1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
ruby--ruby/test/drb/ut_drb_drbssl.rb
rhe 63abe00785 openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
  {RSA,DSA,EC_KEY,DH}_get0_*() functions.
  OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
  setter methods for each parameter of each PKey type, for example
  PKey::RSA#e=, but this is no longer possible because the new API
  RSA_set0_key() requires the 'n' at the same time. This commit adds
  deprecation warning to them and adds PKey::*#set_* methods as direct
  wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
  rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
  [ruby-core:75225] [Feature #12324]

* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
  RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
  Emit a warning with rb_warning() when old setter methods are used.

* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
  test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
  object that are used in tmp_dh_callback. Generating a new key pair
  every time should be fine - actually the private exponent is ignored
  in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
  https://www.openssl.org/news/secadv/20160128.txt

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 15:00:47 +00:00

40 lines
1.1 KiB
Ruby

# frozen_string_literal: false
require_relative "ut_drb"
require 'drb/ssl'
if __FILE__ == $0
def ARGV.shift
it = super()
raise "usage: #{$0} <manager-uri> <name>" unless it
it
end
module DRbTests
TEST_KEY_DH1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_
-----BEGIN DH PARAMETERS-----
MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
pFxIvjG05D7HoBZQfrR0c92NGWPkAiCkhQKB8JCbPVzwNLDy6DZ0pmofDKrEsYHG
AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
-----END DH PARAMETERS-----
_end_of_pem_
end
config = Hash.new
config[:SSLTmpDhCallback] = proc { DRbTests::TEST_KEY_DH1024 }
config[:SSLVerifyMode] = OpenSSL::SSL::VERIFY_PEER
config[:SSLVerifyCallback] = lambda{|ok,x509_store|
true
}
config[:SSLCertName] =
[ ["C","JP"], ["O","Foo.DRuby.Org"], ["CN", "Sample"] ]
DRb::DRbServer.default_argc_limit(8)
DRb::DRbServer.default_load_limit(4096)
DRb.start_service('drbssl://localhost:0', DRbTests::DRbEx.new, config)
es = DRb::ExtServ.new(ARGV.shift, ARGV.shift)
DRb.thread.join
es.stop_service if es.alive?
end