| |
@@ -1,203 +0,0 @@
|
| |
- From 6fcc6c0efc42d1c6325cf4bb0ca16e2a448cdbed Mon Sep 17 00:00:00 2001
|
| |
- From: Kazuki Yamaguchi <k@rhe.jp>
|
| |
- Date: Mon, 6 Aug 2018 20:51:42 +0900
|
| |
- Subject: [PATCH] test/test_ssl: fix test failure with TLS 1.3
|
| |
-
|
| |
- SSL_connect() on the client side may return before SSL_accept() on
|
| |
- server side returns. This will fix test failures with OpenSSL's current
|
| |
- master.
|
| |
- ---
|
| |
- test/openssl/test_ssl.rb | 45 ++++++++++++++++++++++++++--------------
|
| |
- test/openssl/test_ssl_session.rb | 1 +
|
| |
- 2 files changed, 31 insertions(+), 15 deletions(-)
|
| |
-
|
| |
- diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
|
| |
- index 7bb32adf..408c7d82 100644
|
| |
- --- a/test/openssl/test_ssl.rb
|
| |
- +++ b/test/openssl/test_ssl.rb
|
| |
- @@ -47,6 +47,8 @@ def test_ssl_with_server_cert
|
| |
- assert_equal 2, ssl.peer_cert_chain.size
|
| |
- assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der
|
| |
- assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der
|
| |
- +
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- ensure
|
| |
- ssl&.close
|
| |
- sock&.close
|
| |
- @@ -157,6 +159,7 @@ def test_sync_close
|
| |
- sock = TCPSocket.new("127.0.0.1", port)
|
| |
- ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
| |
- ssl.connect
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- ssl.close
|
| |
- assert_not_predicate sock, :closed?
|
| |
- ensure
|
| |
- @@ -168,6 +171,7 @@ def test_sync_close
|
| |
- ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
| |
- ssl.sync_close = true # !!
|
| |
- ssl.connect
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- ssl.close
|
| |
- assert_predicate sock, :closed?
|
| |
- ensure
|
| |
- @@ -259,7 +263,10 @@ def test_client_ca
|
| |
- client_ca_from_server = sslconn.client_ca
|
| |
- [@cli_cert, @cli_key]
|
| |
- end
|
| |
- - server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) }
|
| |
- + server_connect(port, ctx) { |ssl|
|
| |
- + assert_equal([@ca], client_ca_from_server)
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- + }
|
| |
- }
|
| |
- end
|
| |
-
|
| |
- @@ -356,21 +363,16 @@ def test_verify_result
|
| |
- }
|
| |
-
|
| |
- start_server { |port|
|
| |
- - sock = TCPSocket.new("127.0.0.1", port)
|
| |
- ctx = OpenSSL::SSL::SSLContext.new
|
| |
- ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
| |
- ctx.verify_callback = Proc.new do |preverify_ok, store_ctx|
|
| |
- store_ctx.error = OpenSSL::X509::V_OK
|
| |
- true
|
| |
- end
|
| |
- - ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
| |
- - ssl.sync_close = true
|
| |
- - begin
|
| |
- - ssl.connect
|
| |
- + server_connect(port, ctx) { |ssl|
|
| |
- assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
|
| |
- - ensure
|
| |
- - ssl.close
|
| |
- - end
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- + }
|
| |
- }
|
| |
-
|
| |
- start_server(ignore_listener_error: true) { |port|
|
| |
- @@ -455,6 +457,8 @@ def test_post_connection_check
|
| |
-
|
| |
- start_server { |port|
|
| |
- server_connect(port) { |ssl|
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- +
|
| |
- assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
|
| |
- assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
|
| |
- assert(ssl.post_connection_check("localhost"))
|
| |
- @@ -476,6 +482,8 @@ def test_post_connection_check
|
| |
- @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
|
| |
- start_server { |port|
|
| |
- server_connect(port) { |ssl|
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- +
|
| |
- assert(ssl.post_connection_check("localhost.localdomain"))
|
| |
- assert(ssl.post_connection_check("127.0.0.1"))
|
| |
- assert_raise(sslerr){ssl.post_connection_check("localhost")}
|
| |
- @@ -496,6 +502,8 @@ def test_post_connection_check
|
| |
- @svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key)
|
| |
- start_server { |port|
|
| |
- server_connect(port) { |ssl|
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- +
|
| |
- assert(ssl.post_connection_check("localhost.localdomain"))
|
| |
- assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
|
| |
- assert_raise(sslerr){ssl.post_connection_check("localhost")}
|
| |
- @@ -722,6 +730,8 @@ def test_tlsext_hostname
|
| |
- ssl.connect
|
| |
- assert_equal @cli_cert.serial, ssl.peer_cert.serial
|
| |
- assert_predicate fooctx, :frozen?
|
| |
- +
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- ensure
|
| |
- ssl&.close
|
| |
- sock.close
|
| |
- @@ -733,6 +743,8 @@ def test_tlsext_hostname
|
| |
- ssl.hostname = "bar.example.com"
|
| |
- ssl.connect
|
| |
- assert_equal @svr_cert.serial, ssl.peer_cert.serial
|
| |
- +
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- ensure
|
| |
- ssl&.close
|
| |
- sock.close
|
| |
- @@ -805,7 +817,8 @@ def test_verify_hostname_on_connect
|
| |
- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
| |
- ssl.hostname = name
|
| |
- if expected_ok
|
| |
- - assert_nothing_raised { ssl.connect }
|
| |
- + ssl.connect
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- else
|
| |
- assert_handshake_error { ssl.connect }
|
| |
- end
|
| |
- @@ -1086,6 +1099,7 @@ def test_renegotiation_cb
|
| |
- start_server_version(:SSLv23, ctx_proc) { |port|
|
| |
- server_connect(port) { |ssl|
|
| |
- assert_equal(1, num_handshakes)
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- }
|
| |
- }
|
| |
- end
|
| |
- @@ -1104,6 +1118,7 @@ def test_alpn_protocol_selection_ary
|
| |
- ctx.alpn_protocols = advertised
|
| |
- server_connect(port, ctx) { |ssl|
|
| |
- assert_equal(advertised.first, ssl.alpn_protocol)
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- }
|
| |
- }
|
| |
- end
|
| |
- @@ -1226,14 +1241,11 @@ def test_npn_selected_protocol_too_long
|
| |
- end
|
| |
-
|
| |
- def test_close_after_socket_close
|
| |
- - server_proc = proc { |ctx, ssl|
|
| |
- - # Do nothing
|
| |
- - }
|
| |
- - start_server(server_proc: server_proc) { |port|
|
| |
- + start_server { |port|
|
| |
- sock = TCPSocket.new("127.0.0.1", port)
|
| |
- ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
| |
- - ssl.sync_close = true
|
| |
- ssl.connect
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- sock.close
|
| |
- assert_nothing_raised do
|
| |
- ssl.close
|
| |
- @@ -1298,6 +1310,7 @@ def test_get_ephemeral_key
|
| |
- ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
|
| |
- server_connect(port, ctx) { |ssl|
|
| |
- assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- }
|
| |
- end
|
| |
- end
|
| |
- @@ -1440,6 +1453,7 @@ def test_ecdh_curves
|
| |
- assert_equal "secp384r1", ssl.tmp_key.group.curve_name
|
| |
- end
|
| |
- end
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- }
|
| |
-
|
| |
- if openssl?(1, 0, 2) || libressl?(2, 5, 1)
|
| |
- @@ -1455,6 +1469,7 @@ def test_ecdh_curves
|
| |
-
|
| |
- server_connect(port, ctx) { |ssl|
|
| |
- assert_equal "secp521r1", ssl.tmp_key.group.curve_name
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- }
|
| |
- end
|
| |
- end
|
| |
- diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
|
| |
- index 6db0c2d1..78b160ed 100644
|
| |
- --- a/test/openssl/test_ssl_session.rb
|
| |
- +++ b/test/openssl/test_ssl_session.rb
|
| |
- @@ -113,6 +113,7 @@ def test_resumption
|
| |
- non_resumable = nil
|
| |
- start_server { |port|
|
| |
- server_connect_with_session(port, nil, nil) { |ssl|
|
| |
- + ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
| |
- non_resumable = ssl.session
|
| |
- }
|
| |
- }
|
| |
This is a PR for backport to f29 branch, including OpenSSL 1.1.1 fixes
As I merged below commit hash on master branch fixing the conflict, I send PR to share the content.
Update to Ruby 2.5.3.
32488ad
https://koji.fedoraproject.org/koji/taskinfo?taskID=30434573
ok