204 lines
7.1 KiB
Diff
204 lines
7.1 KiB
Diff
From 6fcc6c0efc42d1c6325cf4bb0ca16e2a448cdbed Mon Sep 17 00:00:00 2001
|
|
From: Kazuki Yamaguchi <k@rhe.jp>
|
|
Date: Mon, 6 Aug 2018 20:51:42 +0900
|
|
Subject: [PATCH] test/test_ssl: fix test failure with TLS 1.3
|
|
|
|
SSL_connect() on the client side may return before SSL_accept() on
|
|
server side returns. This will fix test failures with OpenSSL's current
|
|
master.
|
|
---
|
|
test/openssl/test_ssl.rb | 45 ++++++++++++++++++++++++++--------------
|
|
test/openssl/test_ssl_session.rb | 1 +
|
|
2 files changed, 31 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
|
|
index 7bb32adf..408c7d82 100644
|
|
--- a/test/openssl/test_ssl.rb
|
|
+++ b/test/openssl/test_ssl.rb
|
|
@@ -47,6 +47,8 @@ def test_ssl_with_server_cert
|
|
assert_equal 2, ssl.peer_cert_chain.size
|
|
assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der
|
|
assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der
|
|
+
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
ensure
|
|
ssl&.close
|
|
sock&.close
|
|
@@ -157,6 +159,7 @@ def test_sync_close
|
|
sock = TCPSocket.new("127.0.0.1", port)
|
|
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
|
ssl.connect
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
ssl.close
|
|
assert_not_predicate sock, :closed?
|
|
ensure
|
|
@@ -168,6 +171,7 @@ def test_sync_close
|
|
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
|
ssl.sync_close = true # !!
|
|
ssl.connect
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
ssl.close
|
|
assert_predicate sock, :closed?
|
|
ensure
|
|
@@ -259,7 +263,10 @@ def test_client_ca
|
|
client_ca_from_server = sslconn.client_ca
|
|
[@cli_cert, @cli_key]
|
|
end
|
|
- server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) }
|
|
+ server_connect(port, ctx) { |ssl|
|
|
+ assert_equal([@ca], client_ca_from_server)
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
+ }
|
|
}
|
|
end
|
|
|
|
@@ -356,21 +363,16 @@ def test_verify_result
|
|
}
|
|
|
|
start_server { |port|
|
|
- sock = TCPSocket.new("127.0.0.1", port)
|
|
ctx = OpenSSL::SSL::SSLContext.new
|
|
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
ctx.verify_callback = Proc.new do |preverify_ok, store_ctx|
|
|
store_ctx.error = OpenSSL::X509::V_OK
|
|
true
|
|
end
|
|
- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
|
- ssl.sync_close = true
|
|
- begin
|
|
- ssl.connect
|
|
+ server_connect(port, ctx) { |ssl|
|
|
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
|
|
- ensure
|
|
- ssl.close
|
|
- end
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
+ }
|
|
}
|
|
|
|
start_server(ignore_listener_error: true) { |port|
|
|
@@ -455,6 +457,8 @@ def test_post_connection_check
|
|
|
|
start_server { |port|
|
|
server_connect(port) { |ssl|
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
+
|
|
assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
|
|
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
|
|
assert(ssl.post_connection_check("localhost"))
|
|
@@ -476,6 +482,8 @@ def test_post_connection_check
|
|
@svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
|
|
start_server { |port|
|
|
server_connect(port) { |ssl|
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
+
|
|
assert(ssl.post_connection_check("localhost.localdomain"))
|
|
assert(ssl.post_connection_check("127.0.0.1"))
|
|
assert_raise(sslerr){ssl.post_connection_check("localhost")}
|
|
@@ -496,6 +502,8 @@ def test_post_connection_check
|
|
@svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key)
|
|
start_server { |port|
|
|
server_connect(port) { |ssl|
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
+
|
|
assert(ssl.post_connection_check("localhost.localdomain"))
|
|
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
|
|
assert_raise(sslerr){ssl.post_connection_check("localhost")}
|
|
@@ -722,6 +730,8 @@ def test_tlsext_hostname
|
|
ssl.connect
|
|
assert_equal @cli_cert.serial, ssl.peer_cert.serial
|
|
assert_predicate fooctx, :frozen?
|
|
+
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
ensure
|
|
ssl&.close
|
|
sock.close
|
|
@@ -733,6 +743,8 @@ def test_tlsext_hostname
|
|
ssl.hostname = "bar.example.com"
|
|
ssl.connect
|
|
assert_equal @svr_cert.serial, ssl.peer_cert.serial
|
|
+
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
ensure
|
|
ssl&.close
|
|
sock.close
|
|
@@ -805,7 +817,8 @@ def test_verify_hostname_on_connect
|
|
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
|
ssl.hostname = name
|
|
if expected_ok
|
|
- assert_nothing_raised { ssl.connect }
|
|
+ ssl.connect
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
else
|
|
assert_handshake_error { ssl.connect }
|
|
end
|
|
@@ -1086,6 +1099,7 @@ def test_renegotiation_cb
|
|
start_server_version(:SSLv23, ctx_proc) { |port|
|
|
server_connect(port) { |ssl|
|
|
assert_equal(1, num_handshakes)
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
}
|
|
}
|
|
end
|
|
@@ -1104,6 +1118,7 @@ def test_alpn_protocol_selection_ary
|
|
ctx.alpn_protocols = advertised
|
|
server_connect(port, ctx) { |ssl|
|
|
assert_equal(advertised.first, ssl.alpn_protocol)
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
}
|
|
}
|
|
end
|
|
@@ -1226,14 +1241,11 @@ def test_npn_selected_protocol_too_long
|
|
end
|
|
|
|
def test_close_after_socket_close
|
|
- server_proc = proc { |ctx, ssl|
|
|
- # Do nothing
|
|
- }
|
|
- start_server(server_proc: server_proc) { |port|
|
|
+ start_server { |port|
|
|
sock = TCPSocket.new("127.0.0.1", port)
|
|
ssl = OpenSSL::SSL::SSLSocket.new(sock)
|
|
- ssl.sync_close = true
|
|
ssl.connect
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
sock.close
|
|
assert_nothing_raised do
|
|
ssl.close
|
|
@@ -1298,6 +1310,7 @@ def test_get_ephemeral_key
|
|
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
|
|
server_connect(port, ctx) { |ssl|
|
|
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
}
|
|
end
|
|
end
|
|
@@ -1440,6 +1453,7 @@ def test_ecdh_curves
|
|
assert_equal "secp384r1", ssl.tmp_key.group.curve_name
|
|
end
|
|
end
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
}
|
|
|
|
if openssl?(1, 0, 2) || libressl?(2, 5, 1)
|
|
@@ -1455,6 +1469,7 @@ def test_ecdh_curves
|
|
|
|
server_connect(port, ctx) { |ssl|
|
|
assert_equal "secp521r1", ssl.tmp_key.group.curve_name
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
}
|
|
end
|
|
end
|
|
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
|
|
index 6db0c2d1..78b160ed 100644
|
|
--- a/test/openssl/test_ssl_session.rb
|
|
+++ b/test/openssl/test_ssl_session.rb
|
|
@@ -113,6 +113,7 @@ def test_resumption
|
|
non_resumable = nil
|
|
start_server { |port|
|
|
server_connect_with_session(port, nil, nil) { |ssl|
|
|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
|
|
non_resumable = ssl.session
|
|
}
|
|
}
|