openssl: clear OpenSSL error queue before return to Ruby

* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2016-05-18 04:07:47 +00:00 · 2016-05-18 04:07:47 +00:00 · c8cb26252a
commit c8cb26252a
parent d66e88dc2c
36 changed files with 124 additions and 107 deletions
--- a/26
+++ b/26
@ -1,3 +1,29 @@
 Wed May 18 13:03:07 2016  Kazuki Yamaguchi  <k@rhe.jp>
 	* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
 	  family may put errors on 0 return (0 means verification failure).
 	  Clear OpenSSL error queue before return to Ruby. Since the queue is
 	  thread global, remaining errors in the queue can cause an unexpected
 	  error in the next OpenSSL operation.  [ruby-core:48284] [Bug #7215]
 	* ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.
 	* ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.
 	* ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.
 	* ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
 	  queue before re-raising exception.
 	* ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.
 	* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
 	* ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.
 	* test/openssl: check that OpenSSL.errors is empty every time after
 	  running a test case.
 Wed May 18 12:07:42 2016  Kazuki Yamaguchi  <k@rhe.jp>
 	* ext/openssl/ossl.c (ossl_clear_error): Extracted from
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@ -129,7 +129,11 @@ dh_generate(int size, int gen)
    if (!gen_arg.result) {
 	DH_free(dh);
-	if (cb_arg.state) rb_jump_tag(cb_arg.state);
+	if (cb_arg.state) {
 	    /* Clear OpenSSL error queue before re-raising. */
 	    ossl_clear_error();
 	    rb_jump_tag(cb_arg.state);
 	}
 	return 0;
    }
 #else
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@ -135,7 +135,14 @@ dsa_generate(int size)
    }
    if (!gen_arg.result) {
 	DSA_free(dsa);
-	if (cb_arg.state) rb_jump_tag(cb_arg.state);
+	if (cb_arg.state) {
 	    /* Clear OpenSSL error queue before re-raising. By the way, the
 	     * documentation of DSA_generate_parameters_ex() says the error code
 	     * can be obtained by ERR_get_error(), but the default
 	     * implementation, dsa_builtin_paramgen() doesn't put any error... */
 	    ossl_clear_error();
 	    rb_jump_tag(cb_arg.state);
 	}
 	return 0;
    }
 #else
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@ -139,7 +139,11 @@ rsa_generate(int size, unsigned long exp)
    if (!gen_arg.result) {
 	BN_free(e);
 	RSA_free(rsa);
-	if (cb_arg.state) rb_jump_tag(cb_arg.state);
+	if (cb_arg.state) {
 	    /* must clear OpenSSL error stack */
 	    ossl_clear_error();
 	    rb_jump_tag(cb_arg.state);
 	}
 	return 0;
    }
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@ -1288,8 +1288,11 @@ ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, VALUE opts)
 	ret = func(ssl);
        cb_state = rb_ivar_get(self, ID_callback_state);
-        if (!NIL_P(cb_state))
+        if (!NIL_P(cb_state)) {
 	    /* must cleanup OpenSSL error stack before re-raising */
 	    ossl_clear_error();
 	    rb_jump_tag(NUM2INT(cb_state));
 	}
 	if (ret > 0)
 	    break;
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@ -591,18 +591,19 @@ ossl_x509_verify(VALUE self, VALUE key)
 {
    X509 *x509;
    EVP_PKEY *pkey;
    int i;
    pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
    GetX509(self, x509);
-    if ((i = X509_verify(x509, pkey)) < 0) {
+
    switch (X509_verify(x509, pkey)) {
      case 1:
 	return Qtrue;
      case 0:
 	ossl_clear_error();
 	return Qfalse;
      default:
 	ossl_raise(eX509CertError, NULL);
    }
    if (i > 0) {
 	return Qtrue;
    }
    return Qfalse;
 }
 /*
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@ -360,17 +360,17 @@ static VALUE
 ossl_x509crl_verify(VALUE self, VALUE key)
 {
    X509_CRL *crl;
    int ret;
    GetX509CRL(self, crl);
-    if ((ret = X509_CRL_verify(crl, GetPKeyPtr(key))) < 0) {
+    switch (X509_CRL_verify(crl, GetPKeyPtr(key))) {
      case 1:
 	return Qtrue;
      case 0:
 	ossl_clear_error();
 	return Qfalse;
      default:
 	ossl_raise(eX509CRLError, NULL);
    }
    if (ret == 1) {
 	return Qtrue;
    }
    return Qfalse;
 }
 static VALUE
--- a/ext/openssl/ossl_x509req.c
+++ b/ext/openssl/ossl_x509req.c
@ -375,18 +375,18 @@ ossl_x509req_verify(VALUE self, VALUE key)
 {
    X509_REQ *req;
    EVP_PKEY *pkey;
    int i;
    GetX509Req(self, req);
    pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
-    if ((i = X509_REQ_verify(req, pkey)) < 0) {
+    switch (X509_REQ_verify(req, pkey)) {
      case 1:
 	return Qtrue;
      case 0:
 	ossl_clear_error();
 	return Qfalse;
      default:
 	ossl_raise(eX509ReqError, NULL);
    }
    if (i > 0) {
 	return Qtrue;
    }
    return Qfalse;
 }
 static VALUE
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@ -464,14 +464,20 @@ static VALUE
 ossl_x509stctx_verify(VALUE self)
 {
    X509_STORE_CTX *ctx;
    int result;
    GetX509StCtx(self, ctx);
    X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx,
-                               (void*)rb_iv_get(self, "@verify_callback"));
+			       (void *)rb_iv_get(self, "@verify_callback"));
    result = X509_verify_cert(ctx);
-    return result ? Qtrue : Qfalse;
+    switch (X509_verify_cert(ctx)) {
      case 1:
 	return Qtrue;
      case 0:
 	ossl_clear_error();
 	return Qfalse;
      default:
 	ossl_raise(eX509CertError, NULL);
    }
 }
 static VALUE
--- a/test/openssl/test_asn1.rb
+++ b/test/openssl/test_asn1.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: false
 require_relative 'utils'
-class  OpenSSL::TestASN1 < Test::Unit::TestCase
+class  OpenSSL::TestASN1 < OpenSSL::TestCase
  def test_decode
    subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
--- a/test/openssl/test_bn.rb
+++ b/test/openssl/test_bn.rb
@ -3,7 +3,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestBN < Test::Unit::TestCase
+class OpenSSL::TestBN < OpenSSL::TestCase
  def test_new_str
    e1 = OpenSSL::BN.new(999.to_s(16), 16) # OpenSSL::BN.new(str, 16) must be most stable
    e2 = OpenSSL::BN.new((2**107-1).to_s(16), 16)
--- a/test/openssl/test_buffering.rb
+++ b/test/openssl/test_buffering.rb
@ -2,7 +2,7 @@
 require_relative 'utils'
 require 'stringio'
-class OpenSSL::TestBuffering < Test::Unit::TestCase
+class OpenSSL::TestBuffering < OpenSSL::TestCase
  class IO
    include OpenSSL::Buffering
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@ -3,7 +3,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestCipher < Test::Unit::TestCase
+class OpenSSL::TestCipher < OpenSSL::TestCase
  class << self
@ -34,6 +34,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
  end
  def teardown
    super
    @c1 = @c2 = nil
  end
--- a/test/openssl/test_config.rb
+++ b/test/openssl/test_config.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: false
 require_relative 'utils'
-class OpenSSL::TestConfig < Test::Unit::TestCase
+class OpenSSL::TestConfig < OpenSSL::TestCase
  def setup
    file = Tempfile.open("openssl.cnf")
    file << <<__EOD__
@ -18,6 +18,7 @@ __EOD__
  end
  def teardown
    super
    @tmpfile.close!
  end
--- a/test/openssl/test_digest.rb
+++ b/test/openssl/test_digest.rb
@ -3,7 +3,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestDigest < Test::Unit::TestCase
+class OpenSSL::TestDigest < OpenSSL::TestCase
  def setup
    @d1 = OpenSSL::Digest.new("MD5")
    @d2 = OpenSSL::Digest::MD5.new
@ -12,6 +12,7 @@ class OpenSSL::TestDigest < Test::Unit::TestCase
  end
  def teardown
    super
    @d1 = @d2 = @md = nil
  end
--- a/test/openssl/test_engine.rb
+++ b/test/openssl/test_engine.rb
@ -1,9 +1,10 @@
 # frozen_string_literal: false
 require_relative 'utils'
-class OpenSSL::TestEngine < Test::Unit::TestCase
+class OpenSSL::TestEngine < OpenSSL::TestCase
  def teardown
    super
    OpenSSL::Engine.cleanup # [ruby-core:40669]
    assert_equal(0, OpenSSL::Engine.engines.size)
  end
--- a/test/openssl/test_fips.rb
+++ b/test/openssl/test_fips.rb
@ -3,7 +3,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestFIPS < Test::Unit::TestCase
+class OpenSSL::TestFIPS < OpenSSL::TestCase
  def test_fips_mode_is_reentrant
    OpenSSL.fips_mode = false
--- a/test/openssl/test_hmac.rb
+++ b/test/openssl/test_hmac.rb
@ -3,7 +3,7 @@
 require_relative 'utils'
-class OpenSSL::TestHMAC < Test::Unit::TestCase
+class OpenSSL::TestHMAC < OpenSSL::TestCase
  def setup
    @digest = OpenSSL::Digest::MD5
    @key = "KEY"
@ -12,9 +12,6 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase
    @h2 = OpenSSL::HMAC.new(@key, "MD5")
  end
  def teardown
  end
  def test_hmac
    @h1.update(@data)
    @h2.update(@data)
--- a/test/openssl/test_ns_spki.rb
+++ b/test/openssl/test_ns_spki.rb
@ -3,7 +3,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestNSSPI < Test::Unit::TestCase
+class OpenSSL::TestNSSPI < OpenSSL::TestCase
  def setup
    # This request data is adopt from the specification of
    # "Netscape Extensions for User Key Generation".
--- a/test/openssl/test_ocsp.rb
+++ b/test/openssl/test_ocsp.rb
@ -3,7 +3,7 @@ require_relative "utils"
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestOCSP < Test::Unit::TestCase
+class OpenSSL::TestOCSP < OpenSSL::TestCase
  def setup
    ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
    ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@ -517,36 +517,36 @@ module OpenSSL::TestPairM
  end
 end
-class OpenSSL::TestEOF1 < Test::Unit::TestCase
+class OpenSSL::TestEOF1 < OpenSSL::TestCase
  include TestEOF
  include OpenSSL::SSLPair
  include OpenSSL::TestEOF1M
 end
-class OpenSSL::TestEOF1LowlevelSocket < Test::Unit::TestCase
+class OpenSSL::TestEOF1LowlevelSocket < OpenSSL::TestCase
  include TestEOF
  include OpenSSL::SSLPairLowlevelSocket
  include OpenSSL::TestEOF1M
 end
-class OpenSSL::TestEOF2 < Test::Unit::TestCase
+class OpenSSL::TestEOF2 < OpenSSL::TestCase
  include TestEOF
  include OpenSSL::SSLPair
  include OpenSSL::TestEOF2M
 end
-class OpenSSL::TestEOF2LowlevelSocket < Test::Unit::TestCase
+class OpenSSL::TestEOF2LowlevelSocket < OpenSSL::TestCase
  include TestEOF
  include OpenSSL::SSLPairLowlevelSocket
  include OpenSSL::TestEOF2M
 end
-class OpenSSL::TestPair < Test::Unit::TestCase
+class OpenSSL::TestPair < OpenSSL::TestCase
  include OpenSSL::SSLPair
  include OpenSSL::TestPairM
 end
-class OpenSSL::TestPairLowlevelSocket < Test::Unit::TestCase
+class OpenSSL::TestPairLowlevelSocket < OpenSSL::TestCase
  include OpenSSL::SSLPairLowlevelSocket
  include OpenSSL::TestPairM
 end
--- a/test/openssl/test_pkcs12.rb
+++ b/test/openssl/test_pkcs12.rb
@ -4,7 +4,7 @@ require_relative "utils"
 if defined?(OpenSSL::TestUtils)
 module OpenSSL
-  class TestPKCS12 < Test::Unit::TestCase
+  class TestPKCS12 < OpenSSL::TestCase
    include OpenSSL::TestUtils
    def setup
--- a/test/openssl/test_pkcs5.rb
+++ b/test/openssl/test_pkcs5.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: false
 require_relative 'utils'
-class OpenSSL::TestPKCS5 < Test::Unit::TestCase
+class OpenSSL::TestPKCS5 < OpenSSL::TestCase
  def test_pbkdf2_hmac_sha1_rfc6070_c_1_len_20
    p ="password"
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@ -3,7 +3,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestPKCS7 < Test::Unit::TestCase
+class OpenSSL::TestPKCS7 < OpenSSL::TestCase
  def setup
    @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
    @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
--- a/test/openssl/test_pkey_dh.rb
+++ b/test/openssl/test_pkey_dh.rb
@ -3,7 +3,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestPKeyDH < Test::Unit::TestCase
+class OpenSSL::TestPKeyDH < OpenSSL::TestCase
  NEW_KEYLEN = 256
--- a/test/openssl/test_pkey_dsa.rb
+++ b/test/openssl/test_pkey_dsa.rb
@ -4,7 +4,7 @@ require 'base64'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestPKeyDSA < Test::Unit::TestCase
+class OpenSSL::TestPKeyDSA < OpenSSL::TestCase
  def test_private
    key = OpenSSL::PKey::DSA.new(256)
    assert(key.private?)
@ -20,7 +20,6 @@ class OpenSSL::TestPKeyDSA < Test::Unit::TestCase
    key = OpenSSL::PKey::DSA.new 256
    pem  = key.public_key.to_pem
    OpenSSL::PKey::DSA.new pem
    assert_equal([], OpenSSL.errors)
  end
  def test_new_break
@ -84,7 +83,6 @@ end
    assert_equal(g, key.g)
    assert_equal(y, key.pub_key)
    assert_equal(nil, key.priv_key)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_DSAPublicKey_pem
@ -109,7 +107,6 @@ fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ==
    assert_equal(g, key.g)
    assert_equal(y, key.pub_key)
    assert_equal(nil, key.priv_key)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_DSA_PUBKEY_pem
@ -135,7 +132,6 @@ YNMbNw==
    assert_equal(g, key.g)
    assert_equal(y, key.pub_key)
    assert_equal(nil, key.priv_key)
    assert_equal([], OpenSSL.errors)
  end
  def test_export_format_is_DSA_PUBKEY_pem
@ -165,7 +161,6 @@ YNMbNw==
    pub_key = OpenSSL::ASN1.decode(seq[1].value)
    assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag)
    assert_equal(key.pub_key, pub_key.value)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_private_key_der
@ -174,7 +169,6 @@ YNMbNw==
    key2 = OpenSSL::PKey.read(der)
    assert(key2.private?)
    assert_equal(der, key2.to_der)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_private_key_pem
@ -183,7 +177,6 @@ YNMbNw==
    key2 = OpenSSL::PKey.read(pem)
    assert(key2.private?)
    assert_equal(pem, key2.to_pem)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_public_key_der
@ -192,7 +185,6 @@ YNMbNw==
    key2 = OpenSSL::PKey.read(der)
    assert(!key2.private?)
    assert_equal(der, key2.to_der)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_public_key_pem
@ -201,7 +193,6 @@ YNMbNw==
    key2 = OpenSSL::PKey.read(pem)
    assert(!key2.private?)
    assert_equal(pem, key2.to_pem)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_private_key_pem_pw
@ -216,7 +207,6 @@ YNMbNw==
    key2 = OpenSSL::PKey.read(pem, 'secret')
    assert(key2.private?)
    #omit pem equality check, will be different due to cipher iv
    assert_equal([], OpenSSL.errors)
  end
  def test_export_password_length
--- a/test/openssl/test_pkey_ec.rb
+++ b/test/openssl/test_pkey_ec.rb
@ -3,7 +3,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::PKey::EC)
-class OpenSSL::TestEC < Test::Unit::TestCase
+class OpenSSL::TestEC < OpenSSL::TestCase
  def setup
    @data1 = 'foo'
    @data2 = 'bar' * 1000 # data too long for DSA sig
@ -131,7 +131,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
    ec2 = OpenSSL::PKey.read(der)
    assert(ec2.private_key?)
    assert_equal(der, ec2.to_der)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_private_key_pem
@ -140,7 +139,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
    ec2 = OpenSSL::PKey.read(pem)
    assert(ec2.private_key?)
    assert_equal(pem, ec2.to_pem)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_public_key_der
@ -151,7 +149,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
    ec3 = OpenSSL::PKey.read(der)
    assert(!ec3.private_key?)
    assert_equal(der, ec3.to_der)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_public_key_pem
@ -162,7 +159,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
    ec3 = OpenSSL::PKey.read(pem)
    assert(!ec3.private_key?)
    assert_equal(pem, ec3.to_pem)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_private_key_pem_pw
@ -177,7 +173,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase
    ec2 = OpenSSL::PKey.read(pem, 'secret')
    assert(ec2.private_key?)
    #omit pem equality check, will be different due to cipher iv
    assert_equal([], OpenSSL.errors)
  end
  def test_export_password_length
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@ -4,7 +4,7 @@ require 'base64'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
+class OpenSSL::TestPKeyRSA < OpenSSL::TestCase
  def test_padding
    key = OpenSSL::PKey::RSA.new(512, 3)
@ -180,7 +180,6 @@ AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE=
    assert_equal(nil, key.d)
    assert_equal(nil, key.p)
    assert_equal(nil, key.q)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_RSA_PUBKEY_pem
@ -201,7 +200,6 @@ AwEAAQ==
    assert_equal(nil, key.d)
    assert_equal(nil, key.p)
    assert_equal(nil, key.q)
    assert_equal([], OpenSSL.errors)
  end
  def test_export_format_is_RSA_PUBKEY
@ -223,7 +221,6 @@ AwEAAQ==
    key = OpenSSL::PKey.read(der)
    assert(key.private?)
    assert_equal(der, key.to_der)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_private_key_pem
@ -231,7 +228,6 @@ AwEAAQ==
    key = OpenSSL::PKey.read(pem)
    assert(key.private?)
    assert_equal(pem, key.to_pem)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_public_key_der
@ -239,7 +235,6 @@ AwEAAQ==
    key = OpenSSL::PKey.read(der)
    assert(!key.private?)
    assert_equal(der, key.to_der)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_public_key_pem
@ -247,7 +242,6 @@ AwEAAQ==
    key = OpenSSL::PKey.read(pem)
    assert(!key.private?)
    assert_equal(pem, key.to_pem)
    assert_equal([], OpenSSL.errors)
  end
  def test_read_private_key_pem_pw
@ -261,7 +255,6 @@ AwEAAQ==
    key = OpenSSL::PKey.read(pem, 'secret')
    assert(key.private?)
    #omit pem equality check, will be different due to cipher iv
    assert_equal([], OpenSSL.errors)
  end
  def test_read_private_key_pem_pw_exception
@ -272,7 +265,6 @@ AwEAAQ==
        raise RuntimeError
      end
    end
    assert_equal([], OpenSSL.errors)
  end
  def test_export_password_length
@ -306,7 +298,6 @@ AwEAAQ==
    assert_equal(key.n, pub_key.value[0].value)
    assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag)
    assert_equal(key.e, pub_key.value[1].value)
    assert_equal([], OpenSSL.errors)
  end
 end
--- a/test/openssl/test_random.rb
+++ b/test/openssl/test_random.rb
@ -4,7 +4,7 @@ begin
 rescue LoadError
 end
-class OpenSSL::TestRandom < Test::Unit::TestCase
+class OpenSSL::TestRandom < OpenSSL::TestCase
  def test_random_bytes
    assert_equal("", OpenSSL::Random.random_bytes(0))
    assert_equal(12, OpenSSL::Random.random_bytes(12).bytesize)
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@ -3,7 +3,7 @@ require_relative "utils"
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Certificate < Test::Unit::TestCase
+class OpenSSL::TestX509Certificate < OpenSSL::TestCase
  def setup
    @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
    @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@ -14,9 +14,6 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
    @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
  end
  def teardown
  end
  def issue_cert(*args)
    OpenSSL::TestUtils.issue_cert(*args)
  end
--- a/test/openssl/test_x509crl.rb
+++ b/test/openssl/test_x509crl.rb
@ -3,7 +3,7 @@ require_relative "utils"
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509CRL < Test::Unit::TestCase
+class OpenSSL::TestX509CRL < OpenSSL::TestCase
  def setup
    @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
    @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@ -14,9 +14,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
    @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
  end
  def teardown
  end
  def issue_crl(*args)
    OpenSSL::TestUtils.issue_crl(*args)
  end
--- a/test/openssl/test_x509ext.rb
+++ b/test/openssl/test_x509ext.rb
@ -3,7 +3,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Extension < Test::Unit::TestCase
+class OpenSSL::TestX509Extension < OpenSSL::TestCase
  def setup
    @basic_constraints_value = OpenSSL::ASN1::Sequence([
      OpenSSL::ASN1::Boolean(true),   # CA
@ -16,9 +16,6 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase
    ])
  end
  def teardown
  end
  def test_new
    ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
    assert_equal("basicConstraints", ext.oid)
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@ -4,7 +4,7 @@ require_relative 'utils'
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Name < Test::Unit::TestCase
+class OpenSSL::TestX509Name < OpenSSL::TestCase
  OpenSSL::ASN1::ObjectId.register(
    "1.2.840.113549.1.9.1", "emailAddress", "emailAddress")
  OpenSSL::ASN1::ObjectId.register(
@ -15,9 +15,6 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
    @obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE)
  end
  def teardown
  end
  def test_s_new
    dn = [ ["C", "JP"], ["O", "example"], ["CN", "www.example.jp"] ]
    name = OpenSSL::X509::Name.new(dn)
--- a/test/openssl/test_x509req.rb
+++ b/test/openssl/test_x509req.rb
@ -3,7 +3,7 @@ require_relative "utils"
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Request < Test::Unit::TestCase
+class OpenSSL::TestX509Request < OpenSSL::TestCase
  def setup
    @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
    @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
--- a/test/openssl/test_x509store.rb
+++ b/test/openssl/test_x509store.rb
@ -3,7 +3,7 @@ require_relative "utils"
 if defined?(OpenSSL::TestUtils)
-class OpenSSL::TestX509Store < Test::Unit::TestCase
+class OpenSSL::TestX509Store < OpenSSL::TestCase
  def setup
    @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
    @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@ -15,9 +15,6 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
    @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
  end
  def teardown
  end
  def test_nosegv_on_cleanup
    cert  = OpenSSL::X509::Certificate.new
    store = OpenSSL::X509::Store.new
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@ -181,7 +181,14 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
    end
  end
-  class OpenSSL::SSLTestCase < Test::Unit::TestCase
+  class OpenSSL::TestCase < Test::Unit::TestCase
    def teardown
      # OpenSSL error stack must be empty
      assert_equal([], OpenSSL.errors)
    end
  end
  class OpenSSL::SSLTestCase < OpenSSL::TestCase
    RUBY = EnvUtil.rubybin
    ITERATIONS = ($0 == __FILE__) ? 100 : 10
@ -206,9 +213,6 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
      @server = nil
    end
    def teardown
    end
    def issue_cert(*arg)
      OpenSSL::TestUtils.issue_cert(*arg)
    end