diff --git a/test/net/fixtures/dhparams.pem b/test/net/fixtures/dhparams.pem new file mode 100644 index 0000000000..389285bf59 --- /dev/null +++ b/test/net/fixtures/dhparams.pem @@ -0,0 +1,29 @@ + DH Parameters: (2048 bit) + prime: + 00:ec:4e:a4:06:b6:22:ca:f9:8a:00:cc:d0:ee:2f: + 16:bf:05:64:f5:8f:fe:7f:c4:bb:b0:24:cd:ef:5d: + 8a:90:ad:dc:a9:dd:63:84:90:d8:25:ba:d8:78:d5: + 77:91:42:0a:84:fc:56:1e:13:9b:1c:aa:43:d5:1f: + 38:52:92:fe:b3:66:f9:e7:e8:8c:77:a1:a6:2f:b3: + 98:98:d2:13:fc:57:1c:2a:14:dc:bd:e6:9b:54:19: + 99:4f:ce:81:64:a6:32:7f:8e:61:50:5f:45:3a:e5: + 0c:f7:13:f3:b8:ad:d5:77:ca:09:42:f7:d8:30:27: + 7b:2c:f0:b4:b5:a0:04:96:34:0b:47:81:1d:7f:c1: + 3a:62:86:8e:7d:f8:13:7f:9a:b1:8b:09:23:9e:55: + 59:41:cd:f0:86:09:c4:b7:d1:69:54:cb:d0:f5:e9: + 27:c9:e1:81:e4:a1:df:6b:20:1c:df:e8:54:02:f2: + 37:fc:2a:f7:d5:b3:6f:79:7e:70:22:78:79:18:3c: + 75:14:68:4a:05:9f:ac:d4:7f:9a:79:db:9d:0a:6e: + ec:0a:04:70:bf:c9:4a:59:81:a2:1f:33:9b:4a:66: + bc:03:ce:8a:1b:e3:03:ec:ba:39:26:ab:90:dc:39: + 41:a1:d8:f7:20:3c:8f:af:12:2f:f7:a9:6f:44:f1: + 6d:03 + generator: 2 (0x2) +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY +JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab +VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6 +YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3 +1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD +7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg== +-----END DH PARAMETERS----- diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb index dfdb221d7e..a863dc88fe 100644 --- a/test/net/http/test_https.rb +++ b/test/net/http/test_https.rb @@ -4,7 +4,6 @@ begin require 'net/https' require 'stringio' require 'timeout' - require File.expand_path("../../openssl/utils", File.dirname(__FILE__)) require File.expand_path("utils", File.dirname(__FILE__)) rescue LoadError # should skip this test @@ -13,34 +12,40 @@ end class TestNetHTTPS < Test::Unit::TestCase include TestNetHTTPUtils - subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost") - exts = [ - ["keyUsage", "keyEncipherment,digitalSignature", true], - ] - key = OpenSSL::TestUtils::TEST_KEY_RSA1024 - cert = OpenSSL::TestUtils.issue_cert( - subject, key, 1, Time.now, Time.now + 3600, exts, - nil, nil, OpenSSL::Digest::SHA1.new - ) + def self.fixture(key) + File.read(File.expand_path("../fixtures/#{key}", __dir__)) + end + + CA_CERT = OpenSSL::X509::Certificate.new(fixture("cacert.pem")) + SERVER_KEY = OpenSSL::PKey.read(fixture("server.key")) + SERVER_CERT = OpenSSL::X509::Certificate.new(fixture("server.crt")) + DHPARAMS = OpenSSL::PKey::DH.new(fixture("dhparams.pem")) + TEST_STORE = OpenSSL::X509::Store.new.tap {|s| s.add_cert(CA_CERT) } CONFIG = { 'host' => '127.0.0.1', 'proxy_host' => nil, 'proxy_port' => nil, 'ssl_enable' => true, - 'ssl_certificate' => cert, - 'ssl_private_key' => key, + 'ssl_certificate' => SERVER_CERT, + 'ssl_private_key' => SERVER_KEY, + 'ssl_tmp_dh_callback' => proc { DHPARAMS }, } def test_get http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true + http.cert_store = TEST_STORE + certs = [] http.verify_callback = Proc.new do |preverify_ok, store_ctx| - store_ctx.current_cert.to_der == config('ssl_certificate').to_der + certs << store_ctx.current_cert + preverify_ok end http.request_get("/") {|res| assert_equal($test_net_http_data, res.body) } + assert_equal(CA_CERT.to_der, certs[0].to_der) + assert_equal(SERVER_CERT.to_der, certs[1].to_der) rescue SystemCallError skip $! end @@ -48,9 +53,7 @@ class TestNetHTTPS < Test::Unit::TestCase def test_post http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true - http.verify_callback = Proc.new do |preverify_ok, store_ctx| - store_ctx.current_cert.to_der == config('ssl_certificate').to_der - end + http.cert_store = TEST_STORE data = config('ssl_private_key').to_der http.request_post("/", data, {'content-type' => 'application/x-www-form-urlencoded'}) {|res| assert_equal(data, res.body) @@ -62,9 +65,7 @@ class TestNetHTTPS < Test::Unit::TestCase def test_session_reuse http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true - http.verify_callback = Proc.new do |preverify_ok, store_ctx| - store_ctx.current_cert.to_der == config('ssl_certificate').to_der - end + http.cert_store = TEST_STORE http.start http.get("/") @@ -93,9 +94,7 @@ class TestNetHTTPS < Test::Unit::TestCase def test_session_reuse_but_expire http = Net::HTTP.new("localhost", config("port")) http.use_ssl = true - http.verify_callback = Proc.new do |preverify_ok, store_ctx| - store_ctx.current_cert.to_der == config('ssl_certificate').to_der - end + http.cert_store = TEST_STORE http.ssl_timeout = -1 http.start @@ -164,7 +163,7 @@ class TestNetHTTPS < Test::Unit::TestCase http = Net::HTTP.new("127.0.0.1", config("port")) http.use_ssl = true http.verify_callback = Proc.new do |preverify_ok, store_ctx| - store_ctx.current_cert.to_der == config('ssl_certificate').to_der + true end ex = assert_raise(OpenSSL::SSL::SSLError){ http.request_get("/") {|res| } @@ -192,4 +191,4 @@ class TestNetHTTPS < Test::Unit::TestCase assert th.join(10), bug4246 } end -end if defined?(OpenSSL::TestUtils) +end if defined?(OpenSSL::SSL) diff --git a/test/net/http/utils.rb b/test/net/http/utils.rb index 8a00615fbe..dbfd112f31 100644 --- a/test/net/http/utils.rb +++ b/test/net/http/utils.rb @@ -61,7 +61,7 @@ module TestNetHTTPUtils :SSLEnable => true, :SSLCertificate => config('ssl_certificate'), :SSLPrivateKey => config('ssl_private_key'), - :SSLTmpDhCallback => proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }, + :SSLTmpDhCallback => config('ssl_tmp_dh_callback'), }) end @server = WEBrick::HTTPServer.new(server_config)