21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
authorApril Chin <april.chin@oracle.com>
Fri, 31 Jul 2015 13:11:47 -0700
changeset 4727 3ef0841967f5
parent 4726 4c4fc9ba31dd
child 4728 a766705f467f
21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
components/ruby/ruby-19/patches/10-dh-keysize-test.patch
components/ruby/ruby-19/patches/11-test_ssl_session_rb.patch
components/ruby/ruby-21/patches/10-dh-keysize-test.patch
components/ruby/ruby-21/patches/11-test_ssl_session_rb.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-19/patches/10-dh-keysize-test.patch	Fri Jul 31 13:11:47 2015 -0700
@@ -0,0 +1,72 @@
+Test adapted from fix to RubyGems test here:
+https://github.com/rubygems/rubygems/commit/71a4198783ebe3087f0cae7db8a4db8558e0f042
+to allow tests to be compatible when run with OpenSSL 1.0.1n+
+
+--- ruby-1.9.3-p551-orig/test/openssl/test_pair.rb	2015-07-17 14:45:13.130116302 -0700
++++ ruby-1.9.3-p551/test/openssl/test_pair.rb	2015-07-17 16:02:16.290182811 -0700
[email protected]@ -6,7 +6,7 @@ require 'socket'
+ require_relative '../ruby/ut_eof'
+ 
+ module SSLPair
+-  DHParam = OpenSSL::PKey::DH.new(128)
++  DHParam = OpenSSL::PKey::DH.new(1024)
+   def server
+     host = "127.0.0.1"
+     port = 0
+--- ruby-1.9.3-p551-orig/test/openssl/test_pkey_dh.rb	2015-07-17 14:45:13.136074567 -0700
++++ ruby-1.9.3-p551/test/openssl/test_pkey_dh.rb	2015-07-17 16:02:23.401606363 -0700
[email protected]@ -4,12 +4,12 @@ if defined?(OpenSSL)
+ 
+ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
+   def test_new
+-    dh = OpenSSL::PKey::DH.new(256)
++    dh = OpenSSL::PKey::DH.new(1024)
+     assert_key(dh)
+   end
+ 
+   def test_to_der
+-    dh = OpenSSL::PKey::DH.new(256)
++    dh = OpenSSL::PKey::DH.new(1024)
+     der = dh.to_der
+     dh2 = OpenSSL::PKey::DH.new(der)
+     assert_equal_params(dh, dh2)
[email protected]@ -17,7 +17,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::
+   end
+ 
+   def test_to_pem
+-    dh = OpenSSL::PKey::DH.new(256)
++    dh = OpenSSL::PKey::DH.new(1024)
+     pem = dh.to_pem
+     dh2 = OpenSSL::PKey::DH.new(pem)
+     assert_equal_params(dh, dh2)
[email protected]@ -25,7 +25,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::
+   end
+ 
+   def test_public_key
+-    dh = OpenSSL::PKey::DH.new(256)
++    dh = OpenSSL::PKey::DH.new(1024)
+     public_key = dh.public_key
+     assert_no_key(public_key) #implies public_key.public? is false!
+     assert_equal(dh.to_der, public_key.to_der)
+--- ruby-1.9.3-p551-orig/test/openssl/utils.rb	2015-07-17 14:45:13.142812710 -0700
++++ ruby-1.9.3-p551/test/openssl/utils.rb	2015-07-17 16:02:26.797918170 -0700
[email protected]@ -238,7 +238,7 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
+     rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK
+     end
+ 
+-    DHParam = OpenSSL::PKey::DH.new(128)
++    DHParam = OpenSSL::PKey::DH.new(1024)
+     def start_server(port0, verify_mode, start_immediately, args = {}, &block)
+       ctx_proc = args[:ctx_proc]
+       server_proc = args[:server_proc]
+--- ruby-1.9.3-p551-orig/test/rubygems/test_gem_remote_fetcher.rb	2015-07-17 14:46:13.088741047 -0700
++++ ruby-1.9.3-p551/test/rubygems/test_gem_remote_fetcher.rb	2015-07-17 16:02:31.266871941 -0700
[email protected]@ -853,7 +853,7 @@ gems:
+     end
+ 
+     DIR = File.expand_path(File.dirname(__FILE__))
+-    DH_PARAM = OpenSSL::PKey::DH.new(128)
++    DH_PARAM = OpenSSL::PKey::DH.new(1024)
+ 
+     def start_ssl_server(config = {})
+       null_logger = NilLog.new
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-19/patches/11-test_ssl_session_rb.patch	Fri Jul 31 13:11:47 2015 -0700
@@ -0,0 +1,39 @@
+Fixes for test errors when SSLv3 is disabled on Solaris,
+based on this patch from upstream:
+https://bugs.ruby-lang.org/attachments/download/5384/0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch
+for this issue
+https://bugs.ruby-lang.org/issues/11366
+
+which also requires this patch
+https://bugs.ruby-lang.org/attachments/download/5385/0005-Use-OP_NO_TICKET-when-testing-SSL-session-cache-call.patch
+for this issue
+https://bugs.ruby-lang.org/issues/11367
+
+--- ruby-1.9.3-p551-orig/test/openssl/test_ssl_session.rb	2011-09-22 21:56:55.000000000 -0700
++++ ruby-1.9.3-p551/test/openssl/test_ssl_session.rb	2015-07-31 09:28:32.210329967 -0700
[email protected]@ -236,7 +236,7 @@ __EOS__
+ 
+   def test_ctx_client_session_cb
+     called = {}
+-    ctx = OpenSSL::SSL::SSLContext.new("SSLv3")
++    ctx = OpenSSL::SSL::SSLContext.new
+     ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT
+ 
+     ctx.session_new_cb = lambda { |ary|
[email protected]@ -270,6 +270,7 @@ __EOS__
+ 
+     ctx_proc = Proc.new { |ctx, ssl|
+       ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
++      ctx.options = OpenSSL::SSL::OP_NO_TICKET
+       last_server_session = nil
+ 
+       # get_cb is called whenever a client proposed to resume a session but
[email protected]@ -308,7 +309,7 @@ __EOS__
+       last_client_session = nil
+       3.times do
+         sock = TCPSocket.new("127.0.0.1", port)
+-        ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new("SSLv3"))
++        ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new)
+         ssl.sync_close = true
+         ssl.session = last_client_session if last_client_session
+         ssl.connect
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-21/patches/10-dh-keysize-test.patch	Fri Jul 31 13:11:47 2015 -0700
@@ -0,0 +1,26 @@
+Test adapted from fix to RubyGems test here:
+https://github.com/rubygems/rubygems/commit/71a4198783ebe3087f0cae7db8a4db8558e0f042
+to allow tests to be compatible when run with OpenSSL 1.0.1n+
+
+--- ruby-2.1.6-orig/test/openssl/test_pkey_dh.rb	2015-07-17 14:51:02.268866378 -0700
++++ ruby-2.1.6/test/openssl/test_pkey_dh.rb	2015-07-17 15:58:25.937323682 -0700
[email protected]@ -4,7 +4,7 @@ if defined?(OpenSSL)
+ 
+ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
+ 
+-  NEW_KEYLEN = 256
++  NEW_KEYLEN = 1024
+ 
+   def test_new
+     dh = OpenSSL::PKey::DH.new(NEW_KEYLEN)
+--- ruby-2.1.6-orig/test/rubygems/test_gem_remote_fetcher.rb	2015-07-17 14:50:07.921167590 -0700
++++ ruby-2.1.6/test/rubygems/test_gem_remote_fetcher.rb	2015-07-17 15:58:29.969724053 -0700
[email protected]@ -789,7 +789,7 @@ gems:
+       server.mount_proc("/insecure_redirect") { |req, res|
+         res.set_redirect(WEBrick::HTTPStatus::MovedPermanently, req.query['to'])
+       }
+-      server.ssl_context.tmp_dh_callback = proc { OpenSSL::PKey::DH.new 128 }
++      server.ssl_context.tmp_dh_callback = proc { OpenSSL::PKey::DH.new 1024 }
+       t = Thread.new do
+         begin
+           server.start
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-21/patches/11-test_ssl_session_rb.patch	Fri Jul 31 13:11:47 2015 -0700
@@ -0,0 +1,39 @@
+Fixes for test errors when SSLv3 is disabled on Solaris,
+based on this patch from upstream:
+https://bugs.ruby-lang.org/attachments/download/5384/0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch
+for this issue
+https://bugs.ruby-lang.org/issues/11366
+
+which also requires this patch
+https://bugs.ruby-lang.org/attachments/download/5385/0005-Use-OP_NO_TICKET-when-testing-SSL-session-cache-call.patch
+for this issue
+https://bugs.ruby-lang.org/issues/11367
+
+--- ruby-2.1.6-orig/test/openssl/test_ssl_session.rb	2012-09-03 15:54:12.000000000 -0700
++++ ruby-2.1.6/test/openssl/test_ssl_session.rb	2015-07-30 16:51:17.000000000 -0700
[email protected]@ -273,7 +273,7 @@ __EOS__
+ 
+   def test_ctx_client_session_cb
+     called = {}
+-    ctx = OpenSSL::SSL::SSLContext.new("SSLv3")
++    ctx = OpenSSL::SSL::SSLContext.new
+     ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT
+ 
+     ctx.session_new_cb = lambda { |ary|
[email protected]@ -307,6 +307,7 @@ __EOS__
+ 
+     ctx_proc = Proc.new { |ctx, ssl|
+       ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
++      ctx.options = OpenSSL::SSL::OP_NO_TICKET
+       last_server_session = nil
+ 
+       # get_cb is called whenever a client proposed to resume a session but
[email protected]@ -345,7 +346,7 @@ __EOS__
+       last_client_session = nil
+       3.times do
+         sock = TCPSocket.new("127.0.0.1", port)
+-        ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new("SSLv3"))
++        ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new)
+         ssl.sync_close = true
+         ssl.session = last_client_session if last_client_session
+         ssl.connect