* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_to_der):

OpenSSL::SSL::Session#to_der was broken. Fix buffer handling. * test/openssl/test_ssl_session.rb (test_session): Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32196 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2011-06-22 03:43:38 +00:00 · 2011-06-22 03:43:38 +00:00 · bda678dc5b
commit bda678dc5b
parent 02ab6d95be
3 changed files with 46 additions and 9 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Wed Jun 22 12:41:03 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
+
+	* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_to_der):
+	  OpenSSL::SSL::Session#to_der was broken. Fix buffer handling.
+
+	* test/openssl/test_ssl_session.rb (test_session): Test it.
+
 Wed Jun 22 12:38:52 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>

 	* test/openssl/test_ssl_session.rb: Split out SSL::Session related
--- a/ext/openssl/ossl_ssl_session.c
+++ b/ext/openssl/ossl_ssl_session.c
@ -195,20 +195,21 @@ static VALUE ossl_ssl_session_get_id(VALUE self)
 static VALUE ossl_ssl_session_to_der(VALUE self)
 {
 	SSL_SESSION *ctx;
-	unsigned char buf[1024*10], *p;
+	unsigned char *p;
 	int len;
+	VALUE str;

 	GetSSLSession(self, ctx);
-
-	p = buf;
-	len = i2d_SSL_SESSION(ctx, &p);
-
-	if (len <= 0)
+	len = i2d_SSL_SESSION(ctx, NULL);
+	if (len <= 0) {
 		ossl_raise(eSSLSession, "i2d_SSL_SESSION");
-	else if (len >= (int)sizeof(buf))
-		ossl_raise(eSSLSession, "i2d_SSL_SESSION too large");
+	}

-	return rb_str_new((const char *) p, len);
+	str = rb_str_new(0, len);
+	p = (unsigned char *)RSTRING_PTR(str);
+	i2d_SSL_SESSION(ctx, &p);
+	ossl_str_adjust(str, p);
+	return str;
 }

 /*
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@ -3,6 +3,35 @@ require_relative "utils"
 if defined?(OpenSSL)

 class OpenSSL::TestSSLSession < OpenSSL::SSLTestCase
+  def test_session
+    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port|
+      sock = TCPSocket.new("127.0.0.1", port)
+      ctx = OpenSSL::SSL::SSLContext.new("TLSv1")
+      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      ssl.sync_close = true
+      ssl.connect
+      session = ssl.session
+      assert(session == OpenSSL::SSL::Session.new(session.to_pem))
+      assert(session == OpenSSL::SSL::Session.new(ssl))
+      assert_equal(300, session.timeout)
+      session.timeout = 5
+      assert_equal(5, session.timeout)
+      assert_not_nil(session.time)
+      # SSL_SESSION_time keeps long value so we can't keep nsec fragment.
+      session.time = t1 = Time.now.to_i
+      assert_equal(Time.at(t1), session.time)
+      if session.respond_to?(:id)
+        assert_not_nil(session.id)
+      end
+      pem = session.to_pem
+      assert_match(/\A-----BEGIN SSL SESSION PARAMETERS-----/, pem)
+      assert_match(/-----END SSL SESSION PARAMETERS-----\Z/, pem)
+      pem.gsub!(/-----(BEGIN|END) SSL SESSION PARAMETERS-----/, '').gsub!(/[\r\n]+/m, '')
+      assert_equal(session.to_der, pem.unpack('m*')[0])
+      ssl.close
+    end
+  end
+
  def test_client_session
    last_session = nil
    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port|