* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_to_der):

OpenSSL::SSL::Session#to_der was broken. Fix buffer handling.

* test/openssl/test_ssl_session.rb (test_session): Test it.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32196 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,10 @@
+Wed Jun 22 12:41:03 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
+
+	* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_to_der):
+	  OpenSSL::SSL::Session#to_der was broken. Fix buffer handling.
+
+	* test/openssl/test_ssl_session.rb (test_session): Test it.
+
 Wed Jun 22 12:38:52 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
 
 	* test/openssl/test_ssl_session.rb: Split out SSL::Session related

ext/openssl/ossl_ssl_session.c

@@ -195,20 +195,21 @@ static VALUE ossl_ssl_session_get_id(VALUE self)
 static VALUE ossl_ssl_session_to_der(VALUE self)
 {
 	SSL_SESSION *ctx;
-	unsigned char buf[1024*10], *p;
+	unsigned char *p;
 	int len;
+	VALUE str;
 
 	GetSSLSession(self, ctx);
-
+	len = i2d_SSL_SESSION(ctx, NULL);
-	p = buf;
+	if (len <= 0) {
-	len = i2d_SSL_SESSION(ctx, &p);
-
-	if (len <= 0)
 		ossl_raise(eSSLSession, "i2d_SSL_SESSION");
-	else if (len >= (int)sizeof(buf))
+	}
-		ossl_raise(eSSLSession, "i2d_SSL_SESSION too large");
 
-	return rb_str_new((const char *) p, len);
+	str = rb_str_new(0, len);
+	p = (unsigned char *)RSTRING_PTR(str);
+	i2d_SSL_SESSION(ctx, &p);
+	ossl_str_adjust(str, p);
+	return str;
 }
 
 /*

test/openssl/test_ssl_session.rb

@@ -3,6 +3,35 @@ require_relative "utils"
 if defined?(OpenSSL)
 
 class OpenSSL::TestSSLSession < OpenSSL::SSLTestCase
+  def test_session
+    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port|
+      sock = TCPSocket.new("127.0.0.1", port)
+      ctx = OpenSSL::SSL::SSLContext.new("TLSv1")
+      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      ssl.sync_close = true
+      ssl.connect
+      session = ssl.session
+      assert(session == OpenSSL::SSL::Session.new(session.to_pem))
+      assert(session == OpenSSL::SSL::Session.new(ssl))
+      assert_equal(300, session.timeout)
+      session.timeout = 5
+      assert_equal(5, session.timeout)
+      assert_not_nil(session.time)
+      # SSL_SESSION_time keeps long value so we can't keep nsec fragment.
+      session.time = t1 = Time.now.to_i
+      assert_equal(Time.at(t1), session.time)
+      if session.respond_to?(:id)
+        assert_not_nil(session.id)
+      end
+      pem = session.to_pem
+      assert_match(/\A-----BEGIN SSL SESSION PARAMETERS-----/, pem)
+      assert_match(/-----END SSL SESSION PARAMETERS-----\Z/, pem)
+      pem.gsub!(/-----(BEGIN|END) SSL SESSION PARAMETERS-----/, '').gsub!(/[\r\n]+/m, '')
+      assert_equal(session.to_der, pem.unpack('m*')[0])
+      ssl.close
+    end
+  end
+
   def test_client_session
     last_session = nil
     start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port|