96
96
def test_connect_and_close
97
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
98
sock = TCPSocket.new("127.0.0.1", p)
97
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
98
sock = TCPSocket.new("127.0.0.1", port)
99
99
ssl = OpenSSL::SSL::SSLSocket.new(sock)
100
100
assert(ssl.connect)
102
102
assert(!sock.closed?)
105
sock = TCPSocket.new("127.0.0.1", p)
105
sock = TCPSocket.new("127.0.0.1", port)
106
106
ssl = OpenSSL::SSL::SSLSocket.new(sock)
107
107
ssl.sync_close = true # !!
108
108
assert(ssl.connect)
158
163
def test_client_auth
159
164
vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
160
start_server(PORT, vflag, true){|s, p|
165
start_server(PORT, vflag, true){|server, port|
161
166
assert_raises(OpenSSL::SSL::SSLError){
162
sock = TCPSocket.new("127.0.0.1", p)
167
sock = TCPSocket.new("127.0.0.1", port)
163
168
ssl = OpenSSL::SSL::SSLSocket.new(sock)
245
def test_verify_result
246
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
247
sock = TCPSocket.new("127.0.0.1", port)
248
ctx = OpenSSL::SSL::SSLContext.new
250
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
251
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
252
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
254
sock = TCPSocket.new("127.0.0.1", port)
255
ctx = OpenSSL::SSL::SSLContext.new
257
:verify_callback => Proc.new do |preverify_ok, store_ctx|
258
store_ctx.error = OpenSSL::X509::V_OK
262
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
264
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
266
sock = TCPSocket.new("127.0.0.1", port)
267
ctx = OpenSSL::SSL::SSLContext.new
269
:verify_callback => Proc.new do |preverify_ok, store_ctx|
270
store_ctx.error = OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION
274
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
275
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
276
assert_equal(OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION, ssl.verify_result)
280
def test_sslctx_set_params
281
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
282
sock = TCPSocket.new("127.0.0.1", port)
283
ctx = OpenSSL::SSL::SSLContext.new
285
assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode)
286
assert_equal(OpenSSL::SSL::OP_ALL, ctx.options)
287
ciphers = ctx.ciphers
288
ciphers_versions = ciphers.collect{|_, v, _, _| v }
289
ciphers_names = ciphers.collect{|v, _, _, _| v }
290
assert(ciphers_names.all?{|v| /ADH/ !~ v })
291
assert(ciphers_versions.all?{|v| /SSLv2/ !~ v })
292
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
293
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
294
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
240
298
def test_post_connection_check
241
299
sslerr = OpenSSL::SSL::SSLError
243
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
244
sock = TCPSocket.new("127.0.0.1", p)
301
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
302
sock = TCPSocket.new("127.0.0.1", port)
245
303
ssl = OpenSSL::SSL::SSLSocket.new(sock)
247
305
assert_raises(sslerr){ssl.post_connection_check("localhost.localdomain")}
248
306
assert_raises(sslerr){ssl.post_connection_check("127.0.0.1")}
249
307
assert(ssl.post_connection_check("localhost"))
250
308
assert_raises(sslerr){ssl.post_connection_check("foo.example.com")}
311
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
312
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))
313
assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost"))
314
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "foo.example.com"))
259
323
@svr_cert = issue_cert(@svr, @svr_key, 4, now, now+1800, exts,
260
324
@ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
261
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
262
sock = TCPSocket.new("127.0.0.1", p)
325
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
326
sock = TCPSocket.new("127.0.0.1", port)
263
327
ssl = OpenSSL::SSL::SSLSocket.new(sock)
265
329
assert(ssl.post_connection_check("localhost.localdomain"))
266
330
assert(ssl.post_connection_check("127.0.0.1"))
267
331
assert_raises(sslerr){ssl.post_connection_check("localhost")}
268
332
assert_raises(sslerr){ssl.post_connection_check("foo.example.com")}
335
assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
336
assert(OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))
337
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost"))
338
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "foo.example.com"))
276
346
@svr_cert = issue_cert(@svr, @svr_key, 5, now, now+1800, exts,
277
347
@ca_cert, @ca_key, OpenSSL::Digest::SHA1.new)
278
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|s, p|
279
sock = TCPSocket.new("127.0.0.1", p)
348
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
349
sock = TCPSocket.new("127.0.0.1", port)
280
350
ssl = OpenSSL::SSL::SSLSocket.new(sock)
282
352
assert(ssl.post_connection_check("localhost.localdomain"))
283
353
assert_raises(sslerr){ssl.post_connection_check("127.0.0.1")}
284
354
assert_raises(sslerr){ssl.post_connection_check("localhost")}
285
355
assert_raises(sslerr){ssl.post_connection_check("foo.example.com")}
357
assert(OpenSSL::SSL.verify_certificate_identity(cert, "localhost.localdomain"))
358
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "127.0.0.1"))
359
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "localhost"))
360
assert(!OpenSSL::SSL.verify_certificate_identity(cert, "foo.example.com"))