jruby-openssl 0.8.0.pre3 → 0.8.0

data/test/1.9/test_pkey_ec.rb

@@ -1,182 +0,0 @@
-require_relative 'utils'
-
-if defined?(OpenSSL::PKey::EC)
-
-class OpenSSL::TestEC < Test::Unit::TestCase
-  def setup
-    @data1 = 'foo'
-    @data2 = 'bar' * 1000 # data too long for DSA sig
-
-    @group1 = OpenSSL::PKey::EC::Group.new('secp112r1')
-    @group2 = OpenSSL::PKey::EC::Group.new('sect163k1')
-    @group3 = OpenSSL::PKey::EC::Group.new('prime256v1')
-
-    @key1 = OpenSSL::PKey::EC.new
-    @key1.group = @group1
-    @key1.generate_key
-
-    @key2 = OpenSSL::PKey::EC.new(@group2.curve_name)
-    @key2.generate_key
-
-    @key3 = OpenSSL::PKey::EC.new(@group3)
-    @key3.generate_key
-
-    @groups = [@group1, @group2, @group3]
-    @keys = [@key1, @key2, @key3]
-  end
-
-  def compare_keys(k1, k2)
-    assert_equal(k1.to_pem, k2.to_pem)
-  end
-
-  def test_curve_names
-    @groups.each_with_index do |group, idx|
-      key = @keys[idx]
-      assert_equal(group.curve_name, key.group.curve_name)
-    end
-  end
-
-  def test_check_key
-    for key in @keys
-      assert_equal(key.check_key, true)
-      assert_equal(key.private_key?, true)
-      assert_equal(key.public_key?, true)
-    end
-  end
-
-  def test_encoding
-    for group in @groups
-      for meth in [:to_der, :to_pem]
-        txt = group.send(meth)
-        gr = OpenSSL::PKey::EC::Group.new(txt)
-        assert_equal(txt, gr.send(meth))
-
-        assert_equal(group.generator.to_bn, gr.generator.to_bn)
-        assert_equal(group.cofactor, gr.cofactor)
-        assert_equal(group.order, gr.order)
-        assert_equal(group.seed, gr.seed)
-        assert_equal(group.degree, gr.degree)
-      end
-    end
-
-    for key in @keys
-      group = key.group
-
-      for meth in [:to_der, :to_pem]
-        txt = key.send(meth)
-        assert_equal(txt, OpenSSL::PKey::EC.new(txt).send(meth))
-      end
-
-      bn = key.public_key.to_bn
-      assert_equal(bn, OpenSSL::PKey::EC::Point.new(group, bn).to_bn)
-    end
-  end
-
-  def test_set_keys
-    for key in @keys
-      k = OpenSSL::PKey::EC.new
-      k.group = key.group
-      k.private_key = key.private_key
-      k.public_key = key.public_key
-
-      compare_keys(key, k)
-    end
-  end
-
-  def test_dsa_sign_verify
-    for key in @keys
-      sig = key.dsa_sign_asn1(@data1)
-      assert(key.dsa_verify_asn1(@data1, sig))
-    end
-  end
-
-  def test_dsa_sign_asn1_FIPS186_3
-    for key in @keys
-      size = key.group.order.num_bits / 8 + 1
-      dgst = (1..size).to_a.pack('C*')
-      begin
-        sig = key.dsa_sign_asn1(dgst)
-        # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
-        assert(key.dsa_verify_asn1(dgst + "garbage", sig))
-      rescue OpenSSL::PKey::ECError => e
-        # just an exception for longer dgst before openssl-0.9.8m
-        assert_equal('ECDSA_sign: data too large for key size', e.message)
-        # no need to do following tests
-        return
-      end
-    end
-  end
-
-  def test_dh_compute_key
-    for key in @keys
-      k = OpenSSL::PKey::EC.new(key.group)
-      k.generate_key
-
-      puba = key.public_key
-      pubb = k.public_key
-      a = key.dh_compute_key(pubb)
-      b = k.dh_compute_key(puba)
-      assert_equal(a, b)
-    end
-  end
-  
-  def test_read_private_key_der
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    der = ec.to_der
-    ec2 = OpenSSL::PKey.read(der)
-    assert(ec2.private_key?)
-    assert_equal(der, ec2.to_der)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_private_key_pem
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    pem = ec.to_pem
-    ec2 = OpenSSL::PKey.read(pem)
-    assert(ec2.private_key?)
-    assert_equal(pem, ec2.to_pem)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_public_key_der
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    ec2 = OpenSSL::PKey::EC.new(ec.group)
-    ec2.public_key = ec.public_key
-    der = ec2.to_der
-    ec3 = OpenSSL::PKey.read(der)
-    assert(!ec3.private_key?)
-    assert_equal(der, ec3.to_der)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_public_key_pem
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    ec2 = OpenSSL::PKey::EC.new(ec.group)
-    ec2.public_key = ec.public_key
-    pem = ec2.to_pem
-    ec3 = OpenSSL::PKey.read(pem)
-    assert(!ec3.private_key?)
-    assert_equal(pem, ec3.to_pem)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_private_key_pem_pw
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    pem = ec.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
-    #callback form for password
-    ec2 = OpenSSL::PKey.read(pem) do
-      'secret'
-    end
-    assert(ec2.private_key?)
-    # pass password directly
-    ec2 = OpenSSL::PKey.read(pem, 'secret')
-    assert(ec2.private_key?)
-    #omit pem equality check, will be different due to cipher iv
-    assert_equal([], OpenSSL.errors)
-  end
-
-# test Group: asn1_flag, point_conversion
-
-end
-
-end

data/test/1.9/test_pkey_rsa.rb

@@ -1,244 +0,0 @@
-require_relative 'utils'
-require 'base64'
-
-if defined?(OpenSSL)
-
-class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
-  def test_padding
-    key = OpenSSL::PKey::RSA.new(512, 3)
-
-    # Need right size for raw mode
-    plain0 = "x" * (512/8)
-    cipher = key.private_encrypt(plain0, OpenSSL::PKey::RSA::NO_PADDING)
-    plain1 = key.public_decrypt(cipher, OpenSSL::PKey::RSA::NO_PADDING)
-    assert_equal(plain0, plain1)
-
-    # Need smaller size for pkcs1 mode
-    plain0 = "x" * (512/8 - 11)
-    cipher1 = key.private_encrypt(plain0, OpenSSL::PKey::RSA::PKCS1_PADDING)
-    plain1 = key.public_decrypt(cipher1, OpenSSL::PKey::RSA::PKCS1_PADDING)
-    assert_equal(plain0, plain1)
-
-    cipherdef = key.private_encrypt(plain0) # PKCS1_PADDING is default
-    plain1 = key.public_decrypt(cipherdef)
-    assert_equal(plain0, plain1)
-    assert_equal(cipher1, cipherdef)
-
-    # Failure cases
-    assert_raise(ArgumentError){ key.private_encrypt() }
-    assert_raise(ArgumentError){ key.private_encrypt("hi", 1, nil) }
-    assert_raise(OpenSSL::PKey::RSAError){ key.private_encrypt(plain0, 666) }
-  end
-
-  def test_private
-    key = OpenSSL::PKey::RSA.new(512, 3)
-    assert(key.private?)
-    key2 = OpenSSL::PKey::RSA.new(key.to_der)
-    assert(key2.private?)
-    key3 = key.public_key
-    assert(!key3.private?)
-    key4 = OpenSSL::PKey::RSA.new(key3.to_der)
-    assert(!key4.private?)
-  end
-
-  def test_new
-    key = OpenSSL::PKey::RSA.new 512
-    pem  = key.public_key.to_pem
-    OpenSSL::PKey::RSA.new pem
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_sign_verify
-    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
-    digest = OpenSSL::Digest::SHA1.new
-    data = 'Sign me!'
-    sig = key.sign(digest, data)
-    assert(key.verify(digest, sig, data))
-  end
-
-  def test_digest_state_irrelevant_sign
-    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
-    digest1 = OpenSSL::Digest::SHA1.new
-    digest2 = OpenSSL::Digest::SHA1.new
-    data = 'Sign me!'
-    digest1 << 'Change state of digest1'
-    sig1 = key.sign(digest1, data)
-    sig2 = key.sign(digest2, data)
-    assert_equal(sig1, sig2)
-  end
-
-  def test_digest_state_irrelevant_verify
-    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
-    digest1 = OpenSSL::Digest::SHA1.new
-    digest2 = OpenSSL::Digest::SHA1.new
-    data = 'Sign me!'
-    sig = key.sign(digest1, data)
-    digest1.reset
-    digest1 << 'Change state of digest1'
-    assert(key.verify(digest1, sig, data))
-    assert(key.verify(digest2, sig, data))
-  end
-
-  def test_read_RSAPublicKey
-    modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351
-    exponent = 65537
-    seq = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)])
-    key = OpenSSL::PKey::RSA.new(seq.to_der)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(modulus, key.n)
-    assert_equal(exponent, key.e)
-    assert_equal(nil, key.d)
-    assert_equal(nil, key.p)
-    assert_equal(nil, key.q)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_RSA_PUBKEY
-    modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351
-    exponent = 65537
-    algo = OpenSSL::ASN1::ObjectId.new('rsaEncryption')
-    null_params = OpenSSL::ASN1::Null.new(nil)
-    algo_id = OpenSSL::ASN1::Sequence.new ([algo, null_params])
-    pub_key = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)])
-    seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)])
-    key = OpenSSL::PKey::RSA.new(seq.to_der)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(modulus, key.n)
-    assert_equal(exponent, key.e)
-    assert_equal(nil, key.d)
-    assert_equal(nil, key.p)
-    assert_equal(nil, key.q)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_RSAPublicKey_pem
-    modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061
-    exponent = 65537
-    pem = <<-EOF
------BEGIN RSA PUBLIC KEY-----
-MEgCQQCzyh2RIZK62E2PbTWqUljD+K23XR9AGBKNtXjal6WD2yRGcLqzPJLNCa60
-AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE=
------END RSA PUBLIC KEY-----
-    EOF
-    key = OpenSSL::PKey::RSA.new(pem)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(modulus, key.n)
-    assert_equal(exponent, key.e)
-    assert_equal(nil, key.d)
-    assert_equal(nil, key.p)
-    assert_equal(nil, key.q)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_RSA_PUBKEY_pem
-    modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061
-    exponent = 65537
-    pem = <<-EOF
------BEGIN PUBLIC KEY-----
-MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALPKHZEhkrrYTY9tNapSWMP4rbdd
-H0AYEo21eNqXpYPbJEZwurM8ks0JrrQC50lHUmhtshsMmtC7oBedaHmT9i0C
-AwEAAQ==
------END PUBLIC KEY-----
-    EOF
-    key = OpenSSL::PKey::RSA.new(pem)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(modulus, key.n)
-    assert_equal(exponent, key.e)
-    assert_equal(nil, key.d)
-    assert_equal(nil, key.p)
-    assert_equal(nil, key.q)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_export_format_is_RSA_PUBKEY
-    key = OpenSSL::PKey::RSA.new(512)
-    asn1 = OpenSSL::ASN1.decode(key.public_key.to_der)
-    check_PUBKEY(asn1, key)
-  end
-
-  def test_export_format_is_RSA_PUBKEY_pem
-    key = OpenSSL::PKey::RSA.new(512)
-    pem = key.public_key.to_pem
-    pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...-------
-    asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem))
-    check_PUBKEY(asn1, key)
-  end
-
-  def test_read_private_key_der
-    der = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_der
-    key = OpenSSL::PKey.read(der)
-    assert(key.private?)
-    assert_equal(der, key.to_der)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_private_key_pem
-    pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem
-    key = OpenSSL::PKey.read(pem)
-    assert(key.private?)
-    assert_equal(pem, key.to_pem)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_public_key_der
-    der = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_der
-    key = OpenSSL::PKey.read(der)
-    assert(!key.private?)
-    assert_equal(der, key.to_der)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_public_key_pem
-    pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_pem
-    key = OpenSSL::PKey.read(pem)
-    assert(!key.private?)
-    assert_equal(pem, key.to_pem)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_private_key_pem_pw
-    pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
-    #callback form for password
-    key = OpenSSL::PKey.read(pem) do
-      'secret'
-    end
-    assert(key.private?)
-    # pass password directly
-    key = OpenSSL::PKey.read(pem, 'secret')
-    assert(key.private?)
-    #omit pem equality check, will be different due to cipher iv
-    assert_equal([], OpenSSL.errors)
-  end
-
-  private
-
-  def check_PUBKEY(asn1, key)
-    assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag)
-    assert_equal(2, asn1.value.size)
-    seq = asn1.value
-    assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag)
-    assert_equal(2, seq[0].value.size)
-    algo_id = seq[0].value
-    assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag)
-    assert_equal('rsaEncryption', algo_id[0].value)
-    assert_equal(OpenSSL::ASN1::NULL, algo_id[1].tag)
-    assert_equal(nil, algo_id[1].value)
-    assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag)
-    assert_equal(0, seq[1].unused_bits)
-    pub_key = OpenSSL::ASN1.decode(seq[1].value)
-    assert_equal(OpenSSL::ASN1::SEQUENCE, pub_key.tag)
-    assert_equal(2, pub_key.value.size)
-    assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[0].tag)
-    assert_equal(key.n, pub_key.value[0].value)
-    assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag)
-    assert_equal(key.e, pub_key.value[1].value)
-    assert_equal([], OpenSSL.errors)
-  end
-
-end
-
-end

data/test/1.9/test_ssl.rb

@@ -1,499 +0,0 @@
-require_relative "utils"
-
-if defined?(OpenSSL)
-
-class OpenSSL::TestSSL < OpenSSL::SSLTestCase
-  def test_ctx_setup
-    ctx = OpenSSL::SSL::SSLContext.new
-    assert_equal(ctx.setup, true)
-    assert_equal(ctx.setup, nil)
-  end
-
-  def test_ctx_setup_no_compression
-    ctx = OpenSSL::SSL::SSLContext.new
-    ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_COMPRESSION
-    assert_equal(ctx.setup, true)
-    assert_equal(ctx.setup, nil)
-    assert_equal(OpenSSL::SSL::OP_NO_COMPRESSION,
-                 ctx.options & OpenSSL::SSL::OP_NO_COMPRESSION)
-  end if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
-
-  def test_not_started_session
-    skip "non socket argument of SSLSocket.new is not supported on this platform" if /mswin|mingw/ =~ RUBY_PLATFORM
-    open(__FILE__) do |f|
-      assert_nil OpenSSL::SSL::SSLSocket.new(f).cert
-    end
-  end
-
-  def test_ssl_read_nonblock
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) { |server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.sync_close = true
-      ssl.connect
-      assert_raise(IO::WaitReadable) { ssl.read_nonblock(100) }
-      ssl.write("abc\n")
-      IO.select [ssl]
-      assert_equal('a', ssl.read_nonblock(1))
-      assert_equal("bc\n", ssl.read_nonblock(100))
-      assert_raise(IO::WaitReadable) { ssl.read_nonblock(100) }
-    }
-  end
-
-  def test_connect_and_close
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      assert(ssl.connect)
-      ssl.close
-      assert(!sock.closed?)
-      sock.close
-
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.sync_close = true  # !!
-      assert(ssl.connect)
-      ssl.close
-      assert(sock.closed?)
-    }
-  end
-
-  def test_read_and_write
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.sync_close = true
-      ssl.connect
-
-      # puts and gets
-      ITERATIONS.times{
-        str = "x" * 100 + "\n"
-        ssl.puts(str)
-        assert_equal(str, ssl.gets)
-
-        str = "x" * 100
-        ssl.puts(str)
-        assert_equal(str, ssl.gets("\n", 100))
-        assert_equal("\n", ssl.gets)
-      }
-
-      # read and write
-      ITERATIONS.times{|i|
-        str = "x" * 100 + "\n"
-        ssl.write(str)
-        assert_equal(str, ssl.read(str.size))
-
-        str = "x" * i * 100 + "\n"
-        buf = ""
-        ssl.write(str)
-        assert_equal(buf.object_id, ssl.read(str.size, buf).object_id)
-        assert_equal(str, buf)
-      }
-
-      ssl.close
-    }
-  end
-
-  def sysread_size(ssl, size)
-    buf = ''
-    while buf.bytesize < size
-      buf += ssl.sysread(size - buf.bytesize)
-    end
-    buf
-  end
-
-  def test_sysread_chunks
-    args = {}
-    args[:server_proc] = proc { |ctx, ssl|
-      while line = ssl.gets
-        if line =~ /^STARTTLS$/
-          ssl.accept
-          next
-        end
-        ssl.write("0" * 800)
-        ssl.write("1" * 200)
-        ssl.close
-        break
-      end
-    }
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, args){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.sync_close = true
-      ssl.connect
-      ssl.syswrite("hello\n")
-      assert_equal("0" * 200, sysread_size(ssl, 200))
-      assert_equal("0" * 200, sysread_size(ssl, 200))
-      assert_equal("0" * 200, sysread_size(ssl, 200))
-      assert_equal("0" * 200, sysread_size(ssl, 200))
-      assert_equal("1" * 200, sysread_size(ssl, 200))
-      ssl.close
-    }
-  end
-
-  def test_sysread_buffer
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.sync_close = true
-      ssl.connect
-      ITERATIONS.times{|i|
-        # the given buffer is cleared before concatenating.
-        # NB: SSLSocket#readpartial depends sysread.
-        str = "x" * i * 100 + "\n"
-        ssl.syswrite(str)
-        buf = "asdf"
-        assert_equal(buf.object_id, ssl.sysread(0, buf).object_id)
-        assert_equal("", buf)
-
-        buf = "asdf"
-        read = ssl.sysread(str.size, buf)
-        assert(!read.empty?)
-        assert_equal(buf.object_id, read.object_id)
-        assert_equal(str[0, buf.bytesize], buf)
-        sysread_size(ssl, str.bytesize - buf.bytesize) # drop unread bytes
-
-        ssl.syswrite(str)
-        read = ssl.sysread(str.size, nil)
-        assert(!read.empty?)
-        assert_equal(str[0, read.bytesize], read)
-        sysread_size(ssl, str.bytesize - read.bytesize) # drop unread bytes
-      }
-      ssl.close
-    }
-  end
-
-  def test_client_auth
-    vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
-    start_server(PORT, vflag, true){|server, port|
-      assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET){
-        sock = TCPSocket.new("127.0.0.1", port)
-        ssl = OpenSSL::SSL::SSLSocket.new(sock)
-        ssl.connect
-      }
-
-      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.key = @cli_key
-      ctx.cert = @cli_cert
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-      ssl.sync_close = true
-      ssl.connect
-      ssl.puts("foo")
-      assert_equal("foo\n", ssl.gets)
-      ssl.close
-
-      called = nil
-      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.client_cert_cb = Proc.new{ |sslconn|
-        called = true
-        [@cli_cert, @cli_key]
-      }
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-      ssl.sync_close = true
-      ssl.connect
-      assert(called)
-      ssl.puts("foo")
-      assert_equal("foo\n", ssl.gets)
-      ssl.close
-    }
-  end
-
-  def test_client_ca
-    ctx_proc = Proc.new do |ctx|
-      ctx.client_ca = [@ca_cert]
-    end
-
-    vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
-    start_server(PORT, vflag, true, :ctx_proc => ctx_proc){|server, port|
-      ctx = OpenSSL::SSL::SSLContext.new
-      client_ca_from_server = nil
-      ctx.client_cert_cb = Proc.new do |sslconn|
-        client_ca_from_server = sslconn.client_ca
-        [@cli_cert, @cli_key]
-      end
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-      ssl.sync_close = true
-      ssl.connect
-      assert_equal([@ca], client_ca_from_server)
-      ssl.close
-    }
-  end
-
-  def test_starttls
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, false){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.sync_close = true
-      str = "x" * 1000 + "\n"
-
-      OpenSSL::TestUtils.silent do
-        ITERATIONS.times{
-          ssl.puts(str)
-          assert_equal(str, ssl.gets)
-        }
-        starttls(ssl)
-      end
-
-      ITERATIONS.times{
-        ssl.puts(str)
-        assert_equal(str, ssl.gets)
-      }
-
-      ssl.close
-    }
-  end
-
-  def test_parallel
-    GC.start
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      ssls = []
-      10.times{
-        sock = TCPSocket.new("127.0.0.1", port)
-        ssl = OpenSSL::SSL::SSLSocket.new(sock)
-        ssl.connect
-        ssl.sync_close = true
-        ssls << ssl
-      }
-      str = "x" * 1000 + "\n"
-      ITERATIONS.times{
-        ssls.each{|ssl|
-          ssl.puts(str)
-          assert_equal(str, ssl.gets)
-        }
-      }
-      ssls.each{|ssl| ssl.close }
-    }
-  end
-
-  def test_verify_result
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.set_params
-      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-      assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
-      assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
-
-      sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.set_params(
-        :verify_callback => Proc.new do |preverify_ok, store_ctx|
-          store_ctx.error = OpenSSL::X509::V_OK
-          true
-        end
-      )
-      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-      ssl.connect
-      assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
-
-      sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.set_params(
-        :verify_callback => Proc.new do |preverify_ok, store_ctx|
-          store_ctx.error = OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION
-          false
-        end
-      )
-      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-      assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
-      assert_equal(OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION, ssl.verify_result)
-    }
-  end
-
-  def test_exception_in_verify_callback_is_ignored
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.set_params(
-        :verify_callback => Proc.new do |preverify_ok, store_ctx|
-          store_ctx.error = OpenSSL::X509::V_OK
-          raise RuntimeError
-        end
-      )
-      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-      OpenSSL::TestUtils.silent do
-        # SSLError, not RuntimeError
-        assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
-      end
-      assert_equal(OpenSSL::X509::V_ERR_CERT_REJECTED, ssl.verify_result)
-      ssl.close
-    }
-  end
-
-  def test_sslctx_set_params
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.new
-      ctx.set_params
-      assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode)
-      assert_equal(OpenSSL::SSL::OP_ALL, ctx.options)
-      ciphers = ctx.ciphers
-      ciphers_versions = ciphers.collect{|_, v, _, _| v }
-      ciphers_names = ciphers.collect{|v, _, _, _| v }
-      assert(ciphers_names.all?{|v| /ADH/ !~ v })
-      assert(ciphers_versions.all?{|v| /SSLv2/ !~ v })
-      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-      assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
-      assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
-    }
-  end
-
-  def test_post_connection_check
-    sslerr = OpenSSL::SSL::SSLError
-
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.connect
-      assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
-      assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
-      assert(ssl.post_connection_check("localhost"))
-      assert_raise(sslerr){ssl.post_connection_check("foo.example.com")}
-
-      cert = ssl.peer_cert
-      assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
-      assert(!OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))
-      assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost"))
-      assert(!OpenSSL::SSL.verify_certificate_identity(cert, "foo.example.com"))
-    }
-
-    now = Time.now
-    exts = [
-      ["keyUsage","keyEncipherment,digitalSignature",true],
-      ["subjectAltName","DNS:localhost.localdomain",false],
-      ["subjectAltName","IP:127.0.0.1",false],
-    ]
-    @svr_cert = issue_cert(@svr, @svr_key, 4, now, now+1800, exts,
-                           @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.connect
-      assert(ssl.post_connection_check("localhost.localdomain"))
-      assert(ssl.post_connection_check("127.0.0.1"))
-      assert_raise(sslerr){ssl.post_connection_check("localhost")}
-      assert_raise(sslerr){ssl.post_connection_check("foo.example.com")}
-
-      cert = ssl.peer_cert
-      assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
-      assert(OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))
-      assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost"))
-      assert(!OpenSSL::SSL.verify_certificate_identity(cert, "foo.example.com"))
-    }
-
-    now = Time.now
-    exts = [
-      ["keyUsage","keyEncipherment,digitalSignature",true],
-      ["subjectAltName","DNS:*.localdomain",false],
-    ]
-    @svr_cert = issue_cert(@svr, @svr_key, 5, now, now+1800, exts,
-                           @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.connect
-      assert(ssl.post_connection_check("localhost.localdomain"))
-      assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
-      assert_raise(sslerr){ssl.post_connection_check("localhost")}
-      assert_raise(sslerr){ssl.post_connection_check("foo.example.com")}
-      cert = ssl.peer_cert
-      assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
-      assert(!OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))
-      assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost"))
-      assert(!OpenSSL::SSL.verify_certificate_identity(cert, "foo.example.com"))
-    }
-  end
-
-  def test_tlsext_hostname
-    return unless OpenSSL::SSL::SSLSocket.instance_methods.include?(:hostname)
-
-    ctx_proc = Proc.new do |ctx, ssl|
-      foo_ctx = ctx.dup
-
-      ctx.servername_cb = Proc.new do |ssl2, hostname|
-        case hostname
-        when 'foo.example.com'
-          foo_ctx
-        when 'bar.example.com'
-          nil
-        else
-          raise "unknown hostname #{hostname.inspect}"
-        end
-      end
-    end
-
-    server_proc = Proc.new do |ctx, ssl|
-      readwrite_loop(ctx, ssl)
-    end
-
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port|
-      2.times do |i|
-        sock = TCPSocket.new("127.0.0.1", port)
-        ctx = OpenSSL::SSL::SSLContext.new
-        if defined?(OpenSSL::SSL::OP_NO_TICKET)
-          # disable RFC4507 support
-          ctx.options = OpenSSL::SSL::OP_NO_TICKET
-        end
-        ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
-        ssl.sync_close = true
-        ssl.hostname = (i & 1 == 0) ? 'foo.example.com' : 'bar.example.com'
-        ssl.connect
-
-        str = "x" * 100 + "\n"
-        ssl.puts(str)
-        assert_equal(str, ssl.gets)
-
-        ssl.close
-      end
-    end
-  end
-
-  def test_multibyte_read_write
-    #German a umlaut
-    auml = [%w{ C3 A4 }.join('')].pack('H*')
-    auml.force_encoding(Encoding::UTF_8)
-
-    [10, 1000, 100000].each {|i|
-      str = nil
-      num_written = nil
-      server_proc = Proc.new {|ctx, ssl|
-        cmp = ssl.read
-        raw_size = cmp.size
-        cmp.force_encoding(Encoding::UTF_8)
-        assert_equal(str, cmp)
-        assert_equal(num_written, raw_size)
-        ssl.close
-      }
-      start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :server_proc => server_proc){|server, port|
-        sock = TCPSocket.new("127.0.0.1", port)
-        ssl = OpenSSL::SSL::SSLSocket.new(sock)
-        ssl.sync_close = true
-        ssl.connect
-        str = auml * i
-        num_written = ssl.write(str)
-        ssl.close
-      }
-    }
-  end
-
-  def test_unset_OP_ALL
-    ctx_proc = Proc.new { |ctx|
-      ctx.options = OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
-    }
-    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc){|server, port|
-      sock = TCPSocket.new("127.0.0.1", port)
-      ssl = OpenSSL::SSL::SSLSocket.new(sock)
-      ssl.sync_close = true
-      ssl.connect
-      ssl.puts('hello')
-      assert_equal("hello\n", ssl.gets)
-      ssl.close
-    }
-  end
-
-end
-
-end