# HG changeset patch # User April Chin # Date 1438373507 25200 # Node ID 3ef0841967f5e5c5772089cbc423b6e85fa86a30 # Parent 4c4fc9ba31ddca51b295c6ad1b50e1444a2da04f 21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL diff -r 4c4fc9ba31dd -r 3ef0841967f5 components/ruby/ruby-19/patches/10-dh-keysize-test.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/ruby/ruby-19/patches/10-dh-keysize-test.patch Fri Jul 31 13:11:47 2015 -0700 @@ -0,0 +1,72 @@ +Test adapted from fix to RubyGems test here: +https://github.com/rubygems/rubygems/commit/71a4198783ebe3087f0cae7db8a4db8558e0f042 +to allow tests to be compatible when run with OpenSSL 1.0.1n+ + +--- ruby-1.9.3-p551-orig/test/openssl/test_pair.rb 2015-07-17 14:45:13.130116302 -0700 ++++ ruby-1.9.3-p551/test/openssl/test_pair.rb 2015-07-17 16:02:16.290182811 -0700 +@@ -6,7 +6,7 @@ require 'socket' + require_relative '../ruby/ut_eof' + + module SSLPair +- DHParam = OpenSSL::PKey::DH.new(128) ++ DHParam = OpenSSL::PKey::DH.new(1024) + def server + host = "127.0.0.1" + port = 0 +--- ruby-1.9.3-p551-orig/test/openssl/test_pkey_dh.rb 2015-07-17 14:45:13.136074567 -0700 ++++ ruby-1.9.3-p551/test/openssl/test_pkey_dh.rb 2015-07-17 16:02:23.401606363 -0700 +@@ -4,12 +4,12 @@ if defined?(OpenSSL) + + class OpenSSL::TestPKeyDH < Test::Unit::TestCase + def test_new +- dh = OpenSSL::PKey::DH.new(256) ++ dh = OpenSSL::PKey::DH.new(1024) + assert_key(dh) + end + + def test_to_der +- dh = OpenSSL::PKey::DH.new(256) ++ dh = OpenSSL::PKey::DH.new(1024) + der = dh.to_der + dh2 = OpenSSL::PKey::DH.new(der) + assert_equal_params(dh, dh2) +@@ -17,7 +17,7 @@ class OpenSSL::TestPKeyDH < Test::Unit:: + end + + def test_to_pem +- dh = OpenSSL::PKey::DH.new(256) ++ dh = OpenSSL::PKey::DH.new(1024) + pem = dh.to_pem + dh2 = OpenSSL::PKey::DH.new(pem) + assert_equal_params(dh, dh2) +@@ -25,7 +25,7 @@ class OpenSSL::TestPKeyDH < Test::Unit:: + end + + def test_public_key +- dh = OpenSSL::PKey::DH.new(256) ++ dh = OpenSSL::PKey::DH.new(1024) + public_key = dh.public_key + assert_no_key(public_key) #implies public_key.public? is false! + assert_equal(dh.to_der, public_key.to_der) +--- ruby-1.9.3-p551-orig/test/openssl/utils.rb 2015-07-17 14:45:13.142812710 -0700 ++++ ruby-1.9.3-p551/test/openssl/utils.rb 2015-07-17 16:02:26.797918170 -0700 +@@ -238,7 +238,7 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC + rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK + end + +- DHParam = OpenSSL::PKey::DH.new(128) ++ DHParam = OpenSSL::PKey::DH.new(1024) + def start_server(port0, verify_mode, start_immediately, args = {}, &block) + ctx_proc = args[:ctx_proc] + server_proc = args[:server_proc] +--- ruby-1.9.3-p551-orig/test/rubygems/test_gem_remote_fetcher.rb 2015-07-17 14:46:13.088741047 -0700 ++++ ruby-1.9.3-p551/test/rubygems/test_gem_remote_fetcher.rb 2015-07-17 16:02:31.266871941 -0700 +@@ -853,7 +853,7 @@ gems: + end + + DIR = File.expand_path(File.dirname(__FILE__)) +- DH_PARAM = OpenSSL::PKey::DH.new(128) ++ DH_PARAM = OpenSSL::PKey::DH.new(1024) + + def start_ssl_server(config = {}) + null_logger = NilLog.new diff -r 4c4fc9ba31dd -r 3ef0841967f5 components/ruby/ruby-19/patches/11-test_ssl_session_rb.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/ruby/ruby-19/patches/11-test_ssl_session_rb.patch Fri Jul 31 13:11:47 2015 -0700 @@ -0,0 +1,39 @@ +Fixes for test errors when SSLv3 is disabled on Solaris, +based on this patch from upstream: +https://bugs.ruby-lang.org/attachments/download/5384/0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch +for this issue +https://bugs.ruby-lang.org/issues/11366 + +which also requires this patch +https://bugs.ruby-lang.org/attachments/download/5385/0005-Use-OP_NO_TICKET-when-testing-SSL-session-cache-call.patch +for this issue +https://bugs.ruby-lang.org/issues/11367 + +--- ruby-1.9.3-p551-orig/test/openssl/test_ssl_session.rb 2011-09-22 21:56:55.000000000 -0700 ++++ ruby-1.9.3-p551/test/openssl/test_ssl_session.rb 2015-07-31 09:28:32.210329967 -0700 +@@ -236,7 +236,7 @@ __EOS__ + + def test_ctx_client_session_cb + called = {} +- ctx = OpenSSL::SSL::SSLContext.new("SSLv3") ++ ctx = OpenSSL::SSL::SSLContext.new + ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT + + ctx.session_new_cb = lambda { |ary| +@@ -270,6 +270,7 @@ __EOS__ + + ctx_proc = Proc.new { |ctx, ssl| + ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER ++ ctx.options = OpenSSL::SSL::OP_NO_TICKET + last_server_session = nil + + # get_cb is called whenever a client proposed to resume a session but +@@ -308,7 +309,7 @@ __EOS__ + last_client_session = nil + 3.times do + sock = TCPSocket.new("127.0.0.1", port) +- ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new("SSLv3")) ++ ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new) + ssl.sync_close = true + ssl.session = last_client_session if last_client_session + ssl.connect diff -r 4c4fc9ba31dd -r 3ef0841967f5 components/ruby/ruby-21/patches/10-dh-keysize-test.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/ruby/ruby-21/patches/10-dh-keysize-test.patch Fri Jul 31 13:11:47 2015 -0700 @@ -0,0 +1,26 @@ +Test adapted from fix to RubyGems test here: +https://github.com/rubygems/rubygems/commit/71a4198783ebe3087f0cae7db8a4db8558e0f042 +to allow tests to be compatible when run with OpenSSL 1.0.1n+ + +--- ruby-2.1.6-orig/test/openssl/test_pkey_dh.rb 2015-07-17 14:51:02.268866378 -0700 ++++ ruby-2.1.6/test/openssl/test_pkey_dh.rb 2015-07-17 15:58:25.937323682 -0700 +@@ -4,7 +4,7 @@ if defined?(OpenSSL) + + class OpenSSL::TestPKeyDH < Test::Unit::TestCase + +- NEW_KEYLEN = 256 ++ NEW_KEYLEN = 1024 + + def test_new + dh = OpenSSL::PKey::DH.new(NEW_KEYLEN) +--- ruby-2.1.6-orig/test/rubygems/test_gem_remote_fetcher.rb 2015-07-17 14:50:07.921167590 -0700 ++++ ruby-2.1.6/test/rubygems/test_gem_remote_fetcher.rb 2015-07-17 15:58:29.969724053 -0700 +@@ -789,7 +789,7 @@ gems: + server.mount_proc("/insecure_redirect") { |req, res| + res.set_redirect(WEBrick::HTTPStatus::MovedPermanently, req.query['to']) + } +- server.ssl_context.tmp_dh_callback = proc { OpenSSL::PKey::DH.new 128 } ++ server.ssl_context.tmp_dh_callback = proc { OpenSSL::PKey::DH.new 1024 } + t = Thread.new do + begin + server.start diff -r 4c4fc9ba31dd -r 3ef0841967f5 components/ruby/ruby-21/patches/11-test_ssl_session_rb.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/ruby/ruby-21/patches/11-test_ssl_session_rb.patch Fri Jul 31 13:11:47 2015 -0700 @@ -0,0 +1,39 @@ +Fixes for test errors when SSLv3 is disabled on Solaris, +based on this patch from upstream: +https://bugs.ruby-lang.org/attachments/download/5384/0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch +for this issue +https://bugs.ruby-lang.org/issues/11366 + +which also requires this patch +https://bugs.ruby-lang.org/attachments/download/5385/0005-Use-OP_NO_TICKET-when-testing-SSL-session-cache-call.patch +for this issue +https://bugs.ruby-lang.org/issues/11367 + +--- ruby-2.1.6-orig/test/openssl/test_ssl_session.rb 2012-09-03 15:54:12.000000000 -0700 ++++ ruby-2.1.6/test/openssl/test_ssl_session.rb 2015-07-30 16:51:17.000000000 -0700 +@@ -273,7 +273,7 @@ __EOS__ + + def test_ctx_client_session_cb + called = {} +- ctx = OpenSSL::SSL::SSLContext.new("SSLv3") ++ ctx = OpenSSL::SSL::SSLContext.new + ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT + + ctx.session_new_cb = lambda { |ary| +@@ -307,6 +307,7 @@ __EOS__ + + ctx_proc = Proc.new { |ctx, ssl| + ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER ++ ctx.options = OpenSSL::SSL::OP_NO_TICKET + last_server_session = nil + + # get_cb is called whenever a client proposed to resume a session but +@@ -345,7 +346,7 @@ __EOS__ + last_client_session = nil + 3.times do + sock = TCPSocket.new("127.0.0.1", port) +- ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new("SSLv3")) ++ ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new) + ssl.sync_close = true + ssl.session = last_client_session if last_client_session + ssl.connect