aboutsummaryrefslogtreecommitdiffstats
path: root/test/openssl/test_ssl.rb
Commit message (Collapse)AuthorAgeFilesLines
* * ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 supporttenderlove2015-08-291-1/+1
| | | | | | | | | | | | | if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be> [Bug #11376] * ext/openssl/extconf.rb: check for SSLv3 support in the SSL implementation. * test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3 if there is no support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51722 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): add OP_ALL totenderlove2015-08-191-2/+2
| | | | | | | | | | | | existing options rather than just setting it. Some vendors apply custom patches to their versions of OpenSSL that set default values for options. This commit respects the custom patches they've applied. * test/openssl/test_ssl.rb (class OpenSSL): check that OP_ALL has been added to the options. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51642 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ossl_ssl.c: check SSL method namenobu2015-08-151-0/+10
| | | | | | | * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): SSL method name must not contain NUL. preserve the encoding of message. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* use assert_raisenobu2015-08-151-4/+4
| | | | | | | * test/openssl/test_ssl.rb: use assert_raise instead of a deprecated method. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51587 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Fix LocalJumpErrors being raisedhsbt2015-08-111-1/+1
| | | | | | in OpenSSL tests. [ruby-core:70020][Bug #11368] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implementtenderlove2015-08-011-0/+28
| | | | | | | | | | | SSLContext#options and options= using SSL_CTX_set_options and SSL_CTX_get_options. This reduces the number of ivars we need and simplifies `ossl_sslctx_setup`. * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options` to SSL_OP_ALL git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): raise a moretenderlove2015-07-271-0/+14
| | | | | | | | | | helpful exception when verifying the peer connection and an anonymous cipher has been selected. [ruby-core:68330] [Bug #10910] Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch. * test/openssl/test_ssl.rb (class OpenSSL): test for change git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* commit missusa2015-07-271-5/+13
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_call_servername_cb): set the ssl contexttenderlove2015-07-261-0/+33
| | | | | | | | | | | object returned by the servername callback on to the socket as an instance variable. If the callback allocated a new context object and didn't keep a reference to it, it could be GC'd out from under the socket object. * test/openssl/test_ssl.rb (class OpenSSL): test for change. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (class OpenSSL): add test coverage aroundtenderlove2015-07-261-0/+129
| | | | | | OpenSSL::SSL::SSLContext#servername_cb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51386 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: add ALPN support. [Feature #9390]tenderlove2015-07-221-0/+32
| | | | | | | | * ext/openssl/extconf.rb: detect ALPN support in OpenSSL * test/openssl/test_ssl.rb: test for ALPN git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ssl.c: raise if kwargs given in blocking modenormal2015-06-241-0/+14
| | | | | | | | | | | OpenSSL::SSL::SSLSocket#sysread does not accept kwargs in blocking mode, inform users if they make an error. * ext/openssl/ossl_ssl.c (ossl_ssl_read_internal): do not process kwargs in blocking mode * test/openssl/test_ssl.rb: test sysread git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51016 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb: stricter hostname verificationnagachika2015-04-131-0/+150
| | | | | | | | following RFC 6125. with the patch provided by Tony Arcieri and Hiroshi Nakamura [ruby-core:61545] [Bug #9644] * test/openssl/test_ssl.rb: add tests for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50292 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/openssl: skip old OpenSSLnobu2014-12-131-1/+1
| | | | | | | * test/openssl/utils.rb (OpenSSL::TestUtils): ignore out-of-date OpenSSL before 1.0. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl: Don't specify port number.akr2014-11-131-24/+23
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/utils.rb: The default of :ignore_listener_error isakr2014-11-031-23/+24
| | | | | | | | changed to false. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Don't ignore errors on listener threads,akr2014-11-011-19/+28
| | | | | | | | | | | | as much as possible. * test/openssl/test_ssl_session.rb: Ditto. * test/openssl/test_partial_record_read.rb: Ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48232 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Add certificate verification chainheadius2014-10-311-0/+7
| | | | | | test from JRuby community. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48216 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (OpenSSL::TestSSL#test_verify_result):usa2014-06-031-0/+4
| | | | | | | | | shouldn't use same server for respective tests, because the 1st test sometimes kills the server main loop silently. [Bug #9881] [ruby-dev:48266] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46325 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Suppress warnings.akr2014-06-011-21/+21
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46297 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (SSLServer#accept): Close a socketakr2014-05-291-14/+43
| | | | | | | | if any exception occur. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_ssl_close): Fix sync_close to workakr2014-05-281-0/+9
| | | | | | | | | | when SSL is not started. This fix the fd leak by test_https_proxy_authentication in test/net/http/test_https_proxy.rb. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46209 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_pair.rb: Modify TestSSL#test_read_and_writehsbt2014-05-271-2/+6
| | | | | | | to handle partial sysreads. [Bug #7398][ruby-core:49563] * test/openssl/test_ssl.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46164 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Reuse TLS default options fromemboss2014-03-071-9/+1
| | | | | | | OpenSSL::SSL::SSLContext::DEFAULT_PARAMS. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45280 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* fix r45274; it change default but doesn't change tests [Bug #9424]naruse2014-03-061-3/+7
| | | | | | RUN TESTS BEFORE COMMIT!!! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45278 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: pass read_nonblock options to underlying IOtenderlove2014-01-281-0/+18
| | | | | | | | when SSL session has not been started. * test/openssl/test_ssl.rb: test for change. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44732 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/buffering.rb: Return ASCII-8BIT strings fromdrbrain2013-12-031-0/+14
| | | | | | | | SSLSocket methods. [ruby-trunk - Bug #9028] * test/openssl/test_ssl.rb: Test for the above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Fix test for CVE-2013-4073.charliesome2013-08-071-2/+2
| | | | | | Patch by Antonio Terceiro. [Bug #8750] [ruby-core:56437] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42429 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * lib/openssl/ssl.rb: Fix SSL client connection crash for SAN markedemboss2013-07-051-10/+17
| | | | | | | | | | | | | | | | | | | critical. The patch for CVE-2013-4073 caused SSL crash when a SSL server returns the certificate that has critical SAN value. X509 extension could include 2 or 3 elements in it: [id, criticality, octet_string] if critical, [id, octet_string] if not. Making sure to pick the last element of X509 extension and use it as SAN value. [ruby-core:55685] [Bug #8575] Thank you @nahi for providing the patch! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (verify_certificate_identity): fixnagachika2013-06-271-0/+22
| | | | | | | | | hostname verification. Patched by nahi. * test/openssl/test_ssl.rb (test_verify_certificate_identity): test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41671 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Correct shutdown behavior w.r.t GC.emboss2013-04-151-0/+27
| | | | | | | | | * test/openssl/test_ssl.rb: Add tests to verify correct behavior. [Bug #8240] Patch provided by Shugo Maeda. Thanks! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40304 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Use :TLSv1_2_client explicitly inemboss2012-12-181-1/+3
| | | | | | | | | test_tls_v1_2 to prevent upstream bug. [Bug #7197] [ruby-dev:46240] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38436 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Improve my grammar.emboss2012-12-181-3/+2
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38434 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/ssl.rb: Enable insertion of empty fragments as aemboss2012-12-181-2/+10
| | | | | | | | | | | | | | | countermeasure for the BEAST attack by default. The default options of OpenSSL::SSL:SSLContext are now: OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS [Bug #5353] [ruby-core:39673] * test/openssl/test_ssl.rb: Adapt tests to new SSLContext default. * NEWS: Announce the new default. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_asn1_rb:emboss2012-09-031-1/+1
| | | | | | | | | | | | | test/openssl/test_ssl_session.rb: test/openssl/test_x509name.rb: test/openssl/test_buffering.rb: test/openssl/test_x509cert.rb: test/openssl/test_ssl.rb: Refactor code that leads to warnings on Ruby CI. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36894 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.emboss2012-08-311-9/+76
| | | | | | | | | | | | | | | ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be advertised by the server can be set in the SSLContext by using SSLContext#npn_protocols=, protocol selection on the client is supported by providing a selection callback with SSLContext#npn_select_cb. The protocol that was finally negotiated is available through SSL#npn_protocol. test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation. NEWS: add news about NPN support. [Feature #6503] [ruby-core:45272] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* remove trainling spaces.nobu2012-08-211-7/+7
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb andemboss2012-06-091-28/+6
| | | | | | | | | | | | | remove SSLContext#disable_client_renegotiation and related functionality introduced in r35797. The new callback approach gives clients maximum flexibility to decide on their own what to do on renegotiation attempts. Add documentation for SSL module and SSLError. * test/openssl/test_ssl.rb: Add a test for SSLContext#renegotiation_cb. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.emboss2012-05-261-2/+42
| | | | | | | | | | | | | | | | | | | * test/openssl/test_ssl.rb: Simple tests for this. Client-side renegotiation is still considered problematic, even when used in the context of secure renegotiation (RI, RFC 5746). The changes allow users to either completely disable client renegotiation on the server, or to specify a maximum number of handshakes allowed in total. The number of total handshakes is counted in a callback set as SSL_set_info_callback. If the maximum number of handshakes is exceeded an error will be raised We do not support renegotiation in the OpenSSL extension, therefore this feature can only be tested externally. The feature is opt-in, the default setting will be to allow unlimited client renegotiation, as was the case before. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Clarify the intention of errors to beemboss2012-05-251-10/+13
| | | | | | | | | | expected. Two errors are possible when connection is refused due to a protocol version that was explicitly disallowed, OpenSSL::SSL::SSLError or Errno::ECONNRESET, depending on the OpenSSL version in use. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Revert r35583emboss2012-05-251-0/+2
| | | | | | | | | | * test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid the test failing in Ruby CI [1] [1] http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz#test-all git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* OpenSSL 1.0.1 pre-beta disabled TLS v1.2 by default.naruse2012-05-211-1/+1
| | | | | | http://cvs.openssl.org/chngview?cn=21471 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35752 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_ssl.rb: test only if necessary option is available.nobu2012-05-071-6/+6
| | | | | | | * test/openssl/test_ssl.rb (test_forbid_tls_v1_{1,2}_{for_client,from_server}): test only if necessary option is available. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35570 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: add support for option flagsemboss2012-05-071-154/+207
| | | | | | | | | | | | | | | | | OpenSSL::SSL::OP_NO_TLSv1_1 OpenSSL::SSL::OP_NO_TLSv1_2 to allow blocking specific TLS versions. Thanks to Justin Guyett for pointing this out to me. * test/openssl/test_ssl.rb: add tests to assert correct behavior when blocking certain versions of TLS/SSL both on server and client side. Also refactored tests to reduce boilerplate code a little. * test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where client rejects the connection because a forbidden protocol version was used. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: support TLSv1.1 & TLSv1.1. Add emboss2012-05-061-0/+29
| | | | | | | | | | | | SSLContext#version to inspect the version that was negotiated for a given connection. * ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support. * test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they are supported by the native OpenSSL being used. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSLnahi2012-02-081-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | option to prevent BEAST attack. See [Bug #5353]. In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent TLS-CBC-IV vulunerability described at http://www.openssl.org/~bodo/tls-cbc.txt It's known issue of TLSv1/SSLv3 but it attracts lots of attention these days as BEAST attack. (CVE-2011-3389) Until now ossl sets OP_ALL at SSLContext allocation and call SSL_CTX_set_options at connection. SSL_CTX_set_options updates the value by using |= so bits set by OP_ALL cannot be unset afterwards. This commit changes to call SSL_CTX_set_options only 1 time for each SSLContext. It sets the specified value if SSLContext#options= are called and sets OP_ALL if not. To help users to unset bits in OP_ALL, this commit also adds several constant to SSL such as OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were not exposed in Ruby because there's no way to unset bits in OP_ALL before. Following is an example to enable 0/n split for BEAST prevention. ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS * test/openssl/test_ssl.rb: Test above option exists. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (test_multibyte_read_write): start serverakr2011-10-221-14/+12
| | | | | | | for each length to avoid race condition. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33508 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * lib/openssl/buffering.rb: Force multi-byte strings to be treated asemboss2011-10-191-0/+30
| | | | | | | | | | | | binary data. * test/openssl/test_ssl.rb: Add test for it. Thanks to Niklas Baumstark for reporting the issue! [Ruby 1.9 - Bug #5233] [ruby-core:39120] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Move duplicated tests for SSL::Session to nahi2011-10-121-50/+0
| | | | | | | test_ssl_session.rb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33458 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Explicitly close the tcp connection.naruse2011-09-201-0/+1
| | | | | | | | Without this, the connection will be alive without GC after exit the block and the test will fail as "TCPServer was closed and SSLServer is still alive" on 64bit Unix: at least CentOS, Ubuntu, and FreeBSD. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33300 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-04 04:48:01 +0000