jruby-openssl 0.5.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of jruby-openssl might be problematic. Click here for more details.

Files changed (5) hide show
  1. data/History.txt +9 -0
  2. data/lib/jopenssl.jar +0 -0
  3. data/lib/jopenssl/version.rb +1 -1
  4. data/test/openssl/test_ssl.rb +167 -63
  5. metadata +108 -108
data/History.txt CHANGED
@@ -1,3 +1,12 @@
1
+ == 0.5.2
2
+
3
+ * Multiple bugs fixed:
4
+ ** JRUBY-3895 Could not verify server signature with net-ssh against Cygwin
5
+ ** JRUBY-3864 jruby-openssl depends on Base64Coder from JvYAMLb
6
+ ** JRUBY-3790 JRuby-OpenSSL test_post_connection_check is not passing
7
+ ** JRUBY-3767 OpenSSL ssl implementation doesn't support client auth
8
+ ** JRUBY-3673 jRuby-OpenSSL does not properly load certificate authority file
9
+
1
10
  == 0.5.1
2
11
 
3
12
  * Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1 to be 100%
data/lib/jopenssl.jar CHANGED
Binary file
data/lib/jopenssl/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Jopenssl
2
2
  module Version
3
- VERSION = "0.5.1"
3
+ VERSION = "0.5.2"
4
4
  end
5
5
  end
data/test/openssl/test_ssl.rb CHANGED
@@ -6,7 +6,7 @@ end
6
6
  require "rbconfig"
7
7
  require "socket"
8
8
  require "test/unit"
9
- require "jruby"
9
+ require 'tempfile'
10
10
 
11
11
  if defined?(OpenSSL)
12
12
 
@@ -18,7 +18,7 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
18
18
  SSL_SERVER = File.join(File.dirname(__FILE__), "ssl_server.rb")
19
19
  PORT = 20443
20
20
  ITERATIONS = ($0 == __FILE__) ? 5 : 5
21
-
21
+
22
22
  # Disable in-proc process launching and either run jruby with specified args
23
23
  # or yield args to a given block
24
24
  def jruby_oop(*args)
@@ -69,37 +69,70 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
69
69
  OpenSSL::TestUtils.issue_crl(*arg)
70
70
  end
71
71
 
72
- def start_server(port0, verify_mode, start_immediately, &block)
73
- server = nil
74
- jruby_oop {
72
+ def choose_port(port)
73
+ tcps = nil
74
+ 100.times{|i|
75
+ begin
76
+ tcps = TCPServer.new("127.0.0.1", port+i)
77
+ port = port + i
78
+ break
79
+ rescue Errno::EADDRINUSE
80
+ next
81
+ end
82
+ }
83
+ return tcps, port
84
+ end
85
+
86
+ def start_server(port0, verify_mode, start_immediately, ctx = nil, &block)
87
+ tcps, port = choose_port(port0)
88
+ t = Thread.start {
75
89
  begin
76
- cmd = [RUBY]
77
- cmd << "-Ilib"
78
- cmd << "-d" if $DEBUG
79
- cmd << SSL_SERVER << port0.to_s << verify_mode.to_s
80
- cmd << (start_immediately ? "yes" : "no")
81
- server = IO.popen(cmd.join(" "), "w+")
82
- server.write(@ca_cert.to_pem)
83
- server.write(@svr_cert.to_pem)
84
- server.write(@svr_key.to_pem)
85
- $stderr.puts "sent certs to server" if $DEBUG
86
- str = server.gets
87
- $stderr.puts "got pid from server: #{str}" if $DEBUG
88
- pid = Integer(str)
89
- if port = server.gets
90
+ if ctx.nil?
91
+ store = OpenSSL::X509::Store.new
92
+ store.add_cert(@ca_cert)
93
+ store.purpose = OpenSSL::X509::PURPOSE_ANY
94
+ ctx = OpenSSL::SSL::SSLContext.new
95
+ ctx.cert_store = store
96
+ #ctx.extra_chain_cert = [ ca_cert ]
97
+ ctx.cert = @svr_cert
98
+ ctx.key = @svr_key
99
+ ctx.verify_mode = verify_mode
100
+ end
101
+
102
+ Socket.do_not_reverse_lookup = true
103
+ ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
104
+ ssls.start_immediately = start_immediately
105
+
106
+ loop do
107
+ begin
108
+ ssl = ssls.accept
109
+ Thread.start{
110
+ q = Queue.new
111
+ th = Thread.start{ ssl.write(q.shift) while true }
112
+ while line = ssl.gets
113
+ if line =~ /^STARTTLS$/
114
+ ssl.accept
115
+ next
116
+ end
117
+ q.push(line)
118
+ end
119
+ th.kill if q.empty?
120
+ ssl.close
121
+ }
122
+ rescue
90
123
  if $DEBUG
91
- $stderr.printf("%s started: pid=%d port=%d\n", SSL_SERVER, pid, port)
124
+ puts $!
125
+ puts $!.backtrace.join("\n")
92
126
  end
93
- block.call(server, port.to_i)
94
- end
95
- ensure
96
- if server
97
- $stderr.puts "killing: #{pid}" if $DEBUG
98
- Process.kill(:KILL, pid)
99
- server.close
100
127
  end
101
128
  end
129
+ rescue
130
+ puts $!
131
+ puts $!.backtrace.join("\n")
132
+ end
102
133
  }
134
+ sleep 1
135
+ block.call(nil, port.to_i)
103
136
  end
104
137
 
105
138
  def starttls(ssl)
@@ -173,42 +206,113 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
173
206
  }
174
207
  end
175
208
 
176
- # Temporarily disabled...see JRUBY-1888
177
- # def test_client_auth
178
- # vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
179
- # start_server(PORT, vflag, true){|s, p|
180
- # assert_raises(OpenSSL::SSL::SSLError){
181
- # sock = TCPSocket.new("127.0.0.1", p)
182
- # ssl = OpenSSL::SSL::SSLSocket.new(sock)
183
- # ssl.connect
184
- # }
185
- # ctx = OpenSSL::SSL::SSLContext.new
186
- # ctx.key = @cli_key
187
- # ctx.cert = @cli_cert
188
- # sock = TCPSocket.new("127.0.0.1", p)
189
- # ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
190
- # ssl.sync_close = true
191
- # ssl.connect
192
- # ssl.puts("foo")
193
- # assert_equal("foo\n", ssl.gets)
194
- # ssl.close
195
- #
196
- # called = nil
197
- # ctx = OpenSSL::SSL::SSLContext.new
198
- # ctx.client_cert_cb = Proc.new{|ssl|
199
- # called = true
200
- # [@cli_cert, @cli_key]
201
- # }
202
- # sock = TCPSocket.new("127.0.0.1", p)
203
- # ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
204
- # ssl.sync_close = true
205
- # ssl.connect
206
- ## assert(called)
207
- # ssl.puts("foo")
208
- # assert_equal("foo\n", ssl.gets)
209
- # ssl.close
210
- # }
211
- # end
209
+ def test_client_auth
210
+ vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
211
+ start_server(PORT, vflag, true){|s, p|
212
+ assert_raises(OpenSSL::SSL::SSLError){
213
+ sock = TCPSocket.new("127.0.0.1", p)
214
+ ssl = OpenSSL::SSL::SSLSocket.new(sock)
215
+ ssl.connect
216
+ }
217
+ ctx = OpenSSL::SSL::SSLContext.new
218
+ ctx.key = @cli_key
219
+ ctx.cert = @cli_cert
220
+ sock = TCPSocket.new("127.0.0.1", p)
221
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
222
+ ssl.sync_close = true
223
+ ssl.connect
224
+ ssl.puts("foo")
225
+ assert_equal("foo\n", ssl.gets)
226
+ ssl.close
227
+
228
+ called = nil
229
+ ctx = OpenSSL::SSL::SSLContext.new
230
+ ctx.client_cert_cb = Proc.new{|ssl2|
231
+ called = true
232
+ [@cli_cert, @cli_key]
233
+ }
234
+ sock = TCPSocket.new("127.0.0.1", p)
235
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
236
+ ssl.sync_close = true
237
+ ssl.connect
238
+ assert(called)
239
+ ssl.puts("foo")
240
+ assert_equal("foo\n", ssl.gets)
241
+ ssl.close
242
+ }
243
+ end
244
+
245
+ def test_client_auth_with_server_store
246
+ vflag = OpenSSL::SSL::VERIFY_PEER
247
+
248
+ localcacert_file = Tempfile.open("cafile")
249
+ localcacert_file << @ca_cert.to_pem
250
+ localcacert_file.close
251
+ localcacert_path = localcacert_file.path
252
+
253
+ ssl_store = OpenSSL::X509::Store.new
254
+ ssl_store.purpose = OpenSSL::X509::PURPOSE_ANY
255
+ ssl_store.add_file(localcacert_path)
256
+
257
+ server_ctx = OpenSSL::SSL::SSLContext.new
258
+ server_ctx.cert = @svr_cert
259
+ server_ctx.key = @svr_key
260
+ server_ctx.verify_mode = vflag
261
+ server_ctx.cert_store = ssl_store
262
+
263
+ start_server(PORT, vflag, true, server_ctx){|s, p|
264
+ ctx = OpenSSL::SSL::SSLContext.new
265
+ ctx.cert = @cli_cert
266
+ ctx.key = @cli_key
267
+ sock = TCPSocket.new("127.0.0.1", p)
268
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
269
+ ssl.sync_close = true
270
+ ssl.connect
271
+ ssl.puts("foo")
272
+ assert_equal("foo\n", ssl.gets)
273
+ ssl.close
274
+ localcacert_file.unlink
275
+ }
276
+ end
277
+
278
+ def test_client_crl_with_server_store
279
+ vflag = OpenSSL::SSL::VERIFY_PEER
280
+
281
+ localcacert_file = Tempfile.open("cafile")
282
+ localcacert_file << @ca_cert.to_pem
283
+ localcacert_file.close
284
+ localcacert_path = localcacert_file.path
285
+
286
+ ssl_store = OpenSSL::X509::Store.new
287
+ ssl_store.purpose = OpenSSL::X509::PURPOSE_ANY
288
+ ssl_store.add_file(localcacert_path)
289
+ ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK
290
+
291
+ crl = issue_crl([], 1, Time.now, Time.now+1600, [],
292
+ @cli_cert, @ca_key, OpenSSL::Digest::SHA1.new)
293
+
294
+ ssl_store.add_crl(OpenSSL::X509::CRL.new(crl.to_pem))
295
+
296
+ server_ctx = OpenSSL::SSL::SSLContext.new
297
+ server_ctx.cert = @svr_cert
298
+ server_ctx.key = @svr_key
299
+ server_ctx.verify_mode = vflag
300
+ server_ctx.cert_store = ssl_store
301
+
302
+ start_server(PORT, vflag, true, server_ctx){|s, p|
303
+ ctx = OpenSSL::SSL::SSLContext.new
304
+ ctx.cert = @cli_cert
305
+ ctx.key = @cli_key
306
+ assert_raises(OpenSSL::SSL::SSLError){
307
+ sock = TCPSocket.new("127.0.0.1", p)
308
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
309
+ ssl.sync_close = true
310
+ ssl.connect
311
+ ssl.close
312
+ }
313
+ localcacert_file.unlink
314
+ }
315
+ end
212
316
 
213
317
  def test_starttls
214
318
  start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|s, p|
metadata CHANGED
@@ -1,122 +1,122 @@
1
1
  --- !ruby/object:Gem::Specification
2
- extensions: []
2
+ name: jruby-openssl
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.5.2
5
+ platform: ruby
6
+ authors:
7
+ - Ola Bini and JRuby contributors
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
3
11
 
4
- homepage: http://jruby-extras.rubyforge.org/jruby-openssl
12
+ date: 2009-08-20 00:00:00 -05:00
13
+ default_executable:
14
+ dependencies: []
15
+
16
+ description: = JRuby-OpenSSL
17
+ email: ola.bini@gmail.com
5
18
  executables: []
6
19
 
7
- version: !ruby/object:Gem::Version
8
- version: 0.5.1
9
- post_install_message:
10
- date: 2009-06-15 05:00:00 +00:00
11
- files:
12
- - History.txt
13
- - README.txt
14
- - License.txt
15
- - lib/jopenssl.jar
16
- - lib/bcmail-jdk14-139.jar
17
- - lib/bcprov-jdk14-139.jar
18
- - lib/openssl.rb
19
- - lib/jopenssl/version.rb
20
- - lib/openssl/bn.rb
21
- - lib/openssl/buffering.rb
22
- - lib/openssl/cipher.rb
23
- - lib/openssl/digest.rb
24
- - lib/openssl/dummy.rb
25
- - lib/openssl/dummyssl.rb
26
- - lib/openssl/ssl.rb
27
- - lib/openssl/x509.rb
28
- - test/pkcs7_mime_enveloped.message
29
- - test/pkcs7_mime_signed.message
30
- - test/pkcs7_multipart_signed.message
31
- - test/test_cipher.rb
32
- - test/test_integration.rb
33
- - test/test_java.rb
34
- - test/test_java_attribute.rb
35
- - test/test_java_bio.rb
36
- - test/test_java_mime.rb
37
- - test/test_java_pkcs7.rb
38
- - test/test_java_smime.rb
39
- - test/test_openssl.rb
40
- - test/test_openssl_x509.rb
41
- - test/test_pkey.rb
42
- - test/ut_eof.rb
43
- - test/fixture/cacert.pem
44
- - test/fixture/cert_localhost.pem
45
- - test/fixture/localhost_keypair.pem
46
- - test/openssl/ssl_server.rb
47
- - test/openssl/test_asn1.rb
48
- - test/openssl/test_cipher.rb
49
- - test/openssl/test_digest.rb
50
- - test/openssl/test_hmac.rb
51
- - test/openssl/test_ns_spki.rb
52
- - test/openssl/test_pair.rb
53
- - test/openssl/test_pkcs7.rb
54
- - test/openssl/test_pkey_rsa.rb
55
- - test/openssl/test_ssl.rb
56
- - test/openssl/test_x509cert.rb
57
- - test/openssl/test_x509crl.rb
58
- - test/openssl/test_x509ext.rb
59
- - test/openssl/test_x509name.rb
60
- - test/openssl/test_x509req.rb
61
- - test/openssl/test_x509store.rb
62
- - test/openssl/utils.rb
63
- - test/ref/a.out
64
- - test/ref/compile.rb
65
- - test/ref/pkcs1
66
- - test/ref/pkcs1.c
67
- rubygems_version: 1.3.3
68
- rdoc_options:
69
- - --main
70
- - README.txt
71
- signing_key:
72
- cert_chain: []
20
+ extensions: []
73
21
 
74
- name: jruby-openssl
22
+ extra_rdoc_files:
23
+ - History.txt
24
+ - README.txt
25
+ - License.txt
26
+ files:
27
+ - History.txt
28
+ - README.txt
29
+ - License.txt
30
+ - lib/jopenssl.jar
31
+ - lib/bcmail-jdk14-139.jar
32
+ - lib/bcprov-jdk14-139.jar
33
+ - lib/openssl.rb
34
+ - lib/jopenssl/version.rb
35
+ - lib/openssl/bn.rb
36
+ - lib/openssl/buffering.rb
37
+ - lib/openssl/cipher.rb
38
+ - lib/openssl/digest.rb
39
+ - lib/openssl/dummy.rb
40
+ - lib/openssl/dummyssl.rb
41
+ - lib/openssl/ssl.rb
42
+ - lib/openssl/x509.rb
43
+ - test/pkcs7_mime_enveloped.message
44
+ - test/pkcs7_mime_signed.message
45
+ - test/pkcs7_multipart_signed.message
46
+ - test/test_cipher.rb
47
+ - test/test_integration.rb
48
+ - test/test_java.rb
49
+ - test/test_java_attribute.rb
50
+ - test/test_java_bio.rb
51
+ - test/test_java_mime.rb
52
+ - test/test_java_pkcs7.rb
53
+ - test/test_java_smime.rb
54
+ - test/test_openssl.rb
55
+ - test/test_openssl_x509.rb
56
+ - test/test_pkey.rb
57
+ - test/ut_eof.rb
58
+ - test/fixture/cacert.pem
59
+ - test/fixture/cert_localhost.pem
60
+ - test/fixture/localhost_keypair.pem
61
+ - test/openssl/ssl_server.rb
62
+ - test/openssl/test_asn1.rb
63
+ - test/openssl/test_cipher.rb
64
+ - test/openssl/test_digest.rb
65
+ - test/openssl/test_hmac.rb
66
+ - test/openssl/test_ns_spki.rb
67
+ - test/openssl/test_pair.rb
68
+ - test/openssl/test_pkcs7.rb
69
+ - test/openssl/test_pkey_rsa.rb
70
+ - test/openssl/test_ssl.rb
71
+ - test/openssl/test_x509cert.rb
72
+ - test/openssl/test_x509crl.rb
73
+ - test/openssl/test_x509ext.rb
74
+ - test/openssl/test_x509name.rb
75
+ - test/openssl/test_x509req.rb
76
+ - test/openssl/test_x509store.rb
77
+ - test/openssl/utils.rb
78
+ - test/ref/a.out
79
+ - test/ref/compile.rb
80
+ - test/ref/pkcs1
81
+ - test/ref/pkcs1.c
75
82
  has_rdoc: true
76
- platform: ruby
77
- summary: OpenSSL add-on for JRuby
78
- default_executable:
79
- bindir: bin
83
+ homepage: http://jruby-extras.rubyforge.org/jruby-openssl
80
84
  licenses: []
81
85
 
82
- required_rubygems_version: !ruby/object:Gem::Requirement
83
- version:
84
- requirements:
85
- - - '>='
86
- - !ruby/object:Gem::Version
87
- version: "0"
86
+ post_install_message:
87
+ rdoc_options:
88
+ - --main
89
+ - README.txt
90
+ require_paths:
91
+ - lib
88
92
  required_ruby_version: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: "0"
89
97
  version:
98
+ required_rubygems_version: !ruby/object:Gem::Requirement
90
99
  requirements:
91
- - - '>='
92
- - !ruby/object:Gem::Version
93
- version: "0"
94
- require_paths:
95
- - lib
96
- specification_version: 3
97
- test_files:
98
- - test/test_cipher.rb
99
- - test/test_integration.rb
100
- - test/test_java.rb
101
- - test/test_java_attribute.rb
102
- - test/test_java_bio.rb
103
- - test/test_java_mime.rb
104
- - test/test_java_pkcs7.rb
105
- - test/test_java_smime.rb
106
- - test/test_openssl.rb
107
- - test/test_openssl_x509.rb
108
- - test/test_pkey.rb
109
- dependencies: []
110
-
111
- description: = JRuby-OpenSSL
112
- email: ola.bini@gmail.com
113
- authors:
114
- - Ola Bini and JRuby contributors
115
- extra_rdoc_files:
116
- - History.txt
117
- - README.txt
118
- - License.txt
100
+ - - ">="
101
+ - !ruby/object:Gem::Version
102
+ version: "0"
103
+ version:
119
104
  requirements: []
120
105
 
121
106
  rubyforge_project: jruby-extras
122
- autorequire:
107
+ rubygems_version: 1.3.3
108
+ signing_key:
109
+ specification_version: 3
110
+ summary: OpenSSL add-on for JRuby
111
+ test_files:
112
+ - test/test_cipher.rb
113
+ - test/test_integration.rb
114
+ - test/test_java.rb
115
+ - test/test_java_attribute.rb
116
+ - test/test_java_bio.rb
117
+ - test/test_java_mime.rb
118
+ - test/test_java_pkcs7.rb
119
+ - test/test_java_smime.rb
120
+ - test/test_openssl.rb
121
+ - test/test_openssl_x509.rb
122
+ - test/test_pkey.rb