ruby-changes:69352
From: Kazuki <ko1@a...>
Date: Sat, 23 Oct 2021 13:40:19 +0900 (JST)
Subject: [ruby-changes:69352] 5a8e1c520a (master): [ruby/openssl] test/openssl/test_ssl: assume ECC support
https://git.ruby-lang.org/ruby.git/commit/?id=5a8e1c520a From 5a8e1c520ac71c76f6424f9ef5aef64a79527f78 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi <k@r...> Date: Mon, 27 Sep 2021 15:34:28 +0900 Subject: [ruby/openssl] test/openssl/test_ssl: assume ECC support Disabling ECC support of OpenSSL is impractical nowadays. We still try to have the C extension compile on no-ec builds (as well as no-dh or no-engine, etc.) as long as we can, but keeping test cases for such an extreme scenario is not worth the effort. https://github.com/ruby/openssl/commit/2cd01d4676 --- test/openssl/test_pair.rb | 3 --- test/openssl/test_pkey_ec.rb | 2 +- test/openssl/test_ssl.rb | 32 +++++++++++++------------------- test/openssl/utils.rb | 1 - 4 files changed, 14 insertions(+), 24 deletions(-) diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb index 8316ec2a9c..4249b4afb7 100644 --- a/test/openssl/test_pair.rb +++ b/test/openssl/test_pair.rb @@ -23,7 +23,6 @@ module OpenSSL::SSLPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L23 sctx = OpenSSL::SSL::SSLContext.new sctx.cert = @svr_cert sctx.key = @svr_key - sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") } sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx) ns = ssls.accept @@ -383,7 +382,6 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L382 ctx2 = OpenSSL::SSL::SSLContext.new ctx2.cert = @svr_cert ctx2.key = @svr_key - ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") } sock1, sock2 = tcp_pair @@ -431,7 +429,6 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L429 ctx = OpenSSL::SSL::SSLContext.new ctx.cert = @svr_cert ctx.key = @svr_key - ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") } sock1, sock2 = tcp_pair diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index 7f44a363ba..3f5958af50 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -1,7 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_ec.rb#L1 # frozen_string_literal: true require_relative 'utils' -if defined?(OpenSSL) && defined?(OpenSSL::PKey::EC) +if defined?(OpenSSL) class OpenSSL::TestEC < OpenSSL::PKeyTestCase def test_ec_key diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index e81745321b..1a8ae3bd68 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -124,8 +124,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L124 end def test_add_certificate_multiple_certs - pend "EC is not supported" unless defined?(OpenSSL::PKey::EC) - ca2_key = Fixtures.pkey("rsa-3") ca2_exts = [ ["basicConstraints", "CA:TRUE", true], @@ -556,6 +554,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L554 ctx_proc = -> ctx { ctx.ssl_version = :TLSv1_2 ctx.ciphers = "aNULL" + ctx.tmp_dh = Fixtures.pkey("dh-1") ctx.security_level = 0 } @@ -830,7 +829,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L829 def test_tlsext_hostname fooctx = OpenSSL::SSL::SSLContext.new - fooctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } fooctx.cert = @cli_cert fooctx.key = @cli_key @@ -882,7 +880,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L880 ctx2 = OpenSSL::SSL::SSLContext.new ctx2.cert = @svr_cert ctx2.key = @svr_key - ctx2.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } ctx2.servername_cb = lambda { |args| Object.new } sock1, sock2 = socketpair @@ -1329,7 +1326,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L1326 ctx1 = OpenSSL::SSL::SSLContext.new ctx1.cert = @svr_cert ctx1.key = @svr_key - ctx1.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } ctx1.alpn_select_cb = -> (protocols) { nil } ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) @@ -1484,6 +1480,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L1480 ctx_proc2 = proc { |ctx| ctx.ssl_version = :TLSv1_2 ctx.ciphers = "EDH" + ctx.tmp_dh = Fixtures.pkey("dh-1") } start_server(ctx_proc: ctx_proc2) do |port| ctx = OpenSSL::SSL::SSLContext.new @@ -1494,20 +1491,18 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L1491 } end - if defined?(OpenSSL::PKey::EC) - # ECDHE - ctx_proc3 = proc { |ctx| - ctx.ciphers = "DEFAULT:!kRSA:!kEDH" - ctx.ecdh_curves = "P-256" + # ECDHE + ctx_proc3 = proc { |ctx| + ctx.ciphers = "DEFAULT:!kRSA:!kEDH" + ctx.ecdh_curves = "P-256" + } + start_server(ctx_proc: ctx_proc3) do |port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.ciphers = "DEFAULT:!kRSA:!kEDH" + server_connect(port, ctx) { |ssl| + assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } - start_server(ctx_proc: ctx_proc3) do |port| - ctx = OpenSSL::SSL::SSLContext.new - ctx.ciphers = "DEFAULT:!kRSA:!kEDH" - server_connect(port, ctx) { |ssl| - assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key - ssl.puts "abc"; assert_equal "abc\n", ssl.gets - } - end end end @@ -1656,7 +1651,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L1651 end def test_ecdh_curves_tls13 - pend "EC is disabled" unless defined?(OpenSSL::PKey::EC) pend "TLS 1.3 not supported" unless tls13_supported? ctx_proc = -> ctx { diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index efa831afac..4ebcb9837b 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -215,7 +215,6 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/utils.rb#L215 ctx.cert_store = store ctx.cert = @svr_cert ctx.key = @svr_key - ctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } ctx.verify_mode = verify_mode ctx_proc.call(ctx) if ctx_proc -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/