ruby-changes:43240
From: rhe <ko1@a...>
Date: Tue, 7 Jun 2016 21:20:52 +0900 (JST)
Subject: [ruby-changes:43240] rhe:r55314 (trunk): openssl: adjust tests for OpenSSL 1.1.0
rhe 2016-06-07 21:20:46 +0900 (Tue, 07 Jun 2016) New Revision: 55314 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55314 Log: openssl: adjust tests for OpenSSL 1.1.0 This fixes `make test-all TESTS=openssl` with OpenSSL master. * test/openssl/test_x509name.rb: Don't register OID for 'emailAddress' and 'serialNumber'. A recent change in OpenSSL made OBJ_create() reject an already existing OID. They were needed to run tests with OpenSSL 0.9.6 which is now unsupported. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25 [ruby-core:75225] [Feature #12324] * test/openssl/test_ssl_session.rb (test_server_session): Duplicate SSL::Session before re-adding to the session store. OpenSSL 1.1.0 starts rejecting SSL_SESSION once removed by SSL_CTX_remove_session(). https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75 * test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519 is new in OpenSSL 1.1.0 but this is for key agreement and not for signing. * test/openssl/test_pair.rb, test/openssl/test_ssl.rb, test/openssl/utils.rb: Set security level to 0 when using aNULL cipher suites. * test/openssl/utils.rb: Use 1024 bits DSA key for client certificates. * test/openssl/test_engine.rb: Run each test in separate process. We can no longer cleanup engines explicitly as ENGINE_cleanup() was removed. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6d4fb1d59e61aacefa25edc4fe5acfe1ac93f743 * ext/openssl/ossl_engine.c (ossl_engine_s_cleanup): Add a note to the RDoc for Engine.cleanup. * ext/openssl/lib/openssl/digest.rb: Don't define constants for DSS, DSS1 and SHA(-0) when using with OpenSSL 1.1.0. They are removed. * test/openssl/test_digest.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_ssl.rb, test/openssl/test_x509cert.rb, test/openssl/test_x509req.rb: Don't test unsupported hash functions. Modified files: trunk/ChangeLog trunk/ext/openssl/lib/openssl/digest.rb trunk/ext/openssl/ossl_engine.c trunk/test/openssl/test_digest.rb trunk/test/openssl/test_engine.rb trunk/test/openssl/test_pair.rb trunk/test/openssl/test_pkey_dsa.rb trunk/test/openssl/test_pkey_ec.rb trunk/test/openssl/test_ssl.rb trunk/test/openssl/test_ssl_session.rb trunk/test/openssl/test_x509cert.rb trunk/test/openssl/test_x509name.rb trunk/test/openssl/test_x509req.rb trunk/test/openssl/utils.rb Index: ext/openssl/ossl_engine.c =================================================================== --- ext/openssl/ossl_engine.c (revision 55313) +++ ext/openssl/ossl_engine.c (revision 55314) @@ -160,6 +160,8 @@ ossl_engine_s_load(int argc, VALUE *argv https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_engine.c#L160 * It is only necessary to run cleanup when engines are loaded via * OpenSSL::Engine.load. However, running cleanup before exit is recommended. * + * Note that this is needed and works only in OpenSSL < 1.1.0. + * * See also, https://www.openssl.org/docs/crypto/engine.html */ static VALUE Index: ext/openssl/lib/openssl/digest.rb =================================================================== --- ext/openssl/lib/openssl/digest.rb (revision 55313) +++ ext/openssl/lib/openssl/digest.rb (revision 55314) @@ -15,7 +15,10 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/digest.rb#L15 module OpenSSL class Digest - alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1) + alg = %w(MD2 MD4 MD5 MDC2 RIPEMD160 SHA1) + if OPENSSL_VERSION_NUMBER < 0x10100000 + alg += %w(DSS DSS1 SHA) + end if OPENSSL_VERSION_NUMBER > 0x00908000 alg += %w(SHA224 SHA256 SHA384 SHA512) end Index: test/openssl/test_ssl_session.rb =================================================================== --- test/openssl/test_ssl_session.rb (revision 55313) +++ test/openssl/test_ssl_session.rb (revision 55314) @@ -211,25 +211,25 @@ __EOS__ https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl_session.rb#L211 assert_equal(stats[:cache_misses], 0) assert(ssl.session_reused?) ctx.session_remove(session) - saved_session = session + saved_session = session.to_der when 2 assert_equal(stats[:cache_num], 1) assert_equal(stats[:cache_hits], 1) assert_equal(stats[:cache_misses], 1) assert(!ssl.session_reused?) - ctx.session_add(saved_session) + ctx.session_add(OpenSSL::SSL::Session.new(saved_session)) when 3 assert_equal(stats[:cache_num], 2) assert_equal(stats[:cache_hits], 2) assert_equal(stats[:cache_misses], 1) assert(ssl.session_reused?) - ctx.flush_sessions(Time.now + 5000) + ctx.flush_sessions(Time.now + 10000) when 4 assert_equal(stats[:cache_num], 1) assert_equal(stats[:cache_hits], 2) assert_equal(stats[:cache_misses], 2) assert(!ssl.session_reused?) - ctx.session_add(saved_session) + ctx.session_add(OpenSSL::SSL::Session.new(saved_session)) end connections += 1 Index: test/openssl/test_engine.rb =================================================================== --- test/openssl/test_engine.rb (revision 55313) +++ test/openssl/test_engine.rb (revision 55314) @@ -3,75 +3,93 @@ require_relative 'utils' https://github.com/ruby/ruby/blob/trunk/test/openssl/test_engine.rb#L3 class OpenSSL::TestEngine < OpenSSL::TestCase - def teardown - super - OpenSSL::Engine.cleanup # [ruby-core:40669] - assert_equal(0, OpenSSL::Engine.engines.size) - end - def test_engines_free # [ruby-dev:44173] - OpenSSL::Engine.load("openssl") - OpenSSL::Engine.engines - OpenSSL::Engine.engines + with_openssl <<-'end;' + OpenSSL::Engine.load("openssl") + OpenSSL::Engine.engines + OpenSSL::Engine.engines + end; end def test_openssl_engine_builtin - engine = OpenSSL::Engine.load("openssl") - assert_equal(true, engine) - assert_equal(1, OpenSSL::Engine.engines.size) + with_openssl <<-'end;' + engine = OpenSSL::Engine.load("openssl") + assert_equal(true, engine) + assert_equal(1, OpenSSL::Engine.engines.size) + end; end def test_openssl_engine_by_id_string - engine = get_engine - assert_not_nil(engine) - assert_equal(1, OpenSSL::Engine.engines.size) + with_openssl <<-'end;' + engine = get_engine + assert_not_nil(engine) + assert_equal(1, OpenSSL::Engine.engines.size) + end; end def test_openssl_engine_id_name_inspect - engine = get_engine - assert_equal("openssl", engine.id) - assert_not_nil(engine.name) - assert_not_nil(engine.inspect) + with_openssl <<-'end;' + engine = get_engine + assert_equal("openssl", engine.id) + assert_not_nil(engine.name) + assert_not_nil(engine.inspect) + end; end def test_openssl_engine_digest_sha1 - engine = get_engine - digest = engine.digest("SHA1") - assert_not_nil(digest) - data = "test" - assert_equal(OpenSSL::Digest::SHA1.digest(data), digest.digest(data)) + with_openssl <<-'end;' + engine = get_engine + digest = engine.digest("SHA1") + assert_not_nil(digest) + data = "test" + assert_equal(OpenSSL::Digest::SHA1.digest(data), digest.digest(data)) + end; end def test_openssl_engine_cipher_rc4 - engine = get_engine - algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e) - data = "a" * 1000 - key = OpenSSL::Random.random_bytes(16) - # suppress message from openssl Engine's RC4 cipher [ruby-core:41026] - err_back = $stderr.dup - $stderr.reopen(IO::NULL) - encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) } - decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) } - assert_equal(data, decrypted) - ensure - if err_back - $stderr.reopen(err_back) - err_back.close - end + with_openssl <<-'end;' + begin + engine = get_engine + algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e) + data = "a" * 1000 + key = OpenSSL::Random.random_bytes(16) + # suppress message from openssl Engine's RC4 cipher [ruby-core:41026] + err_back = $stderr.dup + $stderr.reopen(IO::NULL) + encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) } + decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) } + assert_equal(data, decrypted) + ensure + if err_back + $stderr.reopen(err_back) + err_back.close + end + end + end; end private - def get_engine - OpenSSL::Engine.by_id("openssl") + # this is required because OpenSSL::Engine methods change global state + def with_openssl(code) + assert_separately(["-ropenssl"], <<~"end;") + require #{__FILE__.dump} + include OpenSSL::TestEngine::Utils + #{code} + end; end - def crypt_data(data, key, mode) - cipher = yield - cipher.send mode - cipher.key = key - cipher.update(data) + cipher.final - end + module Utils + def get_engine + OpenSSL::Engine.by_id("openssl") + end -end if defined?(OpenSSL::TestUtils) + def crypt_data(data, key, mode) + cipher = yield + cipher.send mode + cipher.key = key + cipher.update(data) + cipher.final + end + end +end if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::Engine) Index: test/openssl/test_x509name.rb =================================================================== --- test/openssl/test_x509name.rb (revision 55313) +++ test/openssl/test_x509name.rb (revision 55314) @@ -5,11 +5,6 @@ require_relative 'utils' https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509name.rb#L5 if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Name < OpenSSL::TestCase - OpenSSL::ASN1::ObjectId.register( - "1.2.840.113549.1.9.1", "emailAddress", "emailAddress") - OpenSSL::ASN1::ObjectId.register( - "2.5.4.5", "serialNumber", "serialNumber") - def setup @obj_type_tmpl = Hash.new(OpenSSL::ASN1::PRINTABLESTRING) @obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE) Index: test/openssl/test_x509req.rb =================================================================== --- test/openssl/test_x509req.rb (revision 55313) +++ test/openssl/test_x509req.rb (revision 55314) @@ -140,7 +140,7 @@ class OpenSSL::TestX509Request < OpenSSL https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509req.rb#L140 assert_equal(false, req.verify(@rsa1024)) rescue OpenSSL::X509::RequestError skip - end + end if defined?(OpenSSL::Digest::DSS1) def test_sign_and_verify_dsa_md5 assert_raise(OpenSSL::X509::RequestError){ Index: test/openssl/test_pkey_ec.rb =================================================================== --- test/openssl/test_pkey_ec.rb (revision 55313) +++ test/openssl/test_pkey_ec.rb (revision 55314) @@ -12,12 +12,14 @@ class OpenSSL::TestEC < OpenSSL::TestCas https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_ec.rb#L12 @keys = [] OpenSSL::PKey::EC.builtin_curves.each do |curve, comment| - next if curve.start_with?("Oakley") # Oakley curves are not suitable for ECDSA group = OpenSSL::PKey::EC::Group.new(curve) key = OpenSSL::PKey::EC.new(group) key.generate_key! + # Oakley curves and X25519 are not suitable for signing + next if ["Oakley", "X25519"].any? { |n| curve.start_with?(n) } + @groups << group @keys << key end Index: test/openssl/test_digest.rb =================================================================== --- test/openssl/test_digest.rb (revision 55313) +++ test/openssl/test_digest.rb (revision 55314) @@ -59,9 +59,9 @@ class OpenSSL::TestDigest < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_digest.rb#L59 end def test_digest_constants - algs = %w(DSS1 MD4 MD5 RIPEMD160 SHA1) - if !libressl? || !version_since([2,3]) - algs += %w(SHA) + algs = %w(MD4 MD5 RIPEMD160 SHA1) + if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000 + algs += %w(DSS1 SHA) end if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000 algs += %w(SHA224 SHA256 SHA384 SHA512) Index: test/openssl/test_x509cert.rb =================================================================== --- test/openssl/test_x509cert.rb (revision 55313) +++ test/openssl/test_x509cert.rb (revision 55314) @@ -168,7 +168,7 @@ class OpenSSL::TestX509Certificate < Ope https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509cert.rb#L168 cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) rescue OpenSSL::X509::CertificateError - end + end if defined?(OpenSSL::Digest::DSS1) def test_sign_and_verify_dsa_md5 assert_raise(OpenSSL::X509::CertificateError){ Index: test/openssl/test_pair.rb =================================================================== --- test/openssl/test_pair.rb (revision 55313) +++ test/openssl/test_pair.rb (revision 55314) @@ -12,6 +12,7 @@ module OpenSSL::SSLPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L12 port = 0 ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" + ctx.security_level = 0 ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } tcps = create_tcp_server(host, port) ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) @@ -22,6 +23,7 @@ module OpenSSL::SSLPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L23 host = "127.0.0.1" ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" + ctx.security_level = 0 s = create_tcp_client(host, port) ssl = OpenSSL::SSL::SSLSocket.new(s, ctx) ssl.connect @@ -324,6 +326,7 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L326 def test_connect_works_when_setting_dh_callback_to_nil ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" + ctx2.security_level = 0 ctx2.tmp_dh_callback = nil sock1, sock2 = tcp_pair s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) @@ -331,6 +334,7 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L334 ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 ctx1.tmp_dh_callback = nil s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) t = Thread.new { s1.connect } @@ -350,12 +354,14 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L354 def test_connect_without_setting_dh_callback ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" + ctx2.security_level = 0 sock1, sock2 = tcp_pair s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) accepted = s2.accept_nonblock(exception: false) ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) t = Thread.new { s1.connect } @@ -378,6 +384,8 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L384 called = false ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "ECDH" + # OpenSSL 1.1.0 doesn't have tmp_ecdh_callback so this shouldn't be required + ctx2.security_level = 0 ctx2.tmp_ecdh_callback = ->(*args) { called = true OpenSSL::PKey::EC.new "prime256v1" @@ -388,6 +396,7 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L396 s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "ECDH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) th = Thread.new do @@ -426,11 +435,13 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L435 ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "ECDH" ctx1.ecdh_curves = "P-384:P-521" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "ECDH" ctx2.ecdh_curves = "P-256:P-384" + ctx2.security_level = 0 s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) th = Thread.new { s1.accept } @@ -451,6 +462,7 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L462 def test_connect_accept_nonblock_no_exception ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "ADH" + ctx2.security_level = 0 ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } sock1, sock2 = tcp_pair @@ -461,6 +473,7 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L473 ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "ADH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) th = Thread.new do rets = [] @@ -499,6 +512,7 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L512 def test_connect_accept_nonblock ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" + ctx.security_level = 0 ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } sock1, sock2 = tcp_pair @@ -522,6 +536,7 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L536 sleep 0.1 ctx = OpenSSL::SSL::SSLContext.new() ctx.ciphers = "ADH" + ctx.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx) begin sleep 0.2 Index: test/openssl/test_pkey_dsa.rb =================================================================== --- test/openssl/test_pkey_dsa.rb (revision 55313) +++ test/openssl/test_pkey_dsa.rb (revision 55314) @@ -39,7 +39,7 @@ class OpenSSL::TestPKeyDSA < OpenSSL::Te https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_dsa.rb#L39 def test_sign_verify check_sign_verify(OpenSSL::Digest::DSS1.new) - end + end if defined?(OpenSSL::Digest::DSS1) if (OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000) def test_sign_verify_sha1 @@ -53,8 +53,8 @@ end https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_dsa.rb#L53 def test_digest_state_irrelevant_verify key = OpenSSL::TestUtils::TEST_KEY_DSA256 - digest1 = OpenSSL::Digest::DSS1.new - digest2 = OpenSSL::Digest::DSS1.new + digest1 = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new + digest2 = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new data = 'Sign me!' sig = key.sign(digest1, data) digest1.reset Index: test/openssl/test_ssl.rb =================================================================== --- test/openssl/test_ssl.rb (revision 55313) +++ test/openssl/test_ssl.rb (revision 55314) @@ -405,7 +405,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L405 ciphers = ctx.ciphers ciphers_versions = ciphers.collect{|_, v, _, _| v } ciphers_names = ciphers.collect{|v, _, _, _| v } - assert(ciphers_names.all?{|v| /ADH/ !~ v }) + assert(ciphers_names.all?{|v| /A(EC)?DH/ !~ v }) assert(ciphers_versions.all?{|v| /SSLv2/ !~ v }) ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true @@ -424,6 +424,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L424 start_server(OpenSSL::SSL::VERIFY_NONE, true, {use_anon_cipher: true}){|server, port| ctx = OpenSSL::SSL::SSLContext.new ctx.ciphers = "aNULL" + ctx.security_level = 0 server_connect(port, ctx) { |ssl| msg = "Peer verification enabled, but no certificate received. Anonymous cipher suite " \ "ADH-AES256-GCM-SHA384 was negotiated. Anonymous suites must be disabled to use peer verification." @@ -687,6 +688,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L688 ctx3 = OpenSSL::SSL::SSLContext.new ctx3.ciphers = "DH" + ctx3.security_level = 0 ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" @@ -698,6 +700,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L700 ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) s1.hostname = hostname @@ -720,6 +723,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L723 ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" + ctx2.security_level = 0 ctx2.servername_cb = lambda { |args| Object.new } sock1, sock2 = socketpair @@ -728,6 +732,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L732 ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) s1.hostname = hostname @@ -752,6 +757,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L757 ctx3 = OpenSSL::SSL::SSLContext.new ctx3.ciphers = "DH" + ctx3.security_level = 0 assert_not_predicate ctx3, :frozen? ctx2 = OpenSSL::SSL::SSLContext.new @@ -764,6 +770,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L770 ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ciphers = "DH" + ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) s1.hostname = hostname @@ -785,6 +792,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L792 ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" + ctx2.security_level = 0 ctx2.servername_cb = lambda { |args| nil } sock1, sock2 = socketpair @@ -793,6 +801,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/