ruby-changes:43954
From: rhe <ko1@a...>
Date: Mon, 29 Aug 2016 14:47:21 +0900 (JST)
Subject: [ruby-changes:43954] rhe:r56027 (trunk): import Ruby/OpenSSL 2.0.0.beta.1
rhe 2016-08-29 14:47:09 +0900 (Mon, 29 Aug 2016) New Revision: 56027 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=56027 Log: import Ruby/OpenSSL 2.0.0.beta.1 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] Added files: trunk/ext/openssl/openssl.gemspec trunk/test/openssl/test_pkey.rb trunk/test/openssl/ut_eof.rb Removed files: trunk/test/openssl/test_partial_record_read.rb Modified files: trunk/NEWS trunk/ext/openssl/extconf.rb trunk/ext/openssl/lib/openssl/cipher.rb trunk/ext/openssl/lib/openssl/digest.rb trunk/ext/openssl/lib/openssl/pkey.rb trunk/ext/openssl/lib/openssl/ssl.rb trunk/ext/openssl/openssl_missing.c trunk/ext/openssl/openssl_missing.h trunk/ext/openssl/ossl.c trunk/ext/openssl/ossl.h trunk/ext/openssl/ossl_asn1.c trunk/ext/openssl/ossl_asn1.h trunk/ext/openssl/ossl_bio.c trunk/ext/openssl/ossl_bn.c trunk/ext/openssl/ossl_cipher.c trunk/ext/openssl/ossl_config.c trunk/ext/openssl/ossl_config.h trunk/ext/openssl/ossl_digest.c trunk/ext/openssl/ossl_engine.c trunk/ext/openssl/ossl_hmac.c trunk/ext/openssl/ossl_ns_spki.c trunk/ext/openssl/ossl_ocsp.c trunk/ext/openssl/ossl_pkcs12.c trunk/ext/openssl/ossl_pkcs5.c trunk/ext/openssl/ossl_pkcs7.c trunk/ext/openssl/ossl_pkey.c trunk/ext/openssl/ossl_pkey.h trunk/ext/openssl/ossl_pkey_dh.c trunk/ext/openssl/ossl_pkey_dsa.c trunk/ext/openssl/ossl_pkey_ec.c trunk/ext/openssl/ossl_pkey_rsa.c trunk/ext/openssl/ossl_rand.c trunk/ext/openssl/ossl_ssl.c trunk/ext/openssl/ossl_ssl_session.c trunk/ext/openssl/ossl_version.h trunk/ext/openssl/ossl_x509.c trunk/ext/openssl/ossl_x509.h trunk/ext/openssl/ossl_x509attr.c trunk/ext/openssl/ossl_x509cert.c trunk/ext/openssl/ossl_x509crl.c trunk/ext/openssl/ossl_x509ext.c trunk/ext/openssl/ossl_x509name.c trunk/ext/openssl/ossl_x509req.c trunk/ext/openssl/ossl_x509revoked.c trunk/ext/openssl/ossl_x509store.c trunk/sample/openssl/cipher.rb trunk/test/openssl/test_cipher.rb trunk/test/openssl/test_config.rb trunk/test/openssl/test_engine.rb trunk/test/openssl/test_ocsp.rb trunk/test/openssl/test_pair.rb trunk/test/openssl/test_pkcs12.rb trunk/test/openssl/test_pkey_dh.rb trunk/test/openssl/test_pkey_dsa.rb trunk/test/openssl/test_pkey_ec.rb trunk/test/openssl/test_pkey_rsa.rb trunk/test/openssl/test_ssl.rb trunk/test/openssl/test_ssl_session.rb trunk/test/openssl/test_x509attr.rb trunk/test/openssl/test_x509crl.rb trunk/test/openssl/test_x509ext.rb trunk/test/openssl/test_x509name.rb trunk/test/openssl/test_x509req.rb trunk/test/openssl/test_x509store.rb trunk/test/openssl/utils.rb Index: NEWS =================================================================== --- NEWS (revision 56026) +++ NEWS (revision 56027) @@ -123,6 +123,12 @@ with all sufficient information, see the https://github.com/ruby/ruby/blob/trunk/NEWS#L123 * Add an into option. [Feature #11191] +* OpenSSL + + * OpenSSL is extracted as a gem and the upstream has been migrated to + https://github.com/ruby/openssl. OpenSSL still remains as a default gem. + Refer to its History.md for the full release note. [Feature #9612] + === Compatibility issues (excluding feature bug fixes) * Array#sum and Enumerable#sum are implemented. [Feature #12217] Index: test/openssl/test_partial_record_read.rb =================================================================== --- test/openssl/test_partial_record_read.rb (revision 56026) +++ test/openssl/test_partial_record_read.rb (revision 56027) @@ -1,35 +0,0 @@ https://github.com/ruby/ruby/blob/trunk/test/openssl/test_partial_record_read.rb#L0 -# frozen_string_literal: false -require_relative "utils" - -if defined?(OpenSSL::TestUtils) - - class OpenSSL::TestPartialRecordRead < OpenSSL::SSLTestCase - def test_partial_tls_record_read_nonblock - start_server(OpenSSL::SSL::VERIFY_NONE, true, :server_proc => - Proc.new do |server_ctx, server_ssl| - begin - server_ssl.io.write("\x01") # the beginning of a TLS record - sleep 6 # do not finish prematurely before the read by the client is attempted - ensure - server_ssl.close - end - end - ) do |server, port| - sock = TCPSocket.new("127.0.0.1", port) - ssl = OpenSSL::SSL::SSLSocket.new(sock) - ssl.sync_close = true - begin - ssl.connect - sleep 3 # wait is required for the (incomplete) TLS record to arrive at the client socket - - # Should raise a IO::WaitReadable since a full TLS record is not available for reading. - assert_raise(IO::WaitReadable) { ssl.read_nonblock(1) } - ensure - ssl.close - end - end - end - - end - -end Index: test/openssl/test_pkey_dsa.rb =================================================================== --- test/openssl/test_pkey_dsa.rb (revision 56026) +++ test/openssl/test_pkey_dsa.rb (revision 56027) @@ -4,7 +4,9 @@ require 'base64' https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_dsa.rb#L4 if defined?(OpenSSL::TestUtils) -class OpenSSL::TestPKeyDSA < OpenSSL::TestCase +class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase + DSA512 = OpenSSL::TestUtils::TEST_KEY_DSA512 + def test_private key = OpenSSL::PKey::DSA.new(256) assert(key.private?) @@ -20,6 +22,11 @@ class OpenSSL::TestPKeyDSA < OpenSSL::Te https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_dsa.rb#L22 key = OpenSSL::PKey::DSA.new 256 pem = key.public_key.to_pem OpenSSL::PKey::DSA.new pem + if $0 == __FILE__ + assert_nothing_raised { + key = OpenSSL::PKey::DSA.new 2048 + } + end end def test_new_break @@ -37,55 +44,102 @@ class OpenSSL::TestPKeyDSA < OpenSSL::Te https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_dsa.rb#L44 assert(key.sysverify(digest, sig)) end - def test_sign_verify - check_sign_verify(OpenSSL::Digest::DSS1.new) - end if defined?(OpenSSL::Digest::DSS1) + def test_DSAPrivateKey + # OpenSSL DSAPrivateKey format; similar to RSAPrivateKey + asn1 = OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::Integer(0), + OpenSSL::ASN1::Integer(DSA512.p), + OpenSSL::ASN1::Integer(DSA512.q), + OpenSSL::ASN1::Integer(DSA512.g), + OpenSSL::ASN1::Integer(DSA512.pub_key), + OpenSSL::ASN1::Integer(DSA512.priv_key) + ]) + key = OpenSSL::PKey::DSA.new(asn1.to_der) + assert_predicate key, :private? + assert_same_dsa DSA512, key + + pem = <<~EOF + -----BEGIN DSA PRIVATE KEY----- + MIH4AgEAAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgTYiEEHaOYhkIxv0Ok + RZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB4DZGH7UyarcaGy6D + AkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqoji3/lHdKoVdTQNuR + S/m6DlCwhjRjiQ/lBRgCLCcaAkEAjN891JBjzpMj4bWgsACmMggFf57DS0Ti+5++ + Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S + 55jreJD3Se3slps= + -----END DSA PRIVATE KEY----- + EOF + key = OpenSSL::PKey::DSA.new(pem) + assert_same_dsa DSA512, key -if (OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000) - def test_sign_verify_sha1 - check_sign_verify(OpenSSL::Digest::SHA1.new) + assert_equal asn1.to_der, DSA512.to_der + assert_equal pem, DSA512.export end - def test_sign_verify_sha256 - check_sign_verify(OpenSSL::Digest::SHA256.new) - end -end + def test_DSAPrivateKey_encrypted + # key = abcdef + pem = <<~EOF + -----BEGIN DSA PRIVATE KEY----- + Proc-Type: 4,ENCRYPTED + DEK-Info: AES-128-CBC,F8BB7BFC7EAB9118AC2E3DA16C8DB1D9 + + D2sIzsM9MLXBtlF4RW42u2GB9gX3HQ3prtVIjWPLaKBYoToRUiv8WKsjptfZuLSB + 74ZPdMS7VITM+W1HIxo/tjS80348Cwc9ou8H/E6WGat8ZUk/igLOUEII+coQS6qw + QpuLMcCIavevX0gjdjEIkojBB81TYDofA1Bp1z1zDI/2Zhw822xapI79ZF7Rmywt + OSyWzFaGipgDpdFsGzvT6//z0jMr0AuJVcZ0VJ5lyPGQZAeVBlbYEI4T72cC5Cz7 + XvLiaUtum6/sASD2PQqdDNpgx/WA6Vs1Po2kIUQIM5TIwyJI0GdykZcYm6xIK/ta + Wgx6c8K+qBAIVrilw3EWxw== + -----END DSA PRIVATE KEY----- + EOF + key = OpenSSL::PKey::DSA.new(pem, "abcdef") + assert_same_dsa DSA512, key + key = OpenSSL::PKey::DSA.new(pem) { "abcdef" } + assert_same_dsa DSA512, key + + cipher = OpenSSL::Cipher.new("aes-128-cbc") + exported = DSA512.to_pem(cipher, "abcdef\0\1") + assert_same_dsa DSA512, OpenSSL::PKey::DSA.new(exported, "abcdef\0\1") + assert_raise(OpenSSL::PKey::DSAError) { + OpenSSL::PKey::DSA.new(exported, "abcdef") + } + end + + def test_PUBKEY + asn1 = OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::ObjectId("DSA"), + OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::Integer(DSA512.p), + OpenSSL::ASN1::Integer(DSA512.q), + OpenSSL::ASN1::Integer(DSA512.g) + ]) + ]), + OpenSSL::ASN1::BitString( + OpenSSL::ASN1::Integer(DSA512.pub_key).to_der + ) + ]) + key = OpenSSL::PKey::DSA.new(asn1.to_der) + assert_not_predicate key, :private? + assert_same_dsa dup_public(DSA512), key + + pem = <<~EOF + -----BEGIN PUBLIC KEY----- + MIHxMIGoBgcqhkjOOAQBMIGcAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgT + YiEEHaOYhkIxv0OkRZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB + 4DZGH7UyarcaGy6DAkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqo + ji3/lHdKoVdTQNuRS/m6DlCwhjRjiQ/lBRgCLCcaA0QAAkEAjN891JBjzpMj4bWg + sACmMggFf57DS0Ti+5++Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxX + oXi9OA== + -----END PUBLIC KEY----- + EOF + key = OpenSSL::PKey::DSA.new(pem) + assert_same_dsa dup_public(DSA512), key - def test_digest_state_irrelevant_verify - key = OpenSSL::TestUtils::TEST_KEY_DSA256 - digest1 = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new - digest2 = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new - data = 'Sign me!' - sig = key.sign(digest1, data) - digest1.reset - digest1 << 'Change state of digest1' - assert(key.verify(digest1, sig, data)) - assert(key.verify(digest2, sig, data)) - end - - def test_read_DSA_PUBKEY - p = 7188211954100152441468596248707152960171255279130004340103875772401008316444412091945435731597638374542374929457672178957081124632837356913990200866056699 - q = 957032439192465935099784319494405376402293318491 - g = 122928973717064636255205666162891733518376475981809749897454444301389338825906076467196186192907631719698166056821519884939865041993585844526937010746285 - y = 1235756183583465414789073313502727057075641172514181938731172021825149551960029708596057102104063395063907739571546165975727369183495540798749742124846271 - algo = OpenSSL::ASN1::ObjectId.new('DSA') - params = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(p), - OpenSSL::ASN1::Integer.new(q), - OpenSSL::ASN1::Integer.new(g)]) - algo_id = OpenSSL::ASN1::Sequence.new ([algo, params]) - pub_key = OpenSSL::ASN1::Integer.new(y) - seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)]) - key = OpenSSL::PKey::DSA.new(seq.to_der) - assert(key.public?) - assert(!key.private?) - assert_equal(p, key.p) - assert_equal(q, key.q) - assert_equal(g, key.g) - assert_equal(y, key.pub_key) - assert_equal(nil, key.priv_key) + assert_equal asn1.to_der, dup_public(DSA512).to_der + assert_equal pem, dup_public(DSA512).export end def test_read_DSAPublicKey_pem + # TODO: where is the standard? PKey::DSA.new can read only PEM p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699 q = 979494906553787301107832405790107343409973851677 g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845 @@ -109,127 +163,6 @@ fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmB https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_dsa.rb#L163 assert_equal(nil, key.priv_key) end - def test_read_DSA_PUBKEY_pem - p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699 - q = 979494906553787301107832405790107343409973851677 - g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845 - y = 10505239074982761504240823422422813362721498896040719759460296306305851824586095328615844661273887569281276387605297130014564808567159023649684010036304695 - pem = <<-EOF ------BEGIN PUBLIC KEY----- -MIHxMIGoBgcqhkjOOAQBMIGcAkEA6hXntfQXEo78+s1r8yShbOQIpX+HOESnTNsV -2yJzD6EiMntLpJ38WUOWjz0dBnYW69YnrAYszWPTSvf34XapswIVAKuSEhdIb6Kz -fuHPUhoF4S52MHYdAkBHQCWhq8G+2yeDyhuyMtvsQqcH6lJ4ev8F0hDdUft9Ys6q -qTMV5GtgwPNSmXfpeS1jpirwQliVb2kIyYFU3L91A0QAAkEAyJSJ+g+P/knVcgDw -wTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4VUC/phySExY0PdcqItkR/xYA -YNMbNw== ------END PUBLIC KEY----- - EOF - key = OpenSSL::PKey::DSA.new(pem) - assert(key.public?) - assert(!key.private?) - assert_equal(p, key.p) - assert_equal(q, key.q) - assert_equal(g, key.g) - assert_equal(y, key.pub_key) - assert_equal(nil, key.priv_key) - end - - def test_export_format_is_DSA_PUBKEY_pem - key = OpenSSL::TestUtils::TEST_KEY_DSA256 - pem = key.public_key.to_pem - pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...------- - asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem)) - assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag) - assert_equal(2, asn1.value.size) - seq = asn1.value - assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag) - assert_equal(2, seq[0].value.size) - algo_id = seq[0].value - assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag) - assert_equal('DSA', algo_id[0].value) - assert_equal(OpenSSL::ASN1::SEQUENCE, algo_id[1].tag) - assert_equal(3, algo_id[1].value.size) - params = algo_id[1].value - assert_equal(OpenSSL::ASN1::INTEGER, params[0].tag) - assert_equal(key.p, params[0].value) - assert_equal(OpenSSL::ASN1::INTEGER, params[1].tag) - assert_equal(key.q, params[1].value) - assert_equal(OpenSSL::ASN1::INTEGER, params[2].tag) - assert_equal(key.g, params[2].value) - assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag) - assert_equal(0, seq[1].unused_bits) - pub_key = OpenSSL::ASN1.decode(seq[1].value) - assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag) - assert_equal(key.pub_key, pub_key.value) - end - - def test_read_private_key_der - key = OpenSSL::TestUtils::TEST_KEY_DSA256 - der = key.to_der - key2 = OpenSSL::PKey.read(der) - assert(key2.private?) - assert_equal(der, key2.to_der) - end - - def test_read_private_key_pem - key = OpenSSL::TestUtils::TEST_KEY_DSA256 - pem = key.to_pem - key2 = OpenSSL::PKey.read(pem) - assert(key2.private?) - assert_equal(pem, key2.to_pem) - end - - def test_read_public_key_der - key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key - der = key.to_der - key2 = OpenSSL::PKey.read(der) - assert(!key2.private?) - assert_equal(der, key2.to_der) - end - - def test_read_public_key_pem - key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key - pem = key.to_pem - key2 = OpenSSL::PKey.read(pem) - assert(!key2.private?) - assert_equal(pem, key2.to_pem) - end - - def test_read_private_key_pem_pw - key = OpenSSL::TestUtils::TEST_KEY_DSA256 - pem = key.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret') - #callback form for password - key2 = OpenSSL::PKey.read(pem) do - 'secret' - end - assert(key2.private?) - # pass password directly - key2 = OpenSSL::PKey.read(pem, 'secret') - assert(key2.private?) - #omit pem equality check, will be different due to cipher iv - end - - def test_export_password_length - key = OpenSSL::TestUtils::TEST_KEY_DSA256 - assert_raise(OpenSSL::OpenSSLError) do - key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec') - end - pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr') - assert(pem) - end - - def test_export_password_funny - key = OpenSSL::TestUtils::TEST_KEY_DSA256 - pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), "pass\0wd") - assert_raise(ArgumentError) do - OpenSSL::PKey.read(pem, "pass") - end - key2 = OpenSSL::PKey.read(pem, "pass\0wd") - assert(key2.private?) - key3 = OpenSSL::PKey::DSA.new(pem, "pass\0wd") - assert(key3.private?) - end - def test_dup key = OpenSSL::PKey::DSA.new(256) key2 = key.dup @@ -239,12 +172,8 @@ YNMbNw== https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_dsa.rb#L172 end private - - def check_sign_verify(digest) - key = OpenSSL::TestUtils::TEST_KEY_DSA256 - data = 'Sign me!' - sig = key.sign(digest, data) - assert(key.verify(digest, sig, data)) + def assert_same_dsa(expected, key) + check_component(expected, key, [:p, :q, :g, :pub_key, :priv_key]) end end Index: test/openssl/utils.rb =================================================================== --- test/openssl/utils.rb (revision 56026) +++ test/openssl/utils.rb (revision 56027) @@ -8,11 +8,13 @@ begin https://github.com/ruby/ruby/blob/trunk/test/openssl/utils.rb#L8 OpenSSL.fips_mode=false rescue LoadError end + require "test/unit" require "digest/md5" require 'tempfile' require "rbconfig" require "socket" +require "envutil" module OpenSSL::TestUtils TEST_KEY_RSA1024 = OpenSSL::PKey::RSA.new <<-_end_of_pem_ @@ -260,7 +262,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOP https://github.com/ruby/ruby/blob/trunk/test/openssl/utils.rb#L262 return end ssl = ssls.accept - rescue OpenSSL::SSL::SSLError + rescue OpenSSL::SSL::SSLError, Errno::ECONNRESET if ignore_listener_error retry else @@ -348,5 +350,39 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOP https://github.com/ruby/ruby/blob/trunk/test/openssl/utils.rb#L350 end end + class OpenSSL::PKeyTestCase < OpenSSL::TestCase + def check_component(base, test, keys) + keys.each { |comp| + assert_equal base.send(comp), test.send(comp) + } + end + + def dup_public(key) + case key + when OpenSSL::PKey::RSA + rsa = OpenSSL::PKey::RSA.new + rsa.set_key(key.n, key.e, nil) + rsa + when OpenSSL::PKey::DSA + dsa = OpenSSL::PKey::DSA.new + dsa.set_pqg(key.p, key.q, key.g) + dsa.set_key(key.pub_key, nil) + dsa + when OpenSSL::PKey::DH + dh = OpenSSL::PKey::DH.new + dh.set_pqg(key.p, nil, key.g) + dh + else + if defined?(OpenSSL::PKey::EC) && OpenSSL::PKey::EC === key + ec = OpenSSL::PKey::EC.new(key.group) + ec.public_key = key.public_key + ec + else + raise "unknown key type" + end + end + end + end + end if defined?(OpenSSL::OPENSSL_LIBRARY_VERSION) and /\AOpenSSL +0\./ !~ OpenSSL::OPENSSL_LIBRARY_VERSION Index: test/openssl/test_engine.rb =================================================================== --- test/openssl/test_engine.rb (revision 56026) +++ test/openssl/test_engine.rb (revision 56027) @@ -14,7 +14,7 @@ class OpenSSL::TestEngine < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_engine.rb#L14 def test_openssl_engine_builtin with_openssl <<-'end;' orig = OpenSSL::Engine.engines - skip "'openssl' is already loaded" if orig.any? { |e| e.id == "openssl" } + pend "'openssl' is already loaded" if orig.any? { |e| e.id == "openssl" } engine = OpenSSL::Engine.load("openssl") assert_equal(true, engine) assert_equal(1, OpenSSL::Engine.engines.size - orig.size) @@ -24,7 +24,7 @@ class OpenSSL::TestEngine < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_engine.rb#L24 def test_openssl_engine_by_id_string with_openssl <<-'end;' orig = OpenSSL::Engine.engines - skip "'openssl' is already loaded" if orig.any? { |e| e.id == "openssl" } + pend "'openssl' is already loaded" if orig.any? { |e| e.id == "openssl" } engine = get_engine assert_not_nil(engine) assert_equal(1, OpenSSL::Engine.engines.size - orig.size) @@ -72,11 +72,18 @@ class OpenSSL::TestEngine < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_engine.rb#L72 end; end + def test_dup + with_openssl <<-'end;' + engine = get_engine + assert_raise(NoMethodError) { engine.dup } + end; + end + private # this is required because OpenSSL::Engine methods change global state def with_openssl(code) - assert_separately(["-ropenssl"], <<~"end;") + assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;") require #{__FILE__.dump} include OpenSSL::TestEngine::Utils #{code} Index: test/openssl/test_config.rb =================================================================== --- test/openssl/test_config.rb (revision 56026) +++ test/openssl/test_config.rb (revision 56027) @@ -25,7 +25,7 @@ __EOD__ https://github.com/ruby/ruby/blob/trunk/test/openssl/test_config.rb#L25 def test_constants assert(defined?(OpenSSL::Config::DEFAULT_CONFIG_FILE)) config_file = OpenSSL::Config::DEFAULT_CONFIG_FILE - skip "DEFAULT_CONFIG_FILE may return a wrong path on your platforms. [Bug #6830]" unless File.readable?(config_file) + pend "DEFAULT_CONFIG_FILE may return a wrong path on your platforms. [Bug #6830]" unless File.readable?(config_file) assert_nothing_raised do OpenSSL::Config.load(config_file) end Index: test/openssl/test_x509name.rb =================================================================== --- test/openssl/test_x509name.rb (revision 56026) +++ test/openssl/test_x509name.rb (revision 56027) @@ -355,6 +355,11 @@ class OpenSSL::TestX509Name < OpenSSL::T https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509name.rb#L355 expected = (d[0].ord & 0xff) | (d[1].ord & 0xff) << 8 | (d[2].ord & 0xff) << 16 | (d[3].ord & 0xff) << 24 assert_equal(expected, name_hash(name)) end + + def test_dup + name = OpenSSL::X509::Name.parse("/CN=ruby-lang.org") + assert_equal(name.to_der, name.dup.to_der) + end end end Index: test/openssl/test_pkey.rb =================================================================== --- (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/