[前][次][番号順一覧][スレッド一覧]

ruby-changes:43004

From: rhe <ko1@a...>
Date: Fri, 20 May 2016 13:36:12 +0900 (JST)
Subject: [ruby-changes:43004] rhe:r55078 (trunk): openssl: don't test default session lifetime value

rhe	2016-05-20 13:36:03 +0900 (Fri, 20 May 2016)

  New Revision: 55078

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55078

  Log:
    openssl: don't test default session lifetime value
    
    OpenSSL's default session timeout for TLS v1.0 method is not 300 seconds
    but 7200. The TLS v1.0 specification[1] mentions about it as just "An
    upper limit of 24 hours is suggested for session ID lifetimes,". And
    according to OpenSSL 1.0.2h source comment[2], the value 7200 is decided
    just because "the 24 hours mentioned in the TLSv1 spec is way too long
    for http, the cache would over fill".
    
    The reason why the default lifetime is set to 300 is maybe an OpenSSL
    bug. We always call SSL_CTX_new() with SSLv23_method(), and this set
    ssl_ctx->session to 300, the default value for SSLv23_method(). But the
    following SSL_set_ssl_method() call does not update it. By the way this
    will be fixed in OpenSSL 1.1.0.
    
    [1] https://tools.ietf.org/html/rfc2246#appendix-F.1.4
    [2] https://git.openssl.org/?p=openssl.git;a=blob;f=ssl/t1_lib.c;h=dd5bd0050d89f5585c1b06a227eb8221ebf984f1;hb=5dd94f1847c744929a3bd24819f1c99644bb18c7#l193
    
    * test/openssl/test_ssl_session.rb (test_session): remove assertion of
      the default session timeout.

  Modified files:
    trunk/test/openssl/test_ssl_session.rb
Index: test/openssl/test_ssl_session.rb
===================================================================
--- test/openssl/test_ssl_session.rb	(revision 55077)
+++ test/openssl/test_ssl_session.rb	(revision 55078)
@@ -55,7 +55,6 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM= https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl_session.rb#L55
         session = ssl.session
         assert(session == OpenSSL::SSL::Session.new(session.to_pem))
         assert(session == OpenSSL::SSL::Session.new(ssl))
-        assert_equal(300, session.timeout)
         session.timeout = 5
         assert_equal(5, session.timeout)
         assert_not_nil(session.time)

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]