diff options
Diffstat (limited to 'community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch')
-rw-r--r-- | community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch | 901 |
1 files changed, 901 insertions, 0 deletions
diff --git a/community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch b/community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch new file mode 100644 index 00000000000..dc81b7ff7b1 --- /dev/null +++ b/community/ruby-eventmachine/0004-Openssl-1.1.1-updates.patch @@ -0,0 +1,901 @@ +From dd6cec8d5278e11f2a1752aa7b4a712d53b1f1d3 Mon Sep 17 00:00:00 2001 +From: MSP-Greg <greg.mpls@gmail.com> +Date: Sun, 13 Jan 2019 21:23:03 -0600 +Subject: [PATCH] Update SSL tests, 1.1.x & TLSv1_3 + +Add Ruby 2.6 to Travis osx for OpenSSL 1.1.0 + +Note that order of 'ssl_handshake_completed' callbacks in TLSv1_3 are reversed +--- + tests/test_ssl_dhparam.rb | 6 +- + tests/test_ssl_ecdh_curve.rb | 45 ++++++ + tests/test_ssl_extensions.rb | 56 +++++--- + tests/test_ssl_methods.rb | 3 + tests/test_ssl_protocols.rb | 322 +++++++++++++++++-------------------------------- + tests/test_ssl_verify.rb | 110 ++++++++++------ + 6 files changed, 263 insertions(+), 279 deletions(-) + +Patch-Source: https://src.fedoraproject.org/rpms/rubygem-eventmachine/blob/f34/f/rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch +Upstream-Issue: https://github.com/eventmachine/eventmachine/pull/867 + +diff --git a/tests/test_ssl_dhparam.rb b/tests/test_ssl_dhparam.rb +index 0a7f01da..e5165caf 100644 +--- a/tests/test_ssl_dhparam.rb ++++ b/tests/test_ssl_dhparam.rb +@@ -8,7 +8,7 @@ def setup + + module Client + def post_init +- start_tls ++ start_tls(:ssl_version => %w(TLSv1_2)) + end + + def ssl_handshake_completed +@@ -24,7 +24,7 @@ def unbind + + module Server + def post_init +- start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH") ++ start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2)) + end + + def ssl_handshake_completed +@@ -35,7 +35,7 @@ def ssl_handshake_completed + + module NoDhServer + def post_init +- start_tls(:cipher_list => "DHE,EDH") ++ start_tls(:cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2)) + end + + def ssl_handshake_completed +diff --git a/tests/test_ssl_ecdh_curve.rb b/tests/test_ssl_ecdh_curve.rb +index c4148ce9..53b8ae24 100644 +--- a/tests/test_ssl_ecdh_curve.rb ++++ b/tests/test_ssl_ecdh_curve.rb +@@ -1,6 +1,11 @@ + require 'em_test_helper' + + class TestSslEcdhCurve < Test::Unit::TestCase ++ if EM.ssl? ++ SSL_LIB_VERS = EM::OPENSSL_LIBRARY_VERSION[/OpenSSL (\d+\.\d+\.\d+)/, 1] ++ .split('.').map(&:to_i) ++ end ++ + module Client + def post_init + start_tls +@@ -17,7 +15,7 @@ def post_init + def ssl_handshake_completed + $client_handshake_completed = true + $client_cipher_name = get_cipher_name +- close_connection ++ close_connection unless /TLSv1\.3/i =~ get_cipher_protocol + end + + def unbind +@@ -27,7 +25,11 @@ def unbind + + module Server + def post_init +- start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH") ++ if (SSL_LIB_VERS <=> [1, 1]) == 1 ++ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2)) ++ else ++ start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH", :ssl_version => %w(TLSv1_2)) ++ end + end + + def ssl_handshake_completed +@@ -36,9 +38,21 @@ def ssl_handshake_completed + end + end + ++ module Server1_3 ++ def post_init ++ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_3)) ++ end ++ ++ def ssl_handshake_completed ++ $server_handshake_completed = true ++ $server_cipher_name = get_cipher_name ++ close_connection if /TLSv1\.3/i =~ get_cipher_protocol ++ end ++ end ++ + module NoCurveServer + def post_init +- start_tls(:cipher_list => "ECDH") ++ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2)) + end + + def ssl_handshake_completed +@@ -50,6 +64,7 @@ def ssl_handshake_completed + def test_no_ecdh_curve + omit_unless(EM.ssl?) + omit_if(rbx?) ++ omit("OpenSSL 1.1.x (and later) auto selects curve") if (SSL_LIB_VERS <=> [1, 1]) == 1 + + $client_handshake_completed, $server_handshake_completed = false, false + +@@ -85,5 +99,27 @@ def test_ecdh_curve + assert_match(/^(AECDH|ECDHE)/, $client_cipher_name) + end + ++ def test_ecdh_curve_tlsv1_3 ++ omit("No SSL") unless EM.ssl? ++ omit_if(EM.library_type == :pure_ruby && RUBY_VERSION < "2.3.0") ++ omit_if(rbx?) ++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3 + ++ $client_handshake_completed, $server_handshake_completed = false, false ++ $server_cipher_name, $client_cipher_name = nil, nil ++ ++ EM.run { ++ EM.start_server("127.0.0.1", 16784, Server1_3) ++ EM.connect("127.0.0.1", 16784, Client) ++ } ++ ++ assert($client_handshake_completed) ++ assert($server_handshake_completed) ++ ++ assert($client_cipher_name.length > 0) ++ assert_equal($client_cipher_name, $server_cipher_name) ++ # see https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites ++ # may depend on OpenSSL build options ++ assert_equal("TLS_AES_256_GCM_SHA384", $client_cipher_name) ++ end + end +diff --git a/tests/test_ssl_extensions.rb b/tests/test_ssl_extensions.rb +index 594feb95..93f4ef5a 100644 +--- a/tests/test_ssl_extensions.rb ++++ b/tests/test_ssl_extensions.rb +@@ -5,43 +5,57 @@ + if EM.ssl? + class TestSslExtensions < Test::Unit::TestCase + ++ IP, PORT = "127.0.0.1", 16784 ++ + module Client +- def ssl_handshake_completed +- $client_handshake_completed = true +- close_connection +- end +- +- def unbind +- EM.stop_event_loop ++ def self.ssl_vers=(val = nil) ++ @@ssl_vers = val + end + + def post_init +- start_tls(:ssl_version => :tlsv1, :sni_hostname => 'example.com') ++ start_tls(:sni_hostname => 'example.com', :ssl_version => @@ssl_vers) + end + end + + module Server +- def ssl_handshake_completed +- $server_handshake_completed = true +- $server_sni_hostname = get_sni_hostname +- end ++ @@handshake_completed = false ++ @@sni_hostname = 'Not set' ++ ++ def self.handshake_completed? ; !!@@handshake_completed end ++ def self.sni_hostname ; @@sni_hostname end + + def post_init +- start_tls(:ssl_version => :TLSv1) ++ start_tls + end +- end + +- def test_tlsext_sni_hostname +- $server_handshake_completed = false ++ def ssl_handshake_completed ++ @@handshake_completed = true ++ @@sni_hostname = get_sni_hostname ++ end ++ end + ++ def client_server(client = nil) + EM.run do +- EM.start_server("127.0.0.1", 16784, Server) +- EM.connect("127.0.0.1", 16784, Client) ++ Client.ssl_vers = client ++ EM.start_server IP, PORT, Server ++ EM.connect IP, PORT, Client ++ EM.add_timer(0.3) { EM.stop_event_loop } + end +- +- assert($server_handshake_completed) +- assert_equal('example.com', $server_sni_hostname) + end ++ ++ def test_tlsext_sni_hostname_1_2 ++ client_server %w(TLSv1_2) ++ assert Server.handshake_completed? ++ assert_equal 'example.com', Server.sni_hostname ++ end ++ ++ def test_tlsext_sni_hostname_1_3 ++ omit("TLSv1_3 is unavailable") unless SSL_AVAIL.include? "tlsv1_3" ++ client_server %w(TLSv1_3) ++ assert Server.handshake_completed? ++ assert_equal 'example.com', Server.sni_hostname ++ end ++ + end + else + warn "EM built without SSL support, skipping tests in #{__FILE__}" +diff --git a/tests/test_ssl_methods.rb b/tests/test_ssl_methods.rb +index 3c45ee5d..022844fd 100644 +--- a/tests/test_ssl_methods.rb ++++ b/tests/test_ssl_methods.rb +@@ -13,6 +13,7 @@ def ssl_handshake_completed + $server_cipher_bits = get_cipher_bits + $server_cipher_name = get_cipher_name + $server_cipher_protocol = get_cipher_protocol ++ EM.stop_event_loop if /TLSv1\.3/ =~ get_cipher_protocol + end + end + +@@ -27,7 +28,7 @@ def ssl_handshake_completed + $client_cipher_bits = get_cipher_bits + $client_cipher_name = get_cipher_name + $client_cipher_protocol = get_cipher_protocol +- EM.stop_event_loop ++ EM.stop_event_loop if /TLSv1\.3/ !~ get_cipher_protocol + end + end + +diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb +index 96c57c23..6b10eb6b 100644 +--- a/tests/test_ssl_protocols.rb ++++ b/tests/test_ssl_protocols.rb +@@ -3,319 +1,224 @@ + require 'openssl' + + if EM.ssl? ++ + class TestSslProtocols < Test::Unit::TestCase + ++ IP, PORT = "127.0.0.1", 16784 ++ RUBY_SSL_GE_2_1 = OpenSSL::VERSION >= '2.1' ++ + module Client +- def ssl_handshake_completed +- $client_handshake_completed = true +- close_connection +- end ++ @@handshake_completed = false + +- def unbind +- EM.stop_event_loop ++ def self.ssl_vers=(val = nil) ++ @@ssl_vers = val + end +- end + +- module Server +- def ssl_handshake_completed +- $server_handshake_completed = true ++ def self.handshake_completed? ++ @@handshake_completed + end +- end + +- module ClientAny +- include Client + def post_init +- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL) ++ @@handshake_completed = false ++ if @@ssl_vers ++ start_tls(:ssl_version => @@ssl_vers) ++ else ++ start_tls ++ end + end +- end + +- module ClientDefault +- include Client +- def post_init +- start_tls +- end +- end +- +- module ClientSSLv3 +- include Client +- def post_init +- start_tls(:ssl_version => %w(SSLv3)) ++ def ssl_handshake_completed ++ @@handshake_completed = true + end + end + +- module ServerSSLv3 +- include Server +- def post_init +- start_tls(:ssl_version => %w(SSLv3)) +- end +- end ++ module Server ++ @@handshake_completed = false + +- module ClientTLSv1_2 +- include Client +- def post_init +- start_tls(:ssl_version => %w(TLSv1_2)) ++ def self.ssl_vers=(val = nil) ++ @@ssl_vers = val + end +- end + +- module ServerTLSv1_2 +- include Server +- def post_init +- start_tls(:ssl_version => %w(TLSv1_2)) +- end +- end ++ def self.handshake_completed? ; @@handshake_completed end + +- module ServerTLSv1CaseInsensitive +- include Server + def post_init +- start_tls(:ssl_version => %w(tlsv1)) +- end +- end +- +- module ServerAny +- include Server +- def post_init +- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL) ++ @@handshake_completed = false ++ if @@ssl_vers ++ start_tls(:ssl_version => @@ssl_vers) ++ else ++ start_tls ++ end + end +- end + +- module ServerDefault +- include Server +- def post_init +- start_tls ++ def ssl_handshake_completed ++ @@handshake_completed = true + end + end + +- module InvalidProtocol +- include Client +- def post_init +- start_tls(:ssl_version => %w(tlsv1 badinput)) ++ def client_server(client = nil, server = nil) ++ EM.run do ++ Client.ssl_vers, Server.ssl_vers = client, server ++ EM.start_server IP, PORT, Server ++ EM.connect IP, PORT, Client ++ EM.add_timer(0.3) { EM.stop_event_loop } + end + end + + def test_invalid_ssl_version + assert_raises(RuntimeError, "Unrecognized SSL/TLS Version: badinput") do +- EM.run do +- EM.start_server("127.0.0.1", 16784, InvalidProtocol) +- EM.connect("127.0.0.1", 16784, InvalidProtocol) +- end ++ client_server %w(tlsv1 badinput), %w(tlsv1 badinput) + end + end + + def test_any_to_v3 + omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerSSLv3) +- EM.connect("127.0.0.1", 16784, ClientAny) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server SSL_AVAIL, %w(SSLv3) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_any_to_tlsv1_2 +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2) +- EM.connect("127.0.0.1", 16784, ClientAny) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server SSL_AVAIL, %w(TLSv1_2) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_case_insensitivity +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerTLSv1CaseInsensitive) +- EM.connect("127.0.0.1", 16784, ClientAny) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ lower_case = SSL_AVAIL.map { |p| p.downcase } ++ client_server %w(tlsv1), lower_case ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_v3_to_any + omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerAny) +- EM.connect("127.0.0.1", 16784, ClientSSLv3) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server %w(SSLv3), SSL_AVAIL ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_tlsv1_2_to_any +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerAny) +- EM.connect("127.0.0.1", 16784, ClientTLSv1_2) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server %w(TLSv1_2), SSL_AVAIL ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_v3_to_v3 + omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerSSLv3) +- EM.connect("127.0.0.1", 16784, ClientSSLv3) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server %w(SSLv3), %w(SSLv3) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_tlsv1_2_to_tlsv1_2 +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2) +- EM.connect("127.0.0.1", 16784, ClientTLSv1_2) +- end ++ client_server %w(TLSv1_2), %w(TLSv1_2) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? ++ end + +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ def test_tlsv1_3_to_tlsv1_3 ++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3 ++ client_server %w(TLSv1_3), %w(TLSv1_3) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_any_to_any +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerAny) +- EM.connect("127.0.0.1", 16784, ClientAny) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server SSL_AVAIL, SSL_AVAIL ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_default_to_default +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerDefault) +- EM.connect("127.0.0.1", 16784, ClientDefault) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) +- end +- +- module ServerV3StopAfterHandshake +- def post_init +- start_tls(:ssl_version => %w(SSLv3)) +- end +- +- def ssl_handshake_completed +- $server_handshake_completed = true +- EM.stop_event_loop +- end ++ client_server ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + +- module ServerTLSv1_2StopAfterHandshake +- def post_init +- start_tls(:ssl_version => %w(TLSv1_2)) ++ module ServerStopAfterHandshake ++ def self.ssl_vers=(val) ++ @@ssl_vers = val + end + +- def ssl_handshake_completed +- $server_handshake_completed = true +- EM.stop_event_loop +- end +- end ++ def self.handshake_completed? ; @@handshake_completed end + +- module ServerAnyStopAfterHandshake + def post_init +- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL) ++ @@handshake_completed = false ++ start_tls(:ssl_version => @@ssl_vers) + end + + def ssl_handshake_completed +- $server_handshake_completed = true ++ @@handshake_completed = true + EM.stop_event_loop + end + end + +- def test_v3_with_external_client +- omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 +- $server_handshake_completed = false ++ def external_client(ext_min, ext_max, ext_ssl, server) + EM.run do + setup_timeout(2) +- EM.start_server("127.0.0.1", 16784, ServerV3StopAfterHandshake) ++ ServerStopAfterHandshake.ssl_vers = server ++ EM.start_server(IP, PORT, ServerStopAfterHandshake) + EM.defer do +- sock = TCPSocket.new("127.0.0.1", 16784) ++ sock = TCPSocket.new(IP, PORT) + ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :SSLv3_client ++ if RUBY_SSL_GE_2_1 ++ ctx.min_version = ext_min if ext_min ++ ctx.max_version = ext_max if ext_max ++ else ++ ctx.ssl_version = ext_ssl ++ end + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.connect + ssl.close rescue nil + sock.close rescue nil + end + end ++ assert ServerStopAfterHandshake.handshake_completed? ++ end + +- assert($server_handshake_completed) ++ def test_v3_with_external_client ++ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 ++ external_client nil, nil, :SSLv3_client, %w(SSLv3) + end + + # Fixed Server + def test_tlsv1_2_with_external_client +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $server_handshake_completed = false +- EM.run do +- setup_timeout(2) +- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake) +- EM.defer do +- sock = TCPSocket.new("127.0.0.1", 16784) +- ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :SSLv23 +- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) +- ssl.connect +- ssl.close rescue nil +- sock.close rescue nil +- end +- end ++ external_client nil, nil, :SSLv23_client, %w(TLSv1_2) ++ end + +- assert($server_handshake_completed) ++ def test_tlsv1_3_with_external_client ++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3 ++ external_client nil, nil, :SSLv23_client, %w(TLSv1_3) + end + + # Fixed Client + def test_any_with_external_client_tlsv1_2 +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $server_handshake_completed = false +- EM.run do +- setup_timeout(2) +- EM.start_server("127.0.0.1", 16784, ServerAnyStopAfterHandshake) +- EM.defer do +- sock = TCPSocket.new("127.0.0.1", 16784) +- ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :TLSv1_2 +- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) +- ssl.connect +- ssl.close rescue nil +- sock.close rescue nil +- end +- end ++ external_client :TLS1_2, :TLS1_2, :TLSv1_2_client, SSL_AVAIL ++ end + +- assert($server_handshake_completed) ++ def test_any_with_external_client_tlsv1_3 ++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3 ++ external_client :TLS1_3, :TLS1_3, :TLSv1_2_client, SSL_AVAIL + end + + # Refuse a client? + def test_tlsv1_2_required_with_external_client +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $server_handshake_completed = false + EM.run do + n = 0 + EM.add_periodic_timer(0.5) do + n += 1 + (EM.stop rescue nil) if n == 2 + end +- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake) ++ ServerStopAfterHandshake.ssl_vers = %w(TLSv1_2) ++ EM.start_server(IP, PORT, ServerStopAfterHandshake) + EM.defer do +- sock = TCPSocket.new("127.0.0.1", 16784) ++ sock = TCPSocket.new(IP, PORT) + ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :TLSv1 ++ if RUBY_SSL_GE_2_1 ++ ctx.max_version = :TLS1_1 ++ else ++ ctx.ssl_version = :TLSv1_client ++ end + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + assert_raise(OpenSSL::SSL::SSLError) { ssl.connect } + ssl.close rescue nil +@@ -323,10 +226,9 @@ def test_tlsv1_2_required_with_external_client + EM.stop rescue nil + end + end +- +- assert(!$server_handshake_completed) ++ assert !ServerStopAfterHandshake.handshake_completed? + end + end + else + warn "EM built without SSL support, skipping tests in #{__FILE__}" +-end ++end +\ No newline at end of file +diff --git a/tests/test_ssl_verify.rb b/tests/test_ssl_verify.rb +index 00ec1466..0c84e97e 100644 +--- a/tests/test_ssl_verify.rb ++++ b/tests/test_ssl_verify.rb +@@ -1,74 +1,100 @@ + require 'em_test_helper' + + class TestSslVerify < Test::Unit::TestCase +- def setup +- $dir = File.dirname(File.expand_path(__FILE__)) + '/' +- $cert_from_file = File.read($dir+'client.crt') +- end ++ ++ DIR = File.dirname(File.expand_path(__FILE__)) + '/' ++ CERT_FROM_FILE = File.read(DIR+'client.crt') ++ ++ IP, PORT = "127.0.0.1", 16784 + + module ClientNoCert +- def connection_completed ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ ++ def post_init ++ @@handshake_completed = false + start_tls() + end + + def ssl_handshake_completed +- $client_handshake_completed = true +- close_connection ++ @@handshake_completed = true + end + + def unbind +- EM.stop_event_loop ++ @@handshake_completed = false + end + end + + module Client +- def connection_completed +- start_tls(:private_key_file => $dir+'client.key', :cert_chain_file => $dir+'client.crt') ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ def self.timer=(val) ; @@timer = val end ++ ++ def post_init #G connection_completed ++ @client_closed = false ++ @@handshake_completed = nil ++ @@timer = false ++ start_tls(:private_key_file => DIR+'client.key', :cert_chain_file => DIR+'client.crt') + end + + def ssl_handshake_completed +- $client_handshake_completed = true +- close_connection ++ @@handshake_completed = true + end + + def unbind +- EM.stop_event_loop ++ @@handshake_completed = false unless @@timer + end + end + + module AcceptServer ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ def self.cert ; @@cert end ++ + def post_init ++ @@cert = nil ++ @@handshake_completed = false + start_tls(:verify_peer => true) + end + + def ssl_verify_peer(cert) +- $cert_from_server = cert ++ @@cert = cert + true + end + + def ssl_handshake_completed +- $server_handshake_completed = true ++ @@handshake_completed = true + end + end + + module DenyServer ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ def self.cert ; @@cert end ++ + def post_init ++ @@cert = nil ++ @@handshake_completed = nil + start_tls(:verify_peer => true) + end + + def ssl_verify_peer(cert) +- $cert_from_server = cert ++ @@cert = cert + # Do not accept the peer. This should now cause the connection to shut down without the SSL handshake being completed. + false + end + + def ssl_handshake_completed +- $server_handshake_completed = true ++ @@handshake_completed = true + end + end + + module FailServerNoPeerCert ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ + def post_init ++ @@handshake_completed = false + start_tls(:verify_peer => true, :fail_if_no_peer_cert => true) + end + +@@ -77,52 +103,52 @@ def ssl_verify_peer(cert) + end + + def ssl_handshake_completed +- $server_handshake_completed = true ++ @@handshake_completed = true + end + end + ++ def em_run(server, client) ++ EM.run { ++ EM.start_server IP, PORT, server ++ EM.connect IP, PORT, client ++ EM.add_timer(0.3) { ++ Client.timer = true ++ EM.stop_event_loop ++ } ++ } ++ end ++ + def test_fail_no_peer_cert + omit_unless(EM.ssl?) + omit_if(rbx?) + +- $client_handshake_completed, $server_handshake_completed = false, false ++ em_run FailServerNoPeerCert, ClientNoCert + +- EM.run { +- EM.start_server("127.0.0.1", 16784, FailServerNoPeerCert) +- EM.connect("127.0.0.1", 16784, ClientNoCert) +- } +- +- assert(!$client_handshake_completed) +- assert(!$server_handshake_completed) ++ assert !ClientNoCert.handshake_completed? ++ assert !FailServerNoPeerCert.handshake_completed? + end + + def test_accept_server + omit_unless(EM.ssl?) + omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain + omit_if(rbx?) +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run { +- EM.start_server("127.0.0.1", 16784, AcceptServer) +- EM.connect("127.0.0.1", 16784, Client).instance_variable_get("@signature") +- } + +- assert_equal($cert_from_file, $cert_from_server) +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ em_run AcceptServer, Client ++ ++ assert_equal CERT_FROM_FILE, AcceptServer.cert ++ assert Client.handshake_completed? ++ assert AcceptServer.handshake_completed? + end + + def test_deny_server + omit_unless(EM.ssl?) + omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain + omit_if(rbx?) +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run { +- EM.start_server("127.0.0.1", 16784, DenyServer) +- EM.connect("127.0.0.1", 16784, Client) +- } + +- assert_equal($cert_from_file, $cert_from_server) +- assert(!$client_handshake_completed) +- assert(!$server_handshake_completed) ++ em_run DenyServer, Client ++ ++ assert_equal CERT_FROM_FILE, DenyServer.cert ++ assert !Client.handshake_completed? ++ assert !DenyServer.handshake_completed? + end + end |