From cf2792d59191424ee7875b5cc96fe31facce2471 Mon Sep 17 00:00:00 2001 From: rhe Date: Wed, 25 May 2016 08:50:03 +0000 Subject: openssl: drop OpenSSL 0.9.6/0.9.7 support * ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- test/openssl/test_cipher.rb | 62 +++++++++++++++++++--------------------- test/openssl/test_pkcs7.rb | 6 ---- test/openssl/test_ssl.rb | 6 ++-- test/openssl/test_ssl_session.rb | 15 +++------- test/openssl/test_x509store.rb | 2 -- 5 files changed, 36 insertions(+), 55 deletions(-) (limited to 'test/openssl') diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index aec33fdd1a..ec14f46714 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -114,40 +114,38 @@ class OpenSSL::TestCipher < OpenSSL::TestCase end end if has_cipher?('aes-128-ctr') - if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000 - def test_ciphers - OpenSSL::Cipher.ciphers.each{|name| - next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name - begin - assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name)) - rescue OpenSSL::Cipher::CipherError => e - next if /wrap/ =~ name and e.message == 'wrap mode not allowed' - raise - end - } - end + def test_ciphers + OpenSSL::Cipher.ciphers.each{|name| + next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name + begin + assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name)) + rescue OpenSSL::Cipher::CipherError => e + next if /wrap/ =~ name and e.message == 'wrap mode not allowed' + raise + end + } + end - def test_AES - pt = File.read(__FILE__) - %w(ECB CBC CFB OFB).each{|mode| - c1 = OpenSSL::Cipher::AES256.new(mode) - c1.encrypt - c1.pkcs5_keyivgen("passwd") - ct = c1.update(pt) + c1.final - - c2 = OpenSSL::Cipher::AES256.new(mode) - c2.decrypt - c2.pkcs5_keyivgen("passwd") - assert_equal(pt, c2.update(ct) + c2.final) - } - end + def test_AES + pt = File.read(__FILE__) + %w(ECB CBC CFB OFB).each{|mode| + c1 = OpenSSL::Cipher::AES256.new(mode) + c1.encrypt + c1.pkcs5_keyivgen("passwd") + ct = c1.update(pt) + c1.final + + c2 = OpenSSL::Cipher::AES256.new(mode) + c2.decrypt + c2.pkcs5_keyivgen("passwd") + assert_equal(pt, c2.update(ct) + c2.final) + } + end - def test_AES_crush - 500.times do - assert_nothing_raised("[Bug #2768]") do - # it caused OpenSSL SEGV by uninitialized key - OpenSSL::Cipher::AES128.new("ECB").update "." * 17 - end + def test_AES_crush + 500.times do + assert_nothing_raised("[Bug #2768]") do + # it caused OpenSSL SEGV by uninitialized key + OpenSSL::Cipher::AES128.new("ECB").update "." * 17 end end end diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb index dfe4c6ca82..def4910ccd 100644 --- a/test/openssl/test_pkcs7.rb +++ b/test/openssl/test_pkcs7.rb @@ -123,12 +123,6 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase end def test_enveloped - if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f - # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV. - # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html - return - end - certs = [@ee1_cert, @ee2_cert] cipher = OpenSSL::Cipher::AES.new("128-CBC") data = "aaaaa\nbbbbb\nccccc\n" diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index d7b996d662..9a717a4256 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -869,10 +869,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port| 2.times do |i| ctx = OpenSSL::SSL::SSLContext.new - if defined?(OpenSSL::SSL::OP_NO_TICKET) - # disable RFC4507 support - ctx.options = OpenSSL::SSL::OP_NO_TICKET - end + # disable RFC4507 support + ctx.options = OpenSSL::SSL::OP_NO_TICKET server_connect(port, ctx) { |ssl| ssl.hostname = (i & 1 == 0) ? 'foo.example.com' : 'bar.example.com' str = "x" * 100 + "\n" diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index ee1a907fcb..cdcab02f95 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -61,9 +61,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM= # SSL_SESSION_time keeps long value so we can't keep nsec fragment. session.time = t1 = Time.now.to_i assert_equal(Time.at(t1), session.time) - if session.respond_to?(:id) - assert_not_nil(session.id) - end + assert_not_nil(session.id) pem = session.to_pem assert_match(/\A-----BEGIN SSL SESSION PARAMETERS-----/, pem) assert_match(/-----END SSL SESSION PARAMETERS-----\Z/, pem) @@ -170,10 +168,7 @@ __EOS__ session = ssl.session if last_session assert(ssl.session_reused?) - - if session.respond_to?(:id) - assert_equal(session.id, last_session.id) - end + assert_equal(session.id, last_session.id) assert_equal(session.to_pem, last_session.to_pem) assert_equal(session.to_der, last_session.to_der) # Older version of OpenSSL may not be consistent. Look up which versions later. @@ -246,10 +241,8 @@ __EOS__ 10.times do |i| sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new - if defined?(OpenSSL::SSL::OP_NO_TICKET) - # disable RFC4507 support - ctx.options = OpenSSL::SSL::OP_NO_TICKET - end + # disable RFC4507 support + ctx.options = OpenSSL::SSL::OP_NO_TICKET ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true ssl.session = first_session if first_session diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb index 6a443a7cf1..8dee1679f6 100644 --- a/test/openssl/test_x509store.rb +++ b/test/openssl/test_x509store.rb @@ -148,8 +148,6 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase assert_equal(false, store.verify(OpenSSL::X509::Certificate.new(ee1_cert))) assert_equal(OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID, store.error) - return unless defined?(OpenSSL::X509::V_FLAG_CRL_CHECK) - store = OpenSSL::X509::Store.new store.purpose = OpenSSL::X509::PURPOSE_ANY store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK -- cgit v1.2.3