to simplify future conversions. * ext/openssl/ossl_ssl.c: Implement SSLSocket#client_ca. * test/openssl/test_ssl.rb: Add test for SSLSocket#client_ca. Thanks to Ippei Obayashi for providing the patch! [ Ruby 1.9 - Feature #4481 ] [ruby-core:35461] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32337 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl_session.rb: Split out SSL::Session related nahi2011-06-221-268/+1
| | | | | | | tests from test_ssl.rb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32195 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* drying up the requires in the openssl teststenderlove2010-12-151-9/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Set DH Parameter for SSLContext to clean warnings.naruse2010-12-071-0/+2
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30123 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (test_not_started_session): non socketusa2010-12-011-0/+1
| | | | | | | argument of SSLSocket.new is not supported on Windows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29993 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* making ssl test a little bettertenderlove2010-11-151-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29788 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* STDIN is not valid when ruby doesn't have tty.naruse2010-11-151-1/+3
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29787 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * etc/openssl/ossl_ssl.c (ossl_ssl_get_cert): raise exception iftenderlove2010-11-141-0/+4
| | | | | | pointer is invalid. Thanks Ippei Obayashi! [ruby-dev:42573] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/x509-internal.rb: removed unused localnahi2010-09-101-6/+7
| | | | | | | | | variable. * test/openssl/*: less warnings while test running with -w. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29217 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (test_client_auth): Errno::ECONNRESET is raised onusa2010-05-191-1/+1
| | | | | | | Windows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (server_loop): treat Errno::ENOTSOCK just like asusa2010-05-191-1/+1
| | | | | | | Errno::EBADF and Errno::EINVAL. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27883 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* supress warnings.akr2010-01-251-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26418 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test: use require_relative.naruse2009-09-121-8/+2
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * io.c (rb_mWaitReadable): defined.akr2009-03-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (rb_mWaitWritable): defined. (io_getpartial): extend IO::WaitReadable on EWOULDBLOCK and EAGAIN. (rb_io_write_nonblock): extend IO::WaitWritable on EWOULDBLOCK and EAGAIN. * error.c (make_errno_exc): extracted from rb_sys_fail. (rb_mod_sys_fail): new function. * include/ruby/ruby.h (rb_mod_sys_fail): declared. (rb_mWaitReadable): declared. (rb_mWaitWritable): declared. * ext/socket/init.c (rsock_s_recvfrom_nonblock): extend IO::WaitReadable on EWOULDBLOCK and EAGAIN. (rsock_s_accept_nonblock): extend IO::WaitReadable on EWOULDBLOCK, EAGAIN, ECONNABORTED and EPROTO. * ext/socket/socket.c (sock_connect_nonblock): extend IO::WaitWritable on EINPROGRESS. * ext/socket/ancdata.c (bsock_sendmsg_internal): extend IO::WaitWritable on EWOULDBLOCK and EAGAIN. (bsock_recvmsg_internal): extend IO::WaitReadable on EWOULDBLOCK and EAGAIN. * ext/openssl/ossl_ssl.c (ossl_ssl_read_internal): raise SSLError extended by IO::WaitReadable/IO::WaitWritable on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. * ext/openssl/ossl.c (ossl_make_error): extracted from ossl_raise. (ossl_exc_new): new function. * ext/openssl/ossl.h (ossl_exc_new): declared. * lib/net/protocol.rb (rbuf_fill): rescue IO::WaitReadable and IO::WaitWritable. [ruby-core:22539], [ruby-dev:38140] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * {ext,lib,test}/**/*.rb: removed trailing spaces.nobu2009-03-061-4/+4
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Server Name Indication support.technorama2009-01-241-0/+44
| | | | | | | | | | new methods SSLContext#server_name_cb=, SSLSocket#hostname=. * test/openssl/test_ssl.rb: Tests for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@21761 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_ssl_read_nonblock):matz2008-12-041-0/+15
| | | | | | | OpenSSL::SSL::SSLSocket should implement read_nonblock. a patch from Aaron Patterson in [ruby-core:20277]. fix: #814 [ruby-core:20241] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20493 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test: assert_raises has been deprecated since a long time ago.nobu2008-09-241-9/+9
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@19536 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (OpenSSL#test_client_session):kazu2008-09-091-1/+4
| | | | | | | | Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?), when use default SSLContext. [ruby-dev:36167] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@19268 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * lib/webrick/server.rb (WEBrick::GenericServer#shutdown):kazu2008-08-221-1/+8
| | | | | | | | | | | | rescue Errno::ENOTCONN and close. [ruby-dev:35896] * test/openssl/test_ssl.rb (OpenSSL#start_server): ditto. [ruby-dev:35897] * lib/net/imap.rb (Net::IMAP#disconnect): ditto. [ruby-dev:35898] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@18777 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (server_loop): rescue Errno::EINVAL andmame2008-07-271-3/+2
| | | | | | | Errno::ECONNABORTED. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@18234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (start_server): shutdown TCPServer beforemame2008-06-301-7/+12
| | | | | | | close. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@17747 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_initialize):knu2008-06-051-1/+6
| | | | | | | | | | | | | | | | Add a null check for ssl; submitted by akira yamada in [ruby-dev:34950]. * ext/openssl/ossl_ssl.c (Init_ossl_ssl): Define OP_NO_TICKET if SSL_OP_NO_TICKET is present; submitted by akira yamada in [ruby-dev:34944]. * test/openssl/test_ssl.rb (OpenSSL#test_server_session): Add a workaround for the case where OpenSSL is configured with --enable-tlsext; submitted by akira yamada in [ruby-dev:34944]. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16842 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (start_server): add timeout to server.join.mame2008-04-221-1/+8
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16161 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Switch stats hash key from string to symbol.technorama2008-04-201-21/+190
| | | | | | | | | | | | New method SSLContext#setup to aid C extension writers. * test/openssl/test_ssl.rb: Add tests for new method and sessions. Use threads for ssl server instead of forking. * ext/openssl/ossl_version.h: Bump version. * ext/openssl/ossl_x509ext.c: Fix warnings. * test/openssl/utils.rb: Fix warnings. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16111 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.gotoyuzo2007-12-221-5/+9
| | | | | | | | | | | | | * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params): new method to set suitable SSL parameters. * lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, test/openssl/test_ssl.rb: follow above change. * test/net/http/test_https.rb: refine error case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14479 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version):gotoyuzo2007-12-171-19/+85
| | | | | | | | | | | | | | | | | | | | new method OpenSSL::SSL::SSLContext#ssl_version to wrap SSL_CTX_set_ssl_version. * ext/openssl/ossl_ssl.c (ossl_ssl_get_verify_result): new method OpenSSL::SSL::SSLSocket#verify_result to wrap SSL_get_verrify_result. * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLContext.build): new method to build OpenSSL::SSL::SSLContext with Hash parameters. this method provides safety default parameters than SSLContext.new. * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL.verify_cetificate_identity): new module function: pull out identity verification process from OpenSSL::SSL::SSLSocket#post_connection_check. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14270 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/buffering.rb (Buffering#gets): added secondgotoyuzo2007-12-171-0/+5
| | | | | | | optional argument to specify maximum length limit. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14261 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (test_parallel): call GC.start to closegotoyuzo2005-12-121-0/+1
| | | | | | | unused files. [ruby-dev:27981] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:gotoyuzo2005-03-091-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | - SSLContext#client_cert_cb is a Proc. it is called when a client certificate is requested by a server and no certificate was yet set for the SSLContext. it must return an Array which includes OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects. - SSLContext#tmp_dh_callback is called in key exchange with DH algorithm. it must return an OpenSSL::PKey::DH object. * ext/openssl/ossl_ssl.c: (ossl_sslctx_set_ciphers): ignore the argument if it's nil. (ossl_start_ssl, ossl_ssl_write): call rb_sys_fail if errno isn't 0. [ruby-dev:25831] * ext/openssl/ossl_pkey.c (GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first. (DupPrivPKeyPtr): new function. * ext/openssl/ossl_pkey_dh.c: add default DH parameters. * ext/openssl/ossl_pkey.h: ditto. * ext/openssl/lib/openssl/cipher.rb: fix typo. [ruby-dev:24285] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8129 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rbgotoyuzo2005-02-141-0/+49
| | | | | | | (OpenSSL::SSL::SSLSocket#post_connection_check): new method. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7970 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/ssl_server.rb: try to listen ports from 20443 to 20542gotoyuzo2004-11-171-13/+17
| | | | | | | | | | while failed in getting a TCPServer. * test/openssl/test_x509name.rb: remove version dependence about nickname of OIDs. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7298 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * eval.c (rb_call0): should call rb_call_super() directly formatz2004-07-281-4/+8
| | | | | | | visibility overriding. [ruby-dev:23989] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6714 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: add workaround for Cygwin.gotoyuzo2004-07-181-0/+4
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6674 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/ssl_server.rb, test/openssl/test_ssl.rb: workaround togotoyuzo2004-07-161-3/+2
| | | | | | | terminate child process. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6650 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: use Process.kill to kill child processgotoyuzo2004-06-201-5/+13
| | | | | | | instead of waiting for closing popen-ed IO. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * add test for OpenSSL::SSL.gotoyuzo2004-05-261-0/+184
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6412 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 19:26:32 +0000