[前][次][番号順一覧][スレッド一覧]

ruby-changes:39306

From: tenderlove <ko1@a...>
Date: Sun, 26 Jul 2015 10:29:27 +0900 (JST)
Subject: [ruby-changes:39306] tenderlove:r51387 (trunk): * ext/openssl/ossl_ssl.c (ossl_call_servername_cb): set the ssl context

tenderlove	2015-07-26 10:29:02 +0900 (Sun, 26 Jul 2015)

  New Revision: 51387

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=51387

  Log:
    * ext/openssl/ossl_ssl.c (ossl_call_servername_cb): set the ssl context
      object returned by the servername callback on to the socket as an
      instance variable.  If the callback allocated a new context object
      and didn't keep a reference to it, it could be GC'd out from under
      the socket object.
    
    * test/openssl/test_ssl.rb (class OpenSSL): test for change.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_ssl.c
    trunk/test/openssl/test_ssl.rb
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 51386)
+++ ChangeLog	(revision 51387)
@@ -1,3 +1,13 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Sun Jul 26 10:26:35 2015  Aaron Patterson <tenderlove@r...>
+
+	* ext/openssl/ossl_ssl.c (ossl_call_servername_cb): set the ssl context
+	  object returned by the servername callback on to the socket as an
+	  instance variable.  If the callback allocated a new context object
+	  and didn't keep a reference to it, it could be GC'd out from under
+	  the socket object.
+
+	* test/openssl/test_ssl.rb (class OpenSSL): test for change.
+
 Sun Jul 26 10:07:26 2015  Aaron Patterson <tenderlove@r...>
 
 	* test/openssl/test_ssl.rb (class OpenSSL): add test coverage around
Index: ext/openssl/ossl_ssl.c
===================================================================
--- ext/openssl/ossl_ssl.c	(revision 51386)
+++ ext/openssl/ossl_ssl.c	(revision 51387)
@@ -515,6 +515,7 @@ ossl_call_servername_cb(VALUE ary) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L515
         GetSSL(ssl_obj, ssl);
         GetSSLCTX(ret_obj, ctx2);
         SSL_set_SSL_CTX(ssl, ctx2);
+        rb_iv_set(ssl_obj, "@context", ret_obj);
     } else if (!NIL_P(ret_obj)) {
             ossl_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil");
     }
Index: test/openssl/test_ssl.rb
===================================================================
--- test/openssl/test_ssl.rb	(revision 51386)
+++ test/openssl/test_ssl.rb	(revision 51387)
@@ -607,6 +607,39 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L607
     cert
   end
 
+  def test_servername_cb_sets_context_on_the_socket
+    hostname = 'example.org'
+
+    ctx3 = OpenSSL::SSL::SSLContext.new
+    ctx3.ciphers = "DH"
+
+    ctx2 = OpenSSL::SSL::SSLContext.new
+    ctx2.ciphers = "DH"
+    ctx2.servername_cb = lambda { |args| ctx3 }
+
+    sock1, sock2 = UNIXSocket.pair
+
+    s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2)
+
+    ctx1 = OpenSSL::SSL::SSLContext.new
+    ctx1.ciphers = "DH"
+
+    s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
+    s1.hostname = hostname
+    t = Thread.new { s1.connect }
+
+    assert_equal ctx2, s2.context
+    accepted = s2.accept
+    assert_equal ctx3, s2.context
+    assert t.value
+  ensure
+    s1.close if s1
+    s2.close if s2
+    sock1.close if sock1
+    sock2.close if sock2
+    accepted.close if accepted.respond_to?(:close)
+  end
+
   def test_servername_cb_raises_an_exception_on_unknown_objects
     hostname = 'example.org'
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]