package init

rubygem-eventmachine-1.2.7-Move-console-SSL-Info-code-to-em_test_helper.patch

@@ -0,0 +1,221 @@
+From fc95df7a31ae5694f6a762c0c3d4f5c79c3ee40b Mon Sep 17 00:00:00 2001
+From: MSP-Greg <greg.mpls@gmail.com>
+Date: Sun, 13 Jan 2019 16:10:30 -0600
+Subject: [PATCH] Remove some old Ruby version code, Travis to xenial (only
+ TLS, no SSL)
+
+Move console 'SSL Info' code to em_test_helper.rb
+Prev code assumed SSLv3 was available, newer OpenSSL versions are often built without
+---
+ tests/em_test_helper.rb     | 27 +++++++++++++++++++--
+ tests/test_ssl_protocols.rb | 46 +++++++++++++------------------------
+ 2 files changed, 41 insertions(+), 32 deletions(-)
+
+diff --git a/tests/em_test_helper.rb b/tests/em_test_helper.rb
+index eb322482..2682849c 100644
+--- a/tests/em_test_helper.rb
++++ b/tests/em_test_helper.rb
+@@ -4,9 +4,32 @@
+ require 'rbconfig'
+ require 'socket'
+ 
+-puts "EM Library Type: #{EM.library_type}"
+-
+ class Test::Unit::TestCase
++
++  # below outputs in to console on load
++  # SSL_AVAIL is used by SSL tests
++  puts "", RUBY_DESCRIPTION
++  puts "\nEM.library_type #{EM.library_type.to_s.ljust(16)} EM.ssl? #{EM.ssl?}"
++  if EM.ssl?
++    require 'openssl'
++    ssl_lib_vers = OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ?
++      OpenSSL::OPENSSL_LIBRARY_VERSION : 'na'
++    puts "OpenSSL OPENSSL_LIBRARY_VERSION: #{ssl_lib_vers}\n" \
++         "                OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \
++         "     EM OPENSSL_LIBRARY_VERSION: #{EM::OPENSSL_LIBRARY_VERSION}\n" \
++         "                OPENSSL_VERSION: #{EM::OPENSSL_VERSION}"
++
++    # assumes all 2.x versions include support for TLSv1_2
++    temp = []
++    temp << 'SSLv2' unless EM::OPENSSL_NO_SSL2
++    temp << 'SSLv3' unless EM::OPENSSL_NO_SSL3
++    temp += %w[TLSv1 TLSv1_1 TLSv1_2]
++    temp << 'TLSv1_3' if EM.const_defined? :EM_PROTO_TLSv1_3
++    temp.sort!
++    puts "                      SSL_AVAIL: #{temp.join(' ')}", ""
++    SSL_AVAIL = temp.freeze
++  end
++
+   class EMTestTimeout < StandardError ; end
+ 
+   def setup_timeout(timeout = TIMEOUT_INTERVAL)
+diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb
+index 181abbc3..96c57c23 100644
+--- a/tests/test_ssl_protocols.rb
++++ b/tests/test_ssl_protocols.rb
+@@ -6,20 +6,6 @@
+ if EM.ssl?
+   class TestSslProtocols < Test::Unit::TestCase
+ 
+-    # equal to base METHODS, downcased, like ["tlsv1, "tlsv1_1", "tlsv1_2"]
+-    if RUBY_VERSION == "1.8.7"
+-      SSL_AVAIL = ["sslv3", "tlsv1"]
+-    else
+-      SSL_AVAIL = ::OpenSSL::SSL::SSLContext::METHODS.select { |i| i =~ /[^\d]\d\z/ }.map { |i| i.to_s.downcase } 
+-    end
+-
+-    libr_vers =  OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ?
+-      OpenSSL::OPENSSL_VERSION : 'na'
+-
+-    puts "OPENSSL_LIBRARY_VERSION: #{libr_vers}\n" \
+-         "        OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \
+-         "              SSL_AVAIL: #{SSL_AVAIL.join(' ')}"
+-
+     module Client
+       def ssl_handshake_completed
+         $client_handshake_completed = true
+@@ -40,7 +25,7 @@ def ssl_handshake_completed
+     module ClientAny
+       include Client
+       def post_init
+-        start_tls(:ssl_version => SSL_AVAIL)
++        start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
+       end
+     end
+ 
+@@ -89,7 +74,7 @@ def post_init
+     module ServerAny
+       include Server
+       def post_init
+-        start_tls(:ssl_version => SSL_AVAIL)
++        start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
+       end
+     end
+ 
+@@ -117,7 +102,7 @@ def test_invalid_ssl_version
+     end
+ 
+     def test_any_to_v3
+-      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
++      omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+@@ -129,7 +114,7 @@ def test_any_to_v3
+     end
+ 
+     def test_any_to_tlsv1_2
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
+@@ -152,7 +137,7 @@ def test_case_insensitivity
+     end
+ 
+     def test_v3_to_any
+-      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
++      omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerAny)
+@@ -164,7 +149,7 @@ def test_v3_to_any
+     end
+ 
+     def test_tlsv1_2_to_any
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerAny)
+@@ -176,7 +161,7 @@ def test_tlsv1_2_to_any
+     end
+ 
+     def test_v3_to_v3
+-      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
++      omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+@@ -188,7 +173,7 @@ def test_v3_to_v3
+     end
+ 
+     def test_tlsv1_2_to_tlsv1_2
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
+@@ -245,7 +230,7 @@ def ssl_handshake_completed
+ 
+     module ServerAnyStopAfterHandshake
+       def post_init
+-        start_tls(:ssl_version => SSL_AVAIL)
++        start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
+       end
+ 
+       def ssl_handshake_completed
+@@ -255,7 +240,7 @@ def ssl_handshake_completed
+     end
+ 
+     def test_v3_with_external_client
+-      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
++      omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+       $server_handshake_completed = false
+       EM.run do
+         setup_timeout(2)
+@@ -276,7 +261,7 @@ def test_v3_with_external_client
+ 
+     # Fixed Server
+     def test_tlsv1_2_with_external_client
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+       $server_handshake_completed = false
+       EM.run do
+         setup_timeout(2)
+@@ -284,7 +269,7 @@ def test_tlsv1_2_with_external_client
+         EM.defer do
+           sock = TCPSocket.new("127.0.0.1", 16784)
+           ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :SSLv23_client
++          ctx.ssl_version = :SSLv23
+           ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+           ssl.connect
+           ssl.close rescue nil
+@@ -297,7 +282,7 @@ def test_tlsv1_2_with_external_client
+ 
+     # Fixed Client
+     def test_any_with_external_client_tlsv1_2
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+       $server_handshake_completed = false
+       EM.run do
+         setup_timeout(2)
+@@ -305,7 +290,7 @@ def test_any_with_external_client_tlsv1_2
+         EM.defer do
+           sock = TCPSocket.new("127.0.0.1", 16784)
+           ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :TLSv1_2_client
++          ctx.ssl_version = :TLSv1_2
+           ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+           ssl.connect
+           ssl.close rescue nil
+@@ -318,7 +303,7 @@ def test_any_with_external_client_tlsv1_2
+ 
+     # Refuse a client?
+     def test_tlsv1_2_required_with_external_client
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+       $server_handshake_completed = false
+       EM.run do
+         n = 0
+@@ -330,7 +315,7 @@ def test_tlsv1_2_required_with_external_client
+         EM.defer do
+           sock = TCPSocket.new("127.0.0.1", 16784)
+           ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :TLSv1_client
++          ctx.ssl_version = :TLSv1
+           ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+           assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
+           ssl.close rescue nil

rubygem-eventmachine-1.2.7-OpenSSL-1.1.0-test-updates.patch

@@ -0,0 +1,251 @@
+From 506a0c6d2f039c78c0f7d96a31b11b73aa36dccd Mon Sep 17 00:00:00 2001
+From: MSP-Greg <MSP-Greg@users.noreply.github.com>
+Date: Sat, 8 Jul 2017 14:28:50 -0500
+Subject: [PATCH] OpenSSL 1.1.0 test updates
+
+---
+ tests/test_ssl_protocols.rb | 127 ++++++++++++++++++++++++++++++++----
+ 1 file changed, 114 insertions(+), 13 deletions(-)
+
+diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb
+index bcb68246..e7b16370 100644
+--- a/tests/test_ssl_protocols.rb
++++ b/tests/test_ssl_protocols.rb
+@@ -6,6 +6,20 @@
+ if EM.ssl?
+   class TestSslProtocols < Test::Unit::TestCase
+ 
++    # equal to base METHODS, downcased, like ["tlsv1, "tlsv1_1", "tlsv1_2"]
++    if RUBY_VERSION == "1.8.7"
++      SSL_AVAIL = ["sslv3", "tlsv1"]
++    else
++      SSL_AVAIL = ::OpenSSL::SSL::SSLContext::METHODS.select { |i| i =~ /[^\d]\d\z/ }.map { |i| i.to_s.downcase } 
++    end
++
++    libr_vers =  OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ?
++      OpenSSL::OPENSSL_VERSION : 'na'
++
++    puts "OPENSSL_LIBRARY_VERSION: #{libr_vers}\n" \
++         "        OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \
++         "              SSL_AVAIL: #{SSL_AVAIL.join(' ')}"
++
+     module Client
+       def ssl_handshake_completed
+         $client_handshake_completed = true
+@@ -26,7 +40,7 @@ def ssl_handshake_completed
+     module ClientAny
+       include Client
+       def post_init
+-        start_tls(:ssl_version => %w(sslv2 sslv3 tlsv1 tlsv1_1 tlsv1_2))
++        start_tls(:ssl_version => SSL_AVAIL)
+       end
+     end
+ 
+@@ -51,6 +65,20 @@ def post_init
+       end
+     end
+ 
++    module ClientTLSv1_2
++      include Client
++      def post_init
++        start_tls(:ssl_version => %w(TLSv1_2))
++      end
++    end
++
++    module ServerTLSv1_2
++      include Server
++      def post_init
++        start_tls(:ssl_version => %w(TLSv1_2))
++      end
++    end
++
+     module ServerTLSv1CaseInsensitive
+       include Server
+       def post_init
+@@ -61,7 +89,7 @@ def post_init
+     module ServerAny
+       include Server
+       def post_init
+-        start_tls(:ssl_version => %w(sslv2 sslv3 tlsv1 tlsv1_1 tlsv1_2))
++        start_tls(:ssl_version => SSL_AVAIL)
+       end
+     end
+ 
+@@ -89,6 +117,7 @@ def test_invalid_ssl_version
+     end
+ 
+     def test_any_to_v3
++      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+@@ -99,6 +128,18 @@ def test_any_to_v3
+       assert($server_handshake_completed)
+     end
+ 
++    def test_any_to_tlsv1_2
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      $client_handshake_completed, $server_handshake_completed = false, false
++      EM.run do
++        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
++        EM.connect("127.0.0.1", 16784, ClientAny)
++      end
++
++      assert($client_handshake_completed)
++      assert($server_handshake_completed)
++    end
++
+     def test_case_insensitivity
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+@@ -111,6 +152,7 @@ def test_case_insensitivity
+     end
+ 
+     def test_v3_to_any
++      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerAny)
+@@ -121,7 +163,20 @@ def test_v3_to_any
+       assert($server_handshake_completed)
+     end
+ 
++    def test_tlsv1_2_to_any
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      $client_handshake_completed, $server_handshake_completed = false, false
++      EM.run do
++        EM.start_server("127.0.0.1", 16784, ServerAny)
++        EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
++      end
++
++      assert($client_handshake_completed)
++      assert($server_handshake_completed)
++    end
++
+     def test_v3_to_v3
++      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+         EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+@@ -132,6 +187,18 @@ def test_v3_to_v3
+       assert($server_handshake_completed)
+     end
+ 
++    def test_tlsv1_2_to_tlsv1_2
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      $client_handshake_completed, $server_handshake_completed = false, false
++      EM.run do
++        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
++        EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
++      end
++
++      assert($client_handshake_completed)
++      assert($server_handshake_completed)
++    end
++
+     def test_any_to_any
+       $client_handshake_completed, $server_handshake_completed = false, false
+       EM.run do
+@@ -165,9 +232,20 @@ def ssl_handshake_completed
+       end
+     end
+ 
+-    module ServerTLSv1StopAfterHandshake
++    module ServerTLSv1_2StopAfterHandshake
+       def post_init
+-        start_tls(:ssl_version => %w(TLSv1))
++        start_tls(:ssl_version => %w(TLSv1_2))
++      end
++
++      def ssl_handshake_completed
++        $server_handshake_completed = true
++        EM.stop_event_loop
++      end
++    end
++
++    module ServerAnyStopAfterHandshake
++      def post_init
++        start_tls(:ssl_version => SSL_AVAIL)
+       end
+ 
+       def ssl_handshake_completed
+@@ -177,6 +255,7 @@ def ssl_handshake_completed
+     end
+ 
+     def test_v3_with_external_client
++      omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+       $server_handshake_completed = false
+       EM.run do
+         setup_timeout(2)
+@@ -195,15 +274,17 @@ def test_v3_with_external_client
+       assert($server_handshake_completed)
+     end
+ 
+-    def test_tlsv1_with_external_client
++    # Fixed Server
++    def test_tlsv1_2_with_external_client
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+       $server_handshake_completed = false
+       EM.run do
+         setup_timeout(2)
+-        EM.start_server("127.0.0.1", 16784, ServerTLSv1StopAfterHandshake)
++        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
+         EM.defer do
+           sock = TCPSocket.new("127.0.0.1", 16784)
+           ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :TLSv1_client
++          ctx.ssl_version = :SSLv23_client
+           ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+           ssl.connect
+           ssl.close rescue nil
+@@ -214,24 +295,44 @@ def test_tlsv1_with_external_client
+       assert($server_handshake_completed)
+     end
+ 
+-    def test_tlsv1_required_with_external_client
++    # Fixed Client
++    def test_any_with_external_client_tlsv1_2
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+       $server_handshake_completed = false
++      EM.run do
++        setup_timeout(2)
++        EM.start_server("127.0.0.1", 16784, ServerAnyStopAfterHandshake)
++        EM.defer do
++          sock = TCPSocket.new("127.0.0.1", 16784)
++          ctx = OpenSSL::SSL::SSLContext.new
++          ctx.ssl_version = :TLSv1_2_client
++          ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
++          ssl.connect
++          ssl.close rescue nil
++          sock.close rescue nil
++        end
++      end
++
++      assert($server_handshake_completed)
++    end
+ 
++    # Refuse a client?
++    def test_tlsv1_2_required_with_external_client
++      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
++      $server_handshake_completed = false
+       EM.run do
+         n = 0
+         EM.add_periodic_timer(0.5) do
+           n += 1
+           (EM.stop rescue nil) if n == 2
+         end
+-        EM.start_server("127.0.0.1", 16784, ServerTLSv1StopAfterHandshake)
++        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
+         EM.defer do
+           sock = TCPSocket.new("127.0.0.1", 16784)
+           ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :SSLv3_client
++          ctx.ssl_version = :TLSv1_client
+           ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+-          assert_raise OpenSSL::SSL::SSLError do
+-            ssl.connect
+-          end
++          assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
+           ssl.close rescue nil
+           sock.close rescue nil
+           EM.stop rescue nil

rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch

@@ -0,0 +1,898 @@
+From dd6cec8d5278e11f2a1752aa7b4a712d53b1f1d3 Mon Sep 17 00:00:00 2001
+From: MSP-Greg <greg.mpls@gmail.com>
+Date: Sun, 13 Jan 2019 21:23:03 -0600
+Subject: [PATCH] Update SSL tests, 1.1.x & TLSv1_3
+
+Add Ruby 2.6 to Travis osx for OpenSSL 1.1.0
+
+Note that order of 'ssl_handshake_completed' callbacks in TLSv1_3 are reversed
+---
+ tests/test_ssl_dhparam.rb    |    6 +-
+ tests/test_ssl_ecdh_curve.rb |   45 ++++++
+ tests/test_ssl_extensions.rb |   56 +++++---
+ tests/test_ssl_methods.rb    |    3 
+ tests/test_ssl_protocols.rb  |  322 +++++++++++++++++--------------------------------
+ tests/test_ssl_verify.rb     |  110 ++++++++++------
+ 6 files changed, 263 insertions(+), 279 deletions(-)
+
+diff --git a/tests/test_ssl_dhparam.rb b/tests/test_ssl_dhparam.rb
+index 0a7f01da..e5165caf 100644
+--- a/tests/test_ssl_dhparam.rb
++++ b/tests/test_ssl_dhparam.rb
+@@ -8,7 +8,7 @@ def setup
+ 
+   module Client
+     def post_init
+-      start_tls
++      start_tls(:ssl_version => %w(TLSv1_2))
+     end
+ 
+     def ssl_handshake_completed
+@@ -24,7 +24,7 @@ def unbind
+ 
+   module Server
+     def post_init
+-      start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH")
++      start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2))
+     end
+ 
+     def ssl_handshake_completed
+@@ -35,7 +35,7 @@ def ssl_handshake_completed
+ 
+   module NoDhServer
+     def post_init
+-      start_tls(:cipher_list => "DHE,EDH")
++      start_tls(:cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2))
+     end
+ 
+     def ssl_handshake_completed
+diff --git a/tests/test_ssl_ecdh_curve.rb b/tests/test_ssl_ecdh_curve.rb
+index c4148ce9..53b8ae24 100644
+--- a/tests/test_ssl_ecdh_curve.rb
++++ b/tests/test_ssl_ecdh_curve.rb
+@@ -1,6 +1,11 @@
+ require 'em_test_helper'
+ 
+ class TestSslEcdhCurve < Test::Unit::TestCase
++  if EM.ssl?
++    SSL_LIB_VERS = EM::OPENSSL_LIBRARY_VERSION[/OpenSSL (\d+\.\d+\.\d+)/, 1]
++      .split('.').map(&:to_i)
++  end
++
+   module Client
+     def post_init
+       start_tls
+@@ -17,7 +15,7 @@ def post_init
+     def ssl_handshake_completed
+       $client_handshake_completed = true
+       $client_cipher_name = get_cipher_name
+-      close_connection
++      close_connection unless /TLSv1\.3/i =~ get_cipher_protocol
+     end
+ 
+     def unbind
+@@ -27,7 +25,11 @@ def unbind
+ 
+   module Server
+     def post_init
+-      start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH")
++      if (SSL_LIB_VERS <=> [1, 1]) == 1
++        start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2))
++      else
++        start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH", :ssl_version => %w(TLSv1_2))
++      end
+     end
+ 
+     def ssl_handshake_completed
+@@ -36,9 +38,21 @@ def ssl_handshake_completed
+     end
+   end
+ 
++  module Server1_3
++    def post_init
++      start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_3))
++    end
++
++    def ssl_handshake_completed
++      $server_handshake_completed = true
++      $server_cipher_name = get_cipher_name
++      close_connection if /TLSv1\.3/i =~ get_cipher_protocol
++    end
++  end
++
+   module NoCurveServer
+     def post_init
+-      start_tls(:cipher_list => "ECDH")
++      start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2))
+     end
+ 
+     def ssl_handshake_completed
+@@ -50,6 +64,7 @@ def ssl_handshake_completed
+   def test_no_ecdh_curve
+     omit_unless(EM.ssl?)
+     omit_if(rbx?)
++    omit("OpenSSL 1.1.x (and later) auto selects curve") if (SSL_LIB_VERS <=> [1, 1]) == 1
+ 
+     $client_handshake_completed, $server_handshake_completed = false, false
+ 
+@@ -85,5 +99,27 @@ def test_ecdh_curve
+     assert_match(/^(AECDH|ECDHE)/, $client_cipher_name)
+   end
+ 
++  def test_ecdh_curve_tlsv1_3
++    omit("No SSL") unless EM.ssl?
++    omit_if(EM.library_type == :pure_ruby && RUBY_VERSION < "2.3.0")
++    omit_if(rbx?)
++    omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
+ 
++    $client_handshake_completed, $server_handshake_completed = false, false
++    $server_cipher_name, $client_cipher_name = nil, nil
++
++    EM.run {
++      EM.start_server("127.0.0.1", 16784, Server1_3)
++      EM.connect("127.0.0.1", 16784, Client)
++    }
++
++    assert($client_handshake_completed)
++    assert($server_handshake_completed)
++
++    assert($client_cipher_name.length > 0)
++    assert_equal($client_cipher_name, $server_cipher_name)
++    # see https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
++    # may depend on OpenSSL build options
++    assert_equal("TLS_AES_256_GCM_SHA384", $client_cipher_name)
++  end
+ end
+diff --git a/tests/test_ssl_extensions.rb b/tests/test_ssl_extensions.rb
+index 594feb95..93f4ef5a 100644
+--- a/tests/test_ssl_extensions.rb
++++ b/tests/test_ssl_extensions.rb
+@@ -5,43 +5,57 @@
+ if EM.ssl?
+   class TestSslExtensions < Test::Unit::TestCase
+ 
++    IP, PORT = "127.0.0.1", 16784
++  
+     module Client
+-      def ssl_handshake_completed
+-        $client_handshake_completed = true
+-        close_connection
+-      end
+-
+-      def unbind
+-        EM.stop_event_loop
++      def self.ssl_vers=(val = nil)
++        @@ssl_vers = val
+       end
+ 
+       def post_init
+-        start_tls(:ssl_version => :tlsv1, :sni_hostname => 'example.com')
++        start_tls(:sni_hostname => 'example.com', :ssl_version => @@ssl_vers)
+       end
+     end
+ 
+     module Server
+-      def ssl_handshake_completed
+-        $server_handshake_completed = true
+-        $server_sni_hostname = get_sni_hostname
+-      end
++      @@handshake_completed = false
++      @@sni_hostname = 'Not set'
++      
++      def self.handshake_completed? ; !!@@handshake_completed end
++      def self.sni_hostname         ;   @@sni_hostname        end
+ 
+       def post_init
+-        start_tls(:ssl_version => :TLSv1)
++        start_tls
+       end
+-    end
+ 
+-    def test_tlsext_sni_hostname
+-      $server_handshake_completed = false
++      def ssl_handshake_completed
++        @@handshake_completed = true
++        @@sni_hostname = get_sni_hostname
++      end
++    end
+ 
++    def client_server(client = nil)
+       EM.run do
+-        EM.start_server("127.0.0.1", 16784, Server)
+-        EM.connect("127.0.0.1", 16784, Client)
++        Client.ssl_vers = client
++        EM.start_server IP, PORT, Server
++        EM.connect IP, PORT, Client
++        EM.add_timer(0.3) { EM.stop_event_loop }
+       end
+-
+-      assert($server_handshake_completed)
+-      assert_equal('example.com', $server_sni_hostname)
+     end
++    
++    def test_tlsext_sni_hostname_1_2
++      client_server %w(TLSv1_2)
++      assert Server.handshake_completed?
++      assert_equal 'example.com', Server.sni_hostname
++    end
++    
++    def test_tlsext_sni_hostname_1_3
++      omit("TLSv1_3 is unavailable") unless SSL_AVAIL.include? "tlsv1_3"
++      client_server %w(TLSv1_3)
++      assert Server.handshake_completed?
++      assert_equal 'example.com', Server.sni_hostname
++    end
++    
+   end
+ else
+   warn "EM built without SSL support, skipping tests in #{__FILE__}"
+diff --git a/tests/test_ssl_methods.rb b/tests/test_ssl_methods.rb
+index 3c45ee5d..022844fd 100644
+--- a/tests/test_ssl_methods.rb
++++ b/tests/test_ssl_methods.rb
+@@ -13,6 +13,7 @@ def ssl_handshake_completed
+       $server_cipher_bits = get_cipher_bits
+       $server_cipher_name = get_cipher_name
+       $server_cipher_protocol = get_cipher_protocol
++      EM.stop_event_loop if /TLSv1\.3/ =~ get_cipher_protocol
+     end
+   end
+ 
+@@ -27,7 +28,7 @@ def ssl_handshake_completed
+       $client_cipher_bits = get_cipher_bits
+       $client_cipher_name = get_cipher_name
+       $client_cipher_protocol = get_cipher_protocol
+-      EM.stop_event_loop
++      EM.stop_event_loop if /TLSv1\.3/ !~ get_cipher_protocol
+     end
+   end
+ 
+diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb
+index 96c57c23..6b10eb6b 100644
+--- a/tests/test_ssl_protocols.rb
++++ b/tests/test_ssl_protocols.rb
+@@ -3,319 +1,224 @@
+ require 'openssl'
+ 
+ if EM.ssl?
++
+   class TestSslProtocols < Test::Unit::TestCase
+ 
++    IP, PORT = "127.0.0.1", 16784
++    RUBY_SSL_GE_2_1 = OpenSSL::VERSION >= '2.1'
++
+     module Client
+-      def ssl_handshake_completed
+-        $client_handshake_completed = true
+-        close_connection
+-      end
++      @@handshake_completed = false
+ 
+-      def unbind
+-        EM.stop_event_loop
++      def self.ssl_vers=(val = nil)
++        @@ssl_vers = val
+       end
+-    end
+ 
+-    module Server
+-      def ssl_handshake_completed
+-        $server_handshake_completed = true
++      def self.handshake_completed?
++        @@handshake_completed
+       end
+-    end
+ 
+-    module ClientAny
+-      include Client
+       def post_init
+-        start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
++        @@handshake_completed = false
++        if @@ssl_vers
++          start_tls(:ssl_version => @@ssl_vers)
++        else
++          start_tls
++        end
+       end
+-    end
+ 
+-    module ClientDefault
+-      include Client
+-      def post_init
+-        start_tls
+-      end
+-    end
+-
+-    module ClientSSLv3
+-      include Client
+-      def post_init
+-        start_tls(:ssl_version => %w(SSLv3))
++      def ssl_handshake_completed
++        @@handshake_completed = true
+       end
+     end
+ 
+-    module ServerSSLv3
+-      include Server
+-      def post_init
+-        start_tls(:ssl_version => %w(SSLv3))
+-      end
+-    end
++    module Server
++      @@handshake_completed = false
+ 
+-    module ClientTLSv1_2
+-      include Client
+-      def post_init
+-        start_tls(:ssl_version => %w(TLSv1_2))
++      def self.ssl_vers=(val = nil)
++        @@ssl_vers = val
+       end
+-    end
+ 
+-    module ServerTLSv1_2
+-      include Server
+-      def post_init
+-        start_tls(:ssl_version => %w(TLSv1_2))
+-      end
+-    end
++      def self.handshake_completed? ; @@handshake_completed end
+ 
+-    module ServerTLSv1CaseInsensitive
+-      include Server
+       def post_init
+-        start_tls(:ssl_version => %w(tlsv1))
+-      end
+-    end
+-
+-    module ServerAny
+-      include Server
+-      def post_init
+-        start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
++        @@handshake_completed = false
++        if @@ssl_vers
++          start_tls(:ssl_version => @@ssl_vers)
++        else
++          start_tls
++        end
+       end
+-    end
+ 
+-    module ServerDefault
+-      include Server
+-      def post_init
+-        start_tls
++      def ssl_handshake_completed
++        @@handshake_completed = true
+       end
+     end
+ 
+-    module InvalidProtocol
+-      include Client
+-      def post_init
+-        start_tls(:ssl_version => %w(tlsv1 badinput))
++    def client_server(client = nil, server = nil)
++      EM.run do
++        Client.ssl_vers, Server.ssl_vers = client, server
++        EM.start_server IP, PORT, Server
++        EM.connect IP, PORT, Client
++        EM.add_timer(0.3) { EM.stop_event_loop }
+       end
+     end
+ 
+     def test_invalid_ssl_version
+       assert_raises(RuntimeError, "Unrecognized SSL/TLS Version: badinput") do
+-        EM.run do
+-          EM.start_server("127.0.0.1", 16784, InvalidProtocol)
+-          EM.connect("127.0.0.1", 16784, InvalidProtocol)
+-        end
++        client_server %w(tlsv1 badinput), %w(tlsv1 badinput)
+       end
+     end
+ 
+     def test_any_to_v3
+       omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+-      $client_handshake_completed, $server_handshake_completed = false, false
+-      EM.run do
+-        EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+-        EM.connect("127.0.0.1", 16784, ClientAny)
+-      end
+-
+-      assert($client_handshake_completed)
+-      assert($server_handshake_completed)
++      client_server SSL_AVAIL, %w(SSLv3)
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
+     end
+ 
+     def test_any_to_tlsv1_2
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+-      $client_handshake_completed, $server_handshake_completed = false, false
+-      EM.run do
+-        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
+-        EM.connect("127.0.0.1", 16784, ClientAny)
+-      end
+-
+-      assert($client_handshake_completed)
+-      assert($server_handshake_completed)
++      client_server SSL_AVAIL, %w(TLSv1_2)
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
+     end
+ 
+     def test_case_insensitivity
+-      $client_handshake_completed, $server_handshake_completed = false, false
+-      EM.run do
+-        EM.start_server("127.0.0.1", 16784, ServerTLSv1CaseInsensitive)
+-        EM.connect("127.0.0.1", 16784, ClientAny)
+-      end
+-
+-      assert($client_handshake_completed)
+-      assert($server_handshake_completed)
++      lower_case = SSL_AVAIL.map { |p| p.downcase }
++      client_server %w(tlsv1), lower_case
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
+     end
+ 
+     def test_v3_to_any
+       omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+-      $client_handshake_completed, $server_handshake_completed = false, false
+-      EM.run do
+-        EM.start_server("127.0.0.1", 16784, ServerAny)
+-        EM.connect("127.0.0.1", 16784, ClientSSLv3)
+-      end
+-
+-      assert($client_handshake_completed)
+-      assert($server_handshake_completed)
++      client_server %w(SSLv3), SSL_AVAIL
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
+     end
+ 
+     def test_tlsv1_2_to_any
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+-      $client_handshake_completed, $server_handshake_completed = false, false
+-      EM.run do
+-        EM.start_server("127.0.0.1", 16784, ServerAny)
+-        EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
+-      end
+-
+-      assert($client_handshake_completed)
+-      assert($server_handshake_completed)
++      client_server %w(TLSv1_2), SSL_AVAIL
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
+     end
+ 
+     def test_v3_to_v3
+       omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+-      $client_handshake_completed, $server_handshake_completed = false, false
+-      EM.run do
+-        EM.start_server("127.0.0.1", 16784, ServerSSLv3)
+-        EM.connect("127.0.0.1", 16784, ClientSSLv3)
+-      end
+-
+-      assert($client_handshake_completed)
+-      assert($server_handshake_completed)
++      client_server %w(SSLv3), %w(SSLv3)
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
+     end
+ 
+     def test_tlsv1_2_to_tlsv1_2
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+-      $client_handshake_completed, $server_handshake_completed = false, false
+-      EM.run do
+-        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
+-        EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
+-      end
++      client_server %w(TLSv1_2), %w(TLSv1_2)
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
++    end
+ 
+-      assert($client_handshake_completed)
+-      assert($server_handshake_completed)
++    def test_tlsv1_3_to_tlsv1_3
++      omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
++      client_server %w(TLSv1_3), %w(TLSv1_3)
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
+     end
+ 
+     def test_any_to_any
+-      $client_handshake_completed, $server_handshake_completed = false, false
+-      EM.run do
+-        EM.start_server("127.0.0.1", 16784, ServerAny)
+-        EM.connect("127.0.0.1", 16784, ClientAny)
+-      end
+-
+-      assert($client_handshake_completed)
+-      assert($server_handshake_completed)
++      client_server SSL_AVAIL, SSL_AVAIL
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
+     end
+ 
+     def test_default_to_default
+-      $client_handshake_completed, $server_handshake_completed = false, false
+-      EM.run do
+-        EM.start_server("127.0.0.1", 16784, ServerDefault)
+-        EM.connect("127.0.0.1", 16784, ClientDefault)
+-      end
+-
+-      assert($client_handshake_completed)
+-      assert($server_handshake_completed)
+-    end
+-
+-    module ServerV3StopAfterHandshake
+-      def post_init
+-        start_tls(:ssl_version => %w(SSLv3))
+-      end
+-
+-      def ssl_handshake_completed
+-        $server_handshake_completed = true
+-        EM.stop_event_loop
+-      end
++      client_server
++      assert Client.handshake_completed?
++      assert Server.handshake_completed?
+     end
+ 
+-    module ServerTLSv1_2StopAfterHandshake
+-      def post_init
+-        start_tls(:ssl_version => %w(TLSv1_2))
++    module ServerStopAfterHandshake
++      def self.ssl_vers=(val)
++        @@ssl_vers = val
+       end
+ 
+-      def ssl_handshake_completed
+-        $server_handshake_completed = true
+-        EM.stop_event_loop
+-      end
+-    end
++      def self.handshake_completed? ; @@handshake_completed end
+ 
+-    module ServerAnyStopAfterHandshake
+       def post_init
+-        start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
++        @@handshake_completed = false
++        start_tls(:ssl_version => @@ssl_vers)
+       end
+ 
+       def ssl_handshake_completed
+-        $server_handshake_completed = true
++        @@handshake_completed = true
+         EM.stop_event_loop
+       end
+     end
+ 
+-    def test_v3_with_external_client
+-      omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+-      $server_handshake_completed = false
++    def external_client(ext_min, ext_max, ext_ssl, server)
+       EM.run do
+         setup_timeout(2)
+-        EM.start_server("127.0.0.1", 16784, ServerV3StopAfterHandshake)
++        ServerStopAfterHandshake.ssl_vers = server
++        EM.start_server(IP, PORT, ServerStopAfterHandshake)
+         EM.defer do
+-          sock = TCPSocket.new("127.0.0.1", 16784)
++          sock = TCPSocket.new(IP, PORT)
+           ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :SSLv3_client
++          if RUBY_SSL_GE_2_1
++            ctx.min_version = ext_min if ext_min
++            ctx.max_version = ext_max if ext_max
++          else
++            ctx.ssl_version = ext_ssl
++          end
+           ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+           ssl.connect
+           ssl.close rescue nil
+           sock.close rescue nil
+         end
+       end
++      assert ServerStopAfterHandshake.handshake_completed?
++    end
+ 
+-      assert($server_handshake_completed)
++    def test_v3_with_external_client
++      omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
++      external_client nil, nil, :SSLv3_client, %w(SSLv3)
+     end
+ 
+     # Fixed Server
+     def test_tlsv1_2_with_external_client
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+-      $server_handshake_completed = false
+-      EM.run do
+-        setup_timeout(2)
+-        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
+-        EM.defer do
+-          sock = TCPSocket.new("127.0.0.1", 16784)
+-          ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :SSLv23
+-          ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+-          ssl.connect
+-          ssl.close rescue nil
+-          sock.close rescue nil
+-        end
+-      end
++      external_client nil, nil, :SSLv23_client, %w(TLSv1_2)
++    end
+ 
+-      assert($server_handshake_completed)
++    def test_tlsv1_3_with_external_client
++      omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
++      external_client nil, nil, :SSLv23_client, %w(TLSv1_3)
+     end
+ 
+     # Fixed Client
+     def test_any_with_external_client_tlsv1_2
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+-      $server_handshake_completed = false
+-      EM.run do
+-        setup_timeout(2)
+-        EM.start_server("127.0.0.1", 16784, ServerAnyStopAfterHandshake)
+-        EM.defer do
+-          sock = TCPSocket.new("127.0.0.1", 16784)
+-          ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :TLSv1_2
+-          ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+-          ssl.connect
+-          ssl.close rescue nil
+-          sock.close rescue nil
+-        end
+-      end
++      external_client :TLS1_2, :TLS1_2, :TLSv1_2_client, SSL_AVAIL
++    end
+ 
+-      assert($server_handshake_completed)
++    def test_any_with_external_client_tlsv1_3
++      omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
++      external_client :TLS1_3, :TLS1_3, :TLSv1_2_client, SSL_AVAIL
+     end
+ 
+     # Refuse a client?
+     def test_tlsv1_2_required_with_external_client
+-      omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
+-      $server_handshake_completed = false
+       EM.run do
+         n = 0
+         EM.add_periodic_timer(0.5) do
+           n += 1
+           (EM.stop rescue nil) if n == 2
+         end
+-        EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
++        ServerStopAfterHandshake.ssl_vers = %w(TLSv1_2)
++        EM.start_server(IP, PORT, ServerStopAfterHandshake)
+         EM.defer do
+-          sock = TCPSocket.new("127.0.0.1", 16784)
++          sock = TCPSocket.new(IP, PORT)
+           ctx = OpenSSL::SSL::SSLContext.new
+-          ctx.ssl_version = :TLSv1
++          if RUBY_SSL_GE_2_1
++            ctx.max_version = :TLS1_1
++          else
++            ctx.ssl_version = :TLSv1_client
++          end
+           ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+           assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
+           ssl.close rescue nil
+@@ -323,10 +226,9 @@ def test_tlsv1_2_required_with_external_client
+           EM.stop rescue nil
+         end
+       end
+-
+-      assert(!$server_handshake_completed)
++      assert !ServerStopAfterHandshake.handshake_completed?
+     end
+   end
+ else
+   warn "EM built without SSL support, skipping tests in #{__FILE__}"
+-end
++end
+\ No newline at end of file
+diff --git a/tests/test_ssl_verify.rb b/tests/test_ssl_verify.rb
+index 00ec1466..0c84e97e 100644
+--- a/tests/test_ssl_verify.rb
++++ b/tests/test_ssl_verify.rb
+@@ -1,74 +1,100 @@
+ require 'em_test_helper'
+ 
+ class TestSslVerify < Test::Unit::TestCase
+-  def setup
+-    $dir = File.dirname(File.expand_path(__FILE__)) + '/'
+-    $cert_from_file = File.read($dir+'client.crt')
+-  end
++
++  DIR = File.dirname(File.expand_path(__FILE__)) + '/'
++  CERT_FROM_FILE = File.read(DIR+'client.crt')
++
++  IP, PORT = "127.0.0.1", 16784
+ 
+   module ClientNoCert
+-    def connection_completed
++    @@handshake_completed = nil
++    def self.handshake_completed? ; !!@@handshake_completed end
++
++    def post_init
++      @@handshake_completed = false
+       start_tls()
+     end
+ 
+     def ssl_handshake_completed
+-      $client_handshake_completed = true
+-      close_connection
++      @@handshake_completed = true
+     end
+ 
+     def unbind
+-      EM.stop_event_loop
++      @@handshake_completed = false
+     end
+   end
+ 
+   module Client
+-    def connection_completed
+-      start_tls(:private_key_file => $dir+'client.key', :cert_chain_file => $dir+'client.crt')
++    @@handshake_completed = nil
++    def self.handshake_completed? ; !!@@handshake_completed end
++    def self.timer=(val)          ;   @@timer = val         end
++
++    def post_init #G connection_completed
++      @client_closed = false
++      @@handshake_completed = nil
++      @@timer = false
++      start_tls(:private_key_file => DIR+'client.key', :cert_chain_file => DIR+'client.crt')
+     end
+ 
+     def ssl_handshake_completed
+-      $client_handshake_completed = true
+-      close_connection
++      @@handshake_completed = true
+     end
+ 
+     def unbind
+-      EM.stop_event_loop
++      @@handshake_completed = false unless @@timer
+     end
+   end
+ 
+   module AcceptServer
++    @@handshake_completed = nil
++    def self.handshake_completed? ; !!@@handshake_completed end
++    def self.cert ; @@cert end
++
+     def post_init
++      @@cert = nil
++      @@handshake_completed = false
+       start_tls(:verify_peer => true)
+     end
+ 
+     def ssl_verify_peer(cert)
+-      $cert_from_server = cert
++      @@cert = cert
+       true
+     end
+ 
+     def ssl_handshake_completed
+-      $server_handshake_completed = true
++      @@handshake_completed = true
+     end
+   end
+ 
+   module DenyServer
++    @@handshake_completed = nil
++    def self.handshake_completed? ; !!@@handshake_completed end
++    def self.cert ; @@cert end
++
+     def post_init
++      @@cert = nil
++      @@handshake_completed = nil
+       start_tls(:verify_peer => true)
+     end
+ 
+     def ssl_verify_peer(cert)
+-      $cert_from_server = cert
++      @@cert = cert
+       # Do not accept the peer. This should now cause the connection to shut down without the SSL handshake being completed.
+       false
+     end
+ 
+     def ssl_handshake_completed
+-      $server_handshake_completed = true
++      @@handshake_completed = true
+     end
+   end
+ 
+   module FailServerNoPeerCert
++    @@handshake_completed = nil
++    def self.handshake_completed? ; !!@@handshake_completed end
++
+     def post_init
++      @@handshake_completed = false
+       start_tls(:verify_peer => true, :fail_if_no_peer_cert => true)
+     end
+ 
+@@ -77,52 +103,52 @@ def ssl_verify_peer(cert)
+     end
+ 
+     def ssl_handshake_completed
+-      $server_handshake_completed = true
++      @@handshake_completed = true
+     end
+   end
+ 
++  def em_run(server, client)
++    EM.run {
++      EM.start_server IP, PORT, server
++      EM.connect IP, PORT, client
++      EM.add_timer(0.3) {
++        Client.timer = true
++        EM.stop_event_loop
++      }
++    }
++  end
++
+   def test_fail_no_peer_cert
+     omit_unless(EM.ssl?)
+     omit_if(rbx?)
+ 
+-    $client_handshake_completed, $server_handshake_completed = false, false
++    em_run FailServerNoPeerCert, ClientNoCert
+ 
+-    EM.run {
+-      EM.start_server("127.0.0.1", 16784, FailServerNoPeerCert)
+-      EM.connect("127.0.0.1", 16784, ClientNoCert)
+-    }
+-
+-    assert(!$client_handshake_completed)
+-    assert(!$server_handshake_completed)
++    assert !ClientNoCert.handshake_completed?
++    assert !FailServerNoPeerCert.handshake_completed?
+   end
+ 
+   def test_accept_server
+     omit_unless(EM.ssl?)
+     omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain
+     omit_if(rbx?)
+-    $client_handshake_completed, $server_handshake_completed = false, false
+-    EM.run {
+-      EM.start_server("127.0.0.1", 16784, AcceptServer)
+-      EM.connect("127.0.0.1", 16784, Client).instance_variable_get("@signature")
+-    }
+ 
+-    assert_equal($cert_from_file, $cert_from_server)
+-    assert($client_handshake_completed)
+-    assert($server_handshake_completed)
++    em_run AcceptServer, Client
++
++    assert_equal CERT_FROM_FILE, AcceptServer.cert
++    assert Client.handshake_completed?
++    assert AcceptServer.handshake_completed?
+   end
+ 
+   def test_deny_server
+     omit_unless(EM.ssl?)
+     omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain
+     omit_if(rbx?)
+-    $client_handshake_completed, $server_handshake_completed = false, false
+-    EM.run {
+-      EM.start_server("127.0.0.1", 16784, DenyServer)
+-      EM.connect("127.0.0.1", 16784, Client)
+-    }
+ 
+-    assert_equal($cert_from_file, $cert_from_server)
+-    assert(!$client_handshake_completed)
+-    assert(!$server_handshake_completed)
++    em_run DenyServer, Client
++
++    assert_equal CERT_FROM_FILE, DenyServer.cert
++    assert !Client.handshake_completed?
++    assert !DenyServer.handshake_completed?
+   end
+ end

rubygem-eventmachine-1.2.7-Update-runtime-files-for-TLS13-no-SSL-OpenSSL-lib-info.patch

@@ -0,0 +1,113 @@
+From 0904385936ef4ecae4519f4f7b8f829a3608afcd Mon Sep 17 00:00:00 2001
+From: MSP-Greg <greg.mpls@gmail.com>
+Date: Sun, 13 Jan 2019 08:47:36 -0600
+Subject: [PATCH] Update runtime files for TLS 1.3, no SSL, OpenSSL lib info
+
+Add several constants related to OpenSSL & TLS 1.3
+EM::OPENSSL_LIBRARY_VERSION
+EM::OPENSSL_VERSION
+
+EM_PROTO_TLSv1_3
+EM::OPENSSL_NO_SSL2
+EM::OPENSSL_NO_SSL3
+---
+ ext/eventmachine.h   |  5 +++++
+ ext/rubymain.cpp     | 28 ++++++++++++++++++++++++++++
+ ext/ssl.cpp          |  5 +++++
+ lib/em/connection.rb |  5 +++++
+ 4 files changed, 43 insertions(+)
+
+diff --git a/ext/eventmachine.h b/ext/eventmachine.h
+index 2861276b..788f1ca4 100644
+--- a/ext/eventmachine.h
++++ b/ext/eventmachine.h
+@@ -44,7 +44,12 @@ extern "C" {
+ 		EM_PROTO_SSLv3 = 4,
+ 		EM_PROTO_TLSv1 = 8,
+ 		EM_PROTO_TLSv1_1 = 16,
++#ifdef TLS1_3_VERSION
++		EM_PROTO_TLSv1_2 = 32,
++		EM_PROTO_TLSv1_3 = 64
++#else
+ 		EM_PROTO_TLSv1_2 = 32
++#endif
+ 	};
+ 
+ 	void evma_initialize_library (EMCallback);
+diff --git a/ext/rubymain.cpp b/ext/rubymain.cpp
+index c5ea628e..0194aaea 100644
+--- a/ext/rubymain.cpp
++++ b/ext/rubymain.cpp
+@@ -1511,5 +1511,33 @@ extern "C" void Init_rubyeventmachine()
+ 	rb_define_const (EmModule, "EM_PROTO_TLSv1",   INT2NUM(EM_PROTO_TLSv1  ));
+ 	rb_define_const (EmModule, "EM_PROTO_TLSv1_1", INT2NUM(EM_PROTO_TLSv1_1));
+ 	rb_define_const (EmModule, "EM_PROTO_TLSv1_2", INT2NUM(EM_PROTO_TLSv1_2));
++#ifdef TLS1_3_VERSION
++	rb_define_const (EmModule, "EM_PROTO_TLSv1_3", INT2NUM(EM_PROTO_TLSv1_3));
++#endif
++
++#ifdef OPENSSL_NO_SSL3
++	/* True if SSL3 is not available */
++	rb_define_const (EmModule, "OPENSSL_NO_SSL3", Qtrue);
++	rb_define_const (EmModule, "OPENSSL_NO_SSL2", Qtrue);
++#else
++	rb_define_const (EmModule, "OPENSSL_NO_SSL3", Qfalse);
++#ifdef OPENSSL_NO_SSL2
++	rb_define_const (EmModule, "OPENSSL_NO_SSL2", Qtrue);
++#else
++	rb_define_const (EmModule, "OPENSSL_NO_SSL2", Qfalse);
++#endif
++#endif
++
++  // OpenSSL Build / Runtime/Load versions
++
++	/* Version of OpenSSL that EventMachine was compiled with */
++	rb_define_const(EmModule, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT));
++
++#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
++	/* Version of OpenSSL that EventMachine loaded with */
++	rb_define_const(EmModule, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
++#else
++	rb_define_const(EmModule, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
++#endif
+ }
+ 
+diff --git a/ext/ssl.cpp b/ext/ssl.cpp
+index 8d5e038a..c83e5b09 100644
+--- a/ext/ssl.cpp
++++ b/ext/ssl.cpp
+@@ -180,6 +180,11 @@ SslContext_t::SslContext_t (bool is_server, const std::string &privkeyfile, cons
+ 		SSL_CTX_set_options (pCtx, SSL_OP_NO_TLSv1_2);
+ 	#endif
+ 
++	#ifdef SSL_OP_NO_TLSv1_3
++	if (!(ssl_version & EM_PROTO_TLSv1_3))
++		SSL_CTX_set_options (pCtx, SSL_OP_NO_TLSv1_3);
++	#endif
++
+ 	#ifdef SSL_MODE_RELEASE_BUFFERS
+ 	SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS);
+ 	#endif
+diff --git a/lib/em/connection.rb b/lib/em/connection.rb
+index 7d45e92f..b5f8b0ad 100644
+--- a/lib/em/connection.rb
++++ b/lib/em/connection.rb
+@@ -436,6 +436,9 @@ def start_tls args={}
+         protocols_bitmask |= EventMachine::EM_PROTO_TLSv1
+         protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1
+         protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2
++        if EventMachine.const_defined? :EM_PROTO_TLSv1_3
++          protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_3
++        end
+       else
+         [ssl_version].flatten.each do |p|
+           case p.to_s.downcase
+@@ -449,6 +452,8 @@ def start_tls args={}
+             protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1
+           when 'tlsv1_2'
+             protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2
++          when 'tlsv1_3'
++            protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_3
+           else
+             raise("Unrecognized SSL/TLS Protocol: #{p}")
+           end

rubygem-eventmachine.spec

@@ -0,0 +1,106 @@
+%global gem_name eventmachine
+%{!?network: %global network 0}
+Name: rubygem-%{gem_name}
+Version: 1.2.7
+Release: 1
+Summary: Ruby/EventMachine library
+License: GPLv2 or Ruby
+URL: http://rubyeventmachine.com
+Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
+Patch0: rubygem-eventmachine-1.2.7-OpenSSL-1.1.0-test-updates.patch
+Patch1: rubygem-eventmachine-1.2.7-Update-runtime-files-for-TLS13-no-SSL-OpenSSL-lib-info.patch
+Patch2: rubygem-eventmachine-1.2.7-Move-console-SSL-Info-code-to-em_test_helper.patch
+Patch3: rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch
+BuildRequires: ruby(release)
+BuildRequires: rubygems-devel
+BuildRequires: ruby-devel
+BuildRequires: gcc-c++
+BuildRequires: openssl-devel
+BuildRequires: rubygem(test-unit)
+%description
+EventMachine implements a fast, single-threaded engine for arbitrary network
+communications. It's extremely easy to use in Ruby. EventMachine wraps all
+interactions with IP sockets, allowing programs to concentrate on the
+implementation of network protocols. It can be used to create both network
+servers and clients. To create a server or client, a Ruby program only needs
+to specify the IP address and port, and provide a Module that implements the
+communications protocol. Implementations of several standard network protocols
+are provided with the package, primarily to serve as examples. The real goal
+of EventMachine is to enable programs to easily interface with other programs
+using TCP/IP, especially if custom protocols are required.
+
+%package doc
+Summary: Documentation for %{name}
+Requires: %{name} = %{version}-%{release}
+BuildArch: noarch
+%description doc
+Documentation for %{name}.
+
+%prep
+%setup -q -n %{gem_name}-%{version}
+sed -i '/SSL_CTX_set_cipher_list/ s/".*"/"PROFILE=SYSTEM"/' ext/ssl.cpp
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+
+%build
+gem build ../%{gem_name}-%{version}.gemspec
+%gem_install
+
+%install
+mkdir -p %{buildroot}%{gem_dir}
+cp -a .%{gem_dir}/* \
+        %{buildroot}%{gem_dir}/
+mkdir -p %{buildroot}%{gem_extdir_mri}
+cp -a .%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/
+rm -rf %{buildroot}%{gem_instdir}/ext/
+
+%check
+pushd .%{gem_instdir}
+ruby -Ilib:$(dirs +1)%{gem_extdir_mri}:tests -e "Dir.glob './tests/**/test_*.rb', &method(:require)" -- \
+  --verbose \
+  --ignore-name /^test_exception_on_unbind$/ \
+  --ignore-name /^test_.*v3.*$/ \
+  --ignore-name /^test_no_ecdh_curve$/ \
+  --ignore-name=/^test_cookie$/ \
+  --ignore-name=/^test_http_client$/ \
+  --ignore-name=/^test_http_client_1$/ \
+  --ignore-name=/^test_http_client_2$/ \
+  --ignore-name=/^test_version_1_0$/ \
+  --ignore-name=/^test_https_get$/ \
+  --ignore-name=/^test_get$/ \
+  --ignore-name=/^test_get_pipeline$/ \
+  --ignore-name=/^test_ipv6_udp_local_server$/ \
+%if 0%{network} < 1
+  --ignore-name=/^test_a$/ \
+  --ignore-name=/^test_a_pair$/ \
+  --ignore-name=/^test_bad_host$/ \
+  --ignore-name=/^test_failure_timer_cleanup$/ \
+  --ignore-name=/^test_timer_cleanup$/ \
+  --ignore-name=/^test_nameserver$/ \
+%endif
+popd
+
+%files
+%dir %{gem_instdir}
+%{gem_extdir_mri}
+%license %{gem_instdir}/GNU
+%license %{gem_instdir}/LICENSE
+%{gem_libdir}
+%exclude %{gem_cache}
+%{gem_spec}
+
+%files doc
+%doc %{gem_docdir}
+%doc %{gem_instdir}/CHANGELOG.md
+%doc %{gem_instdir}/README.md
+%doc %{gem_instdir}/docs
+%{gem_instdir}/examples
+%{gem_instdir}/java
+%{gem_instdir}/rakelib
+%{gem_instdir}/tests
+
+%changelog
+* Sat Jul 25 2020 wutao <wutao61@huawei.com> - 1.2.7-1
+- package init

rubygem-eventmachine.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: eventmachine/eventmachine
+tag_prefix: "^v"
+seperator: "."