kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

[ruby/openssl] test/openssl/test_ssl: assume ECC support

Browse source 
Disabling ECC support of OpenSSL is impractical nowadays.

We still try to have the C extension compile on no-ec builds (as well
as no-dh or no-engine, etc.) as long as we can, but keeping test cases
for such an extreme scenario is not worth the effort.

https://github.com/ruby/openssl/commit/2cd01d4676
This commit is contained in:
Kazuki Yamaguchi 2021-09-27 15:34:28 +09:00
parent 0e805e73ce
commit 5a8e1c520a
4 changed files with 14 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
test/openssl/test_pair.rb
View file

@ -23,7 +23,6 @@ module OpenSSL::SSLPairM
sctx = OpenSSL::SSL::SSLContext.new sctx = OpenSSL::SSL::SSLContext.new
sctx.cert = @svr_cert sctx.cert = @svr_cert
sctx.key = @svr_key sctx.key = @svr_key
sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx) ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx)
ns = ssls.accept ns = ssls.accept
@ -383,7 +382,6 @@ module OpenSSL::TestPairM
ctx2 = OpenSSL::SSL::SSLContext.new ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.cert = @svr_cert ctx2.cert = @svr_cert
ctx2.key = @svr_key ctx2.key = @svr_key
ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
sock1, sock2 = tcp_pair sock1, sock2 = tcp_pair
@ -431,7 +429,6 @@ module OpenSSL::TestPairM
ctx = OpenSSL::SSL::SSLContext.new ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = @svr_cert ctx.cert = @svr_cert
ctx.key = @svr_key ctx.key = @svr_key
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
sock1, sock2 = tcp_pair sock1, sock2 = tcp_pair

2
test/openssl/test_pkey_ec.rb
View file

@ -1,7 +1,7 @@
# frozen_string_literal: true # frozen_string_literal: true
require_relative 'utils' require_relative 'utils'
if defined?(OpenSSL) && defined?(OpenSSL::PKey::EC) if defined?(OpenSSL)
class OpenSSL::TestEC < OpenSSL::PKeyTestCase class OpenSSL::TestEC < OpenSSL::PKeyTestCase
def test_ec_key def test_ec_key

32
test/openssl/test_ssl.rb
View file

@ -124,8 +124,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end end
def test_add_certificate_multiple_certs def test_add_certificate_multiple_certs
pend "EC is not supported" unless defined?(OpenSSL::PKey::EC)
ca2_key = Fixtures.pkey("rsa-3") ca2_key = Fixtures.pkey("rsa-3")
ca2_exts = [ ca2_exts = [
["basicConstraints", "CA:TRUE", true], ["basicConstraints", "CA:TRUE", true],
@ -556,6 +554,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ctx_proc = -> ctx { ctx_proc = -> ctx {
ctx.ssl_version = :TLSv1_2 ctx.ssl_version = :TLSv1_2
ctx.ciphers = "aNULL" ctx.ciphers = "aNULL"
ctx.tmp_dh = Fixtures.pkey("dh-1")
ctx.security_level = 0 ctx.security_level = 0
} }
@ -830,7 +829,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
def test_tlsext_hostname def test_tlsext_hostname
fooctx = OpenSSL::SSL::SSLContext.new fooctx = OpenSSL::SSL::SSLContext.new
fooctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
fooctx.cert = @cli_cert fooctx.cert = @cli_cert
fooctx.key = @cli_key fooctx.key = @cli_key
@ -882,7 +880,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ctx2 = OpenSSL::SSL::SSLContext.new ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.cert = @svr_cert ctx2.cert = @svr_cert
ctx2.key = @svr_key ctx2.key = @svr_key
ctx2.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
ctx2.servername_cb = lambda { |args| Object.new } ctx2.servername_cb = lambda { |args| Object.new }
sock1, sock2 = socketpair sock1, sock2 = socketpair
@ -1329,7 +1326,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ctx1 = OpenSSL::SSL::SSLContext.new ctx1 = OpenSSL::SSL::SSLContext.new
ctx1.cert = @svr_cert ctx1.cert = @svr_cert
ctx1.key = @svr_key ctx1.key = @svr_key
ctx1.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
ctx1.alpn_select_cb = -> (protocols) { nil } ctx1.alpn_select_cb = -> (protocols) { nil }
ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
@ -1484,6 +1480,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ctx_proc2 = proc { |ctx| ctx_proc2 = proc { |ctx|
ctx.ssl_version = :TLSv1_2 ctx.ssl_version = :TLSv1_2
ctx.ciphers = "EDH" ctx.ciphers = "EDH"
ctx.tmp_dh = Fixtures.pkey("dh-1")
} }
start_server(ctx_proc: ctx_proc2) do |port| start_server(ctx_proc: ctx_proc2) do |port|
ctx = OpenSSL::SSL::SSLContext.new ctx = OpenSSL::SSL::SSLContext.new
@ -1494,20 +1491,18 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
} }
end end
if defined?(OpenSSL::PKey::EC) # ECDHE
# ECDHE ctx_proc3 = proc { |ctx|
ctx_proc3 = proc { |ctx| ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
ctx.ciphers = "DEFAULT:!kRSA:!kEDH" ctx.ecdh_curves = "P-256"
ctx.ecdh_curves = "P-256" }
start_server(ctx_proc: ctx_proc3) do |port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
server_connect(port, ctx) { |ssl|
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
} }
start_server(ctx_proc: ctx_proc3) do |port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
server_connect(port, ctx) { |ssl|
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end end
end end
@ -1656,7 +1651,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end end
def test_ecdh_curves_tls13 def test_ecdh_curves_tls13
pend "EC is disabled" unless defined?(OpenSSL::PKey::EC)
pend "TLS 1.3 not supported" unless tls13_supported? pend "TLS 1.3 not supported" unless tls13_supported?
ctx_proc = -> ctx { ctx_proc = -> ctx {

1
test/openssl/utils.rb
View file

@ -215,7 +215,6 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase
ctx.cert_store = store ctx.cert_store = store
ctx.cert = @svr_cert ctx.cert = @svr_cert
ctx.key = @svr_key ctx.key = @svr_key
ctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
ctx.verify_mode = verify_mode ctx.verify_mode = verify_mode
ctx_proc.call(ctx) if ctx_proc ctx_proc.call(ctx) if ctx_proc