RubyGems - jruby-openssl - Versions diffs - 0.5.1 → 0.5.2 - Mend

jruby-openssl 0.5.1 → 0.5.2

Potentially problematic release.

This version of jruby-openssl might be problematic. Click here for more details.

Files changed (5) hide show

data/History.txt CHANGED

@@ -1,3 +1,12 @@
+== 0.5.2
+* Multiple bugs fixed:
+** JRUBY-3895	Could not verify server signature with net-ssh against Cygwin
+** JRUBY-3864	jruby-openssl depends on Base64Coder from JvYAMLb
+** JRUBY-3790	JRuby-OpenSSL test_post_connection_check is not passing
+** JRUBY-3767	OpenSSL ssl implementation doesn't support client auth
+** JRUBY-3673	jRuby-OpenSSL does not properly load certificate authority file
 == 0.5.1
 * Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1 to be 100%

data/lib/jopenssl.jar CHANGED

Binary file

data/lib/jopenssl/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Jopenssl
   module Version
-    VERSION = "0.5.1"
+    VERSION = "0.5.2"
   end
 end

data/test/openssl/test_ssl.rb CHANGED

@@ -6,7 +6,7 @@ end
 require "rbconfig"
 require "socket"
 require "test/unit"
-require "jruby"
+require 'tempfile'
 if defined?(OpenSSL)
@@ -18,7 +18,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
   SSL_SERVER = File.join(File.dirname(__FILE__), "ssl_server.rb")
   PORT = 20443
   ITERATIONS = ($0 == __FILE__) ? 5 : 5
   # Disable in-proc process launching and either run jruby with specified args
   # or yield args to a given block
   def jruby_oop(*args)
@@ -69,37 +69,70 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
     OpenSSL::TestUtils.issue_crl(*arg)
   end
-  def start_server(port0, verify_mode, start_immediately, &block)
-    server = nil
-    jruby_oop {
+  def choose_port(port)
+    tcps = nil
+    100.times{|i|
+    begin
+      tcps = TCPServer.new("127.0.0.1", port+i)
+      port = port + i
+      break
+    rescue Errno::EADDRINUSE
+      next
+    end
+    }
+    return tcps, port
+  end
+  def start_server(port0, verify_mode, start_immediately, ctx = nil, &block)
+    tcps, port = choose_port(port0)
+    t = Thread.start {
       begin
-        cmd = [RUBY]
-        cmd << "-Ilib"
-        cmd << "-d" if $DEBUG
-        cmd << SSL_SERVER << port0.to_s << verify_mode.to_s
-        cmd << (start_immediately ? "yes" : "no")
-        server = IO.popen(cmd.join(" "), "w+")
-        server.write(@ca_cert.to_pem)
-        server.write(@svr_cert.to_pem)
-        server.write(@svr_key.to_pem)
-        $stderr.puts "sent certs to server" if $DEBUG
-        str = server.gets
-        $stderr.puts "got pid from server: #{str}" if $DEBUG
-        pid = Integer(str)
-        if port = server.gets
+      if ctx.nil?
+        store = OpenSSL::X509::Store.new
+        store.add_cert(@ca_cert)
+        store.purpose = OpenSSL::X509::PURPOSE_ANY
+        ctx = OpenSSL::SSL::SSLContext.new
+        ctx.cert_store = store
+        #ctx.extra_chain_cert = [ ca_cert ]
+        ctx.cert = @svr_cert
+        ctx.key = @svr_key
+        ctx.verify_mode = verify_mode
+      end
+      Socket.do_not_reverse_lookup = true
+      ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
+      ssls.start_immediately = start_immediately
+      loop do
+        begin
+          ssl = ssls.accept
+          Thread.start{
+            q = Queue.new
+            th = Thread.start{ ssl.write(q.shift) while true }
+            while line = ssl.gets
+              if line =~ /^STARTTLS$/
+                ssl.accept
+                next
+              end
+              q.push(line)
+            end
+            th.kill if q.empty?
+            ssl.close
+          }
+        rescue
           if $DEBUG
-            $stderr.printf("%s started: pid=%d port=%d\n", SSL_SERVER, pid, port)
+            puts $!
+            puts $!.backtrace.join("\n")
           end
-          block.call(server, port.to_i)
-        end
-      ensure
-        if server
-          $stderr.puts "killing: #{pid}" if $DEBUG
-          Process.kill(:KILL, pid)
-          server.close
         end
       end
+      rescue
+        puts $!
+        puts $!.backtrace.join("\n")
+      end
     }
+    sleep 1
+    block.call(nil, port.to_i)
   end
   def starttls(ssl)
@@ -173,42 +206,113 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
     }
   end
-  # Temporarily disabled...see JRUBY-1888
-#  def test_client_auth
-#    vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
-#    start_server(PORT, vflag, true){|s, p|
-#      assert_raises(OpenSSL::SSL::SSLError){
-#        sock = TCPSocket.new("127.0.0.1", p)
-#        ssl = OpenSSL::SSL::SSLSocket.new(sock)
-#        ssl.connect
-#      }
-#      ctx = OpenSSL::SSL::SSLContext.new
-#      ctx.key = @cli_key
-#      ctx.cert = @cli_cert
-#      sock = TCPSocket.new("127.0.0.1", p)
-#      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-#      ssl.sync_close = true
-#      ssl.connect
-#      ssl.puts("foo")
-#      assert_equal("foo\n", ssl.gets)
-#      ssl.close
-#
-#      called = nil
-#      ctx = OpenSSL::SSL::SSLContext.new
-#      ctx.client_cert_cb = Proc.new{|ssl|
-#        called = true
-#        [@cli_cert, @cli_key]
-#      }
-#      sock = TCPSocket.new("127.0.0.1", p)
-#      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-#      ssl.sync_close = true
-#      ssl.connect
-##      assert(called)
-#      ssl.puts("foo")
-#      assert_equal("foo\n", ssl.gets)
-#      ssl.close
-#    }
-#  end
+  def test_client_auth
+    vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+    start_server(PORT, vflag, true){|s, p|
+      assert_raises(OpenSSL::SSL::SSLError){
+        sock = TCPSocket.new("127.0.0.1", p)
+        ssl = OpenSSL::SSL::SSLSocket.new(sock)
+        ssl.connect
+      }
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.key = @cli_key
+      ctx.cert = @cli_cert
+      sock = TCPSocket.new("127.0.0.1", p)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      ssl.sync_close = true
+      ssl.connect
+      ssl.puts("foo")
+      assert_equal("foo\n", ssl.gets)
+      ssl.close
+      called = nil
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.client_cert_cb = Proc.new{|ssl2|
+        called = true
+        [@cli_cert, @cli_key]
+      }
+      sock = TCPSocket.new("127.0.0.1", p)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      ssl.sync_close = true
+      ssl.connect
+      assert(called)
+      ssl.puts("foo")
+      assert_equal("foo\n", ssl.gets)
+      ssl.close
+    }
+  end
+  def test_client_auth_with_server_store
+    vflag = OpenSSL::SSL::VERIFY_PEER
+    localcacert_file = Tempfile.open("cafile")
+    localcacert_file << @ca_cert.to_pem
+    localcacert_file.close
+    localcacert_path = localcacert_file.path
+    ssl_store = OpenSSL::X509::Store.new
+    ssl_store.purpose = OpenSSL::X509::PURPOSE_ANY
+    ssl_store.add_file(localcacert_path)
+    server_ctx = OpenSSL::SSL::SSLContext.new
+    server_ctx.cert = @svr_cert
+    server_ctx.key = @svr_key
+    server_ctx.verify_mode = vflag
+    server_ctx.cert_store = ssl_store
+    start_server(PORT, vflag, true, server_ctx){|s, p|
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.cert = @cli_cert
+      ctx.key = @cli_key
+      sock = TCPSocket.new("127.0.0.1", p)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      ssl.sync_close = true
+      ssl.connect
+      ssl.puts("foo")
+      assert_equal("foo\n", ssl.gets)
+      ssl.close
+      localcacert_file.unlink
+    }
+  end
+  def test_client_crl_with_server_store
+    vflag = OpenSSL::SSL::VERIFY_PEER
+    localcacert_file = Tempfile.open("cafile")
+    localcacert_file << @ca_cert.to_pem
+    localcacert_file.close
+    localcacert_path = localcacert_file.path
+    ssl_store = OpenSSL::X509::Store.new
+    ssl_store.purpose = OpenSSL::X509::PURPOSE_ANY
+    ssl_store.add_file(localcacert_path)
+    ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK
+    crl = issue_crl([], 1, Time.now, Time.now+1600, [],
+                    @cli_cert, @ca_key, OpenSSL::Digest::SHA1.new)
+    ssl_store.add_crl(OpenSSL::X509::CRL.new(crl.to_pem))
+    server_ctx = OpenSSL::SSL::SSLContext.new
+    server_ctx.cert = @svr_cert
+    server_ctx.key = @svr_key
+    server_ctx.verify_mode = vflag
+    server_ctx.cert_store = ssl_store
+    start_server(PORT, vflag, true, server_ctx){|s, p|
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.cert = @cli_cert
+      ctx.key = @cli_key
+      assert_raises(OpenSSL::SSL::SSLError){
+        sock = TCPSocket.new("127.0.0.1", p)
+        ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+        ssl.sync_close = true
+        ssl.connect
+        ssl.close
+      }
+      localcacert_file.unlink
+    }
+  end
   def test_starttls
     start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|s, p|

metadata CHANGED

@@ -1,122 +1,122 @@
 --- !ruby/object:Gem::Specification
-extensions: []
+name: jruby-openssl
+version: !ruby/object:Gem::Version
+  version: 0.5.2
+platform: ruby
+authors:
+  - Ola Bini and JRuby contributors
+autorequire:
+bindir: bin
+cert_chain: []
-homepage: http://jruby-extras.rubyforge.org/jruby-openssl
+date: 2009-08-20 00:00:00 -05:00
+default_executable:
+dependencies: []
+description: = JRuby-OpenSSL
+email: ola.bini@gmail.com
 executables: []
-version: !ruby/object:Gem::Version
-  version: 0.5.1
-post_install_message:
-date: 2009-06-15 05:00:00 +00:00
-files:
-- History.txt
-- README.txt
-- License.txt
-- lib/jopenssl.jar
-- lib/bcmail-jdk14-139.jar
-- lib/bcprov-jdk14-139.jar
-- lib/openssl.rb
-- lib/jopenssl/version.rb
-- lib/openssl/bn.rb
-- lib/openssl/buffering.rb
-- lib/openssl/cipher.rb
-- lib/openssl/digest.rb
-- lib/openssl/dummy.rb
-- lib/openssl/dummyssl.rb
-- lib/openssl/ssl.rb
-- lib/openssl/x509.rb
-- test/pkcs7_mime_enveloped.message
-- test/pkcs7_mime_signed.message
-- test/pkcs7_multipart_signed.message
-- test/test_cipher.rb
-- test/test_integration.rb
-- test/test_java.rb
-- test/test_java_attribute.rb
-- test/test_java_bio.rb
-- test/test_java_mime.rb
-- test/test_java_pkcs7.rb
-- test/test_java_smime.rb
-- test/test_openssl.rb
-- test/test_openssl_x509.rb
-- test/test_pkey.rb
-- test/ut_eof.rb
-- test/fixture/cacert.pem
-- test/fixture/cert_localhost.pem
-- test/fixture/localhost_keypair.pem
-- test/openssl/ssl_server.rb
-- test/openssl/test_asn1.rb
-- test/openssl/test_cipher.rb
-- test/openssl/test_digest.rb
-- test/openssl/test_hmac.rb
-- test/openssl/test_ns_spki.rb
-- test/openssl/test_pair.rb
-- test/openssl/test_pkcs7.rb
-- test/openssl/test_pkey_rsa.rb
-- test/openssl/test_ssl.rb
-- test/openssl/test_x509cert.rb
-- test/openssl/test_x509crl.rb
-- test/openssl/test_x509ext.rb
-- test/openssl/test_x509name.rb
-- test/openssl/test_x509req.rb
-- test/openssl/test_x509store.rb
-- test/openssl/utils.rb
-- test/ref/a.out
-- test/ref/compile.rb
-- test/ref/pkcs1
-- test/ref/pkcs1.c
-rubygems_version: 1.3.3
-rdoc_options:
-- --main
-- README.txt
-signing_key:
-cert_chain: []
+extensions: []
-name: jruby-openssl
+extra_rdoc_files:
+  - History.txt
+  - README.txt
+  - License.txt
+files:
+  - History.txt
+  - README.txt
+  - License.txt
+  - lib/jopenssl.jar
+  - lib/bcmail-jdk14-139.jar
+  - lib/bcprov-jdk14-139.jar
+  - lib/openssl.rb
+  - lib/jopenssl/version.rb
+  - lib/openssl/bn.rb
+  - lib/openssl/buffering.rb
+  - lib/openssl/cipher.rb
+  - lib/openssl/digest.rb
+  - lib/openssl/dummy.rb
+  - lib/openssl/dummyssl.rb
+  - lib/openssl/ssl.rb
+  - lib/openssl/x509.rb
+  - test/pkcs7_mime_enveloped.message
+  - test/pkcs7_mime_signed.message
+  - test/pkcs7_multipart_signed.message
+  - test/test_cipher.rb
+  - test/test_integration.rb
+  - test/test_java.rb
+  - test/test_java_attribute.rb
+  - test/test_java_bio.rb
+  - test/test_java_mime.rb
+  - test/test_java_pkcs7.rb
+  - test/test_java_smime.rb
+  - test/test_openssl.rb
+  - test/test_openssl_x509.rb
+  - test/test_pkey.rb
+  - test/ut_eof.rb
+  - test/fixture/cacert.pem
+  - test/fixture/cert_localhost.pem
+  - test/fixture/localhost_keypair.pem
+  - test/openssl/ssl_server.rb
+  - test/openssl/test_asn1.rb
+  - test/openssl/test_cipher.rb
+  - test/openssl/test_digest.rb
+  - test/openssl/test_hmac.rb
+  - test/openssl/test_ns_spki.rb
+  - test/openssl/test_pair.rb
+  - test/openssl/test_pkcs7.rb
+  - test/openssl/test_pkey_rsa.rb
+  - test/openssl/test_ssl.rb
+  - test/openssl/test_x509cert.rb
+  - test/openssl/test_x509crl.rb
+  - test/openssl/test_x509ext.rb
+  - test/openssl/test_x509name.rb
+  - test/openssl/test_x509req.rb
+  - test/openssl/test_x509store.rb
+  - test/openssl/utils.rb
+  - test/ref/a.out
+  - test/ref/compile.rb
+  - test/ref/pkcs1
+  - test/ref/pkcs1.c
 has_rdoc: true
-platform: ruby
-summary: OpenSSL add-on for JRuby
-default_executable:
-bindir: bin
+homepage: http://jruby-extras.rubyforge.org/jruby-openssl
 licenses: []
-required_rubygems_version: !ruby/object:Gem::Requirement
-  version:
-  requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
-      version: "0"
+post_install_message:
+rdoc_options:
+  - --main
+  - README.txt
+require_paths:
+  - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: "0"
   version:
+required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
-      version: "0"
-require_paths:
-- lib
-specification_version: 3
-test_files:
-- test/test_cipher.rb
-- test/test_integration.rb
-- test/test_java.rb
-- test/test_java_attribute.rb
-- test/test_java_bio.rb
-- test/test_java_mime.rb
-- test/test_java_pkcs7.rb
-- test/test_java_smime.rb
-- test/test_openssl.rb
-- test/test_openssl_x509.rb
-- test/test_pkey.rb
-dependencies: []
-description: = JRuby-OpenSSL
-email: ola.bini@gmail.com
-authors:
-- Ola Bini and JRuby contributors
-extra_rdoc_files:
-- History.txt
-- README.txt
-- License.txt
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: "0"
+  version:
 requirements: []
 rubyforge_project: jruby-extras
-autorequire:
+rubygems_version: 1.3.3
+signing_key:
+specification_version: 3
+summary: OpenSSL add-on for JRuby
+test_files:
+  - test/test_cipher.rb
+  - test/test_integration.rb
+  - test/test_java.rb
+  - test/test_java_attribute.rb
+  - test/test_java_bio.rb
+  - test/test_java_mime.rb
+  - test/test_java_pkcs7.rb
+  - test/test_java_smime.rb
+  - test/test_openssl.rb
+  - test/test_openssl_x509.rb
+  - test/test_pkey.rb