mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
609103dbb5
Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5 (imported by r59567) can be found at: https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1 ---------------------------------------------------------------- Antonio Terceiro (1): test/test_ssl: explicitly accept TLS 1.1 in corresponding test Colby Swandale (1): document using secure protocol to fetch git master in Bundler Colton Jenkins (1): Add fips_mode_get to return fips_mode Kazuki Yamaguchi (85): Start preparing for 2.1.0 Remove support for OpenSSL 0.9.8 and 1.0.0 bn: refine tests bn: implement unary {plus,minus} operators for OpenSSL::BN bn: implement OpenSSL::BN#negative? Don't define main() when built with --enable-debug test: let OpenSSL::TestCase include OpenSSL::TestUtils test: prepare test PKey instances on demand Add OpenSSL.print_mem_leaks Enable OSSL_MDEBUG on CI builds ssl: move default DH parameters from OpenSSL::PKey::DH Make exceptions with the same format regardless of OpenSSL.debug ssl: show reason of 'certificate verify error' in exception message ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384 ssl: do not confuse different ex_data index registries ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object Fix RDoc markup ssl: suppress compiler warning ext/openssl/deprecation.rb: remove broken-apple-openssl extconf.rb: print informative message if OpenSSL can't be found Rakefile: compile the extension before test kdf: introduce OpenSSL::KDF module ossl.h: add NUM2UINT64T() macro kdf: add scrypt Expand rb_define_copy_func() macro Expand FPTR_TO_FD() macro Remove SafeGet*() macros cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname() digest: rename GetDigestPtr() to ossl_evp_get_digestbyname() Add ossl_str_new(), an exception-safe rb_str_new() bio: simplify ossl_membio2str() using ossl_str_new() Remove unused functions and macros Drop support for LibreSSL 2.3 ocsp: add OpenSSL::OCSP::Request#signed? asn1: infinite length -> indefinite length asn1: rearrange tests ssl: remove a needless NULL check in SSL::SSLContext#ciphers ssl: return nil in SSL::SSLSocket#cipher if session is not started asn1: remove an unnecessary function prototype asn1: require tag information when instantiating generic type asn1: initialize 'unused_bits' attribute of BitString with 0 asn1: check for illegal 'unused_bits' value of BitString asn1: disallow NULL to be passed to asn1time_to_time() asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid asn1: allow constructed encoding with definite length form asn1: prohibit indefinite length form for primitive encoding asn1: allow tag number to be >= 32 for universal tag class asn1: use ossl_asn1_tag() asn1: clean up OpenSSL::ASN1::Constructive#to_der asn1: harmonize OpenSSL::ASN1::*#to_der asn1: prevent EOC octets from being in the middle of the content asn1: do not treat EOC octets as part of content octets x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry ssl: do not call session_remove_cb during GC Backport "Merge branch 'topic/test-memory-leak'" to maint cipher: update the documentation for Cipher#auth_tag= Rakefile: let sync:to_ruby know about test/openssl/fixtures test: fix formatting test/utils: remove OpenSSL::TestUtils.silent test/utils: add SSLTestCase#tls12_supported? test/utils: have start_server yield only the port number test/utils: do not set ecdh_curves in start_server test/utils: let server_loop close socket test/utils: improve error handling in start_server test/utils: add OpenSSL::TestUtils.openssl? and .libressl? test/utils: do not use DSA certificates in SSL tests test/test_ssl: remove test_invalid_shutdown_by_gc test/test_ssl: move test_multibyte_read_write to test_pair test/test_ssl_session: rearrange tests test/test_pair, test/test_ssl: fix for TLS 1.3 ssl: remove useless call to rb_thread_wait_fd() ssl: fix NPN support ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private ssl: use 2048-bit group in the default tmp_dh_cb ssl: ensure that SSL option flags are non-negative ssl: update OpenSSL::SSL::OP_* flags ssl: prefer TLS_method() over SSLv23_method() ssl: add SSLContext#min_version= and #max_version= ssl: rework SSLContext#ssl_version= test/test_x509name: change script encoding to ASCII-8BIT x509name: refactor OpenSSL::X509::Name#to_s x509name: add OpenSSL::X509::Name#to_utf8 x509name: add OpenSSL::X509::Name#inspect x509name: update regexp in OpenSSL::X509::Name.parse Ruby/OpenSSL 2.1.0.beta1 Marcus Stollsteimer (1): Fix rdoc for core Integer class nobu (4): [DOC] {read,write}_nonblock with exception: false [DOC] keyword argument _exception_ [DOC] mark up literals Revert r57690 except for read_nonblock git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
304 lines
9.2 KiB
Ruby
304 lines
9.2 KiB
Ruby
# frozen_string_literal: false
|
|
require_relative 'utils'
|
|
|
|
if defined?(OpenSSL)
|
|
|
|
class OpenSSL::TestConfig < OpenSSL::TestCase
|
|
def setup
|
|
super
|
|
file = Tempfile.open("openssl.cnf")
|
|
file << <<__EOD__
|
|
HOME = .
|
|
[ ca ]
|
|
default_ca = CA_default
|
|
[ CA_default ]
|
|
dir = ./demoCA
|
|
certs = ./certs
|
|
__EOD__
|
|
file.close
|
|
@tmpfile = file
|
|
@it = OpenSSL::Config.new(file.path)
|
|
end
|
|
|
|
def teardown
|
|
super
|
|
@tmpfile.close!
|
|
end
|
|
|
|
def test_constants
|
|
assert(defined?(OpenSSL::Config::DEFAULT_CONFIG_FILE))
|
|
config_file = OpenSSL::Config::DEFAULT_CONFIG_FILE
|
|
pend "DEFAULT_CONFIG_FILE may return a wrong path on your platforms. [Bug #6830]" unless File.readable?(config_file)
|
|
assert_nothing_raised do
|
|
OpenSSL::Config.load(config_file)
|
|
end
|
|
end
|
|
|
|
def test_s_parse
|
|
c = OpenSSL::Config.parse('')
|
|
assert_equal("[ default ]\n\n", c.to_s)
|
|
c = OpenSSL::Config.parse(@it.to_s)
|
|
assert_equal(['CA_default', 'ca', 'default'], c.sections.sort)
|
|
end
|
|
|
|
def test_s_parse_format
|
|
c = OpenSSL::Config.parse(<<__EOC__)
|
|
baz =qx\t # "baz = qx"
|
|
|
|
foo::bar = baz # shortcut section::key format
|
|
default::bar = baz # ditto
|
|
a=\t \t # "a = ": trailing spaces are ignored
|
|
=b # " = b": empty key
|
|
=c # " = c": empty key (override the above line)
|
|
d= # "c = ": trailing comment is ignored
|
|
|
|
sq = 'foo''b\\'ar'
|
|
dq ="foo""''\\""
|
|
dq2 = foo""bar
|
|
esc=a\\r\\n\\b\\tb
|
|
foo\\bar = foo\\b\\\\ar
|
|
foo\\bar::foo\\bar = baz
|
|
[default1 default2]\t\t # space is allowed in section name
|
|
fo =b ar # space allowed in value
|
|
[emptysection]
|
|
[doller ]
|
|
foo=bar
|
|
bar = $(foo)
|
|
baz = 123$(default::bar)456${foo}798
|
|
qux = ${baz}
|
|
quxx = $qux.$qux
|
|
__EOC__
|
|
assert_equal(['default', 'default1 default2', 'doller', 'emptysection', 'foo', 'foo\\bar'], c.sections.sort)
|
|
assert_equal(['', 'a', 'bar', 'baz', 'd', 'dq', 'dq2', 'esc', 'foo\\bar', 'sq'], c['default'].keys.sort)
|
|
assert_equal('c', c['default'][''])
|
|
assert_equal('', c['default']['a'])
|
|
assert_equal('qx', c['default']['baz'])
|
|
assert_equal('', c['default']['d'])
|
|
assert_equal('baz', c['default']['bar'])
|
|
assert_equal("foob'ar", c['default']['sq'])
|
|
assert_equal("foo''\"", c['default']['dq'])
|
|
assert_equal("foobar", c['default']['dq2'])
|
|
assert_equal("a\r\n\b\tb", c['default']['esc'])
|
|
assert_equal("foo\b\\ar", c['default']['foo\\bar'])
|
|
assert_equal('baz', c['foo']['bar'])
|
|
assert_equal('baz', c['foo\\bar']['foo\\bar'])
|
|
assert_equal('b ar', c['default1 default2']['fo'])
|
|
|
|
# dolloer
|
|
assert_equal('bar', c['doller']['foo'])
|
|
assert_equal('bar', c['doller']['bar'])
|
|
assert_equal('123baz456bar798', c['doller']['baz'])
|
|
assert_equal('123baz456bar798', c['doller']['qux'])
|
|
assert_equal('123baz456bar798.123baz456bar798', c['doller']['quxx'])
|
|
|
|
excn = assert_raise(OpenSSL::ConfigError) do
|
|
OpenSSL::Config.parse("foo = $bar")
|
|
end
|
|
assert_equal("error in line 1: variable has no value", excn.message)
|
|
|
|
excn = assert_raise(OpenSSL::ConfigError) do
|
|
OpenSSL::Config.parse("foo = $(bar")
|
|
end
|
|
assert_equal("error in line 1: no close brace", excn.message)
|
|
|
|
excn = assert_raise(OpenSSL::ConfigError) do
|
|
OpenSSL::Config.parse("f o =b ar # no space in key")
|
|
end
|
|
assert_equal("error in line 1: missing equal sign", excn.message)
|
|
|
|
excn = assert_raise(OpenSSL::ConfigError) do
|
|
OpenSSL::Config.parse(<<__EOC__)
|
|
# comment 1 # comments
|
|
|
|
#
|
|
# comment 2
|
|
\t#comment 3
|
|
[second ]\t
|
|
[third # section not terminated
|
|
__EOC__
|
|
end
|
|
assert_equal("error in line 7: missing close square bracket", excn.message)
|
|
end
|
|
|
|
def test_s_load
|
|
# alias of new
|
|
c = OpenSSL::Config.load
|
|
assert_equal("", c.to_s)
|
|
assert_equal([], c.sections)
|
|
#
|
|
Tempfile.create("openssl.cnf") {|file|
|
|
file.close
|
|
c = OpenSSL::Config.load(file.path)
|
|
assert_equal("[ default ]\n\n", c.to_s)
|
|
assert_equal(['default'], c.sections)
|
|
}
|
|
end
|
|
|
|
def test_initialize
|
|
c = OpenSSL::Config.new
|
|
assert_equal("", c.to_s)
|
|
assert_equal([], c.sections)
|
|
end
|
|
|
|
def test_initialize_with_empty_file
|
|
Tempfile.create("openssl.cnf") {|file|
|
|
file.close
|
|
c = OpenSSL::Config.new(file.path)
|
|
assert_equal("[ default ]\n\n", c.to_s)
|
|
assert_equal(['default'], c.sections)
|
|
}
|
|
end
|
|
|
|
def test_initialize_with_example_file
|
|
assert_equal(['CA_default', 'ca', 'default'], @it.sections.sort)
|
|
end
|
|
|
|
def test_get_value
|
|
assert_equal('CA_default', @it.get_value('ca', 'default_ca'))
|
|
assert_equal(nil, @it.get_value('ca', 'no such key'))
|
|
assert_equal(nil, @it.get_value('no such section', 'no such key'))
|
|
assert_equal('.', @it.get_value('', 'HOME'))
|
|
assert_raise(TypeError) do
|
|
@it.get_value(nil, 'HOME') # not allowed unlike Config#value
|
|
end
|
|
# fallback to 'default' ugly...
|
|
assert_equal('.', @it.get_value('unknown', 'HOME'))
|
|
end
|
|
|
|
def test_get_value_ENV
|
|
key = ENV.keys.first
|
|
assert_not_nil(key) # make sure we have at least one ENV var.
|
|
assert_equal(ENV[key], @it.get_value('ENV', key))
|
|
end
|
|
|
|
def test_value
|
|
# suppress deprecation warnings
|
|
EnvUtil.suppress_warning do
|
|
assert_equal('CA_default', @it.value('ca', 'default_ca'))
|
|
assert_equal(nil, @it.value('ca', 'no such key'))
|
|
assert_equal(nil, @it.value('no such section', 'no such key'))
|
|
assert_equal('.', @it.value('', 'HOME'))
|
|
assert_equal('.', @it.value(nil, 'HOME'))
|
|
assert_equal('.', @it.value('HOME'))
|
|
# fallback to 'default' ugly...
|
|
assert_equal('.', @it.value('unknown', 'HOME'))
|
|
end
|
|
end
|
|
|
|
def test_value_ENV
|
|
EnvUtil.suppress_warning do
|
|
key = ENV.keys.first
|
|
assert_not_nil(key) # make sure we have at least one ENV var.
|
|
assert_equal(ENV[key], @it.value('ENV', key))
|
|
end
|
|
end
|
|
|
|
def test_aref
|
|
assert_equal({'HOME' => '.'}, @it['default'])
|
|
assert_equal({'dir' => './demoCA', 'certs' => './certs'}, @it['CA_default'])
|
|
assert_equal({}, @it['no_such_section'])
|
|
assert_equal({}, @it[''])
|
|
end
|
|
|
|
def test_section
|
|
EnvUtil.suppress_warning do
|
|
assert_equal({'HOME' => '.'}, @it.section('default'))
|
|
assert_equal({'dir' => './demoCA', 'certs' => './certs'}, @it.section('CA_default'))
|
|
assert_equal({}, @it.section('no_such_section'))
|
|
assert_equal({}, @it.section(''))
|
|
end
|
|
end
|
|
|
|
def test_sections
|
|
assert_equal(['CA_default', 'ca', 'default'], @it.sections.sort)
|
|
@it['new_section'] = {'foo' => 'bar'}
|
|
assert_equal(['CA_default', 'ca', 'default', 'new_section'], @it.sections.sort)
|
|
@it['new_section'] = {}
|
|
assert_equal(['CA_default', 'ca', 'default', 'new_section'], @it.sections.sort)
|
|
end
|
|
|
|
def test_add_value
|
|
c = OpenSSL::Config.new
|
|
assert_equal("", c.to_s)
|
|
# add key
|
|
c.add_value('default', 'foo', 'bar')
|
|
assert_equal("[ default ]\nfoo=bar\n\n", c.to_s)
|
|
# add another key
|
|
c.add_value('default', 'baz', 'qux')
|
|
assert_equal('bar', c['default']['foo'])
|
|
assert_equal('qux', c['default']['baz'])
|
|
# update the value
|
|
c.add_value('default', 'baz', 'quxxx')
|
|
assert_equal('bar', c['default']['foo'])
|
|
assert_equal('quxxx', c['default']['baz'])
|
|
# add section and key
|
|
c.add_value('section', 'foo', 'bar')
|
|
assert_equal('bar', c['default']['foo'])
|
|
assert_equal('quxxx', c['default']['baz'])
|
|
assert_equal('bar', c['section']['foo'])
|
|
end
|
|
|
|
def test_aset
|
|
@it['foo'] = {'bar' => 'baz'}
|
|
assert_equal({'bar' => 'baz'}, @it['foo'])
|
|
@it['foo'] = {'bar' => 'qux', 'baz' => 'quxx'}
|
|
assert_equal({'bar' => 'qux', 'baz' => 'quxx'}, @it['foo'])
|
|
|
|
# OpenSSL::Config is add only for now.
|
|
@it['foo'] = {'foo' => 'foo'}
|
|
assert_equal({'foo' => 'foo', 'bar' => 'qux', 'baz' => 'quxx'}, @it['foo'])
|
|
# you cannot override or remove any section and key.
|
|
@it['foo'] = {}
|
|
assert_equal({'foo' => 'foo', 'bar' => 'qux', 'baz' => 'quxx'}, @it['foo'])
|
|
end
|
|
|
|
def test_each
|
|
# each returns [section, key, value] array.
|
|
ary = @it.map { |e| e }.sort { |a, b| a[0] <=> b[0] }
|
|
assert_equal(4, ary.size)
|
|
assert_equal('CA_default', ary[0][0])
|
|
assert_equal('CA_default', ary[1][0])
|
|
assert_equal(["ca", "default_ca", "CA_default"], ary[2])
|
|
assert_equal(["default", "HOME", "."], ary[3])
|
|
end
|
|
|
|
def test_to_s
|
|
c = OpenSSL::Config.parse("[empty]\n")
|
|
assert_equal("[ default ]\n\n[ empty ]\n\n", c.to_s)
|
|
end
|
|
|
|
def test_inspect
|
|
assert_match(/#<OpenSSL::Config sections=\[.*\]>/, @it.inspect)
|
|
end
|
|
|
|
def test_freeze
|
|
c = OpenSSL::Config.new
|
|
c['foo'] = [['key', 'value']]
|
|
c.freeze
|
|
|
|
bug = '[ruby-core:18377]'
|
|
# RuntimeError for 1.9, TypeError for 1.8
|
|
e = assert_raise(TypeError, bug) do
|
|
c['foo'] = [['key', 'wrong']]
|
|
end
|
|
assert_match(/can't modify/, e.message, bug)
|
|
end
|
|
|
|
def test_dup
|
|
assert(!@it.sections.empty?)
|
|
c = @it.dup
|
|
assert_equal(@it.sections.sort, c.sections.sort)
|
|
@it['newsection'] = {'a' => 'b'}
|
|
assert_not_equal(@it.sections.sort, c.sections.sort)
|
|
end
|
|
|
|
def test_clone
|
|
assert(!@it.sections.empty?)
|
|
c = @it.clone
|
|
assert_equal(@it.sections.sort, c.sections.sort)
|
|
@it['newsection'] = {'a' => 'b'}
|
|
assert_not_equal(@it.sections.sort, c.sections.sort)
|
|
end
|
|
end
|
|
|
|
end
|