ruby-changes:52919
From: nagachika <ko1@a...>
Date: Thu, 18 Oct 2018 00:27:00 +0900 (JST)
Subject: [ruby-changes:52919] nagachika:r65132 (ruby_2_5): Import Ruby/OpenSSL 2.1.2.
nagachika 2018-10-18 00:26:54 +0900 (Thu, 18 Oct 2018) New Revision: 65132 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=65132 Log: Import Ruby/OpenSSL 2.1.2. Original patches are written by rhe. Changes since v2.1.1 can be found at the upstream GitHub repository: https://github.com/ruby/openssl/compare/v2.1.1..v2.1.2 Kazuki Yamaguchi (9): pkey: resume key generation after interrupt tool/ruby-openssl-docker: update to latest versions test/test_ssl: fix test failure with TLS 1.3 test/test_x509name: change script encoding to ASCII-8BIT x509name: refactor OpenSSL::X509::Name#to_s x509name: fix handling of X509_NAME_{oneline,print_ex}() return value x509name: fix OpenSSL::X509::Name#{cmp,<=>} Ruby/OpenSSL 2.0.9 Ruby/OpenSSL 2.1.2 nobu (6): no ID cache in Init functions search winsock libraries explicitly openssl: search winsock openssl_missing.h: constified reduce LibreSSL warnings needs openssl/opensslv.h Modified files: branches/ruby_2_5/ext/openssl/History.md branches/ruby_2_5/ext/openssl/extconf.rb branches/ruby_2_5/ext/openssl/openssl.gemspec branches/ruby_2_5/ext/openssl/openssl_missing.h branches/ruby_2_5/ext/openssl/ossl.c branches/ruby_2_5/ext/openssl/ossl_asn1.c branches/ruby_2_5/ext/openssl/ossl_pkcs12.c branches/ruby_2_5/ext/openssl/ossl_pkcs7.c branches/ruby_2_5/ext/openssl/ossl_pkey.c branches/ruby_2_5/ext/openssl/ossl_pkey.h branches/ruby_2_5/ext/openssl/ossl_pkey_ec.c branches/ruby_2_5/ext/openssl/ossl_version.h branches/ruby_2_5/ext/openssl/ossl_x509ext.c branches/ruby_2_5/ext/openssl/ossl_x509name.c branches/ruby_2_5/ext/openssl/ossl_x509store.c branches/ruby_2_5/test/openssl/test_ssl.rb branches/ruby_2_5/test/openssl/test_ssl_session.rb branches/ruby_2_5/test/openssl/test_x509name.rb branches/ruby_2_5/version.h Index: ruby_2_5/ext/openssl/ossl_asn1.c =================================================================== --- ruby_2_5/ext/openssl/ossl_asn1.c (revision 65131) +++ ruby_2_5/ext/openssl/ossl_asn1.c (revision 65132) @@ -1360,6 +1360,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfConte https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_asn1.c#L1360 void Init_ossl_asn1(void) { +#undef rb_intern VALUE ary; int i; Index: ruby_2_5/ext/openssl/ossl_pkcs12.c =================================================================== --- ruby_2_5/ext/openssl/ossl_pkcs12.c (revision 65131) +++ ruby_2_5/ext/openssl/ossl_pkcs12.c (revision 65132) @@ -232,6 +232,7 @@ ossl_pkcs12_to_der(VALUE self) https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_pkcs12.c#L232 void Init_ossl_pkcs12(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); Index: ruby_2_5/ext/openssl/ossl_x509name.c =================================================================== --- ruby_2_5/ext/openssl/ossl_x509name.c (revision 65131) +++ ruby_2_5/ext/openssl/ossl_x509name.c (revision 65132) @@ -250,14 +250,12 @@ ossl_x509name_to_s_old(VALUE self) https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_x509name.c#L250 { X509_NAME *name; char *buf; - VALUE str; GetX509Name(self, name); buf = X509_NAME_oneline(name, NULL, 0); - str = rb_str_new2(buf); - OPENSSL_free(buf); - - return str; + if (!buf) + ossl_raise(eX509NameError, "X509_NAME_oneline"); + return ossl_buf2str(buf, rb_long2int(strlen(buf))); } static VALUE @@ -265,12 +263,14 @@ x509name_print(VALUE self, unsigned long https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_x509name.c#L263 { X509_NAME *name; BIO *out; + int ret; GetX509Name(self, name); out = BIO_new(BIO_s_mem()); if (!out) ossl_raise(eX509NameError, NULL); - if (!X509_NAME_print_ex(out, name, 0, iflag)) { + ret = X509_NAME_print_ex(out, name, 0, iflag); + if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) { BIO_free(out); ossl_raise(eX509NameError, "X509_NAME_print_ex"); } @@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE othe https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_x509name.c#L400 result = ossl_x509name_cmp0(self, other); if (result < 0) return INT2FIX(-1); - if (result > 1) return INT2FIX(1); + if (result > 0) return INT2FIX(1); return INT2FIX(0); } @@ -502,6 +502,7 @@ ossl_x509name_to_der(VALUE self) https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_x509name.c#L502 void Init_ossl_x509name(void) { +#undef rb_intern VALUE utf8str, ptrstr, ia5str, hash; #if 0 Index: ruby_2_5/ext/openssl/ossl_pkey.c =================================================================== --- ruby_2_5/ext/openssl/ossl_pkey.c (revision 65131) +++ ruby_2_5/ext/openssl/ossl_pkey.c (revision 65132) @@ -20,6 +20,21 @@ static ID id_private_q; https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_pkey.c#L20 /* * callback for generating keys */ +static VALUE +call_check_ints0(VALUE arg) +{ + rb_thread_check_ints(); + return Qnil; +} + +static void * +call_check_ints(void *arg) +{ + int state; + rb_protect(call_check_ints0, Qnil, &state); + return (void *)(VALUE)state; +} + int ossl_generate_cb_2(int p, int n, BN_GENCB *cb) { @@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENC https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_pkey.c#L53 */ rb_protect(rb_yield, ary, &state); if (state) { - arg->stop = 1; arg->state = state; + return 0; + } + } + if (arg->interrupted) { + arg->interrupted = 0; + state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL); + if (state) { + arg->state = state; + return 0; } } - if (arg->stop) return 0; return 1; } @@ -50,7 +72,7 @@ void https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_pkey.c#L72 ossl_generate_cb_stop(void *ptr) { struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr; - arg->stop = 1; + arg->interrupted = 1; } static void @@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE diges https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_pkey.c#L411 void Init_ossl_pkey(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); Index: ruby_2_5/ext/openssl/ossl_pkey.h =================================================================== --- ruby_2_5/ext/openssl/ossl_pkey.h (revision 65131) +++ ruby_2_5/ext/openssl/ossl_pkey.h (revision 65132) @@ -37,7 +37,7 @@ extern const rb_data_type_t ossl_evp_pke https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_pkey.h#L37 struct ossl_generate_cb_arg { int yield; - int stop; + int interrupted; int state; }; int ossl_generate_cb_2(int p, int n, BN_GENCB *cb); Index: ruby_2_5/ext/openssl/ossl_pkey_ec.c =================================================================== --- ruby_2_5/ext/openssl/ossl_pkey_ec.c (revision 65131) +++ ruby_2_5/ext/openssl/ossl_pkey_ec.c (revision 65132) @@ -1649,6 +1649,7 @@ static VALUE ossl_ec_point_mul(int argc, https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_pkey_ec.c#L1649 void Init_ossl_ec(void) { +#undef rb_intern #if 0 mPKey = rb_define_module_under(mOSSL, "PKey"); cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject); Index: ruby_2_5/ext/openssl/ossl.c =================================================================== --- ruby_2_5/ext/openssl/ossl.c (revision 65131) +++ ruby_2_5/ext/openssl/ossl.c (revision 65132) @@ -1099,6 +1099,7 @@ static void Init_ossl_locks(void) https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl.c#L1099 void Init_openssl(void) { +#undef rb_intern /* * Init timezone info */ Index: ruby_2_5/ext/openssl/openssl_missing.h =================================================================== --- ruby_2_5/ext/openssl/openssl_missing.h (revision 65131) +++ ruby_2_5/ext/openssl/openssl_missing.h (revision 65132) @@ -149,7 +149,7 @@ void ossl_X509_REQ_get0_signature(const https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/openssl_missing.h#L149 static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \ return pkey->pkey._name; } #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \ -static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \ +static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \ if (a1) *a1 = obj->a1; \ if (a2) *a2 = obj->a2; } \ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \ @@ -158,7 +158,7 @@ static inline int _type##_set0_##_group( https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/openssl_missing.h#L158 BN_clear_free(obj->a2); obj->a2 = a2; \ return 1; } #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \ -static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \ +static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \ if (a1) *a1 = obj->a1; \ if (a2) *a2 = obj->a2; \ if (a3) *a3 = obj->a3; } \ Index: ruby_2_5/ext/openssl/ossl_x509store.c =================================================================== --- ruby_2_5/ext/openssl/ossl_x509store.c (revision 65131) +++ ruby_2_5/ext/openssl/ossl_x509store.c (revision 65132) @@ -771,6 +771,7 @@ ossl_x509stctx_set_time(VALUE self, VALU https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_x509store.c#L771 void Init_ossl_x509store(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); Index: ruby_2_5/ext/openssl/History.md =================================================================== --- ruby_2_5/ext/openssl/History.md (revision 65131) +++ ruby_2_5/ext/openssl/History.md (revision 65132) @@ -1,3 +1,15 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/History.md#L1 +Version 2.1.2 +============= + +Merged changes in 2.0.9. + + +Version 2.1.1 +============= + +Merged changes in 2.0.8. + + Version 2.1.0 ============= @@ -55,6 +67,29 @@ Notable changes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/History.md#L67 [[GitHub #177]](https://github.com/ruby/openssl/pull/177) +Version 2.0.9 +============= + +Security fixes +-------------- + +* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal + objects. CVE-2018-16395 is assigned for this issue. + https://hackerone.com/reports/387250 + +Bug fixes +--------- + +* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is + interrupted. + [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882) + [[GitHub #205]](https://github.com/ruby/openssl/pull/205) +* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if + called against an empty instance. + [[GitHub #200]](https://github.com/ruby/openssl/issues/200) + [[GitHub #211]](https://github.com/ruby/openssl/pull/211) + + Version 2.0.8 ============= Index: ruby_2_5/ext/openssl/openssl.gemspec =================================================================== --- ruby_2_5/ext/openssl/openssl.gemspec (revision 65131) +++ ruby_2_5/ext/openssl/openssl.gemspec (revision 65132) @@ -1,26 +1,26 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/openssl.gemspec#L1 # -*- encoding: utf-8 -*- -# stub: openssl 2.1.1 ruby lib +# stub: openssl 2.1.2 ruby lib # stub: ext/openssl/extconf.rb Gem::Specification.new do |s| s.name = "openssl".freeze - s.version = "2.1.1" + s.version = "2.1.2" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata= s.require_paths = ["lib".freeze] s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze] - s.date = "2018-05-12" + s.date = "2018-10-17" s.description = "It wraps the OpenSSL library.".freeze s.email = ["ruby-core@r...".freeze] s.extensions = ["ext/openssl/extconf.rb".freeze] - s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "History.md".freeze, "README.md".freeze] + s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "README.md".freeze, "History.md".freeze] s.files = ["BSDL".freeze, "CONTRIBUTING.md".freeze, "History.md".freeze, "LICENSE.txt".freeze, "README.md".freeze, "ext/openssl/deprecation.rb".freeze, "ext/openssl/extconf.rb".freeze, "ext/openssl/openssl_missing.c".freeze, "ext/openssl/openssl_missing.h".freeze, "ext/openssl/ossl.c".freeze, "ext/openssl/ossl.h".freeze, "ext/openssl/ossl_asn1.c".freeze, "ext/openssl/ossl_asn1.h".freeze, "ext/openssl/ossl_bio.c".freeze, "ext/openssl/ossl_bio.h".freeze, "ext/openssl/ossl_bn.c".freeze, "ext/openssl/ossl_bn.h".freeze, "ext/openssl/ossl_cipher.c".freeze, "ext/openssl/ossl_cipher.h".freeze, "ext/openssl/ossl_config.c".freeze, "ext/openssl/ossl_config.h".freeze, "ext/openssl/ossl_digest.c".freeze, "ext/openssl/ossl_digest.h".freeze, "ext/openssl/ossl_engine.c".freeze, "ext/openssl/ossl_engine.h".freeze, "ext/openssl/ossl_hmac.c".freeze, "ext/openssl/ossl_hmac.h".freeze, "ext/openssl/ossl_kdf.c".freeze, "ext/openssl/ossl_kdf.h".freeze, "ext/openssl/ossl_ns_spki.c".freeze, "ext/openssl/os sl_ns_spki.h".freeze, "ext/openssl/ossl_ocsp.c".freeze, "ext/openssl/ossl_ocsp.h".freeze, "ext/openssl/ossl_pkcs12.c".freeze, "ext/openssl/ossl_pkcs12.h".freeze, "ext/openssl/ossl_pkcs7.c".freeze, "ext/openssl/ossl_pkcs7.h".freeze, "ext/openssl/ossl_pkey.c".freeze, "ext/openssl/ossl_pkey.h".freeze, "ext/openssl/ossl_pkey_dh.c".freeze, "ext/openssl/ossl_pkey_dsa.c".freeze, "ext/openssl/ossl_pkey_ec.c".freeze, "ext/openssl/ossl_pkey_rsa.c".freeze, "ext/openssl/ossl_rand.c".freeze, "ext/openssl/ossl_rand.h".freeze, "ext/openssl/ossl_ssl.c".freeze, "ext/openssl/ossl_ssl.h".freeze, "ext/openssl/ossl_ssl_session.c".freeze, "ext/openssl/ossl_version.h".freeze, "ext/openssl/ossl_x509.c".freeze, "ext/openssl/ossl_x509.h".freeze, "ext/openssl/ossl_x509attr.c".freeze, "ext/openssl/ossl_x509cert.c".freeze, "ext/openssl/ossl_x509crl.c".freeze, "ext/openssl/ossl_x509ext.c".freeze, "ext/openssl/ossl_x509name.c".freeze, "ext/openssl/ossl_x509req.c".freeze, "ext/openssl/ossl_x509revoked.c".freeze, " ext/openssl/ossl_x509store.c".freeze, "ext/openssl/ruby_missing.h".freeze, "lib/openssl.rb".freeze, "lib/openssl/bn.rb".freeze, "lib/openssl/buffering.rb".freeze, "lib/openssl/cipher.rb".freeze, "lib/openssl/config.rb".freeze, "lib/openssl/digest.rb".freeze, "lib/openssl/pkcs5.rb".freeze, "lib/openssl/pkey.rb".freeze, "lib/openssl/ssl.rb".freeze, "lib/openssl/x509.rb".freeze] s.homepage = "https://github.com/ruby/openssl".freeze s.licenses = ["Ruby".freeze] s.rdoc_options = ["--main".freeze, "README.md".freeze] s.required_ruby_version = Gem::Requirement.new(">= 2.3.0".freeze) - s.rubygems_version = "2.7.6".freeze + s.rubygems_version = "3.0.0.beta1".freeze s.summary = "OpenSSL provides SSL, TLS and general purpose cryptography.".freeze if s.respond_to? :specification_version then Index: ruby_2_5/ext/openssl/ossl_x509ext.c =================================================================== --- ruby_2_5/ext/openssl/ossl_x509ext.c (revision 65131) +++ ruby_2_5/ext/openssl/ossl_x509ext.c (revision 65132) @@ -437,6 +437,7 @@ ossl_x509ext_to_der(VALUE obj) https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_x509ext.c#L437 void Init_ossl_x509ext(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); Index: ruby_2_5/ext/openssl/extconf.rb =================================================================== --- ruby_2_5/ext/openssl/extconf.rb (revision 65131) +++ ruby_2_5/ext/openssl/extconf.rb (revision 65132) @@ -33,6 +33,9 @@ end https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/extconf.rb#L33 Logging::message "=== Checking for system dependent stuff... ===\n" have_library("nsl", "t_open") have_library("socket", "socket") +if $mswin || $mingw + have_library("ws2_32") +end Logging::message "=== Checking for required stuff... ===\n" result = pkg_config("openssl") && have_header("openssl/ssl.h") @@ -111,6 +114,10 @@ engines.each { |name| https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/extconf.rb#L114 OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h") } +if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h") + $defs.push("-DNOCRYPT") +end + # added in 1.0.2 have_func("EC_curve_nist2nid") have_func("X509_REVOKED_dup") Index: ruby_2_5/ext/openssl/ossl_pkcs7.c =================================================================== --- ruby_2_5/ext/openssl/ossl_pkcs7.c (revision 65131) +++ ruby_2_5/ext/openssl/ossl_pkcs7.c (revision 65132) @@ -1042,6 +1042,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self) https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_pkcs7.c#L1042 void Init_ossl_pkcs7(void) { +#undef rb_intern #if 0 mOSSL = rb_define_module("OpenSSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); Index: ruby_2_5/ext/openssl/ossl_version.h =================================================================== --- ruby_2_5/ext/openssl/ossl_version.h (revision 65131) +++ ruby_2_5/ext/openssl/ossl_version.h (revision 65132) @@ -10,6 +10,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_version.h#L10 #if !defined(_OSSL_VERSION_H_) #define _OSSL_VERSION_H_ -#define OSSL_VERSION "2.1.1" +#define OSSL_VERSION "2.1.2" #endif /* _OSSL_VERSION_H_ */ Index: ruby_2_5/version.h =================================================================== --- ruby_2_5/version.h (revision 65131) +++ ruby_2_5/version.h (revision 65132) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/version.h#L1 #define RUBY_VERSION "2.5.2" #define RUBY_RELEASE_DATE "2018-10-18" -#define RUBY_PATCHLEVEL 103 +#define RUBY_PATCHLEVEL 104 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 10 Index: ruby_2_5/test/openssl/test_ssl.rb =================================================================== --- ruby_2_5/test/openssl/test_ssl.rb (revision 65131) +++ ruby_2_5/test/openssl/test_ssl.rb (revision 65132) @@ -47,6 +47,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl.rb#L47 assert_equal 2, ssl.peer_cert_chain.size assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock&.close @@ -65,6 +67,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl.rb#L67 assert_equal @svr_cert.subject, ssl.peer_cert.subject assert_equal [@svr_cert.subject, @ca_cert.subject], ssl.peer_cert_chain.map(&:subject) + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end @@ -157,6 +161,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl.rb#L161 sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_not_predicate sock, :closed? ensure @@ -168,6 +173,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl.rb#L173 ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.sync_close = true # !! ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_predicate sock, :closed? ensure @@ -259,7 +265,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl.rb#L265 client_ca_from_server = sslconn.client_ca [@cli_cert, @cli_key] end - server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) } + server_connect(port, ctx) { |ssl| + assert_equal([@ca], client_ca_from_server) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } end @@ -356,21 +365,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl.rb#L365 } start_server { |port| - sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER ctx.verify_callback = Proc.new do |preverify_ok, store_ctx| store_ctx.error = OpenSSL::X509::V_OK true end - ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) - ssl.sync_close = true - begin - ssl.connect + server_connect(port, ctx) { |ssl| assert_equal(OpenSSL::X509::V_OK, ssl.verify_result) - ensure - ssl.close - end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } start_server(ignore_listener_error: true) { |port| @@ -455,6 +459,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl.rb#L459 start_server { |port| server_connect(port) { |s (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/