mirror/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2026-01-26 12:14:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ruby/openssl] ssl: update tests for SSLContext#servername_cb callback

Browse Source 
If an exception is raised by the SSLContext#servername_cb proc, the
handshake should be canceled by sending an "unrecognized_name" alert to
the client, and the exception should be re-raised from SSLSocket#accept.

Add more direct assertions to confirm these behaviors.

https://github.com/ruby/openssl/commit/ac8df7f30f
This commit is contained in:
Kazuki Yamaguchi 2025-03-04 01:56:07 +09:00 committed by git
parent 0fddb9afca
commit 48848e8da4
1 changed files with 32 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
test/openssl/test_ssl.rb
View File

@ -1080,36 +1080,46 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end end
end end
def test_servername_cb_raises_an_exception_on_unknown_objects def test_servername_cb_exception
hostname = 'example.org'
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.cert = @svr_cert
ctx2.key = @svr_key
ctx2.servername_cb = lambda { |args| Object.new }
sock1, sock2 = socketpair sock1, sock2 = socketpair
s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2)
ctx1 = OpenSSL::SSL::SSLContext.new
s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
s1.hostname = hostname
t = Thread.new { t = Thread.new {
assert_raise(OpenSSL::SSL::SSLError) do s1 = OpenSSL::SSL::SSLSocket.new(sock1)
s1.hostname = "localhost"
assert_raise_with_message(OpenSSL::SSL::SSLError, /unrecognized.name/i) {
s1.connect s1.connect
end }
} }
assert_raise(ArgumentError) do ctx2 = OpenSSL::SSL::SSLContext.new
s2.accept ctx2.servername_cb = lambda { |args| raise RuntimeError, "foo" }
end s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2)
assert_raise_with_message(RuntimeError, "foo") { s2.accept }
assert t.join assert t.join
ensure ensure
sock1.close if sock1 sock1.close
sock2.close if sock2 sock2.close
t.kill.join
end
def test_servername_cb_raises_an_exception_on_unknown_objects
sock1, sock2 = socketpair
t = Thread.new {
s1 = OpenSSL::SSL::SSLSocket.new(sock1)
s1.hostname = "localhost"
assert_raise(OpenSSL::SSL::SSLError) { s1.connect }
}
ctx2 = OpenSSL::SSL::SSLContext.new
ctx2.servername_cb = lambda { |args| Object.new }
s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2)
assert_raise(ArgumentError) { s2.accept }
assert t.join
ensure
sock1.close
sock2.close
t.kill.join
end end
def test_accept_errors_include_peeraddr def test_accept_errors_include_peeraddr