author | April Chin <april.chin@oracle.com> |
Fri, 31 Jul 2015 13:11:47 -0700 | |
changeset 4727 | 3ef0841967f5 |
permissions | -rw-r--r-- |
4727
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
1 |
Fixes for test errors when SSLv3 is disabled on Solaris, |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
2 |
based on this patch from upstream: |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
3 |
https://bugs.ruby-lang.org/attachments/download/5384/0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
4 |
for this issue |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
5 |
https://bugs.ruby-lang.org/issues/11366 |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
6 |
|
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
7 |
which also requires this patch |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
8 |
https://bugs.ruby-lang.org/attachments/download/5385/0005-Use-OP_NO_TICKET-when-testing-SSL-session-cache-call.patch |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
9 |
for this issue |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
10 |
https://bugs.ruby-lang.org/issues/11367 |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
11 |
|
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
12 |
--- ruby-1.9.3-p551-orig/test/openssl/test_ssl_session.rb 2011-09-22 21:56:55.000000000 -0700 |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
13 |
+++ ruby-1.9.3-p551/test/openssl/test_ssl_session.rb 2015-07-31 09:28:32.210329967 -0700 |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
14 |
@@ -236,7 +236,7 @@ __EOS__ |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
15 |
|
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
16 |
def test_ctx_client_session_cb |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
17 |
called = {} |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
18 |
- ctx = OpenSSL::SSL::SSLContext.new("SSLv3") |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
19 |
+ ctx = OpenSSL::SSL::SSLContext.new |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
20 |
ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
21 |
|
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
22 |
ctx.session_new_cb = lambda { |ary| |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
23 |
@@ -270,6 +270,7 @@ __EOS__ |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
24 |
|
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
25 |
ctx_proc = Proc.new { |ctx, ssl| |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
26 |
ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
27 |
+ ctx.options = OpenSSL::SSL::OP_NO_TICKET |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
28 |
last_server_session = nil |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
29 |
|
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
30 |
# get_cb is called whenever a client proposed to resume a session but |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
31 |
@@ -308,7 +309,7 @@ __EOS__ |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
32 |
last_client_session = nil |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
33 |
3.times do |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
34 |
sock = TCPSocket.new("127.0.0.1", port) |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
35 |
- ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new("SSLv3")) |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
36 |
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new) |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
37 |
ssl.sync_close = true |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
38 |
ssl.session = last_client_session if last_client_session |
3ef0841967f5
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
39 |
ssl.connect |