diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/openssl/test_pkey.rb | 6 | ||||
| -rw-r--r-- | test/openssl/test_ssl.rb | 68 | ||||
| -rw-r--r-- | test/openssl/test_ssl_session.rb | 7 | ||||
| -rw-r--r-- | test/openssl/test_x509cert.rb | 1 | ||||
| -rw-r--r-- | test/openssl/test_x509crl.rb | 1 | ||||
| -rw-r--r-- | test/openssl/test_x509req.rb | 1 | ||||
| -rw-r--r-- | test/openssl/utils.rb | 8 |
7 files changed, 24 insertions, 68 deletions
diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb index 3c0fc56988..8444cfdcda 100644 --- a/test/openssl/test_pkey.rb +++ b/test/openssl/test_pkey.rb @@ -84,7 +84,6 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase def test_ed25519 # Ed25519 is not FIPS-approved. omit_on_fips - omit "Ed25519 not supported" if openssl? && !openssl?(1, 1, 1) # Test vector from RFC 8032 Section 7.1 TEST 2 priv_pem = <<~EOF @@ -157,9 +156,6 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase assert_equal bob_pem, bob.public_to_pem assert_equal [shared_secret].pack("H*"), alice.derive(bob) - if openssl? && !openssl?(1, 1, 1) - omit "running OpenSSL version does not have raw public key support" - end alice_private = OpenSSL::PKey.new_raw_private_key("X25519", alice.raw_private_key) bob_public = OpenSSL::PKey.new_raw_public_key("X25519", bob.raw_public_key) assert_equal alice_private.private_to_pem, @@ -173,8 +169,6 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase end def test_raw_initialize_errors - omit "Ed25519 not supported" if openssl? && !openssl?(1, 1, 1) - assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_private_key("foo123", "xxx") } assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_private_key("ED25519", "xxx") } assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_public_key("foo123", "xxx") } diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index c9cc7a02e7..c705f78794 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -40,7 +40,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_ctx_options_config omit "LibreSSL does not support OPENSSL_CONF" if libressl? - omit "OpenSSL < 1.1.1 does not support system_default" if openssl? && !openssl?(1, 1, 1) Tempfile.create("openssl.cnf") { |f| f.puts(<<~EOF) @@ -922,7 +921,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_keylog_cb - pend "Keylog callback is not supported" if !openssl?(1, 1, 1) || libressl? + omit "Keylog callback is not supported" if libressl? prefix = 'CLIENT_RANDOM' context = OpenSSL::SSL::SSLContext.new @@ -942,30 +941,28 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end end - if tls13_supported? - prefixes = [ - 'SERVER_HANDSHAKE_TRAFFIC_SECRET', - 'EXPORTER_SECRET', - 'SERVER_TRAFFIC_SECRET_0', - 'CLIENT_HANDSHAKE_TRAFFIC_SECRET', - 'CLIENT_TRAFFIC_SECRET_0', - ] - context = OpenSSL::SSL::SSLContext.new - context.min_version = context.max_version = OpenSSL::SSL::TLS1_3_VERSION - cb_called = false - context.keylog_cb = proc do |_sock, line| - cb_called = true - assert_not_nil(prefixes.delete(line.split.first)) - end + prefixes = [ + 'SERVER_HANDSHAKE_TRAFFIC_SECRET', + 'EXPORTER_SECRET', + 'SERVER_TRAFFIC_SECRET_0', + 'CLIENT_HANDSHAKE_TRAFFIC_SECRET', + 'CLIENT_TRAFFIC_SECRET_0', + ] + context = OpenSSL::SSL::SSLContext.new + context.min_version = context.max_version = OpenSSL::SSL::TLS1_3_VERSION + cb_called = false + context.keylog_cb = proc do |_sock, line| + cb_called = true + assert_not_nil(prefixes.delete(line.split.first)) + end - start_server do |port| - server_connect(port, context) do |ssl| - ssl.puts "abc" - assert_equal("abc\n", ssl.gets) - assert_equal(true, cb_called) - end - assert_equal(0, prefixes.size) + start_server do |port| + server_connect(port, context) do |ssl| + ssl.puts "abc" + assert_equal("abc\n", ssl.gets) + assert_equal(true, cb_called) end + assert_equal(0, prefixes.size) end end @@ -1204,8 +1201,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase OpenSSL::SSL::TLS1_VERSION, OpenSSL::SSL::TLS1_1_VERSION, OpenSSL::SSL::TLS1_2_VERSION, - # OpenSSL 1.1.1 - defined?(OpenSSL::SSL::TLS1_3_VERSION) && OpenSSL::SSL::TLS1_3_VERSION, + OpenSSL::SSL::TLS1_3_VERSION, ].compact # Prepare for testing & do sanity check @@ -1265,9 +1261,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase OpenSSL::SSL::TLS1_VERSION => { name: "TLSv1", method: "TLSv1" }, OpenSSL::SSL::TLS1_1_VERSION => { name: "TLSv1.1", method: "TLSv1_1" }, OpenSSL::SSL::TLS1_2_VERSION => { name: "TLSv1.2", method: "TLSv1_2" }, - # OpenSSL 1.1.1 - defined?(OpenSSL::SSL::TLS1_3_VERSION) && OpenSSL::SSL::TLS1_3_VERSION => - { name: "TLSv1.3", method: nil }, + OpenSSL::SSL::TLS1_3_VERSION => { name: "TLSv1.3", method: nil }, } # Server enables a single version @@ -1381,8 +1375,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase # applications. The purpose of this test case is to check that SSL options # are properly propagated to OpenSSL library. supported = check_supported_protocol_versions - if !defined?(OpenSSL::SSL::TLS1_3_VERSION) || - !supported.include?(OpenSSL::SSL::TLS1_2_VERSION) || + if !supported.include?(OpenSSL::SSL::TLS1_2_VERSION) || !supported.include?(OpenSSL::SSL::TLS1_3_VERSION) pend "this test case requires both TLS 1.2 and TLS 1.3 to be supported " \ "and enabled by default" @@ -1721,11 +1714,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_ciphersuites_method_tls_connection - ssl_ctx = OpenSSL::SSL::SSLContext.new - if !tls13_supported? || !ssl_ctx.respond_to?(:ciphersuites=) - pend 'TLS 1.3 not supported' - end - csuite = ['TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128, 128] inputs = [csuite[0], [csuite[0]], [csuite]] @@ -1746,23 +1734,17 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_ciphersuites_method_nil_argument ssl_ctx = OpenSSL::SSL::SSLContext.new - pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=) - assert_nothing_raised { ssl_ctx.ciphersuites = nil } end def test_ciphersuites_method_frozen_object ssl_ctx = OpenSSL::SSL::SSLContext.new - pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=) - ssl_ctx.freeze assert_raise(FrozenError) { ssl_ctx.ciphersuites = 'TLS_AES_256_GCM_SHA384' } end def test_ciphersuites_method_bogus_csuite ssl_ctx = OpenSSL::SSL::SSLContext.new - pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=) - assert_raise_with_message( OpenSSL::SSL::SSLError, /SSL_CTX_set_ciphersuites: no cipher match/i @@ -1878,8 +1860,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase end def test_ecdh_curves_tls13 - pend "TLS 1.3 not supported" unless tls13_supported? - ctx_proc = -> ctx { # Assume TLS 1.3 is enabled and chosen by default ctx.ecdh_curves = "P-384:P-521" diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index 4fa3821177..0a9289136e 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -250,7 +250,6 @@ __EOS__ end def test_ctx_client_session_cb_tls13 - omit "TLS 1.3 not supported" unless tls13_supported? omit "LibreSSL does not call session_new_cb in TLS 1.3" if libressl? start_server do |port| @@ -274,7 +273,6 @@ __EOS__ end def test_ctx_client_session_cb_tls13_exception - omit "TLS 1.3 not supported" unless tls13_supported? omit "LibreSSL does not call session_new_cb in TLS 1.3" if libressl? server_proc = lambda do |ctx, ssl| @@ -375,11 +373,6 @@ __EOS__ connections = 2 sess2 = server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets - if !ssl.session_reused? && openssl?(1, 1, 0) && !openssl?(1, 1, 0, 7) - # OpenSSL >= 1.1.0, < 1.1.0g - pend "External session cache is not working; " \ - "see https://github.com/openssl/openssl/pull/4014" - end assert_equal true, ssl.session_reused? ssl.session } diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb index 4f7aa0cb10..5fc87d9c67 100644 --- a/test/openssl/test_x509cert.rb +++ b/test/openssl/test_x509cert.rb @@ -294,7 +294,6 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase def test_sign_and_verify_ed25519 # Ed25519 is not FIPS-approved. omit_on_fips - omit "Ed25519 not supported" if openssl? && !openssl?(1, 1, 1) ed25519 = OpenSSL::PKey::generate_key("ED25519") cert = issue_cert(@ca, ed25519, 1, [], nil, nil, digest: nil) assert_equal(true, cert.verify(ed25519)) diff --git a/test/openssl/test_x509crl.rb b/test/openssl/test_x509crl.rb index caab795d5b..89165388db 100644 --- a/test/openssl/test_x509crl.rb +++ b/test/openssl/test_x509crl.rb @@ -207,7 +207,6 @@ class OpenSSL::TestX509CRL < OpenSSL::TestCase def test_sign_and_verify_ed25519 # Ed25519 is not FIPS-approved. omit_on_fips - omit "Ed25519 not supported" if openssl? && !openssl?(1, 1, 1) ed25519 = OpenSSL::PKey::generate_key("ED25519") cert = issue_cert(@ca, ed25519, 1, [], nil, nil, digest: nil) crl = issue_crl([], 1, Time.now, Time.now+1600, [], diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb index 88a7bee93a..18d3e7f8f3 100644 --- a/test/openssl/test_x509req.rb +++ b/test/openssl/test_x509req.rb @@ -135,7 +135,6 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase def test_sign_and_verify_ed25519 # Ed25519 is not FIPS-approved. omit_on_fips - omit "Ed25519 not supported" if openssl? && !openssl?(1, 1, 1) ed25519 = OpenSSL::PKey::generate_key("ED25519") req = issue_csr(0, @dn, ed25519, nil) assert_equal(false, request_error_returns_false { req.verify(@rsa1024) }) diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index 4110d9b0f2..e38b190927 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -186,14 +186,6 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase @server = nil end - def tls13_supported? - return false unless defined?(OpenSSL::SSL::TLS1_3_VERSION) - ctx = OpenSSL::SSL::SSLContext.new - ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_3_VERSION - true - rescue - end - def readwrite_loop(ctx, ssl) while line = ssl.gets ssl.write(line) |