[ruby/openssl] ssl: prefer SSLContext#max_version= in tests

Avoid using the deprecated OpenSSL::SSL::SSLContext#ssl_version= outside the tests specifically written for it. https://github.com/ruby/openssl/commit/93a564dec2
2025-02-06 23:48:26 +09:00 · 2025-02-06 23:48:26 +09:00 · 581dbcec79
commit 581dbcec79
parent 64a98decf2
2 changed files with 14 additions and 12 deletions
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@ -645,7 +645,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase

  def test_post_connect_check_with_anon_ciphers
    ctx_proc = -> ctx {
-      ctx.ssl_version = :TLSv1_2
+      ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
      ctx.ciphers = "aNULL"
      ctx.tmp_dh = Fixtures.pkey("dh-1")
      ctx.security_level = 0
@ -653,7 +653,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase

    start_server(ctx_proc: ctx_proc) { |port|
      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.ssl_version = :TLSv1_2
+      ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
      ctx.ciphers = "aNULL"
      ctx.security_level = 0
      server_connect(port, ctx) { |ssl|
@ -1688,12 +1688,12 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
  def test_get_ephemeral_key
    # kRSA
    ctx_proc1 = proc { |ctx|
-      ctx.ssl_version = :TLSv1_2
+      ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
      ctx.ciphers = "kRSA"
    }
    start_server(ctx_proc: ctx_proc1, ignore_listener_error: true) do |port|
      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.ssl_version = :TLSv1_2
+      ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
      ctx.ciphers = "kRSA"
      begin
        server_connect(port, ctx) { |ssl| assert_nil ssl.tmp_key }
@ -1704,15 +1704,15 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
    end

    # DHE
-    # TODO: How to test this with TLS 1.3?
+    # TODO: SSL_CTX_set1_groups() is required for testing this with TLS 1.3
    ctx_proc2 = proc { |ctx|
-      ctx.ssl_version = :TLSv1_2
+      ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
      ctx.ciphers = "EDH"
      ctx.tmp_dh = Fixtures.pkey("dh-1")
    }
    start_server(ctx_proc: ctx_proc2) do |port|
      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.ssl_version = :TLSv1_2
+      ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
      ctx.ciphers = "EDH"
      server_connect(port, ctx) { |ssl|
        assert_instance_of OpenSSL::PKey::DH, ssl.tmp_key
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@ -5,7 +5,9 @@ if defined?(OpenSSL::SSL)

 class OpenSSL::TestSSLSession < OpenSSL::SSLTestCase
  def test_session
-    ctx_proc = proc { |ctx| ctx.ssl_version = :TLSv1_2 }
+    ctx_proc = proc { |ctx|
+      ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+    }
    start_server(ctx_proc: ctx_proc) do |port|
      server_connect_with_session(port, nil, nil) { |ssl|
        session = ssl.session
@ -143,7 +145,7 @@ __EOS__

  def test_server_session_cache
    ctx_proc = Proc.new do |ctx|
-      ctx.ssl_version = :TLSv1_2
+      ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
      ctx.options |= OpenSSL::SSL::OP_NO_TICKET
    end

@ -197,7 +199,7 @@ __EOS__
      10.times do |i|
        connections = i
        cctx = OpenSSL::SSL::SSLContext.new
-        cctx.ssl_version = :TLSv1_2
+        cctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
        server_connect_with_session(port, cctx, first_session) { |ssl|
          ssl.puts("abc"); assert_equal "abc\n", ssl.gets
          first_session ||= ssl.session
@ -299,11 +301,11 @@ __EOS__
    connections = nil
    called = {}
    cctx = OpenSSL::SSL::SSLContext.new
-    cctx.ssl_version = :TLSv1_2
+    cctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
    sctx = nil
    ctx_proc = Proc.new { |ctx|
      sctx = ctx
-      ctx.ssl_version = :TLSv1_2
+      ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
      ctx.options |= OpenSSL::SSL::OP_NO_TICKET

      # get_cb is called whenever a client proposed to resume a session but