ruby-changes:48196
From: naruse <ko1@a...>
Date: Sun, 22 Oct 2017 01:25:24 +0900 (JST)
Subject: [ruby-changes:48196] naruse:r60310 (trunk): fix OpenSSL::SSL::SSLContext#min_version doesn't work
naruse 2017-10-22 01:25:19 +0900 (Sun, 22 Oct 2017) New Revision: 60310 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=60310 Log: fix OpenSSL::SSL::SSLContext#min_version doesn't work Modified files: trunk/ext/openssl/lib/openssl/ssl.rb trunk/test/openssl/test_ssl.rb Index: ext/openssl/lib/openssl/ssl.rb =================================================================== --- ext/openssl/lib/openssl/ssl.rb (revision 60309) +++ ext/openssl/lib/openssl/ssl.rb (revision 60310) @@ -136,6 +136,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9ekn https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L136 # used. def set_params(params={}) params = DEFAULT_PARAMS.merge(params) + self.options = params.delete(:options) # set before min_version/max_version params.each{|name, value| self.__send__("#{name}=", value) } if self.verify_mode != OpenSSL::SSL::VERIFY_NONE unless self.ca_file or self.ca_path or self.cert_store @@ -147,7 +148,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9ekn https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L148 # call-seq: # ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION - # ctx.min_version = :TLS1_2 + # ctx.min_version = :TLSv1_2 # ctx.min_version = nil # # Sets the lower bound on the supported SSL/TLS protocol version. The @@ -166,18 +167,30 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9ekn https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L167 # sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx) # sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2 def min_version=(version) + case version + when nil, Integer + else + version = (METHODS_MAP[version] or + raise ArgumentError, "unknown SSL version `#{version.inspect}'") + end set_minmax_proto_version(version, @max_proto_version ||= nil) @min_proto_version = version end # call-seq: # ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION - # ctx.max_version = :TLS1_2 + # ctx.max_version = :TLSv1_2 # ctx.max_version = nil # # Sets the upper bound of the supported SSL/TLS protocol version. See # #min_version= for the possible values. def max_version=(version) + case version + when nil, Integer + else + version = (METHODS_MAP[version] or + raise ArgumentError, "unknown SSL version `#{version.inspect}'") + end set_minmax_proto_version(@min_proto_version ||= nil, version) @max_proto_version = version end Index: test/openssl/test_ssl.rb =================================================================== --- test/openssl/test_ssl.rb (revision 60309) +++ test/openssl/test_ssl.rb (revision 60310) @@ -811,6 +811,33 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L811 supported end + def test_min_version + supported = check_supported_protocol_versions + + ctx = OpenSSL::SSL::SSLContext.new + ctx.set_params + orig_options = ctx.options + + ctx.set_params(min_version: 999) + assert_not_equal(ctx.options, orig_options) + + ctx.min_version = :TLSv1_2 + assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1) + assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_1) + end + + def test_max_version + supported = check_supported_protocol_versions + + ctx = OpenSSL::SSL::SSLContext.new + ctx.set_params + orig_options = ctx.options + + ctx.max_version = :TLSv1 + assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_1) + assert_not_equal(0, ctx.options & OpenSSL::SSL::OP_NO_TLSv1_2) + end + def test_minmax_version supported = check_supported_protocol_versions -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/