21466647 Ruby tests should be patched to fix test failures when using upgraded OpenSSL
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-19/patches/10-dh-keysize-test.patch Fri Jul 31 13:11:47 2015 -0700
@@ -0,0 +1,72 @@
+Test adapted from fix to RubyGems test here:
+https://github.com/rubygems/rubygems/commit/71a4198783ebe3087f0cae7db8a4db8558e0f042
+to allow tests to be compatible when run with OpenSSL 1.0.1n+
+
+--- ruby-1.9.3-p551-orig/test/openssl/test_pair.rb 2015-07-17 14:45:13.130116302 -0700
++++ ruby-1.9.3-p551/test/openssl/test_pair.rb 2015-07-17 16:02:16.290182811 -0700
+@@ -6,7 +6,7 @@ require 'socket'
+ require_relative '../ruby/ut_eof'
+
+ module SSLPair
+- DHParam = OpenSSL::PKey::DH.new(128)
++ DHParam = OpenSSL::PKey::DH.new(1024)
+ def server
+ host = "127.0.0.1"
+ port = 0
+--- ruby-1.9.3-p551-orig/test/openssl/test_pkey_dh.rb 2015-07-17 14:45:13.136074567 -0700
++++ ruby-1.9.3-p551/test/openssl/test_pkey_dh.rb 2015-07-17 16:02:23.401606363 -0700
+@@ -4,12 +4,12 @@ if defined?(OpenSSL)
+
+ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
+ def test_new
+- dh = OpenSSL::PKey::DH.new(256)
++ dh = OpenSSL::PKey::DH.new(1024)
+ assert_key(dh)
+ end
+
+ def test_to_der
+- dh = OpenSSL::PKey::DH.new(256)
++ dh = OpenSSL::PKey::DH.new(1024)
+ der = dh.to_der
+ dh2 = OpenSSL::PKey::DH.new(der)
+ assert_equal_params(dh, dh2)
+@@ -17,7 +17,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::
+ end
+
+ def test_to_pem
+- dh = OpenSSL::PKey::DH.new(256)
++ dh = OpenSSL::PKey::DH.new(1024)
+ pem = dh.to_pem
+ dh2 = OpenSSL::PKey::DH.new(pem)
+ assert_equal_params(dh, dh2)
+@@ -25,7 +25,7 @@ class OpenSSL::TestPKeyDH < Test::Unit::
+ end
+
+ def test_public_key
+- dh = OpenSSL::PKey::DH.new(256)
++ dh = OpenSSL::PKey::DH.new(1024)
+ public_key = dh.public_key
+ assert_no_key(public_key) #implies public_key.public? is false!
+ assert_equal(dh.to_der, public_key.to_der)
+--- ruby-1.9.3-p551-orig/test/openssl/utils.rb 2015-07-17 14:45:13.142812710 -0700
++++ ruby-1.9.3-p551/test/openssl/utils.rb 2015-07-17 16:02:26.797918170 -0700
+@@ -238,7 +238,7 @@ aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
+ rescue Errno::EBADF, IOError, Errno::EINVAL, Errno::ECONNABORTED, Errno::ENOTSOCK
+ end
+
+- DHParam = OpenSSL::PKey::DH.new(128)
++ DHParam = OpenSSL::PKey::DH.new(1024)
+ def start_server(port0, verify_mode, start_immediately, args = {}, &block)
+ ctx_proc = args[:ctx_proc]
+ server_proc = args[:server_proc]
+--- ruby-1.9.3-p551-orig/test/rubygems/test_gem_remote_fetcher.rb 2015-07-17 14:46:13.088741047 -0700
++++ ruby-1.9.3-p551/test/rubygems/test_gem_remote_fetcher.rb 2015-07-17 16:02:31.266871941 -0700
+@@ -853,7 +853,7 @@ gems:
+ end
+
+ DIR = File.expand_path(File.dirname(__FILE__))
+- DH_PARAM = OpenSSL::PKey::DH.new(128)
++ DH_PARAM = OpenSSL::PKey::DH.new(1024)
+
+ def start_ssl_server(config = {})
+ null_logger = NilLog.new
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-19/patches/11-test_ssl_session_rb.patch Fri Jul 31 13:11:47 2015 -0700
@@ -0,0 +1,39 @@
+Fixes for test errors when SSLv3 is disabled on Solaris,
+based on this patch from upstream:
+https://bugs.ruby-lang.org/attachments/download/5384/0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch
+for this issue
+https://bugs.ruby-lang.org/issues/11366
+
+which also requires this patch
+https://bugs.ruby-lang.org/attachments/download/5385/0005-Use-OP_NO_TICKET-when-testing-SSL-session-cache-call.patch
+for this issue
+https://bugs.ruby-lang.org/issues/11367
+
+--- ruby-1.9.3-p551-orig/test/openssl/test_ssl_session.rb 2011-09-22 21:56:55.000000000 -0700
++++ ruby-1.9.3-p551/test/openssl/test_ssl_session.rb 2015-07-31 09:28:32.210329967 -0700
+@@ -236,7 +236,7 @@ __EOS__
+
+ def test_ctx_client_session_cb
+ called = {}
+- ctx = OpenSSL::SSL::SSLContext.new("SSLv3")
++ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT
+
+ ctx.session_new_cb = lambda { |ary|
+@@ -270,6 +270,7 @@ __EOS__
+
+ ctx_proc = Proc.new { |ctx, ssl|
+ ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
++ ctx.options = OpenSSL::SSL::OP_NO_TICKET
+ last_server_session = nil
+
+ # get_cb is called whenever a client proposed to resume a session but
+@@ -308,7 +309,7 @@ __EOS__
+ last_client_session = nil
+ 3.times do
+ sock = TCPSocket.new("127.0.0.1", port)
+- ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new("SSLv3"))
++ ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new)
+ ssl.sync_close = true
+ ssl.session = last_client_session if last_client_session
+ ssl.connect
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-21/patches/10-dh-keysize-test.patch Fri Jul 31 13:11:47 2015 -0700
@@ -0,0 +1,26 @@
+Test adapted from fix to RubyGems test here:
+https://github.com/rubygems/rubygems/commit/71a4198783ebe3087f0cae7db8a4db8558e0f042
+to allow tests to be compatible when run with OpenSSL 1.0.1n+
+
+--- ruby-2.1.6-orig/test/openssl/test_pkey_dh.rb 2015-07-17 14:51:02.268866378 -0700
++++ ruby-2.1.6/test/openssl/test_pkey_dh.rb 2015-07-17 15:58:25.937323682 -0700
+@@ -4,7 +4,7 @@ if defined?(OpenSSL)
+
+ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
+
+- NEW_KEYLEN = 256
++ NEW_KEYLEN = 1024
+
+ def test_new
+ dh = OpenSSL::PKey::DH.new(NEW_KEYLEN)
+--- ruby-2.1.6-orig/test/rubygems/test_gem_remote_fetcher.rb 2015-07-17 14:50:07.921167590 -0700
++++ ruby-2.1.6/test/rubygems/test_gem_remote_fetcher.rb 2015-07-17 15:58:29.969724053 -0700
+@@ -789,7 +789,7 @@ gems:
+ server.mount_proc("/insecure_redirect") { |req, res|
+ res.set_redirect(WEBrick::HTTPStatus::MovedPermanently, req.query['to'])
+ }
+- server.ssl_context.tmp_dh_callback = proc { OpenSSL::PKey::DH.new 128 }
++ server.ssl_context.tmp_dh_callback = proc { OpenSSL::PKey::DH.new 1024 }
+ t = Thread.new do
+ begin
+ server.start
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ruby/ruby-21/patches/11-test_ssl_session_rb.patch Fri Jul 31 13:11:47 2015 -0700
@@ -0,0 +1,39 @@
+Fixes for test errors when SSLv3 is disabled on Solaris,
+based on this patch from upstream:
+https://bugs.ruby-lang.org/attachments/download/5384/0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch
+for this issue
+https://bugs.ruby-lang.org/issues/11366
+
+which also requires this patch
+https://bugs.ruby-lang.org/attachments/download/5385/0005-Use-OP_NO_TICKET-when-testing-SSL-session-cache-call.patch
+for this issue
+https://bugs.ruby-lang.org/issues/11367
+
+--- ruby-2.1.6-orig/test/openssl/test_ssl_session.rb 2012-09-03 15:54:12.000000000 -0700
++++ ruby-2.1.6/test/openssl/test_ssl_session.rb 2015-07-30 16:51:17.000000000 -0700
+@@ -273,7 +273,7 @@ __EOS__
+
+ def test_ctx_client_session_cb
+ called = {}
+- ctx = OpenSSL::SSL::SSLContext.new("SSLv3")
++ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT
+
+ ctx.session_new_cb = lambda { |ary|
+@@ -307,6 +307,7 @@ __EOS__
+
+ ctx_proc = Proc.new { |ctx, ssl|
+ ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
++ ctx.options = OpenSSL::SSL::OP_NO_TICKET
+ last_server_session = nil
+
+ # get_cb is called whenever a client proposed to resume a session but
+@@ -345,7 +346,7 @@ __EOS__
+ last_client_session = nil
+ 3.times do
+ sock = TCPSocket.new("127.0.0.1", port)
+- ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new("SSLv3"))
++ ssl = OpenSSL::SSL::SSLSocket.new(sock, OpenSSL::SSL::SSLContext.new)
+ ssl.sync_close = true
+ ssl.session = last_client_session if last_client_session
+ ssl.connect