From 1b515d1c379367f077c57fde39e2cc4fc0269f35 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Tue, 14 Jan 2025 20:42:48 +0900 Subject: [PATCH] [ruby/openssl] ssl: update test_verify_hostname_on_connect for LibreSSL This reverts the change made to this test case in commit https://github.com/ruby/openssl/commit/a0e98d48c91f (Enhance TLS 1.3 support on LibreSSL 3.2/3.3, 2020-12-03). Part of the test case was skipped on LibreSSL because LibreSSL 3.2.2 introduced a stricter check during creation of the extension. The check was then relaxed in LibreSSL 3.4.0. https://github.com/ruby/openssl/commit/187b176ecd --- test/openssl/test_ssl.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 9f1b56c8ec..c9cc7a02e7 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -1075,13 +1075,11 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_verify_hostname_on_connect ctx_proc = proc { |ctx| - san = "DNS:a.example.com,DNS:*.b.example.com" - san += ",DNS:c*.example.com,DNS:d.*.example.com" unless libressl? exts = [ ["keyUsage", "keyEncipherment,digitalSignature", true], - ["subjectAltName", san], + ["subjectAltName", "DNS:a.example.com,DNS:*.b.example.com," \ + "DNS:c*.example.com,DNS:d.*.example.com"], ] - ctx.cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key) ctx.key = @svr_key } @@ -1103,7 +1101,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase ["cx.example.com", true], ["d.x.example.com", false], ].each do |name, expected_ok| - next if name.start_with?('cx') if libressl? begin sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)