jruby-openssl 0.0.4 → 0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of jruby-openssl might be problematic. Click here for more details.

@@ -0,0 +1,88 @@
1
+ begin
2
+ require "openssl"
3
+ rescue LoadError
4
+ end
5
+ require "digest/md5"
6
+ require "test/unit"
7
+
8
+ if defined?(OpenSSL)
9
+
10
+ class OpenSSL::TestDigest < Test::Unit::TestCase
11
+ def setup
12
+ @d1 = OpenSSL::Digest::Digest::new("MD5")
13
+ @d2 = OpenSSL::Digest::MD5.new
14
+ @md = Digest::MD5.new
15
+ @data = "DATA"
16
+ end
17
+
18
+ def teardown
19
+ @d1 = @d2 = @md = nil
20
+ end
21
+
22
+ def test_digest
23
+ assert_equal(@md.digest, @d1.digest)
24
+ assert_equal(@md.hexdigest, @d1.hexdigest)
25
+ @d1 << @data
26
+ @d2 << @data
27
+ @md << @data
28
+ assert_equal(@md.digest, @d1.digest)
29
+ assert_equal(@md.hexdigest, @d1.hexdigest)
30
+ assert_equal(@d1.digest, @d2.digest)
31
+ assert_equal(@d1.hexdigest, @d2.hexdigest)
32
+ assert_equal(@md.digest, OpenSSL::Digest::MD5.digest(@data))
33
+ assert_equal(@md.hexdigest, OpenSSL::Digest::MD5.hexdigest(@data))
34
+ end
35
+
36
+ def test_eql
37
+ assert(@d1 == @d2, "==")
38
+ d = @d1.clone
39
+ assert(d == @d1, "clone")
40
+ end
41
+
42
+ def test_info
43
+ assert_equal("MD5", @d1.name, "name")
44
+ assert_equal("MD5", @d2.name, "name")
45
+ assert_equal(16, @d1.size, "size")
46
+ end
47
+
48
+ def test_dup
49
+ @d1.update(@data)
50
+ assert_equal(@d1.name, @d1.dup.name, "dup")
51
+ assert_equal(@d1.name, @d1.clone.name, "clone")
52
+ assert_equal(@d1.digest, @d1.clone.digest, "clone .digest")
53
+ end
54
+
55
+ def test_reset
56
+ @d1.update(@data)
57
+ dig1 = @d1.digest
58
+ @d1.reset
59
+ @d1.update(@data)
60
+ dig2 = @d1.digest
61
+ assert_equal(dig1, dig2, "reset")
62
+ end
63
+
64
+ if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
65
+ def encode16(str)
66
+ str.unpack("H*").first
67
+ end
68
+
69
+ def test_098_features
70
+ sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5"
71
+ sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
72
+ sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31"
73
+ sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75"
74
+
75
+ assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a"))
76
+ assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a"))
77
+ assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a"))
78
+ assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a"))
79
+
80
+ assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a")))
81
+ assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a")))
82
+ assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a")))
83
+ assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a")))
84
+ end
85
+ end
86
+ end
87
+
88
+ end
@@ -0,0 +1,34 @@
1
+ begin
2
+ require "openssl"
3
+ rescue LoadError
4
+ end
5
+ require "test/unit"
6
+
7
+ if defined?(OpenSSL)
8
+
9
+ class OpenSSL::TestHMAC < Test::Unit::TestCase
10
+ def setup
11
+ @digest = OpenSSL::Digest::MD5.new
12
+ @key = "KEY"
13
+ @data = "DATA"
14
+ @h1 = OpenSSL::HMAC.new(@key, @digest)
15
+ @h2 = OpenSSL::HMAC.new(@key, @digest)
16
+ end
17
+
18
+ def teardown
19
+ end
20
+
21
+ def test_hmac
22
+ @h1.update(@data)
23
+ assert_equal(OpenSSL::HMAC.digest(@digest, @key, @data), @h1.digest, "digest")
24
+ assert_equal(OpenSSL::HMAC.hexdigest(@digest, @key, @data), @h1.hexdigest, "hexdigest")
25
+ end
26
+
27
+ def test_dup
28
+ @h1.update(@data)
29
+ h = @h1.dup
30
+ assert_equal(@h1.digest, h.digest, "dup digest")
31
+ end
32
+ end
33
+
34
+ end
@@ -0,0 +1,69 @@
1
+ begin
2
+ require "openssl"
3
+ require File.join(File.dirname(__FILE__), "utils.rb")
4
+ rescue LoadError
5
+ end
6
+ require "test/unit"
7
+
8
+ if defined?(OpenSSL)
9
+
10
+
11
+ class OpenSSL::TestNSSPI < Test::Unit::TestCase
12
+ def setup
13
+ # This request data is adopt from the specification of
14
+ # "Netscape Extensions for User Key Generation".
15
+ # -- http://wp.netscape.com/eng/security/comm4-keygen.html
16
+ @b64 = "MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAnX0TILJrOMUue+PtwBRE6XfV"
17
+ @b64 << "WtKQbsshxk5ZhcUwcwyvcnIq9b82QhJdoACdD34rqfCAIND46fXKQUnb0mvKzQID"
18
+ @b64 << "AQABFhFNb3ppbGxhSXNNeUZyaWVuZDANBgkqhkiG9w0BAQQFAANBAAKv2Eex2n/S"
19
+ @b64 << "r/7iJNroWlSzSMtTiQTEB+ADWHGj9u1xrUrOilq/o2cuQxIfZcNZkYAkWP4DubqW"
20
+ @b64 << "i0//rgBvmco="
21
+ end
22
+
23
+ def teardown
24
+ end
25
+ def pr(obj, ind=0)
26
+ if obj.respond_to?(:value)
27
+ puts((" "*ind) + obj.class.to_s + ":")
28
+ pr(obj.value,(ind+1))
29
+ elsif obj.respond_to?(:each) && !(String===obj)
30
+ obj.each {|v| pr(v,ind+1) }
31
+ else
32
+ puts((" "*ind) + obj.inspect)
33
+ end
34
+ end
35
+
36
+ def test_build_data
37
+ key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
38
+ key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048
39
+ spki = OpenSSL::Netscape::SPKI.new
40
+ spki.challenge = "RandomString"
41
+ spki.public_key = key1.public_key
42
+ spki.sign(key1, OpenSSL::Digest::SHA1.new)
43
+ assert(spki.verify(spki.public_key))
44
+ assert(spki.verify(key1.public_key))
45
+ assert(!spki.verify(key2.public_key))
46
+
47
+ der = spki.to_der
48
+ spki = OpenSSL::Netscape::SPKI.new(der)
49
+ assert_equal("RandomString", spki.challenge)
50
+ assert_equal(key1.public_key.to_der, spki.public_key.to_der)
51
+ assert(spki.verify(spki.public_key))
52
+ end
53
+
54
+ def test_decode_data
55
+ spki = OpenSSL::Netscape::SPKI.new(@b64)
56
+ assert_equal(@b64, spki.to_pem)
57
+ assert_equal(@b64.unpack("m").first, spki.to_der)
58
+ assert_equal("MozillaIsMyFriend", spki.challenge)
59
+ assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
60
+
61
+ spki = OpenSSL::Netscape::SPKI.new(@b64.unpack("m").first)
62
+ assert_equal(@b64, spki.to_pem)
63
+ assert_equal(@b64.unpack("m").first, spki.to_der)
64
+ assert_equal("MozillaIsMyFriend", spki.challenge)
65
+ assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
66
+ end
67
+ end
68
+
69
+ end
@@ -0,0 +1,149 @@
1
+ begin
2
+ require "openssl"
3
+ rescue LoadError
4
+ end
5
+ require 'test/unit'
6
+
7
+ if defined?(OpenSSL)
8
+
9
+ require 'socket'
10
+ dir = File.expand_path(__FILE__)
11
+ 2.times {dir = File.dirname(dir)}
12
+ $:.replace([File.join(dir, "ruby")] | $:)
13
+ require 'ut_eof'
14
+
15
+ module SSLPair
16
+ def server
17
+ host = "127.0.0.1"
18
+ port = 0
19
+ ctx = OpenSSL::SSL::SSLContext.new()
20
+ ctx.ciphers = "ADH"
21
+ tcps = TCPServer.new(host, port)
22
+ ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
23
+ return ssls
24
+ end
25
+
26
+ def client(port)
27
+ host = "127.0.0.1"
28
+ ctx = OpenSSL::SSL::SSLContext.new()
29
+ ctx.ciphers = "ADH"
30
+ s = TCPSocket.new(host, port)
31
+ ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
32
+ ssl.connect
33
+ ssl.sync_close = true
34
+ ssl
35
+ end
36
+
37
+ def ssl_pair
38
+ ssls = server
39
+ tv = nil
40
+ th = Thread.new {
41
+ ns = ssls.accept
42
+ ssls.close
43
+ tv = ns
44
+ }
45
+ port = ssls.to_io.addr[1]
46
+ c = client(port)
47
+ th.join
48
+ s = tv
49
+ if block_given?
50
+ begin
51
+ yield c, s
52
+ ensure
53
+ c.close unless c.closed?
54
+ s.close unless s.closed?
55
+ end
56
+ else
57
+ return c, s
58
+ end
59
+ end
60
+ end
61
+
62
+ class OpenSSL::TestEOF1 < Test::Unit::TestCase
63
+ include TestEOF
64
+ include SSLPair
65
+
66
+ def open_file(content)
67
+ s1, s2 = ssl_pair
68
+ Thread.new {
69
+ s2 << content;
70
+ s2.close
71
+ }
72
+ yield s1
73
+ end
74
+ end
75
+
76
+ class OpenSSL::TestEOF2 < Test::Unit::TestCase
77
+ include TestEOF
78
+ include SSLPair
79
+
80
+ def open_file(content)
81
+ s1, s2 = ssl_pair
82
+ Thread.new { s1 << content; s1.close }
83
+ yield s2
84
+ end
85
+ end
86
+
87
+ class OpenSSL::TestPair < Test::Unit::TestCase
88
+ include SSLPair
89
+
90
+ def test_getc
91
+ ssl_pair {|s1, s2|
92
+ s1 << "a"
93
+ assert_equal(?a, s2.getc)
94
+ }
95
+ end
96
+
97
+ def test_readpartial
98
+ ssl_pair {|s1, s2|
99
+ s2.write "a\nbcd"
100
+ assert_equal("a\n", s1.gets)
101
+ assert_equal("bcd", s1.readpartial(10))
102
+ s2.write "efg"
103
+ assert_equal("efg", s1.readpartial(10))
104
+ s2.close
105
+ assert_raise(EOFError) { s1.readpartial(10) }
106
+ assert_raise(EOFError) { s1.readpartial(10) }
107
+ assert_equal("", s1.readpartial(0))
108
+ }
109
+ end
110
+
111
+ def test_readall
112
+ ssl_pair {|s1, s2|
113
+ s2.close
114
+ assert_equal("", s1.read)
115
+ }
116
+ end
117
+
118
+ def test_readline
119
+ ssl_pair {|s1, s2|
120
+ s2.close
121
+ assert_raise(EOFError) { s1.readline }
122
+ }
123
+ end
124
+
125
+ def test_puts_meta
126
+ ssl_pair {|s1, s2|
127
+ begin
128
+ old = $/
129
+ $/ = '*'
130
+ s1.puts 'a'
131
+ ensure
132
+ $/ = old
133
+ end
134
+ s1.close
135
+ assert_equal("a\n", s2.read)
136
+ }
137
+ end
138
+
139
+ def test_puts_empty
140
+ ssl_pair {|s1, s2|
141
+ s1.puts
142
+ s1.close
143
+ assert_equal("\n", s2.read)
144
+ }
145
+ end
146
+
147
+ end
148
+
149
+ end
@@ -0,0 +1,49 @@
1
+ begin
2
+ require "openssl"
3
+ require File.join(File.dirname(__FILE__), "utils.rb")
4
+ rescue LoadError
5
+ end
6
+ require 'test/unit'
7
+
8
+ if defined?(OpenSSL)
9
+
10
+ class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
11
+ def test_padding
12
+ key = OpenSSL::PKey::RSA.new(512, 3)
13
+
14
+ # Need right size for raw mode
15
+ plain0 = "x" * (512/8)
16
+ cipher = key.private_encrypt(plain0, OpenSSL::PKey::RSA::NO_PADDING)
17
+ plain1 = key.public_decrypt(cipher, OpenSSL::PKey::RSA::NO_PADDING)
18
+ assert_equal(plain0, plain1)
19
+
20
+ # Need smaller size for pkcs1 mode
21
+ plain0 = "x" * (512/8 - 11)
22
+ cipher1 = key.private_encrypt(plain0, OpenSSL::PKey::RSA::PKCS1_PADDING)
23
+ plain1 = key.public_decrypt(cipher1, OpenSSL::PKey::RSA::PKCS1_PADDING)
24
+ assert_equal(plain0, plain1)
25
+
26
+ cipherdef = key.private_encrypt(plain0) # PKCS1_PADDING is default
27
+ plain1 = key.public_decrypt(cipherdef)
28
+ assert_equal(plain0, plain1)
29
+ assert_equal(cipher1, cipherdef)
30
+
31
+ # Failure cases
32
+ assert_raise(ArgumentError){ key.private_encrypt() }
33
+ assert_raise(ArgumentError){ key.private_encrypt("hi", 1, nil) }
34
+ assert_raise(OpenSSL::PKey::RSAError){ key.private_encrypt(plain0, 666) }
35
+ end
36
+
37
+ def test_private
38
+ key = OpenSSL::PKey::RSA.new(512, 3)
39
+ assert(key.private?)
40
+ key2 = OpenSSL::PKey::RSA.new(key.to_der)
41
+ assert(key2.private?)
42
+ key3 = key.public_key
43
+ assert(!key3.private?)
44
+ key4 = OpenSSL::PKey::RSA.new(key3.to_der)
45
+ assert(!key4.private?)
46
+ end
47
+ end
48
+
49
+ end
@@ -0,0 +1,284 @@
1
+ begin
2
+ require "openssl"
3
+ require File.join(File.dirname(__FILE__), "utils.rb")
4
+ rescue LoadError
5
+ end
6
+ require "rbconfig"
7
+ require "socket"
8
+ require "test/unit"
9
+
10
+ if defined?(OpenSSL)
11
+
12
+ class OpenSSL::TestSSL < Test::Unit::TestCase
13
+ RUBY = ENV["RUBY"] || File.join(
14
+ ::Config::CONFIG["bindir"],
15
+ ::Config::CONFIG["ruby_install_name"] + ::Config::CONFIG["EXEEXT"]
16
+ )
17
+ SSL_SERVER = File.join(File.dirname(__FILE__), "ssl_server.rb")
18
+ PORT = 20443
19
+ ITERATIONS = ($0 == __FILE__) ? 5 : 5
20
+
21
+ def setup
22
+ @ca_key = OpenSSL::TestUtils::TEST_KEY_RSA2048
23
+ @svr_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
24
+ @cli_key = OpenSSL::TestUtils::TEST_KEY_DSA256
25
+ @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
26
+ @svr = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
27
+ @cli = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
28
+
29
+ now = Time.at(Time.now.to_i)
30
+ ca_exts = [
31
+ ["basicConstraints","CA:TRUE",true],
32
+ ["keyUsage","cRLSign,keyCertSign",true],
33
+ ]
34
+ ee_exts = [
35
+ ["keyUsage","keyEncipherment,digitalSignature",true],
36
+ ]
37
+ @ca_cert = issue_cert(@ca, @ca_key, 1, now, now+3600, ca_exts,
38
+ nil, nil, OpenSSL::Digest::SHA1.new)
39
+ @svr_cert = issue_cert(@svr, @svr_key, 2, now, now+1800, ee_exts,
40
+ @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
41
+ @cli_cert = issue_cert(@cli, @cli_key, 3, now, now+1800, ee_exts,
42
+ @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
43
+ @server = nil
44
+ end
45
+
46
+ def teardown
47
+ end
48
+
49
+ def issue_cert(*arg)
50
+ OpenSSL::TestUtils.issue_cert(*arg)
51
+ end
52
+
53
+ def issue_crl(*arg)
54
+ OpenSSL::TestUtils.issue_crl(*arg)
55
+ end
56
+
57
+ def start_server(port0, verify_mode, start_immediately, &block)
58
+ server = nil
59
+ begin
60
+ cmd = [RUBY]
61
+ cmd << "-d" if $DEBUG
62
+ cmd << SSL_SERVER << port0.to_s << verify_mode.to_s
63
+ cmd << (start_immediately ? "yes" : "no")
64
+ server = IO.popen(cmd.join(" "), "w+")
65
+ server.write(@ca_cert.to_pem)
66
+ server.write(@svr_cert.to_pem)
67
+ server.write(@svr_key.to_pem)
68
+ pid = Integer(server.gets)
69
+ if port = server.gets
70
+ if $DEBUG
71
+ $stderr.printf("%s started: pid=%d port=%d\n", SSL_SERVER, pid, port)
72
+ end
73
+ block.call(server, port.to_i)
74
+ end
75
+ ensure
76
+ if server
77
+ Process.kill(:KILL, pid)
78
+ server.close
79
+ end
80
+ end
81
+ end
82
+
83
+ def starttls(ssl)
84
+ ssl.puts("STARTTLS")
85
+
86
+ sleep 1 # When this line is eliminated, process on Cygwin blocks
87
+ # forever at ssl.connect. But I don't know why it does.
88
+
89
+ ssl.connect
90
+ end
91
+
92
+ def test_connect_and_close
93
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
94
+ sock = TCPSocket.new("127.0.0.1", p)
95
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
96
+ assert(ssl.connect)
97
+ ssl.close
98
+ assert(!sock.closed?)
99
+ sock.close
100
+
101
+ sock = TCPSocket.new("127.0.0.1", p)
102
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
103
+ ssl.sync_close = true # !!
104
+ assert(ssl.connect)
105
+ ssl.close
106
+ assert(sock.closed?)
107
+ }
108
+ end
109
+
110
+ def test_read_and_write
111
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
112
+ sock = TCPSocket.new("127.0.0.1", p)
113
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
114
+ ssl.sync_close = true
115
+ ssl.connect
116
+
117
+ # syswrite and sysread
118
+ ITERATIONS.times{|i|
119
+ str = "x" * 100 + "\n"
120
+ ssl.syswrite(str)
121
+ assert_equal(str, ssl.sysread(str.size))
122
+
123
+ str = "x" * i * 100 + "\n"
124
+ buf = ""
125
+ ssl.syswrite(str)
126
+ assert_equal(buf.object_id, ssl.sysread(str.size, buf).object_id)
127
+ assert_equal(str, buf)
128
+ }
129
+
130
+ # puts and gets
131
+ ITERATIONS.times{
132
+ str = "x" * 100 + "\n"
133
+ ssl.puts(str)
134
+ assert_equal(str, ssl.gets)
135
+ }
136
+
137
+ # read and write
138
+ ITERATIONS.times{|i|
139
+ str = "x" * 100 + "\n"
140
+ ssl.write(str)
141
+ assert_equal(str, ssl.read(str.size))
142
+
143
+ str = "x" * i * 100 + "\n"
144
+ buf = ""
145
+ ssl.write(str)
146
+ assert_equal(buf.object_id, ssl.read(str.size, buf).object_id)
147
+ assert_equal(str, buf)
148
+ }
149
+
150
+ ssl.close
151
+ }
152
+ end
153
+
154
+ def test_client_auth
155
+ vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
156
+ start_server(PORT, vflag, true){|s, p|
157
+ assert_raises(OpenSSL::SSL::SSLError){
158
+ sock = TCPSocket.new("127.0.0.1", p)
159
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
160
+ ssl.connect
161
+ }
162
+ ctx = OpenSSL::SSL::SSLContext.new
163
+ ctx.key = @cli_key
164
+ ctx.cert = @cli_cert
165
+ sock = TCPSocket.new("127.0.0.1", p)
166
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
167
+ ssl.sync_close = true
168
+ ssl.connect
169
+ ssl.puts("foo")
170
+ assert_equal("foo\n", ssl.gets)
171
+ ssl.close
172
+
173
+ called = nil
174
+ ctx = OpenSSL::SSL::SSLContext.new
175
+ ctx.client_cert_cb = Proc.new{|ssl|
176
+ called = true
177
+ [@cli_cert, @cli_key]
178
+ }
179
+ sock = TCPSocket.new("127.0.0.1", p)
180
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
181
+ ssl.sync_close = true
182
+ ssl.connect
183
+ # assert(called)
184
+ ssl.puts("foo")
185
+ assert_equal("foo\n", ssl.gets)
186
+ ssl.close
187
+ }
188
+ end
189
+
190
+ def test_starttls
191
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|s, p|
192
+ sock = TCPSocket.new("127.0.0.1", p)
193
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
194
+ ssl.sync_close = true
195
+ str = "x" * 1000 + "\n"
196
+ ITERATIONS.times{
197
+ ssl.puts(str)
198
+ assert_equal(str, ssl.gets)
199
+ }
200
+
201
+ starttls(ssl)
202
+
203
+ ITERATIONS.times{
204
+ ssl.puts(str)
205
+ assert_equal(str, ssl.gets)
206
+ }
207
+
208
+ ssl.close
209
+ }
210
+ end
211
+
212
+ def test_parallel
213
+ GC.start
214
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
215
+ ssls = []
216
+ 10.times{
217
+ sock = TCPSocket.new("127.0.0.1", p)
218
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
219
+ ssl.connect
220
+ ssl.sync_close = true
221
+ ssls << ssl
222
+ }
223
+ str = "x" * 1000 + "\n"
224
+ ITERATIONS.times{
225
+ ssls.each{|ssl|
226
+ ssl.puts(str)
227
+ assert_equal(str, ssl.gets)
228
+ }
229
+ }
230
+ ssls.each{|ssl| ssl.close }
231
+ }
232
+ end
233
+
234
+ def test_post_connection_check
235
+ sslerr = OpenSSL::SSL::SSLError
236
+
237
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
238
+ sock = TCPSocket.new("127.0.0.1", p)
239
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
240
+ ssl.connect
241
+ assert_raises(sslerr){ssl.post_connection_check("localhost.localdomain")}
242
+ assert_raises(sslerr){ssl.post_connection_check("127.0.0.1")}
243
+ assert(ssl.post_connection_check("localhost"))
244
+ assert_raises(sslerr){ssl.post_connection_check("foo.example.com")}
245
+ }
246
+
247
+ now = Time.now
248
+ exts = [
249
+ ["keyUsage","keyEncipherment,digitalSignature",true],
250
+ ["subjectAltName","DNS:localhost.localdomain",false],
251
+ ["subjectAltName","IP:127.0.0.1",false],
252
+ ]
253
+ @svr_cert = issue_cert(@svr, @svr_key, 4, now, now+1800, exts,
254
+ @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
255
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
256
+ sock = TCPSocket.new("127.0.0.1", p)
257
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
258
+ ssl.connect
259
+ assert(ssl.post_connection_check("localhost.localdomain"))
260
+ assert(ssl.post_connection_check("127.0.0.1"))
261
+ assert_raises(sslerr){ssl.post_connection_check("localhost")}
262
+ assert_raises(sslerr){ssl.post_connection_check("foo.example.com")}
263
+ }
264
+
265
+ now = Time.now
266
+ exts = [
267
+ ["keyUsage","keyEncipherment,digitalSignature",true],
268
+ ["subjectAltName","DNS:*.localdomain",false],
269
+ ]
270
+ @svr_cert = issue_cert(@svr, @svr_key, 5, now, now+1800, exts,
271
+ @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
272
+ start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
273
+ sock = TCPSocket.new("127.0.0.1", p)
274
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
275
+ ssl.connect
276
+ assert(ssl.post_connection_check("localhost.localdomain"))
277
+ assert_raises(sslerr){ssl.post_connection_check("127.0.0.1")}
278
+ assert_raises(sslerr){ssl.post_connection_check("localhost")}
279
+ assert_raises(sslerr){ssl.post_connection_check("foo.example.com")}
280
+ }
281
+ end
282
+ end
283
+
284
+ end