From 6fcc6c0efc42d1c6325cf4bb0ca16e2a448cdbed Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Mon, 6 Aug 2018 20:51:42 +0900 Subject: [PATCH] test/test_ssl: fix test failure with TLS 1.3 SSL_connect() on the client side may return before SSL_accept() on server side returns. This will fix test failures with OpenSSL's current master. --- test/openssl/test_ssl.rb | 45 ++++++++++++++++++++++++++-------------- test/openssl/test_ssl_session.rb | 1 + 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 7bb32adf..408c7d82 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -47,6 +47,8 @@ def test_ssl_with_server_cert assert_equal 2, ssl.peer_cert_chain.size assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock&.close @@ -157,6 +159,7 @@ def test_sync_close sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_not_predicate sock, :closed? ensure @@ -168,6 +171,7 @@ def test_sync_close ssl = OpenSSL::SSL::SSLSocket.new(sock) ssl.sync_close = true # !! ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ssl.close assert_predicate sock, :closed? ensure @@ -259,7 +263,10 @@ def test_client_ca client_ca_from_server = sslconn.client_ca [@cli_cert, @cli_key] end - server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) } + server_connect(port, ctx) { |ssl| + assert_equal([@ca], client_ca_from_server) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } end @@ -356,21 +363,16 @@ def test_verify_result } start_server { |port| - sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER ctx.verify_callback = Proc.new do |preverify_ok, store_ctx| store_ctx.error = OpenSSL::X509::V_OK true end - ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) - ssl.sync_close = true - begin - ssl.connect + server_connect(port, ctx) { |ssl| assert_equal(OpenSSL::X509::V_OK, ssl.verify_result) - ensure - ssl.close - end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + } } start_server(ignore_listener_error: true) { |port| @@ -455,6 +457,8 @@ def test_post_connection_check start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")} assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert(ssl.post_connection_check("localhost")) @@ -476,6 +482,8 @@ def test_post_connection_check @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert(ssl.post_connection_check("127.0.0.1")) assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -496,6 +502,8 @@ def test_post_connection_check @svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key) start_server { |port| server_connect(port) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets + assert(ssl.post_connection_check("localhost.localdomain")) assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")} assert_raise(sslerr){ssl.post_connection_check("localhost")} @@ -722,6 +730,8 @@ def test_tlsext_hostname ssl.connect assert_equal @cli_cert.serial, ssl.peer_cert.serial assert_predicate fooctx, :frozen? + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -733,6 +743,8 @@ def test_tlsext_hostname ssl.hostname = "bar.example.com" ssl.connect assert_equal @svr_cert.serial, ssl.peer_cert.serial + + ssl.puts "abc"; assert_equal "abc\n", ssl.gets ensure ssl&.close sock.close @@ -805,7 +817,8 @@ def test_verify_hostname_on_connect ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.hostname = name if expected_ok - assert_nothing_raised { ssl.connect } + ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets else assert_handshake_error { ssl.connect } end @@ -1086,6 +1099,7 @@ def test_renegotiation_cb start_server_version(:SSLv23, ctx_proc) { |port| server_connect(port) { |ssl| assert_equal(1, num_handshakes) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -1104,6 +1118,7 @@ def test_alpn_protocol_selection_ary ctx.alpn_protocols = advertised server_connect(port, ctx) { |ssl| assert_equal(advertised.first, ssl.alpn_protocol) + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } } end @@ -1226,14 +1241,11 @@ def test_npn_selected_protocol_too_long end def test_close_after_socket_close - server_proc = proc { |ctx, ssl| - # Do nothing - } - start_server(server_proc: server_proc) { |port| + start_server { |port| sock = TCPSocket.new("127.0.0.1", port) ssl = OpenSSL::SSL::SSLSocket.new(sock) - ssl.sync_close = true ssl.connect + ssl.puts "abc"; assert_equal "abc\n", ssl.gets sock.close assert_nothing_raised do ssl.close @@ -1298,6 +1310,7 @@ def test_get_ephemeral_key ctx.ciphers = "DEFAULT:!kRSA:!kEDH" server_connect(port, ctx) { |ssl| assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end @@ -1440,6 +1453,7 @@ def test_ecdh_curves assert_equal "secp384r1", ssl.tmp_key.group.curve_name end end + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } if openssl?(1, 0, 2) || libressl?(2, 5, 1) @@ -1455,6 +1469,7 @@ def test_ecdh_curves server_connect(port, ctx) { |ssl| assert_equal "secp521r1", ssl.tmp_key.group.curve_name + ssl.puts "abc"; assert_equal "abc\n", ssl.gets } end end diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index 6db0c2d1..78b160ed 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -113,6 +113,7 @@ def test_resumption non_resumable = nil start_server { |port| server_connect_with_session(port, nil, nil) { |ssl| + ssl.puts "abc"; assert_equal "abc\n", ssl.gets non_resumable = ssl.session } }