Skip anon cipher test if constant is unavailable, as with OpenSSL < 1.2

We define this constant on the ExtConfig module at compile time, based on the cipher lists of OpenSSL: https://www.openssl.org/docs/manmaster/apps/ciphers.html This is because the `start_server` test helper method defaults to use this cipher for anonymous connections. Currently: ```ruby def start_server(verify_mode, start_immediately, args = {}, &block) # ... use_anon_cipher = args.fetch(:use_anon_cipher, false) ctx.ciphers = "ADH-AES256-GCM-SHA384" if use_anon_cipher # ... end ``` This _should_ fix the build. Patch reviewed by @nobu /cc @hsbt
ruby · Nov 13, 2015 · 81e1a30 · 81e1a30
1 parent cc36e11
commit 81e1a30
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
@@ -2107,6 +2107,12 @@ Init_ossl_ssl(void)
     rb_define_const(mSSLExtConfig, "HAVE_TLSEXT_HOST_NAME", Qfalse);
 #endif
 
+#ifdef TLS_DH_anon_WITH_AES_256_GCM_SHA384
+    rb_define_const(mSSLExtConfig, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", Qtrue);
+#else
+    rb_define_const(mSSLExtConfig, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", Qfalse);
+#endif
+
     /*
      * A callback invoked whenever a new handshake is initiated. May be used
      * to disable renegotiation entirely.

diff --git a/test/test_ssl.rb b/test/test_ssl.rb
@@ -415,7 +415,7 @@ def test_post_connect_check_with_anon_ciphers
         assert_raise(sslerr.new(msg)){ssl.post_connection_check("localhost.localdomain")}
       }
     }
-  end
+  end if OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
 
   def test_post_connection_check
     sslerr = OpenSSL::SSL::SSLError