kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* ext/openssl/lib/openssl/ssl.rb (SSLServer#accept): Close a socket

Browse source 
if any exception occur. 



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
akr 2014-05-29 10:32:19 +00:00
parent c65ef1539b
commit 68ac33a511
5 changed files with 69 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
Thu May 29 19:31:10 2014 Tanaka Akira <akr@fsij.org>
* ext/openssl/lib/openssl/ssl.rb (SSLServer#accept): Close a socket
if any exception occur.
Thu May 29 05:05:29 2014 Eric Wong <e@80x24.org> Thu May 29 05:05:29 2014 Eric Wong <e@80x24.org>
* include/ruby/ruby.h: Hide Symbol internals. * include/ruby/ruby.h: Hide Symbol internals.

8
ext/openssl/lib/openssl/ssl.rb
View file

@ -234,8 +234,12 @@ module OpenSSL
ssl.sync_close = true ssl.sync_close = true
ssl.accept if @start_immediately ssl.accept if @start_immediately
ssl ssl
rescue SSLError => ex rescue Exception => ex
sock.close if ssl
ssl.close
else
sock.close
end
raise ex raise ex
end end
end end

21
test/openssl/test_partial_record_read.rb
View file

@ -8,17 +8,26 @@ if defined?(OpenSSL)
start_server(port, OpenSSL::SSL::VERIFY_NONE, true, :server_proc => start_server(port, OpenSSL::SSL::VERIFY_NONE, true, :server_proc =>
Proc.new do |server_ctx, server_ssl| Proc.new do |server_ctx, server_ssl|
server_ssl.io.write("\x01") # the beginning of a TLS record begin
sleep 6 # do not finish prematurely before the read by the client is attempted server_ssl.io.write("\x01") # the beginning of a TLS record
sleep 6 # do not finish prematurely before the read by the client is attempted
ensure
server_ssl.close
end
end end
) do |server, port| ) do |server, port|
sock = TCPSocket.new("127.0.0.1", port) sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect ssl.sync_close = true
sleep 3 # wait is required for the (incomplete) TLS record to arrive at the client socket begin
ssl.connect
sleep 3 # wait is required for the (incomplete) TLS record to arrive at the client socket
# Should raise a IO::WaitReadable since a full TLS record is not available for reading. # Should raise a IO::WaitReadable since a full TLS record is not available for reading.
assert_raise(IO::WaitReadable) { ssl.read_nonblock(1) } assert_raise(IO::WaitReadable) { ssl.read_nonblock(1) }
ensure
ssl.close
end
end end
end end

57
test/openssl/test_ssl.rb
View file

@ -125,7 +125,12 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET){ assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET){
sock = TCPSocket.new("127.0.0.1", port) sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect ssl.sync_close = true
begin
ssl.connect
ensure
ssl.close
end
} }
ctx = OpenSSL::SSL::SSLContext.new ctx = OpenSSL::SSL::SSLContext.new
@ -239,8 +244,13 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
ctx = OpenSSL::SSL::SSLContext.new ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params ctx.set_params
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect } ssl.sync_close = true
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result) begin
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
ensure
ssl.close
end
sock = TCPSocket.new("127.0.0.1", port) sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.new ctx = OpenSSL::SSL::SSLContext.new
@ -251,8 +261,13 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end end
) )
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.connect ssl.sync_close = true
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result) begin
ssl.connect
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
ensure
ssl.close
end
sock = TCPSocket.new("127.0.0.1", port) sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.new ctx = OpenSSL::SSL::SSLContext.new
@ -263,8 +278,13 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end end
) )
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect } ssl.sync_close = true
assert_equal(OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION, ssl.verify_result) begin
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
assert_equal(OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION, ssl.verify_result)
ensure
ssl.close
end
} }
end end
@ -279,12 +299,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end end
) )
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
OpenSSL::TestUtils.silent do ssl.sync_close = true
# SSLError, not RuntimeError begin
assert_raise(OpenSSL::SSL::SSLError) { ssl.connect } OpenSSL::TestUtils.silent do
# SSLError, not RuntimeError
assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
end
assert_equal(OpenSSL::X509::V_ERR_CERT_REJECTED, ssl.verify_result)
ensure
ssl.close
end end
assert_equal(OpenSSL::X509::V_ERR_CERT_REJECTED, ssl.verify_result)
ssl.close
} }
end end
@ -301,8 +325,13 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert(ciphers_names.all?{|v| /ADH/ !~ v }) assert(ciphers_names.all?{|v| /ADH/ !~ v })
assert(ciphers_versions.all?{|v| /SSLv2/ !~ v }) assert(ciphers_versions.all?{|v| /SSLv2/ !~ v })
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect } ssl.sync_close = true
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result) begin
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
ensure
ssl.close
end
} }
end end

2
test/openssl/utils.rb
View file

@ -311,7 +311,6 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
if (server) if (server)
server.join(5) server.join(5)
if server.alive? if server.alive?
server.kill
server.join server.join
flunk("TCPServer was closed and SSLServer is still alive") unless $! flunk("TCPServer was closed and SSLServer is still alive") unless $!
end end
@ -322,7 +321,6 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
end end
ensure ensure
threads.each {|th| threads.each {|th|
th.kill
th.join th.join
} }
end end