2007-12-20 11:21:22 -05:00
|
|
|
require "test/unit"
|
|
|
|
begin
|
|
|
|
require 'net/https'
|
2007-12-23 14:05:39 -05:00
|
|
|
require 'stringio'
|
2011-01-12 02:26:18 -05:00
|
|
|
require 'timeout'
|
2007-12-23 14:05:39 -05:00
|
|
|
require File.expand_path("../../openssl/utils", File.dirname(__FILE__))
|
|
|
|
require File.expand_path("utils", File.dirname(__FILE__))
|
2007-12-20 11:21:22 -05:00
|
|
|
rescue LoadError
|
|
|
|
# should skip this test
|
|
|
|
end
|
|
|
|
|
|
|
|
class TestNetHTTPS < Test::Unit::TestCase
|
|
|
|
include TestNetHTTPUtils
|
|
|
|
|
|
|
|
subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
|
|
|
|
exts = [
|
|
|
|
["keyUsage", "keyEncipherment,digitalSignature", true],
|
|
|
|
]
|
|
|
|
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
|
|
|
cert = OpenSSL::TestUtils.issue_cert(
|
|
|
|
subject, key, 1, Time.now, Time.now + 3600, exts,
|
|
|
|
nil, nil, OpenSSL::Digest::SHA1.new
|
|
|
|
)
|
|
|
|
|
|
|
|
CONFIG = {
|
|
|
|
'host' => '127.0.0.1',
|
2012-09-01 16:46:27 -04:00
|
|
|
'port' => 0,
|
2007-12-20 11:21:22 -05:00
|
|
|
'proxy_host' => nil,
|
|
|
|
'proxy_port' => nil,
|
|
|
|
'ssl_enable' => true,
|
|
|
|
'ssl_certificate' => cert,
|
|
|
|
'ssl_private_key' => key,
|
|
|
|
}
|
|
|
|
|
|
|
|
def test_get
|
|
|
|
http = Net::HTTP.new("localhost", config("port"))
|
|
|
|
http.use_ssl = true
|
|
|
|
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
|
|
|
|
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
|
|
|
|
end
|
|
|
|
http.request_get("/") {|res|
|
|
|
|
assert_equal($test_net_http_data, res.body)
|
|
|
|
}
|
2010-09-27 02:57:39 -04:00
|
|
|
rescue SystemCallError
|
|
|
|
skip $!
|
2007-12-20 11:21:22 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_post
|
|
|
|
http = Net::HTTP.new("localhost", config("port"))
|
|
|
|
http.use_ssl = true
|
|
|
|
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
|
|
|
|
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
|
|
|
|
end
|
|
|
|
data = config('ssl_private_key').to_der
|
|
|
|
http.request_post("/", data) {|res|
|
|
|
|
assert_equal(data, res.body)
|
|
|
|
}
|
2010-09-27 02:57:39 -04:00
|
|
|
rescue SystemCallError
|
|
|
|
skip $!
|
2007-12-20 11:21:22 -05:00
|
|
|
end
|
|
|
|
|
2012-07-24 20:05:59 -04:00
|
|
|
def test_session_reuse
|
|
|
|
http = Net::HTTP.new("localhost", config("port"))
|
|
|
|
http.use_ssl = true
|
|
|
|
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
|
|
|
|
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
|
|
|
|
end
|
|
|
|
|
|
|
|
http.start
|
|
|
|
http.get("/")
|
|
|
|
http.finish
|
|
|
|
|
|
|
|
http.start
|
|
|
|
http.get("/")
|
|
|
|
http.finish # three times due to possible bug in OpenSSL 0.9.8
|
|
|
|
|
|
|
|
http.start
|
|
|
|
http.get("/")
|
|
|
|
|
|
|
|
socket = http.instance_variable_get(:@socket).io
|
|
|
|
|
|
|
|
assert socket.session_reused?
|
2012-07-26 01:54:29 -04:00
|
|
|
rescue SystemCallError
|
|
|
|
skip $!
|
2012-07-24 20:05:59 -04:00
|
|
|
end
|
|
|
|
|
2007-12-20 11:21:22 -05:00
|
|
|
if ENV["RUBY_OPENSSL_TEST_ALL"]
|
|
|
|
def test_verify
|
|
|
|
http = Net::HTTP.new("ssl.netlab.jp", 443)
|
|
|
|
http.use_ssl = true
|
|
|
|
assert(
|
2007-12-22 03:31:53 -05:00
|
|
|
(http.request_head("/"){|res| } rescue false),
|
2007-12-20 11:21:22 -05:00
|
|
|
"The system may not have default CA certificate store."
|
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_verify_none
|
|
|
|
http = Net::HTTP.new("localhost", config("port"))
|
|
|
|
http.use_ssl = true
|
|
|
|
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
|
|
http.request_get("/") {|res|
|
|
|
|
assert_equal($test_net_http_data, res.body)
|
|
|
|
}
|
2010-09-27 02:57:39 -04:00
|
|
|
rescue SystemCallError
|
|
|
|
skip $!
|
2007-12-20 11:21:22 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_certificate_verify_failure
|
|
|
|
http = Net::HTTP.new("localhost", config("port"))
|
|
|
|
http.use_ssl = true
|
|
|
|
ex = assert_raise(OpenSSL::SSL::SSLError){
|
2010-09-27 02:57:39 -04:00
|
|
|
begin
|
|
|
|
http.request_get("/") {|res| }
|
|
|
|
rescue SystemCallError
|
|
|
|
skip $!
|
|
|
|
end
|
2007-12-20 11:21:22 -05:00
|
|
|
}
|
|
|
|
assert_match(/certificate verify failed/, ex.message)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_identity_verify_failure
|
|
|
|
http = Net::HTTP.new("127.0.0.1", config("port"))
|
|
|
|
http.use_ssl = true
|
|
|
|
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
|
|
|
|
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
|
|
|
|
end
|
|
|
|
ex = assert_raise(OpenSSL::SSL::SSLError){
|
|
|
|
http.request_get("/") {|res| }
|
|
|
|
}
|
2012-04-29 23:51:03 -04:00
|
|
|
assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
|
2007-12-20 11:21:22 -05:00
|
|
|
end
|
2011-01-12 02:26:18 -05:00
|
|
|
|
|
|
|
def test_timeout_during_SSL_handshake
|
|
|
|
bug4246 = "expected the SSL connection to have timed out but have not. [ruby-core:34203]"
|
|
|
|
|
|
|
|
# listen for connections... but deliberately do not complete SSL handshake
|
2011-08-01 18:35:05 -04:00
|
|
|
TCPServer.open('localhost', 0) {|server|
|
2011-01-12 02:26:18 -05:00
|
|
|
port = server.addr[1]
|
|
|
|
|
|
|
|
conn = Net::HTTP.new('localhost', port)
|
|
|
|
conn.use_ssl = true
|
2012-02-27 23:51:37 -05:00
|
|
|
conn.read_timeout = 0.01
|
|
|
|
conn.open_timeout = 0.01
|
2011-01-12 02:26:18 -05:00
|
|
|
|
|
|
|
th = Thread.new do
|
2012-02-28 00:15:54 -05:00
|
|
|
assert_raise(Net::OpenTimeout) {
|
2011-01-12 02:26:18 -05:00
|
|
|
conn.get('/')
|
|
|
|
}
|
|
|
|
end
|
|
|
|
assert th.join(10), bug4246
|
|
|
|
}
|
|
|
|
end
|
2007-12-20 11:21:22 -05:00
|
|
|
end if defined?(OpenSSL)
|