[前][次][番号順一覧][スレッド一覧]

ruby-changes:48196

From: naruse <ko1@a...>
Date: Sun, 22 Oct 2017 01:25:24 +0900 (JST)
Subject: [ruby-changes:48196] naruse:r60310 (trunk): fix OpenSSL::SSL::SSLContext#min_version doesn't work

naruse	2017-10-22 01:25:19 +0900 (Sun, 22 Oct 2017)

  New Revision: 60310

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=60310

  Log:
    fix OpenSSL::SSL::SSLContext#min_version doesn't work

  Modified files:
    trunk/ext/openssl/lib/openssl/ssl.rb
    trunk/test/openssl/test_ssl.rb
Index: ext/openssl/lib/openssl/ssl.rb
===================================================================
--- ext/openssl/lib/openssl/ssl.rb	(revision 60309)
+++ ext/openssl/lib/openssl/ssl.rb	(revision 60310)
@@ -136,6 +136,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9ekn https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L136
       # used.
       def set_params(params={})
         params = DEFAULT_PARAMS.merge(params)
+        self.options = params.delete(:options) # set before min_version/max_version
         params.each{|name, value| self.__send__("#{name}=", value) }
         if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
           unless self.ca_file or self.ca_path or self.cert_store
@@ -147,7 +148,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9ekn https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L148
 
       # call-seq:
       #    ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
-      #    ctx.min_version = :TLS1_2
+      #    ctx.min_version = :TLSv1_2
       #    ctx.min_version = nil
       #
       # Sets the lower bound on the supported SSL/TLS protocol version. The
@@ -166,18 +167,30 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9ekn https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L167
       #   sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
       #   sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
       def min_version=(version)
+        case version
+        when nil, Integer
+        else
+          version = (METHODS_MAP[version] or
+            raise ArgumentError, "unknown SSL version `#{version.inspect}'")
+        end
         set_minmax_proto_version(version, @max_proto_version ||= nil)
         @min_proto_version = version
       end
 
       # call-seq:
       #    ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
-      #    ctx.max_version = :TLS1_2
+      #    ctx.max_version = :TLSv1_2
       #    ctx.max_version = nil
       #
       # Sets the upper bound of the supported SSL/TLS protocol version. See
       # #min_version= for the possible values.
       def max_version=(version)
+        case version
+        when nil, Integer
+        else
+          version = (METHODS_MAP[version] or
+            raise ArgumentError, "unknown SSL version `#{version.inspect}'")
+        end
         set_minmax_proto_version(@min_proto_version ||= nil, version)
         @max_proto_version = version
       end
Index: test/openssl/test_ssl.rb
===================================================================
--- test/openssl/test_ssl.rb	(revision 60309)
+++ test/openssl/test_ssl.rb	(revision 60310)
@@ -811,6 +811,33 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L811
     supported
   end
 
+  def test_min_version
+    supported = check_supported_protocol_versions
+
+    ctx = OpenSSL::SSL::SSLContext.new
+    ctx.set_params
+    orig_options = ctx.options
+
+    ctx.set_params(min_version: 999)
+    assert_not_equal(ctx.options, orig_options)
+
+    ctx.min_version = :TLSv1_2
+    assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1)
+    assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_1)
+  end
+
+  def test_max_version
+    supported = check_supported_protocol_versions
+
+    ctx = OpenSSL::SSL::SSLContext.new
+    ctx.set_params
+    orig_options = ctx.options
+
+    ctx.max_version = :TLSv1
+    assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_1)
+    assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_2)
+  end
+
   def test_minmax_version
     supported = check_supported_protocol_versions
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]