1 files changed, 254 insertions, 0 deletions

diff --git a/community/ruby-eventmachine/0001-OpenSSL-1.1.0-test-updates.patch b/community/ruby-eventmachine/0001-OpenSSL-1.1.0-test-updates.patch
new file mode 100644
index 00000000000..52089c4aaae
--- /dev/null
+++ b/community/ruby-eventmachine/0001-OpenSSL-1.1.0-test-updates.patch
@@ -0,0 +1,254 @@
+From 506a0c6d2f039c78c0f7d96a31b11b73aa36dccd Mon Sep 17 00:00:00 2001
+From: MSP-Greg <MSP-Greg@users.noreply.github.com>
+Date: Sat, 8 Jul 2017 14:28:50 -0500
+Subject: [PATCH] OpenSSL 1.1.0 test updates
+
+---
+ tests/test_ssl_protocols.rb | 127 ++++++++++++++++++++++++++++++++----
+ 1 file changed, 114 insertions(+), 13 deletions(-)
+
+Patch-Source: https://src.fedoraproject.org/rpms/rubygem-eventmachine/blob/f34/f/rubygem-eventmachine-1.2.7-Bump-TLS-version.patch
+Upstream-Issue: https://github.com/eventmachine/eventmachine/pull/868
+
+diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb
+index bcb68246..e7b16370 100644
+--- a/tests/test_ssl_protocols.rb
++++ b/tests/test_ssl_protocols.rb
+@@ -6,6 +6,20 @@
+ if EM.ssl?
+   class TestSslProtocols < Test::Unit::TestCase
+ 
++    # equal to base METHODS, downcased, like ["tlsv1, "tlsv1_1", "tlsv1_2"]
++    if RUBY_VERSION == "1.8.7"
++      SSL_AVAIL = ["sslv3", "tlsv1"]
++    else
++      SSL_AVAIL = ::OpenSSL::SSL::SSLContext::METHODS.select { |i| i =~ /[^\d]\d\z/ }.map { |i| i.to_s.downcase } 
++    end
++
++    libr_vers =  OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ?
++      OpenSSL::OPENSSL_VERSION : 'na'
++
++    puts "OPENSSL_LIBRARY_VERSION: #{libr_vers}\n" \
++         "        OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \
++         "              SSL_AVAIL: #{SSL_AVAIL.join(' ')}"
++
+     module Client
+       def ssl_handshake_completed
+         $client_handshake_completed = true
+@@ -26,7 +40,7 @@ def ssl_handshake_completed
+     module ClientAny
+       include Client
+       def post_init
+-        start_tls(:ssl_version => %w(sslv2 sslv3 tlsv1 tlsv1_1 tlsv1_2))
++        start_tls(:ssl_version => SSL_AVAIL)
+       end
+     end
+ 
+@@ -51,6 +65,20 @@ def post_init
+       end
+     end
+ 
++    module ClientTLSv1_2
++      include Client
++      def post_init
++        start_tls(:ssl_version => %w(TLSv1_2))
++      end
++    end
++
++    module ServerTLSv1_2
++      include Server
++      def post_init
++        start_tls(:ssl_version => %w(TLSv1_2))
++      end
++    end
++
+     module ServerTLSv1CaseInsensitive
+       include Server
+       def post_init
+@@ -61,7 +89,7 @@ def post_init
+     module ServerAny
+       include Server
+       def post_init
+-        start_tls(:ssl_version => %w(sslv2 sslv3 tlsv1 tlsv1_1 tlsv1_2))
++        start_tls(:ssl_version => SSL_AVAIL)
+       end
+     end
+ 
+@@ -89,6 +117,7 @@ def test_invalid_ssl_version
+     end
+ 
+     def test_any_to_v3
++      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+@@ -99,6 +128,18 @@ def test_any_to_v3
+       assert($server_handshake_completed)
+     end
+ 
++    def test_any_to_tlsv1_2
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      $client_handshake_completed, $server_handshake_completed = false, false
++      EM.run do
++        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
++        EM.connect("127.0.0.1", 16784, ClientAny)
++      end
++
++      assert($client_handshake_completed)
++      assert($server_handshake_completed)
++    end
++
+     def test_case_insensitivity
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+@@ -111,6 +152,7 @@ def test_case_insensitivity
+     end
+ 
+     def test_v3_to_any
++      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerAny)
+@@ -121,7 +163,20 @@ def test_v3_to_any
+       assert($server_handshake_completed)
+     end
+ 
++    def test_tlsv1_2_to_any
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      $client_handshake_completed, $server_handshake_completed = false, false
++      EM.run do
++        EM.start_server("127.0.0.1", 16784, ServerAny)
++        EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
++      end
++
++      assert($client_handshake_completed)
++      assert($server_handshake_completed)
++    end
++
+     def test_v3_to_v3
++      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+@@ -132,6 +187,18 @@ def test_v3_to_v3
+       assert($server_handshake_completed)
+     end
+ 
++    def test_tlsv1_2_to_tlsv1_2
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      $client_handshake_completed, $server_handshake_completed = false, false
++      EM.run do
++        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
++        EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
++      end
++
++      assert($client_handshake_completed)
++      assert($server_handshake_completed)
++    end
++
+     def test_any_to_any
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+@@ -165,9 +232,20 @@ def ssl_handshake_completed
+       end
+     end
+ 
+-    module ServerTLSv1StopAfterHandshake
++    module ServerTLSv1_2StopAfterHandshake
+       def post_init
+-        start_tls(:ssl_version => %w(TLSv1))
++        start_tls(:ssl_version => %w(TLSv1_2))
++      end
++
++      def ssl_handshake_completed
++        $server_handshake_completed = true
++        EM.stop_event_loop
++      end
++    end
++
++    module ServerAnyStopAfterHandshake
++      def post_init
++        start_tls(:ssl_version => SSL_AVAIL)
+       end
+ 
+       def ssl_handshake_completed
+@@ -177,6 +255,7 @@ def ssl_handshake_completed
+     end
+ 
+     def test_v3_with_external_client
++      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+       $server_handshake_completed = false
+       EM.run do
+         setup_timeout(2)
+@@ -195,15 +274,17 @@ def test_v3_with_external_client
+       assert($server_handshake_completed)
+     end
+ 
+-    def test_tlsv1_with_external_client
++    # Fixed Server
++    def test_tlsv1_2_with_external_client
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+       $server_handshake_completed = false
+       EM.run do
+         setup_timeout(2)
+-        EM.start_server("127.0.0.1", 16784, ServerTLSv1StopAfterHandshake)
++        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
+         EM.defer do
+           sock = TCPSocket.new("127.0.0.1", 16784)
+           ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :TLSv1_client
++          ctx.ssl_version = :SSLv23_client
+           ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+           ssl.connect
+           ssl.close rescue nil
+@@ -214,24 +295,44 @@ def test_tlsv1_with_external_client
+       assert($server_handshake_completed)
+     end
+ 
+-    def test_tlsv1_required_with_external_client
++    # Fixed Client
++    def test_any_with_external_client_tlsv1_2
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+       $server_handshake_completed = false
++      EM.run do
++        setup_timeout(2)
++        EM.start_server("127.0.0.1", 16784, ServerAnyStopAfterHandshake)
++        EM.defer do
++          sock = TCPSocket.new("127.0.0.1", 16784)
++          ctx = OpenSSL::SSL::SSLContext.new
++          ctx.ssl_version = :TLSv1_2_client
++          ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
++          ssl.connect
++          ssl.close rescue nil
++          sock.close rescue nil
++        end
++      end
++
++      assert($server_handshake_completed)
++    end
+ 
++    # Refuse a client?
++    def test_tlsv1_2_required_with_external_client
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      $server_handshake_completed = false
+       EM.run do
+         n = 0
+         EM.add_periodic_timer(0.5) do
+           n += 1
+           (EM.stop rescue nil) if n == 2
+         end
+-        EM.start_server("127.0.0.1", 16784, ServerTLSv1StopAfterHandshake)
++        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
+         EM.defer do
+           sock = TCPSocket.new("127.0.0.1", 16784)
+           ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :SSLv3_client
++          ctx.ssl_version = :TLSv1_client
+           ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+-          assert_raise OpenSSL::SSL::SSLError do
+-            ssl.connect
+-          end
++          assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
+           ssl.close rescue nil
+           sock.close rescue nil
+           EM.stop rescue nil