aboutsummaryrefslogtreecommitdiffstats
path: root/test/openssl
Commit message (Collapse)AuthorAgeFilesLines
* test/openssl: don't test default session timeoutKazuki Yamaguchi2016-05-051-1/+0
| | | | | | | | | | | The default session timeout for TLSv1 is 7200 and shouldn't be 300. And this should not be checked because the value is decided by just "the 24 hours mentioned in the TLSv1 spec is way too long for http, the cache would over fill" (from OpenSSL's source comment). Old OpenSSL (<= 1.0.2) set ssl_ctx->session_timeout on SSL_CTX_new(), which we call always with SSLv23_method(), and it isn't updated with SSL_set_ssl_method().
* test/openssl: fix test_server_session to dup the sessionKazuki Yamaguchi2016-05-051-4/+4
| | | | | SSL_CTX_remove_session() sets not_resumable to the deleted session and OpenSSL 1.1.0 denies to resume a SSL_SESSION with not_resumable != 0.
* test/openssl: X25519 doesn't support signingKazuki Yamaguchi2016-05-051-1/+3
|
* test/openssl: DSA256 is prohibited with security_level=1Kazuki Yamaguchi2016-05-051-1/+16
|
* ext/openssl: ENGINE.cleanup is no-op in OpenSSL 1.1.0Kazuki Yamaguchi2016-05-051-47/+66
| | | | | Add note to the documentation, and fix tests which rely on Engine.cleanup. Test cases are now run in separate process.
* ext/openssl: remove SHA, DSS, DSS1 if using OpenSSL 1.1.0Kazuki Yamaguchi2016-05-056-8/+10
|
* ext/openssl: add SSLContext#set_ecdh_curvesKazuki Yamaguchi2016-05-052-25/+26
| | | | | | | | | | And deprecate #tmp_ecdh_callback. Since SSL_CTX_set_tmp_ecdh_callback() was removed in OpenSSL 1.1.0, we can't provide SSLContext#tmp_ecdh_callback anymore. Instead, we should use SSL_CTX_set1_curves_list() to set the curves and SSL_CTX_set_ecdh_auto() to make OpenSSL select automatically from the list.
* ext/openssl: add SSLContext#security_level, #security_level=Kazuki Yamaguchi2016-05-053-0/+22
| | | | | | | | OpenSSL 1.1.0 introduced "security level" and these methods deal with it. This patch includes many test changes: setting the level to 0. The default security level is 1 and this prohibits aNULL ciphers.
* ext/openssl: EVP_PKEY, DH, DSA, RSA, EC_KEY are made opaqueKazuki Yamaguchi2016-05-051-1/+2
| | | | | | | | | | | | | | | | | | | | Use EVP_PKEY_get0_* instead of pkey->pkey.* Use EVP_PKEY_base_id(pkey) instead of EVP_PKEY_type(pkey->type) Because of this, we can no longer set the parameters/keys directly, and the newly added functions as alternative require setting all relevant values at the same time. So this patch contains incompatibility: the following code no longer works (if using 1.1.0): dh = OpenSSL::PKey::DH.new(...) dh.priv_key = OpenSSL::BN.new(...) ...and we have to write like: dh = OpenSSL::PKey::DH.new(...) priv = OpenSSL::BN.new(...) pub = <calculate (dh.g ** priv) % dh.p> dh.set_key(pub, priv)
* ext/openssl: drop support for OpenSSL 0.9.6/0.9.7Kazuki Yamaguchi2016-05-052-38/+30
| | | | | | | | | The last release of OpenSSL 0.9.7 series was over 9 years ago (!) and even 0.9.8/1.0.0 are no longer supported (EOL was 2015-12-31). It actually doesn't compile since r40461 (ext/openssl/ossl_bn.c (ossl_bn_initialize): allow Fixnum and Bignum. [ruby-core:53986] [Feature #8217], 2013-04-25, 2.1.0) and it looks like nobody noticed it.
* test_ssl.rb: skip unsupported ciphersnobu2016-04-071-1/+6
| | | | | | | * test/openssl/test_ssl.rb (test_get_ephemeral_key): skip unsupported ciphers. [GH-1318] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54506 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_ssl.rb: skip unavailable pkeysnobu2016-04-061-2/+3
| | | | | | | * test/openssl/test_ssl.rb (test_get_ephemeral_key): skip unavailable public keys. [GH-1318] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54498 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_get_ephemeral_key: use assert_instance_ofnobu2016-04-041-1/+1
| | | | | | | * test/openssl/test_ssl.rb (test_get_ephemeral_key): should use assert_instance_of instead of comparison of classes. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54487 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: Access to ephemeral TLS session keynobu2016-04-042-0/+24
| | | | | | | | | * ext/openssl/ossl_ssl.c (ossl_ssl_tmp_key): Access to ephemeral TLS session key in case of forward secrecy cipher. Only available since OpenSSL 1.0.2. [Fix GH-1318] * ext/openssl/extconf.rb: Check for SSL_get_server_tmp_key. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: accept moving write buffer for write_nonblocknormal2016-03-311-0/+29
| | | | | | | | | | | | | | | | | | | By setting the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag. This flag was introduced at the same time as SSL_MODE_ENABLE_PARTIAL_WRITE in OpenSSL 0.9.4 and makes usage with non-blocking sockets much easier. Before this, a Rubyist would need to remember the exact object which failed to write and reuse it later when the socket became writable again. This causes problems when the buffer is given by another layer of the application (e.g. a buffer is given by a Rack middleware or application to a Rack web server). * ext/openssl/ossl_ssl.c (ossl_sslctx_s_alloc): enable SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default [Bug #12126] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54466 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: fix build when NPN is disabled by OpenSSLnobu2016-03-251-1/+3
| | | | | | | | | | | * ext/openssl/extconf.rb: check SSL_CTX_set_next_proto_select_cb function rather than OPENSSL_NPN_NEGOTIATED macro. it exists even if it is disabled by OpenSSL configuration. [ruby-core:74384] [Bug #12182] * ext/openssl/ossl_ssl.c: update #ifdef(s) as above. * test/openssl/test_ssl.rb: skip NPN tests if NPN is disabled. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54258 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test: use assert_not_*nobu2016-02-193-7/+7
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Skip SHA from test_digest_constants for LibreSSL 2.3naruse2016-02-021-1/+12
| | | | | | | The first one of ruby/openssl#40 https://github.com/ruby/openssl/issues/40#issuecomment-159839338 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53718 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/pkey.rb: Added 2048 bit DH parameter.hsbt2016-01-161-0/+14
| | | | | | * test/openssl/test_pkey_dh.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53553 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * Remove 512-bit DH group. It's affected by LogJam Attack.hsbt2016-01-142-19/+2
| | | | | | | https://weakdh.org/ [fix GH-1196][Bug #11968][ruby-core:72766] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* fix common misspelling [ci skip]nobu2015-12-241-1/+1
| | | | | | | * compile.c, cont.c, doc, man: fix common misspelling. [ruby-core:72466] [Bug #11870] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53299 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Add frozen_string_literal: false for all filesnaruse2015-12-1630-0/+30
| | | | | | When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * bootstraptest/runner.rb: use safe navigation operator.hsbt2015-12-141-1/+1
| | | | | | | | | | [fix GH-1142] Patch by @mlarraz * test/openssl/test_pair.rb: ditto. * test/ruby/test_econv.rb: ditto. * test/ruby/test_settracefunc.rb: ditto. * test/thread/test_queue.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_ssl.rb: fix ssl option flags testsnobu2015-12-111-1/+1
| | | | | | | * test/openssl/test_ssl.rb (test_setting_twice): ignore fixed flags. some flags like SSL_OP_NO_SSL_MASK cannot change. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53035 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_ssl.rb: fix ssl option flags testsnobu2015-12-091-2/+2
| | | | | | | | | | * test/openssl/test_ssl.rb (test_setting_twice): ignore fixed falgs. some flags like SSL_OP_NO_SSL_MASK cannot change. * test/openssl/test_ssl.rb (test_options_setting_nil_means_all): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53010 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/openssl/test_ssl.rb (test_copy_stream): new testnormal2015-11-251-0/+14
| | | | | | | | | | I was worried r52750 would break IO.copy_stream with things like OpenSSL sockets which wrap IOs, but require data to be run through through encryption/decryption filters. Apparently my worry was unfounded, but perhaps this test will ensure this case continues to work. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52751 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Merge ruby/openssl@81e1a30zzak2015-11-131-1/+1
| | | | | | | * test/openssl/test_ssl.rb: ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52555 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_pair.rb: skipped tests if openssl doesn't supporthsbt2015-10-311-0/+6
| | | | | | ECDH cipher. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52412 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 supporttenderlove2015-08-291-1/+1
| | | | | | | | | | | | | if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be> [Bug #11376] * ext/openssl/extconf.rb: check for SSLv3 support in the SSL implementation. * test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3 if there is no support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51722 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl_session.rb: Fix tests so that they take in totenderlove2015-08-201-4/+2
| | | | | | | | account OpenSSL installations that have SSLv3 disabled by default. Thanks Jeremy Evans <code@jeremyevans.net> for the patches. [Bug #11366] [Bug #11367] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51649 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): add OP_ALL totenderlove2015-08-191-2/+2
| | | | | | | | | | | | existing options rather than just setting it. Some vendors apply custom patches to their versions of OpenSSL that set default values for options. This commit respects the custom patches they've applied. * test/openssl/test_ssl.rb (class OpenSSL): check that OP_ALL has been added to the options. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51642 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ossl_ssl.c: check SSL method namenobu2015-08-151-0/+10
| | | | | | | * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): SSL method name must not contain NUL. preserve the encoding of message. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* use assert_raisenobu2015-08-151-4/+4
| | | | | | | * test/openssl/test_ssl.rb: use assert_raise instead of a deprecated method. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51587 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_ssl_session.rb: check SSL methodnobu2015-08-141-1/+4
| | | | | | | * test/openssl/test_ssl_session.rb (test_ctx_server_session_cb): ensure the method to be tested is supported. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51569 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Fix LocalJumpErrors being raisedhsbt2015-08-111-1/+1
| | | | | | in OpenSSL tests. [ruby-core:70020][Bug #11368] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl/buffering: fix gets on EOF with limitnormal2015-08-011-0/+8
| | | | | | | | | | | * ext/openssl/lib/openssl/buffering.rb (gets): avoid comparing fixnum with nil * test/openssl/test_pair.rb: test gets with limit when EOF is hit Thanks to Bar Hofesh <bar.hofesh@safe-t.com> for the bug report and testing. [ruby-core:70149] [Bug #11400] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51466 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implementtenderlove2015-08-011-0/+28
| | | | | | | | | | | SSLContext#options and options= using SSL_CTX_set_options and SSL_CTX_get_options. This reduces the number of ivars we need and simplifies `ossl_sslctx_setup`. * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options` to SSL_OP_ALL git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_pair.rb: join client threadnobu2015-07-301-7/+7
| | | | | | | * test/openssl/test_pair.rb (test_ecdh_callback): join client thread only when it started. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51446 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_pair.rb: thread leaknobu2015-07-291-1/+4
| | | | | | | * test/openssl/test_pair.rb (test_ecdh_callback): join client thread before closing sockets. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51434 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_pair.rb: thread leaknobu2015-07-291-0/+1
| | | | | | * test/openssl/test_pair.rb (test_ecdh_callback): fix thread leak. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): raise a moretenderlove2015-07-272-0/+16
| | | | | | | | | | helpful exception when verifying the peer connection and an anonymous cipher has been selected. [ruby-core:68330] [Bug #10910] Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch. * test/openssl/test_ssl.rb (class OpenSSL): test for change git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* commit missusa2015-07-271-5/+13
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_call_servername_cb): set the ssl contexttenderlove2015-07-261-0/+33
| | | | | | | | | | | object returned by the servername callback on to the socket as an instance variable. If the callback allocated a new context object and didn't keep a reference to it, it could be GC'd out from under the socket object. * test/openssl/test_ssl.rb (class OpenSSL): test for change. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb (class OpenSSL): add test coverage aroundtenderlove2015-07-261-0/+129
| | | | | | OpenSSL::SSL::SSLContext#servername_cb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51386 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/pkey.rb: implement DEFAULT_512 andtenderlove2015-07-251-0/+21
| | | | | | | | | | | | | | | | | | DEFAULT_1024 constants in Ruby. * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Ask PKey for the default DH callback since it aleady must check whether openssl has been compiled with DH support. * ext/openssl/ossl_pkey_dh.c (OSSL_PKEY_BN): Remove C definitions of DEFAULT_512 and DEFAULT_1024 * ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto * test/openssl/test_pkey_dh.rb (class OpenSSL): add test to ensure the Ruby definitions are the same as the C definitions were. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): supporttenderlove2015-07-251-0/+25
| | | | | | | | | | specifically setting the tmp_dh_callback to nil. * ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto * test/openssl/test_pair.rb (module OpenSSL): add a test git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_pair.rb: add a test ensuring that the default DHtenderlove2015-07-251-0/+23
| | | | | | callback is used when no DH callback is specified. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51379 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: add ECDH callback support. [Feature #11356]tenderlove2015-07-221-0/+39
| | | | | | * test/openssl/test_pair.rb: test for ECDH callback support git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51348 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: add ALPN support. [Feature #9390]tenderlove2015-07-221-0/+32
| | | | | | | | * ext/openssl/extconf.rb: detect ALPN support in OpenSSL * test/openssl/test_ssl.rb: test for ALPN git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* use Timeout.timeoutnobu2015-07-131-2/+2
| | | | | | | * time: Object#timeout has been deprecated a long time ago, use Timeout.timeout. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51225 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 16:19:12 +0000