From cb3a9dacb0bcd2ee563a491c572a3baa1c346c48 Mon Sep 17 00:00:00 2001 From: rhe Date: Tue, 7 Jun 2016 07:52:24 +0000 Subject: openssl: add SSL::SSLContext#security_level{=,} * ext/openssl/extconf.rb: Check for SSL_CTX_get_security_level(). OpenSSL 1.1.0 introduced "security level". [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_ssl.c (ossl_sslctx_{get,set}_security_level): Add SSLContext#security_level and #security_level=. * test/openssl/test_ssl.rb (test_security_level): Add test. ...but this doesn't actually test it. Because #security_level= is necessary in order to run other tests on OpenSSL 1.1.0, go without tests for now. Will fix after converting SSLContext#key= and #cert= to normal methods. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55309 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- test/openssl/test_ssl.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'test/openssl') diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 9a717a4256..65cc30e71e 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -1218,6 +1218,22 @@ end end end + def test_security_level + ctx = OpenSSL::SSL::SSLContext.new + begin + ctx.security_level = 1 + rescue NotImplementedError + assert_equal(0, ctx.security_level) + return + end + assert_equal(1, ctx.security_level) + # assert_raise(OpenSSL::SSL::SSLError) { ctx.key = OpenSSL::TestUtils::TEST_KEY_DSA512 } + # ctx.key = OpenSSL::TestUtils::TEST_KEY_RSA1024 + # ctx.security_level = 2 + # assert_raise(OpenSSL::SSL::SSLError) { ctx.key = OpenSSL::TestUtils::TEST_KEY_RSA1024 } + skip "FIXME: SSLContext#key= currently does not raise because SSL_CTX_use_certificate() is delayed" + end + private def start_server_version(version, ctx_proc=nil, server_proc=nil, &blk) -- cgit v1.2.3