1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
require "test/unit"
begin
require 'net/https'
require 'stringio'
require 'timeout'
require File.expand_path("../../openssl/utils", File.dirname(__FILE__))
require File.expand_path("utils", File.dirname(__FILE__))
rescue LoadError
# should skip this test
end
class TestNetHTTPS < Test::Unit::TestCase
include TestNetHTTPUtils
subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
exts = [
["keyUsage", "keyEncipherment,digitalSignature", true],
]
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
cert = OpenSSL::TestUtils.issue_cert(
subject, key, 1, Time.now, Time.now + 3600, exts,
nil, nil, OpenSSL::Digest::SHA1.new
)
CONFIG = {
'host' => '127.0.0.1',
'proxy_host' => nil,
'proxy_port' => nil,
'ssl_enable' => true,
'ssl_certificate' => cert,
'ssl_private_key' => key,
}
def test_get
http = Net::HTTP.new("localhost", config("port"))
http.use_ssl = true
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
end
http.request_get("/") {|res|
assert_equal($test_net_http_data, res.body)
}
rescue SystemCallError
skip $!
end
def test_post
http = Net::HTTP.new("localhost", config("port"))
http.use_ssl = true
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
end
data = config('ssl_private_key').to_der
http.request_post("/", data, {'content-type' => 'application/x-www-form-urlencoded'}) {|res|
assert_equal(data, res.body)
}
rescue SystemCallError
skip $!
end
def test_session_reuse
http = Net::HTTP.new("localhost", config("port"))
http.use_ssl = true
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
end
http.start
http.get("/")
http.finish
http.start
http.get("/")
http.finish # three times due to possible bug in OpenSSL 0.9.8
http.start
http.get("/")
socket = http.instance_variable_get(:@socket).io
assert socket.session_reused?
http.finish
rescue SystemCallError
skip $!
end
if ENV["RUBY_OPENSSL_TEST_ALL"]
def test_verify
http = Net::HTTP.new("ssl.netlab.jp", 443)
http.use_ssl = true
assert(
(http.request_head("/"){|res| } rescue false),
"The system may not have default CA certificate store."
)
end
end
def test_verify_none
http = Net::HTTP.new("localhost", config("port"))
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
http.request_get("/") {|res|
assert_equal($test_net_http_data, res.body)
}
rescue SystemCallError
skip $!
end
def test_certificate_verify_failure
http = Net::HTTP.new("localhost", config("port"))
http.use_ssl = true
ex = assert_raise(OpenSSL::SSL::SSLError){
begin
http.request_get("/") {|res| }
rescue SystemCallError
skip $!
end
}
assert_match(/certificate verify failed/, ex.message)
@log_pattern = /ERROR OpenSSL::SSL::SSLError:/
end
def test_identity_verify_failure
http = Net::HTTP.new("127.0.0.1", config("port"))
http.use_ssl = true
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
end
ex = assert_raise(OpenSSL::SSL::SSLError){
http.request_get("/") {|res| }
}
assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
end
def test_timeout_during_SSL_handshake
bug4246 = "expected the SSL connection to have timed out but have not. [ruby-core:34203]"
# listen for connections... but deliberately do not complete SSL handshake
TCPServer.open('localhost', 0) {|server|
port = server.addr[1]
conn = Net::HTTP.new('localhost', port)
conn.use_ssl = true
conn.read_timeout = 0.01
conn.open_timeout = 0.01
th = Thread.new do
assert_raise(Net::OpenTimeout) {
conn.get('/')
}
end
assert th.join(10), bug4246
}
end
end if defined?(OpenSSL)
|