aboutsummaryrefslogtreecommitdiffstats
path: root/community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch')
-rw-r--r--community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch901
1 files changed, 901 insertions, 0 deletions
diff --git a/community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch b/community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch
new file mode 100644
index 00000000000..dc81b7ff7b1
--- /dev/null
+++ b/community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch
@@ -0,0 +1,901 @@
+From dd6cec8d5278e11f2a1752aa7b4a712d53b1f1d3 Mon Sep 17 00:00:00 2001
+From: MSP-Greg <greg.mpls@gmail.com>
+Date: Sun, 13 Jan 2019 21:23:03 -0600
+Subject: [PATCH] Update SSL tests, 1.1.x & TLSv1_3
+
+Add Ruby 2.6 to Travis osx for OpenSSL 1.1.0
+
+Note that order of 'ssl_handshake_completed' callbacks in TLSv1_3 are reversed
+---
+ tests/test_ssl_dhparam.rb | 6 +-
+ tests/test_ssl_ecdh_curve.rb | 45 ++++++
+ tests/test_ssl_extensions.rb | 56 +++++---
+ tests/test_ssl_methods.rb | 3
+ tests/test_ssl_protocols.rb | 322 +++++++++++++++++--------------------------------
+ tests/test_ssl_verify.rb | 110 ++++++++++------
+ 6 files changed, 263 insertions(+), 279 deletions(-)
+
+Patch-Source: https://src.fedoraproject.org/rpms/rubygem-eventmachine/blob/f34/f/rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch
+Upstream-Issue: https://github.com/eventmachine/eventmachine/pull/867
+
+diff --git a/tests/test_ssl_dhparam.rb b/tests/test_ssl_dhparam.rb
+index 0a7f01da..e5165caf 100644
+--- a/tests/test_ssl_dhparam.rb
++++ b/tests/test_ssl_dhparam.rb
+@@ -8,7 +8,7 @@ def setup
+
+ module Client
+ def post_init
+- start_tls
++ start_tls(:ssl_version => %w(TLSv1_2))
+ end
+
+ def ssl_handshake_completed
+@@ -24,7 +24,7 @@ def unbind
+
+ module Server
+ def post_init
+- start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH")
++ start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2))
+ end
+
+ def ssl_handshake_completed
+@@ -35,7 +35,7 @@ def ssl_handshake_completed
+
+ module NoDhServer
+ def post_init
+- start_tls(:cipher_list => "DHE,EDH")
++ start_tls(:cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2))
+ end
+
+ def ssl_handshake_completed
+diff --git a/tests/test_ssl_ecdh_curve.rb b/tests/test_ssl_ecdh_curve.rb
+index c4148ce9..53b8ae24 100644
+--- a/tests/test_ssl_ecdh_curve.rb
++++ b/tests/test_ssl_ecdh_curve.rb
+@@ -1,6 +1,11 @@
+ require 'em_test_helper'
+
+ class TestSslEcdhCurve < Test::Unit::TestCase
++ if EM.ssl?
++ SSL_LIB_VERS = EM::OPENSSL_LIBRARY_VERSION[/OpenSSL (\d+\.\d+\.\d+)/, 1]
++ .split('.').map(&:to_i)
++ end
++
+ module Client
+ def post_init
+ start_tls
+@@ -17,7 +15,7 @@ def post_init
+ def ssl_handshake_completed
+ $client_handshake_completed = true
+ $client_cipher_name = get_cipher_name
+- close_connection
++ close_connection unless /TLSv1\.3/i =~ get_cipher_protocol
+ end
+
+ def unbind
+@@ -27,7 +25,11 @@ def unbind
+
+ module Server
+ def post_init
+- start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH")
++ if (SSL_LIB_VERS <=> [1, 1]) == 1
++ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2))
++ else
++ start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH", :ssl_version => %w(TLSv1_2))
++ end
+ end
+
+ def ssl_handshake_completed
+@@ -36,9 +38,21 @@ def ssl_handshake_completed
+ end
+ end
+
++ module Server1_3
++ def post_init
++ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_3))
++ end
++
++ def ssl_handshake_completed
++ $server_handshake_completed = true
++ $server_cipher_name = get_cipher_name
++ close_connection if /TLSv1\.3/i =~ get_cipher_protocol
++ end
++ end
++
+ module NoCurveServer
+ def post_init
+- start_tls(:cipher_list => "ECDH")
++ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2))
+ end
+
+ def ssl_handshake_completed
+@@ -50,6 +64,7 @@ def ssl_handshake_completed
+ def test_no_ecdh_curve
+ omit_unless(EM.ssl?)
+ omit_if(rbx?)
++ omit("OpenSSL 1.1.x (and later) auto selects curve") if (SSL_LIB_VERS <=> [1, 1]) == 1
+
+ $client_handshake_completed, $server_handshake_completed = false, false
+
+@@ -85,5 +99,27 @@ def test_ecdh_curve
+ assert_match(/^(AECDH|ECDHE)/, $client_cipher_name)
+ end
+
++ def test_ecdh_curve_tlsv1_3
++ omit("No SSL") unless EM.ssl?
++ omit_if(EM.library_type == :pure_ruby && RUBY_VERSION < "2.3.0")
++ omit_if(rbx?)
++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
+
++ $client_handshake_completed, $server_handshake_completed = false, false
++ $server_cipher_name, $client_cipher_name = nil, nil
++
++ EM.run {
++ EM.start_server("127.0.0.1", 16784, Server1_3)
++ EM.connect("127.0.0.1", 16784, Client)
++ }
++
++ assert($client_handshake_completed)
++ assert($server_handshake_completed)
++
++ assert($client_cipher_name.length > 0)
++ assert_equal($client_cipher_name, $server_cipher_name)
++ # see https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
++ # may depend on OpenSSL build options
++ assert_equal("TLS_AES_256_GCM_SHA384", $client_cipher_name)
++ end
+ end
+diff --git a/tests/test_ssl_extensions.rb b/tests/test_ssl_extensions.rb
+index 594feb95..93f4ef5a 100644
+--- a/tests/test_ssl_extensions.rb
++++ b/tests/test_ssl_extensions.rb
+@@ -5,43 +5,57 @@
+ if EM.ssl?
+ class TestSslExtensions < Test::Unit::TestCase
+
++ IP, PORT = "127.0.0.1", 16784
++
+ module Client
+- def ssl_handshake_completed
+- $client_handshake_completed = true
+- close_connection
+- end
+-
+- def unbind
+- EM.stop_event_loop
++ def self.ssl_vers=(val = nil)
++ @@ssl_vers = val
+ end
+
+ def post_init
+- start_tls(:ssl_version => :tlsv1, :sni_hostname => 'example.com')
++ start_tls(:sni_hostname => 'example.com', :ssl_version => @@ssl_vers)
+ end
+ end
+
+ module Server
+- def ssl_handshake_completed
+- $server_handshake_completed = true
+- $server_sni_hostname = get_sni_hostname
+- end
++ @@handshake_completed = false
++ @@sni_hostname = 'Not set'
++
++ def self.handshake_completed? ; !!@@handshake_completed end
++ def self.sni_hostname ; @@sni_hostname end
+
+ def post_init
+- start_tls(:ssl_version => :TLSv1)
++ start_tls
+ end
+- end
+
+- def test_tlsext_sni_hostname
+- $server_handshake_completed = false
++ def ssl_handshake_completed
++ @@handshake_completed = true
++ @@sni_hostname = get_sni_hostname
++ end
++ end
+
++ def client_server(client = nil)
+ EM.run do
+- EM.start_server("127.0.0.1", 16784, Server)
+- EM.connect("127.0.0.1", 16784, Client)
++ Client.ssl_vers = client
++ EM.start_server IP, PORT, Server
++ EM.connect IP, PORT, Client
++ EM.add_timer(0.3) { EM.stop_event_loop }
+ end
+-
+- assert($server_handshake_completed)
+- assert_equal('example.com', $server_sni_hostname)
+ end
++
++ def test_tlsext_sni_hostname_1_2
++ client_server %w(TLSv1_2)
++ assert Server.handshake_completed?
++ assert_equal 'example.com', Server.sni_hostname
++ end
++
++ def test_tlsext_sni_hostname_1_3
++ omit("TLSv1_3 is unavailable") unless SSL_AVAIL.include? "tlsv1_3"
++ client_server %w(TLSv1_3)
++ assert Server.handshake_completed?
++ assert_equal 'example.com', Server.sni_hostname
++ end
++
+ end
+ else
+ warn "EM built without SSL support, skipping tests in #{__FILE__}"
+diff --git a/tests/test_ssl_methods.rb b/tests/test_ssl_methods.rb
+index 3c45ee5d..022844fd 100644
+--- a/tests/test_ssl_methods.rb
++++ b/tests/test_ssl_methods.rb
+@@ -13,6 +13,7 @@ def ssl_handshake_completed
+ $server_cipher_bits = get_cipher_bits
+ $server_cipher_name = get_cipher_name
+ $server_cipher_protocol = get_cipher_protocol
++ EM.stop_event_loop if /TLSv1\.3/ =~ get_cipher_protocol
+ end
+ end
+
+@@ -27,7 +28,7 @@ def ssl_handshake_completed
+ $client_cipher_bits = get_cipher_bits
+ $client_cipher_name = get_cipher_name
+ $client_cipher_protocol = get_cipher_protocol
+- EM.stop_event_loop
++ EM.stop_event_loop if /TLSv1\.3/ !~ get_cipher_protocol
+ end
+ end
+
+diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb
+index 96c57c23..6b10eb6b 100644
+--- a/tests/test_ssl_protocols.rb
++++ b/tests/test_ssl_protocols.rb
+@@ -3,319 +1,224 @@
+ require 'openssl'
+
+ if EM.ssl?
++
+ class TestSslProtocols < Test::Unit::TestCase
+
++ IP, PORT = "127.0.0.1", 16784
++ RUBY_SSL_GE_2_1 = OpenSSL::VERSION >= '2.1'
++
+ module Client
+- def ssl_handshake_completed
+- $client_handshake_completed = true
+- close_connection
+- end
++ @@handshake_completed = false
+
+- def unbind
+- EM.stop_event_loop
++ def self.ssl_vers=(val = nil)
++ @@ssl_vers = val
+ end
+- end
+
+- module Server
+- def ssl_handshake_completed
+- $server_handshake_completed = true
++ def self.handshake_completed?
++ @@handshake_completed
+ end
+- end
+
+- module ClientAny
+- include Client
+ def post_init
+- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
++ @@handshake_completed = false
++ if @@ssl_vers
++ start_tls(:ssl_version => @@ssl_vers)
++ else
++ start_tls
++ end
+ end
+- end
+
+- module ClientDefault
+- include Client
+- def post_init
+- start_tls
+- end
+- end
+-
+- module ClientSSLv3
+- include Client
+- def post_init
+- start_tls(:ssl_version => %w(SSLv3))
++ def ssl_handshake_completed
++ @@handshake_completed = true
+ end
+ end
+
+- module ServerSSLv3
+- include Server
+- def post_init
+- start_tls(:ssl_version => %w(SSLv3))
+- end
+- end
++ module Server
++ @@handshake_completed = false
+
+- module ClientTLSv1_2
+- include Client
+- def post_init
+- start_tls(:ssl_version => %w(TLSv1_2))
++ def self.ssl_vers=(val = nil)
++ @@ssl_vers = val
+ end
+- end
+
+- module ServerTLSv1_2
+- include Server
+- def post_init
+- start_tls(:ssl_version => %w(TLSv1_2))
+- end
+- end
++ def self.handshake_completed? ; @@handshake_completed end
+
+- module ServerTLSv1CaseInsensitive
+- include Server
+ def post_init
+- start_tls(:ssl_version => %w(tlsv1))
+- end
+- end
+-
+- module ServerAny
+- include Server
+- def post_init
+- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
++ @@handshake_completed = false
++ if @@ssl_vers
++ start_tls(:ssl_version => @@ssl_vers)
++ else
++ start_tls
++ end
+ end
+- end
+
+- module ServerDefault
+- include Server
+- def post_init
+- start_tls
++ def ssl_handshake_completed
++ @@handshake_completed = true
+ end
+ end
+
+- module InvalidProtocol
+- include Client
+- def post_init
+- start_tls(:ssl_version => %w(tlsv1 badinput))
++ def client_server(client = nil, server = nil)
++ EM.run do
++ Client.ssl_vers, Server.ssl_vers = client, server
++ EM.start_server IP, PORT, Server
++ EM.connect IP, PORT, Client
++ EM.add_timer(0.3) { EM.stop_event_loop }
+ end
+ end
+
+ def test_invalid_ssl_version
+ assert_raises(RuntimeError, "Unrecognized SSL/TLS Version: badinput") do
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, InvalidProtocol)
+- EM.connect("127.0.0.1", 16784, InvalidProtocol)
+- end
++ client_server %w(tlsv1 badinput), %w(tlsv1 badinput)
+ end
+ end
+
+ def test_any_to_v3
+ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+- EM.connect("127.0.0.1", 16784, ClientAny)
+- end
+-
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
++ client_server SSL_AVAIL, %w(SSLv3)
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
+ end
+
+ def test_any_to_tlsv1_2
+- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
+- EM.connect("127.0.0.1", 16784, ClientAny)
+- end
+-
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
++ client_server SSL_AVAIL, %w(TLSv1_2)
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
+ end
+
+ def test_case_insensitivity
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, ServerTLSv1CaseInsensitive)
+- EM.connect("127.0.0.1", 16784, ClientAny)
+- end
+-
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
++ lower_case = SSL_AVAIL.map { |p| p.downcase }
++ client_server %w(tlsv1), lower_case
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
+ end
+
+ def test_v3_to_any
+ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, ServerAny)
+- EM.connect("127.0.0.1", 16784, ClientSSLv3)
+- end
+-
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
++ client_server %w(SSLv3), SSL_AVAIL
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
+ end
+
+ def test_tlsv1_2_to_any
+- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, ServerAny)
+- EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
+- end
+-
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
++ client_server %w(TLSv1_2), SSL_AVAIL
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
+ end
+
+ def test_v3_to_v3
+ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+- EM.connect("127.0.0.1", 16784, ClientSSLv3)
+- end
+-
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
++ client_server %w(SSLv3), %w(SSLv3)
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
+ end
+
+ def test_tlsv1_2_to_tlsv1_2
+- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
+- EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
+- end
++ client_server %w(TLSv1_2), %w(TLSv1_2)
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
++ end
+
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
++ def test_tlsv1_3_to_tlsv1_3
++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
++ client_server %w(TLSv1_3), %w(TLSv1_3)
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
+ end
+
+ def test_any_to_any
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, ServerAny)
+- EM.connect("127.0.0.1", 16784, ClientAny)
+- end
+-
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
++ client_server SSL_AVAIL, SSL_AVAIL
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
+ end
+
+ def test_default_to_default
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run do
+- EM.start_server("127.0.0.1", 16784, ServerDefault)
+- EM.connect("127.0.0.1", 16784, ClientDefault)
+- end
+-
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
+- end
+-
+- module ServerV3StopAfterHandshake
+- def post_init
+- start_tls(:ssl_version => %w(SSLv3))
+- end
+-
+- def ssl_handshake_completed
+- $server_handshake_completed = true
+- EM.stop_event_loop
+- end
++ client_server
++ assert Client.handshake_completed?
++ assert Server.handshake_completed?
+ end
+
+- module ServerTLSv1_2StopAfterHandshake
+- def post_init
+- start_tls(:ssl_version => %w(TLSv1_2))
++ module ServerStopAfterHandshake
++ def self.ssl_vers=(val)
++ @@ssl_vers = val
+ end
+
+- def ssl_handshake_completed
+- $server_handshake_completed = true
+- EM.stop_event_loop
+- end
+- end
++ def self.handshake_completed? ; @@handshake_completed end
+
+- module ServerAnyStopAfterHandshake
+ def post_init
+- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
++ @@handshake_completed = false
++ start_tls(:ssl_version => @@ssl_vers)
+ end
+
+ def ssl_handshake_completed
+- $server_handshake_completed = true
++ @@handshake_completed = true
+ EM.stop_event_loop
+ end
+ end
+
+- def test_v3_with_external_client
+- omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+- $server_handshake_completed = false
++ def external_client(ext_min, ext_max, ext_ssl, server)
+ EM.run do
+ setup_timeout(2)
+- EM.start_server("127.0.0.1", 16784, ServerV3StopAfterHandshake)
++ ServerStopAfterHandshake.ssl_vers = server
++ EM.start_server(IP, PORT, ServerStopAfterHandshake)
+ EM.defer do
+- sock = TCPSocket.new("127.0.0.1", 16784)
++ sock = TCPSocket.new(IP, PORT)
+ ctx = OpenSSL::SSL::SSLContext.new
+- ctx.ssl_version = :SSLv3_client
++ if RUBY_SSL_GE_2_1
++ ctx.min_version = ext_min if ext_min
++ ctx.max_version = ext_max if ext_max
++ else
++ ctx.ssl_version = ext_ssl
++ end
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+ ssl.connect
+ ssl.close rescue nil
+ sock.close rescue nil
+ end
+ end
++ assert ServerStopAfterHandshake.handshake_completed?
++ end
+
+- assert($server_handshake_completed)
++ def test_v3_with_external_client
++ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
++ external_client nil, nil, :SSLv3_client, %w(SSLv3)
+ end
+
+ # Fixed Server
+ def test_tlsv1_2_with_external_client
+- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+- $server_handshake_completed = false
+- EM.run do
+- setup_timeout(2)
+- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
+- EM.defer do
+- sock = TCPSocket.new("127.0.0.1", 16784)
+- ctx = OpenSSL::SSL::SSLContext.new
+- ctx.ssl_version = :SSLv23
+- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+- ssl.connect
+- ssl.close rescue nil
+- sock.close rescue nil
+- end
+- end
++ external_client nil, nil, :SSLv23_client, %w(TLSv1_2)
++ end
+
+- assert($server_handshake_completed)
++ def test_tlsv1_3_with_external_client
++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
++ external_client nil, nil, :SSLv23_client, %w(TLSv1_3)
+ end
+
+ # Fixed Client
+ def test_any_with_external_client_tlsv1_2
+- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+- $server_handshake_completed = false
+- EM.run do
+- setup_timeout(2)
+- EM.start_server("127.0.0.1", 16784, ServerAnyStopAfterHandshake)
+- EM.defer do
+- sock = TCPSocket.new("127.0.0.1", 16784)
+- ctx = OpenSSL::SSL::SSLContext.new
+- ctx.ssl_version = :TLSv1_2
+- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+- ssl.connect
+- ssl.close rescue nil
+- sock.close rescue nil
+- end
+- end
++ external_client :TLS1_2, :TLS1_2, :TLSv1_2_client, SSL_AVAIL
++ end
+
+- assert($server_handshake_completed)
++ def test_any_with_external_client_tlsv1_3
++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
++ external_client :TLS1_3, :TLS1_3, :TLSv1_2_client, SSL_AVAIL
+ end
+
+ # Refuse a client?
+ def test_tlsv1_2_required_with_external_client
+- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+- $server_handshake_completed = false
+ EM.run do
+ n = 0
+ EM.add_periodic_timer(0.5) do
+ n += 1
+ (EM.stop rescue nil) if n == 2
+ end
+- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
++ ServerStopAfterHandshake.ssl_vers = %w(TLSv1_2)
++ EM.start_server(IP, PORT, ServerStopAfterHandshake)
+ EM.defer do
+- sock = TCPSocket.new("127.0.0.1", 16784)
++ sock = TCPSocket.new(IP, PORT)
+ ctx = OpenSSL::SSL::SSLContext.new
+- ctx.ssl_version = :TLSv1
++ if RUBY_SSL_GE_2_1
++ ctx.max_version = :TLS1_1
++ else
++ ctx.ssl_version = :TLSv1_client
++ end
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+ assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
+ ssl.close rescue nil
+@@ -323,10 +226,9 @@ def test_tlsv1_2_required_with_external_client
+ EM.stop rescue nil
+ end
+ end
+-
+- assert(!$server_handshake_completed)
++ assert !ServerStopAfterHandshake.handshake_completed?
+ end
+ end
+ else
+ warn "EM built without SSL support, skipping tests in #{__FILE__}"
+-end
++end
+\ No newline at end of file
+diff --git a/tests/test_ssl_verify.rb b/tests/test_ssl_verify.rb
+index 00ec1466..0c84e97e 100644
+--- a/tests/test_ssl_verify.rb
++++ b/tests/test_ssl_verify.rb
+@@ -1,74 +1,100 @@
+ require 'em_test_helper'
+
+ class TestSslVerify < Test::Unit::TestCase
+- def setup
+- $dir = File.dirname(File.expand_path(__FILE__)) + '/'
+- $cert_from_file = File.read($dir+'client.crt')
+- end
++
++ DIR = File.dirname(File.expand_path(__FILE__)) + '/'
++ CERT_FROM_FILE = File.read(DIR+'client.crt')
++
++ IP, PORT = "127.0.0.1", 16784
+
+ module ClientNoCert
+- def connection_completed
++ @@handshake_completed = nil
++ def self.handshake_completed? ; !!@@handshake_completed end
++
++ def post_init
++ @@handshake_completed = false
+ start_tls()
+ end
+
+ def ssl_handshake_completed
+- $client_handshake_completed = true
+- close_connection
++ @@handshake_completed = true
+ end
+
+ def unbind
+- EM.stop_event_loop
++ @@handshake_completed = false
+ end
+ end
+
+ module Client
+- def connection_completed
+- start_tls(:private_key_file => $dir+'client.key', :cert_chain_file => $dir+'client.crt')
++ @@handshake_completed = nil
++ def self.handshake_completed? ; !!@@handshake_completed end
++ def self.timer=(val) ; @@timer = val end
++
++ def post_init #G connection_completed
++ @client_closed = false
++ @@handshake_completed = nil
++ @@timer = false
++ start_tls(:private_key_file => DIR+'client.key', :cert_chain_file => DIR+'client.crt')
+ end
+
+ def ssl_handshake_completed
+- $client_handshake_completed = true
+- close_connection
++ @@handshake_completed = true
+ end
+
+ def unbind
+- EM.stop_event_loop
++ @@handshake_completed = false unless @@timer
+ end
+ end
+
+ module AcceptServer
++ @@handshake_completed = nil
++ def self.handshake_completed? ; !!@@handshake_completed end
++ def self.cert ; @@cert end
++
+ def post_init
++ @@cert = nil
++ @@handshake_completed = false
+ start_tls(:verify_peer => true)
+ end
+
+ def ssl_verify_peer(cert)
+- $cert_from_server = cert
++ @@cert = cert
+ true
+ end
+
+ def ssl_handshake_completed
+- $server_handshake_completed = true
++ @@handshake_completed = true
+ end
+ end
+
+ module DenyServer
++ @@handshake_completed = nil
++ def self.handshake_completed? ; !!@@handshake_completed end
++ def self.cert ; @@cert end
++
+ def post_init
++ @@cert = nil
++ @@handshake_completed = nil
+ start_tls(:verify_peer => true)
+ end
+
+ def ssl_verify_peer(cert)
+- $cert_from_server = cert
++ @@cert = cert
+ # Do not accept the peer. This should now cause the connection to shut down without the SSL handshake being completed.
+ false
+ end
+
+ def ssl_handshake_completed
+- $server_handshake_completed = true
++ @@handshake_completed = true
+ end
+ end
+
+ module FailServerNoPeerCert
++ @@handshake_completed = nil
++ def self.handshake_completed? ; !!@@handshake_completed end
++
+ def post_init
++ @@handshake_completed = false
+ start_tls(:verify_peer => true, :fail_if_no_peer_cert => true)
+ end
+
+@@ -77,52 +103,52 @@ def ssl_verify_peer(cert)
+ end
+
+ def ssl_handshake_completed
+- $server_handshake_completed = true
++ @@handshake_completed = true
+ end
+ end
+
++ def em_run(server, client)
++ EM.run {
++ EM.start_server IP, PORT, server
++ EM.connect IP, PORT, client
++ EM.add_timer(0.3) {
++ Client.timer = true
++ EM.stop_event_loop
++ }
++ }
++ end
++
+ def test_fail_no_peer_cert
+ omit_unless(EM.ssl?)
+ omit_if(rbx?)
+
+- $client_handshake_completed, $server_handshake_completed = false, false
++ em_run FailServerNoPeerCert, ClientNoCert
+
+- EM.run {
+- EM.start_server("127.0.0.1", 16784, FailServerNoPeerCert)
+- EM.connect("127.0.0.1", 16784, ClientNoCert)
+- }
+-
+- assert(!$client_handshake_completed)
+- assert(!$server_handshake_completed)
++ assert !ClientNoCert.handshake_completed?
++ assert !FailServerNoPeerCert.handshake_completed?
+ end
+
+ def test_accept_server
+ omit_unless(EM.ssl?)
+ omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain
+ omit_if(rbx?)
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run {
+- EM.start_server("127.0.0.1", 16784, AcceptServer)
+- EM.connect("127.0.0.1", 16784, Client).instance_variable_get("@signature")
+- }
+
+- assert_equal($cert_from_file, $cert_from_server)
+- assert($client_handshake_completed)
+- assert($server_handshake_completed)
++ em_run AcceptServer, Client
++
++ assert_equal CERT_FROM_FILE, AcceptServer.cert
++ assert Client.handshake_completed?
++ assert AcceptServer.handshake_completed?
+ end
+
+ def test_deny_server
+ omit_unless(EM.ssl?)
+ omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain
+ omit_if(rbx?)
+- $client_handshake_completed, $server_handshake_completed = false, false
+- EM.run {
+- EM.start_server("127.0.0.1", 16784, DenyServer)
+- EM.connect("127.0.0.1", 16784, Client)
+- }
+
+- assert_equal($cert_from_file, $cert_from_server)
+- assert(!$client_handshake_completed)
+- assert(!$server_handshake_completed)
++ em_run DenyServer, Client
++
++ assert_equal CERT_FROM_FILE, DenyServer.cert
++ assert !Client.handshake_completed?
++ assert !DenyServer.handshake_completed?
+ end
+ end
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-18 23:43:57 +0000