mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
net/http, net/ftp: skip SSL/TLS session resumption tests
Due to a bug in OpenSSL 1.1.0h[1] (it's only in this specific version; it was introduced just before the release and is already fixed in their stable branch), the callback set by SSLContext#session_new_cb= does not get called for clients, making net/http and net/ftp not attempt session resumption. Let's disable the affected test cases for now. Another option would be to fallback to using SSLSocket#session as we did before r64234. But since only a single version is affected and hopefully a new stable version containing the fix will be released in near future, I chose not to add such workaround code to lib/. [1] https://github.com/openssl/openssl/pull/5967 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64252 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
0ecd348cb5
commit
33dd5d6970
2 changed files with 20 additions and 0 deletions
|
@ -1755,6 +1755,7 @@ EOF
|
|||
server = TCPServer.new(SERVER_ADDR, 0)
|
||||
port = server.addr[1]
|
||||
commands = []
|
||||
session_reused_for_data_connection = nil
|
||||
binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
|
||||
@thread = Thread.start do
|
||||
sock = server.accept
|
||||
|
@ -1793,6 +1794,7 @@ EOF
|
|||
conn = OpenSSL::SSL::SSLSocket.new(conn, ctx)
|
||||
conn.sync_close = true
|
||||
conn.accept
|
||||
session_reused_for_data_connection = conn.session_reused?
|
||||
binary_data.scan(/.{1,1024}/nm) do |s|
|
||||
conn.print(s)
|
||||
end
|
||||
|
@ -1823,6 +1825,11 @@ EOF
|
|||
assert_match(/\A(PORT|EPRT) /, commands.shift)
|
||||
assert_equal("RETR foo\r\n", commands.shift)
|
||||
assert_equal(nil, commands.shift)
|
||||
# FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h.
|
||||
# See https://github.com/openssl/openssl/pull/5967 for details.
|
||||
if OpenSSL::OPENSSL_LIBRARY_VERSION !~ /OpenSSL 1.1.0h/
|
||||
assert_equal(true, session_reused_for_data_connection)
|
||||
end
|
||||
ensure
|
||||
ftp.close
|
||||
end
|
||||
|
@ -1832,6 +1839,7 @@ EOF
|
|||
server = TCPServer.new(SERVER_ADDR, 0)
|
||||
port = server.addr[1]
|
||||
commands = []
|
||||
session_reused_for_data_connection = nil
|
||||
binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
|
||||
@thread = Thread.start do
|
||||
sock = server.accept
|
||||
|
@ -1869,6 +1877,7 @@ EOF
|
|||
conn = OpenSSL::SSL::SSLSocket.new(conn, ctx)
|
||||
conn.sync_close = true
|
||||
conn.accept
|
||||
session_reused_for_data_connection = conn.session_reused?
|
||||
binary_data.scan(/.{1,1024}/nm) do |s|
|
||||
conn.print(s)
|
||||
end
|
||||
|
@ -1900,6 +1909,10 @@ EOF
|
|||
assert_match(/\A(PASV|EPSV)\r\n/, commands.shift)
|
||||
assert_equal("RETR foo\r\n", commands.shift)
|
||||
assert_equal(nil, commands.shift)
|
||||
# FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h.
|
||||
if OpenSSL::OPENSSL_LIBRARY_VERSION !~ /OpenSSL 1.1.0h/
|
||||
assert_equal(true, session_reused_for_data_connection)
|
||||
end
|
||||
ensure
|
||||
ftp.close
|
||||
end
|
||||
|
|
|
@ -63,6 +63,10 @@ class TestNetHTTPS < Test::Unit::TestCase
|
|||
end
|
||||
|
||||
def test_session_reuse
|
||||
# FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h.
|
||||
# See https://github.com/openssl/openssl/pull/5967 for details.
|
||||
skip if OpenSSL::OPENSSL_LIBRARY_VERSION =~ /OpenSSL 1.1.0h/
|
||||
|
||||
http = Net::HTTP.new("localhost", config("port"))
|
||||
http.use_ssl = true
|
||||
http.cert_store = TEST_STORE
|
||||
|
@ -83,6 +87,9 @@ class TestNetHTTPS < Test::Unit::TestCase
|
|||
end
|
||||
|
||||
def test_session_reuse_but_expire
|
||||
# FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h.
|
||||
skip if OpenSSL::OPENSSL_LIBRARY_VERSION =~ /OpenSSL 1.1.0h/
|
||||
|
||||
http = Net::HTTP.new("localhost", config("port"))
|
||||
http.use_ssl = true
|
||||
http.cert_store = TEST_STORE
|
||||
|
|
Loading…
Reference in a new issue