Skip to content

Fix test failures with TLS 1.3-capable OpenSSL #138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Aug 25, 2017
Merged

Fix test failures with TLS 1.3-capable OpenSSL #138

merged 15 commits into from
Aug 25, 2017

Conversation

@rhenium
Copy link
Member

@rhenium rhenium commented Aug 24, 2017

No description provided.

@rhenium
Backport "Merge branch 'topic/test-memory-leak'" to maint
773d236 
* topic/test-memory-leak:
  Enable OSSL_MDEBUG on CI builds
  Add OpenSSL.print_mem_leaks
  test: prepare test PKey instances on demand
  test: let OpenSSL::TestCase include OpenSSL::TestUtils
  Don't define main() when built with --enable-debug

(cherry picked from commit 5c586ac)

Note that fix for new test cases that use the old constants removed by
this is squashed in.
@rhenium rhenium force-pushed the ky/maint-fix-test-with-tls13 branch 2 times, most recently from fbdcde4 to 58b5c76 Compare August 24, 2017 11:25
rhenium added 14 commits August 24, 2017 21:01
@rhenium
Rakefile: let sync:to_ruby know about test/openssl/fixtures
aa03e3a
@rhenium
test: fix formatting
134bff1 
Fix wrong nesting in test/utils.rb. Remove unnecessary requires. Wrap
the code with 'if defined?(OpenSSL::TestUtils) ~ end' and avoid class
definition with modifier if.
@rhenium
test/utils: remove OpenSSL::TestUtils.silent
94f62a7 
Use EnvUtil.suppress_warning instead. We have started to use it already,
and the name 'suppress_warning' expresses what it does more clearly.
@rhenium
test/utils: add SSLTestCase#tls12_supported?
36dc23f 
Add a method that returns whether the OpenSSL supports TLS 1.2 or not.
This will be useful for test cases that are specific to TLS ~1.2.
@rhenium
test/utils: have start_server yield only the port number
6f16135 
The block passed to start_server is invoked with two arguments, the
running thread object for the server and the automatically-selected port
number. The first argument is completely useless and actually is not
used anywhere.
@rhenium
test/utils: do not set ecdh_curves in start_server
a001911 
An assumption in OpenSSL::TestSSL#test_get_ephemeral_key is that the
ephemeral key type is always EVP_PKEY_EC when negotiated with an ECDHE
cipher suite. This is not true if X25519 is chosen.

The test is passing because we happen to fix the group to P-256 in
start_server, but let's make it explicit.
@rhenium
test/utils: let server_loop close socket
81f3efc 
Close the socket by server_loop rather than by server_proc. This reduces
code duplication.
@rhenium
test/utils: improve error handling in start_server
8fea1ed 
start_server can hang if the given block exits before closing sockets
that the block opens. While this is a carelessness of the caller, we
can do a better job.
@rhenium
test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
9e2b5dc 
Add methods that check whether the running OpenSSL is an OpenSSL or a
LibreSSL, and optionally check whether the version is newer or equal to
the given version number.
@rhenium
test/utils: do not use DSA certificates in SSL tests
c24c56b 
LibreSSL 2.6.1 removed DSA support from its SSL code. Also, TLS 1.3 will
not support DSA certificates. Use an RSA certificate as the client
certificate in the tests, too.
@rhenium
test/test_ssl: remove test_invalid_shutdown_by_gc
ac482b7 
The very patch that added this test case made the dfree function not
send close_notify alert when an SSLSocket is being GCed.

Anyway, the new OSSL_GC_STRESS option added by 6ee4b28 ("test: run
test cases under GC.stress if OSSL_GC_STRESS is specified", 2016-12-04)
will cover this kind of issues.
@rhenium
test/test_ssl: move test_multibyte_read_write to test_pair
6c62ffb
@rhenium
test/test_ssl_session: rearrange tests
315b650 
Use TLS 1.2 explicitly where needed, since TLS 1.3 will remove session
ID based session resumption.
@rhenium
test/test_pair, test/test_ssl: fix for TLS 1.3
e3a3050 
Fix test cases failing with TLS 1.3-enabled OpenSSL master.
@rhenium rhenium force-pushed the ky/maint-fix-test-with-tls13 branch from 58b5c76 to e3a3050 Compare August 24, 2017 12:02
hsbt
hsbt approved these changes Aug 25, 2017
View reviewed changes
Copy link
Member

@hsbt hsbt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Fixture feature and integrate some methods to TestUtils module are so cool.

test/test_buffering.rb
@@ -1,9 +1,9 @@
# frozen_string_literal: false
require_relative 'utils'
require 'stringio'
Copy link
Member

@hsbt hsbt Aug 25, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@rhenium rhenium merged commit 4a8e85e into ruby:maint Aug 25, 2017
@rhenium rhenium mentioned this pull request Aug 31, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hsbt hsbt hsbt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rhenium @hsbt