1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[ruby/openssl] ssl: update test_options_disable_versions

Browse Source 
Use the combination of TLS 1.2 and TLS 1.3 instead of TLS 1.1 and TLS
1.2 so that will the test case will be run on latest platforms.

https://github.com/ruby/openssl/commit/e168df0f35
This commit is contained in:
Kazuki Yamaguchi 2021-12-12 00:47:35 +09:00
parent 15eefd30ad
commit 2df917ed4f
1 changed files with 43 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
test/openssl/test_ssl.rb
View File

@ -1209,46 +1209,51 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end end
def test_options_disable_versions def test_options_disable_versions
# Note: Use of these OP_* flags has been deprecated since OpenSSL 1.1.0. # It's recommended to use SSLContext#{min,max}_version= instead in real
# applications. The purpose of this test case is to check that SSL options
# are properly propagated to OpenSSL library.
supported = check_supported_protocol_versions supported = check_supported_protocol_versions
if !defined?(OpenSSL::SSL::TLS1_3_VERSION) ||
if supported.include?(OpenSSL::SSL::TLS1_1_VERSION) && !supported.include?(OpenSSL::SSL::TLS1_2_VERSION) ||
supported.include?(OpenSSL::SSL::TLS1_2_VERSION) !supported.include?(OpenSSL::SSL::TLS1_3_VERSION) ||
# Server disables ~ TLS 1.1 !defined?(OpenSSL::SSL::OP_NO_TLSv1_3) # LibreSSL < 3.4
ctx_proc = proc { |ctx| pend "this test case requires both TLS 1.2 and TLS 1.3 to be supported " \
ctx.options |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3 | "and enabled by default"
OpenSSL::SSL::OP_NO_TLSv1 | OpenSSL::SSL::OP_NO_TLSv1_1
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port|
# Client only supports TLS 1.1
ctx1 = OpenSSL::SSL::SSLContext.new
ctx1.min_version = ctx1.max_version = OpenSSL::SSL::TLS1_1_VERSION
assert_handshake_error { server_connect(port, ctx1) { } }
# Client only supports TLS 1.2
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.min_version = ctx2.max_version = OpenSSL::SSL::TLS1_2_VERSION
assert_nothing_raised { server_connect(port, ctx2) { } }
}
# Server only supports TLS 1.1
ctx_proc = proc { |ctx|
ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_1_VERSION
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port|
# Client disables TLS 1.1
ctx1 = OpenSSL::SSL::SSLContext.new
ctx1.options |= OpenSSL::SSL::OP_NO_TLSv1_1
assert_handshake_error { server_connect(port, ctx1) { } }
# Client disables TLS 1.2
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.options |= OpenSSL::SSL::OP_NO_TLSv1_2
assert_nothing_raised { server_connect(port, ctx2) { } }
}
else
pend "TLS 1.1 and TLS 1.2 must be supported; skipping"
end end
# Server disables TLS 1.2 and earlier
ctx_proc = proc { |ctx|
ctx.options |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3 |
OpenSSL::SSL::OP_NO_TLSv1 | OpenSSL::SSL::OP_NO_TLSv1_1 |
OpenSSL::SSL::OP_NO_TLSv1_2
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port|
# Client only supports TLS 1.2
ctx1 = OpenSSL::SSL::SSLContext.new
ctx1.min_version = ctx1.max_version = OpenSSL::SSL::TLS1_2_VERSION
assert_handshake_error { server_connect(port, ctx1) { } }
# Client only supports TLS 1.3
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.min_version = ctx2.max_version = OpenSSL::SSL::TLS1_3_VERSION
assert_nothing_raised { server_connect(port, ctx2) { } }
}
# Server only supports TLS 1.2
ctx_proc = proc { |ctx|
ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
}
start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port|
# Client doesn't support TLS 1.2
ctx1 = OpenSSL::SSL::SSLContext.new
ctx1.options |= OpenSSL::SSL::OP_NO_TLSv1_2
assert_handshake_error { server_connect(port, ctx1) { } }
# Client supports TLS 1.2 by default
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.options |= OpenSSL::SSL::OP_NO_TLSv1_3
assert_nothing_raised { server_connect(port, ctx2) { } }
}
end end
def test_ssl_methods_constant def test_ssl_methods_constant