ruby-changes:39306
From: tenderlove <ko1@a...>
Date: Sun, 26 Jul 2015 10:29:27 +0900 (JST)
Subject: [ruby-changes:39306] tenderlove:r51387 (trunk): * ext/openssl/ossl_ssl.c (ossl_call_servername_cb): set the ssl context
tenderlove 2015-07-26 10:29:02 +0900 (Sun, 26 Jul 2015) New Revision: 51387 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=51387 Log: * ext/openssl/ossl_ssl.c (ossl_call_servername_cb): set the ssl context object returned by the servername callback on to the socket as an instance variable. If the callback allocated a new context object and didn't keep a reference to it, it could be GC'd out from under the socket object. * test/openssl/test_ssl.rb (class OpenSSL): test for change. Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_ssl.c trunk/test/openssl/test_ssl.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 51386) +++ ChangeLog (revision 51387) @@ -1,3 +1,13 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sun Jul 26 10:26:35 2015 Aaron Patterson <tenderlove@r...> + + * ext/openssl/ossl_ssl.c (ossl_call_servername_cb): set the ssl context + object returned by the servername callback on to the socket as an + instance variable. If the callback allocated a new context object + and didn't keep a reference to it, it could be GC'd out from under + the socket object. + + * test/openssl/test_ssl.rb (class OpenSSL): test for change. + Sun Jul 26 10:07:26 2015 Aaron Patterson <tenderlove@r...> * test/openssl/test_ssl.rb (class OpenSSL): add test coverage around Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 51386) +++ ext/openssl/ossl_ssl.c (revision 51387) @@ -515,6 +515,7 @@ ossl_call_servername_cb(VALUE ary) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L515 GetSSL(ssl_obj, ssl); GetSSLCTX(ret_obj, ctx2); SSL_set_SSL_CTX(ssl, ctx2); + rb_iv_set(ssl_obj, "@context", ret_obj); } else if (!NIL_P(ret_obj)) { ossl_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil"); } Index: test/openssl/test_ssl.rb =================================================================== --- test/openssl/test_ssl.rb (revision 51386) +++ test/openssl/test_ssl.rb (revision 51387) @@ -607,6 +607,39 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L607 cert end + def test_servername_cb_sets_context_on_the_socket + hostname = 'example.org' + + ctx3 = OpenSSL::SSL::SSLContext.new + ctx3.ciphers = "DH" + + ctx2 = OpenSSL::SSL::SSLContext.new + ctx2.ciphers = "DH" + ctx2.servername_cb = lambda { |args| ctx3 } + + sock1, sock2 = UNIXSocket.pair + + s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) + + ctx1 = OpenSSL::SSL::SSLContext.new + ctx1.ciphers = "DH" + + s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) + s1.hostname = hostname + t = Thread.new { s1.connect } + + assert_equal ctx2, s2.context + accepted = s2.accept + assert_equal ctx3, s2.context + assert t.value + ensure + s1.close if s1 + s2.close if s2 + sock1.close if sock1 + sock2.close if sock2 + accepted.close if accepted.respond_to?(:close) + end + def test_servername_cb_raises_an_exception_on_unknown_objects hostname = 'example.org' -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/