diff --git a/eventmachine-1.2.7.gem b/eventmachine-1.2.7.gem new file mode 100644 index 0000000..708d366 Binary files /dev/null and b/eventmachine-1.2.7.gem differ diff --git a/rubygem-eventmachine-1.2.7-Move-console-SSL-Info-code-to-em_test_helper.patch b/rubygem-eventmachine-1.2.7-Move-console-SSL-Info-code-to-em_test_helper.patch new file mode 100644 index 0000000..abf842d --- /dev/null +++ b/rubygem-eventmachine-1.2.7-Move-console-SSL-Info-code-to-em_test_helper.patch @@ -0,0 +1,221 @@ +From fc95df7a31ae5694f6a762c0c3d4f5c79c3ee40b Mon Sep 17 00:00:00 2001 +From: MSP-Greg +Date: Sun, 13 Jan 2019 16:10:30 -0600 +Subject: [PATCH] Remove some old Ruby version code, Travis to xenial (only + TLS, no SSL) + +Move console 'SSL Info' code to em_test_helper.rb +Prev code assumed SSLv3 was available, newer OpenSSL versions are often built without +--- + tests/em_test_helper.rb | 27 +++++++++++++++++++-- + tests/test_ssl_protocols.rb | 46 +++++++++++++------------------------ + 2 files changed, 41 insertions(+), 32 deletions(-) + +diff --git a/tests/em_test_helper.rb b/tests/em_test_helper.rb +index eb322482..2682849c 100644 +--- a/tests/em_test_helper.rb ++++ b/tests/em_test_helper.rb +@@ -4,9 +4,32 @@ + require 'rbconfig' + require 'socket' + +-puts "EM Library Type: #{EM.library_type}" +- + class Test::Unit::TestCase ++ ++ # below outputs in to console on load ++ # SSL_AVAIL is used by SSL tests ++ puts "", RUBY_DESCRIPTION ++ puts "\nEM.library_type #{EM.library_type.to_s.ljust(16)} EM.ssl? #{EM.ssl?}" ++ if EM.ssl? ++ require 'openssl' ++ ssl_lib_vers = OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ? ++ OpenSSL::OPENSSL_LIBRARY_VERSION : 'na' ++ puts "OpenSSL OPENSSL_LIBRARY_VERSION: #{ssl_lib_vers}\n" \ ++ " OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \ ++ " EM OPENSSL_LIBRARY_VERSION: #{EM::OPENSSL_LIBRARY_VERSION}\n" \ ++ " OPENSSL_VERSION: #{EM::OPENSSL_VERSION}" ++ ++ # assumes all 2.x versions include support for TLSv1_2 ++ temp = [] ++ temp << 'SSLv2' unless EM::OPENSSL_NO_SSL2 ++ temp << 'SSLv3' unless EM::OPENSSL_NO_SSL3 ++ temp += %w[TLSv1 TLSv1_1 TLSv1_2] ++ temp << 'TLSv1_3' if EM.const_defined? :EM_PROTO_TLSv1_3 ++ temp.sort! ++ puts " SSL_AVAIL: #{temp.join(' ')}", "" ++ SSL_AVAIL = temp.freeze ++ end ++ + class EMTestTimeout < StandardError ; end + + def setup_timeout(timeout = TIMEOUT_INTERVAL) +diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb +index 181abbc3..96c57c23 100644 +--- a/tests/test_ssl_protocols.rb ++++ b/tests/test_ssl_protocols.rb +@@ -6,20 +6,6 @@ + if EM.ssl? + class TestSslProtocols < Test::Unit::TestCase + +- # equal to base METHODS, downcased, like ["tlsv1, "tlsv1_1", "tlsv1_2"] +- if RUBY_VERSION == "1.8.7" +- SSL_AVAIL = ["sslv3", "tlsv1"] +- else +- SSL_AVAIL = ::OpenSSL::SSL::SSLContext::METHODS.select { |i| i =~ /[^\d]\d\z/ }.map { |i| i.to_s.downcase } +- end +- +- libr_vers = OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ? +- OpenSSL::OPENSSL_VERSION : 'na' +- +- puts "OPENSSL_LIBRARY_VERSION: #{libr_vers}\n" \ +- " OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \ +- " SSL_AVAIL: #{SSL_AVAIL.join(' ')}" +- + module Client + def ssl_handshake_completed + $client_handshake_completed = true +@@ -40,7 +25,7 @@ def ssl_handshake_completed + module ClientAny + include Client + def post_init +- start_tls(:ssl_version => SSL_AVAIL) ++ start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL) + end + end + +@@ -89,7 +74,7 @@ def post_init + module ServerAny + include Server + def post_init +- start_tls(:ssl_version => SSL_AVAIL) ++ start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL) + end + end + +@@ -117,7 +102,7 @@ def test_invalid_ssl_version + end + + def test_any_to_v3 +- omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3" ++ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do + EM.start_server("127.0.0.1", 16784, ServerSSLv3) +@@ -129,7 +114,7 @@ def test_any_to_v3 + end + + def test_any_to_tlsv1_2 +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do + EM.start_server("127.0.0.1", 16784, ServerTLSv1_2) +@@ -152,7 +137,7 @@ def test_case_insensitivity + end + + def test_v3_to_any +- omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3" ++ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do + EM.start_server("127.0.0.1", 16784, ServerAny) +@@ -164,7 +149,7 @@ def test_v3_to_any + end + + def test_tlsv1_2_to_any +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do + EM.start_server("127.0.0.1", 16784, ServerAny) +@@ -176,7 +161,7 @@ def test_tlsv1_2_to_any + end + + def test_v3_to_v3 +- omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3" ++ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do + EM.start_server("127.0.0.1", 16784, ServerSSLv3) +@@ -188,7 +173,7 @@ def test_v3_to_v3 + end + + def test_tlsv1_2_to_tlsv1_2 +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do + EM.start_server("127.0.0.1", 16784, ServerTLSv1_2) +@@ -245,7 +230,7 @@ def ssl_handshake_completed + + module ServerAnyStopAfterHandshake + def post_init +- start_tls(:ssl_version => SSL_AVAIL) ++ start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL) + end + + def ssl_handshake_completed +@@ -255,7 +240,7 @@ def ssl_handshake_completed + end + + def test_v3_with_external_client +- omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3" ++ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 + $server_handshake_completed = false + EM.run do + setup_timeout(2) +@@ -276,7 +261,7 @@ def test_v3_with_external_client + + # Fixed Server + def test_tlsv1_2_with_external_client +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" + $server_handshake_completed = false + EM.run do + setup_timeout(2) +@@ -284,7 +269,7 @@ def test_tlsv1_2_with_external_client + EM.defer do + sock = TCPSocket.new("127.0.0.1", 16784) + ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :SSLv23_client ++ ctx.ssl_version = :SSLv23 + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.connect + ssl.close rescue nil +@@ -297,7 +282,7 @@ def test_tlsv1_2_with_external_client + + # Fixed Client + def test_any_with_external_client_tlsv1_2 +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" + $server_handshake_completed = false + EM.run do + setup_timeout(2) +@@ -305,7 +290,7 @@ def test_any_with_external_client_tlsv1_2 + EM.defer do + sock = TCPSocket.new("127.0.0.1", 16784) + ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :TLSv1_2_client ++ ctx.ssl_version = :TLSv1_2 + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.connect + ssl.close rescue nil +@@ -318,7 +303,7 @@ def test_any_with_external_client_tlsv1_2 + + # Refuse a client? + def test_tlsv1_2_required_with_external_client +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" + $server_handshake_completed = false + EM.run do + n = 0 +@@ -330,7 +315,7 @@ def test_tlsv1_2_required_with_external_client + EM.defer do + sock = TCPSocket.new("127.0.0.1", 16784) + ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :TLSv1_client ++ ctx.ssl_version = :TLSv1 + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + assert_raise(OpenSSL::SSL::SSLError) { ssl.connect } + ssl.close rescue nil diff --git a/rubygem-eventmachine-1.2.7-OpenSSL-1.1.0-test-updates.patch b/rubygem-eventmachine-1.2.7-OpenSSL-1.1.0-test-updates.patch new file mode 100644 index 0000000..197f344 --- /dev/null +++ b/rubygem-eventmachine-1.2.7-OpenSSL-1.1.0-test-updates.patch @@ -0,0 +1,251 @@ +From 506a0c6d2f039c78c0f7d96a31b11b73aa36dccd Mon Sep 17 00:00:00 2001 +From: MSP-Greg +Date: Sat, 8 Jul 2017 14:28:50 -0500 +Subject: [PATCH] OpenSSL 1.1.0 test updates + +--- + tests/test_ssl_protocols.rb | 127 ++++++++++++++++++++++++++++++++---- + 1 file changed, 114 insertions(+), 13 deletions(-) + +diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb +index bcb68246..e7b16370 100644 +--- a/tests/test_ssl_protocols.rb ++++ b/tests/test_ssl_protocols.rb +@@ -6,6 +6,20 @@ + if EM.ssl? + class TestSslProtocols < Test::Unit::TestCase + ++ # equal to base METHODS, downcased, like ["tlsv1, "tlsv1_1", "tlsv1_2"] ++ if RUBY_VERSION == "1.8.7" ++ SSL_AVAIL = ["sslv3", "tlsv1"] ++ else ++ SSL_AVAIL = ::OpenSSL::SSL::SSLContext::METHODS.select { |i| i =~ /[^\d]\d\z/ }.map { |i| i.to_s.downcase } ++ end ++ ++ libr_vers = OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ? ++ OpenSSL::OPENSSL_VERSION : 'na' ++ ++ puts "OPENSSL_LIBRARY_VERSION: #{libr_vers}\n" \ ++ " OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \ ++ " SSL_AVAIL: #{SSL_AVAIL.join(' ')}" ++ + module Client + def ssl_handshake_completed + $client_handshake_completed = true +@@ -26,7 +40,7 @@ def ssl_handshake_completed + module ClientAny + include Client + def post_init +- start_tls(:ssl_version => %w(sslv2 sslv3 tlsv1 tlsv1_1 tlsv1_2)) ++ start_tls(:ssl_version => SSL_AVAIL) + end + end + +@@ -51,6 +65,20 @@ def post_init + end + end + ++ module ClientTLSv1_2 ++ include Client ++ def post_init ++ start_tls(:ssl_version => %w(TLSv1_2)) ++ end ++ end ++ ++ module ServerTLSv1_2 ++ include Server ++ def post_init ++ start_tls(:ssl_version => %w(TLSv1_2)) ++ end ++ end ++ + module ServerTLSv1CaseInsensitive + include Server + def post_init +@@ -61,7 +89,7 @@ def post_init + module ServerAny + include Server + def post_init +- start_tls(:ssl_version => %w(sslv2 sslv3 tlsv1 tlsv1_1 tlsv1_2)) ++ start_tls(:ssl_version => SSL_AVAIL) + end + end + +@@ -89,6 +117,7 @@ def test_invalid_ssl_version + end + + def test_any_to_v3 ++ omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3" + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do + EM.start_server("127.0.0.1", 16784, ServerSSLv3) +@@ -99,6 +128,18 @@ def test_any_to_v3 + assert($server_handshake_completed) + end + ++ def test_any_to_tlsv1_2 ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ $client_handshake_completed, $server_handshake_completed = false, false ++ EM.run do ++ EM.start_server("127.0.0.1", 16784, ServerTLSv1_2) ++ EM.connect("127.0.0.1", 16784, ClientAny) ++ end ++ ++ assert($client_handshake_completed) ++ assert($server_handshake_completed) ++ end ++ + def test_case_insensitivity + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do +@@ -111,6 +152,7 @@ def test_case_insensitivity + end + + def test_v3_to_any ++ omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3" + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do + EM.start_server("127.0.0.1", 16784, ServerAny) +@@ -121,7 +163,20 @@ def test_v3_to_any + assert($server_handshake_completed) + end + ++ def test_tlsv1_2_to_any ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ $client_handshake_completed, $server_handshake_completed = false, false ++ EM.run do ++ EM.start_server("127.0.0.1", 16784, ServerAny) ++ EM.connect("127.0.0.1", 16784, ClientTLSv1_2) ++ end ++ ++ assert($client_handshake_completed) ++ assert($server_handshake_completed) ++ end ++ + def test_v3_to_v3 ++ omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3" + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do + EM.start_server("127.0.0.1", 16784, ServerSSLv3) +@@ -132,6 +187,18 @@ def test_v3_to_v3 + assert($server_handshake_completed) + end + ++ def test_tlsv1_2_to_tlsv1_2 ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ $client_handshake_completed, $server_handshake_completed = false, false ++ EM.run do ++ EM.start_server("127.0.0.1", 16784, ServerTLSv1_2) ++ EM.connect("127.0.0.1", 16784, ClientTLSv1_2) ++ end ++ ++ assert($client_handshake_completed) ++ assert($server_handshake_completed) ++ end ++ + def test_any_to_any + $client_handshake_completed, $server_handshake_completed = false, false + EM.run do +@@ -165,9 +232,20 @@ def ssl_handshake_completed + end + end + +- module ServerTLSv1StopAfterHandshake ++ module ServerTLSv1_2StopAfterHandshake + def post_init +- start_tls(:ssl_version => %w(TLSv1)) ++ start_tls(:ssl_version => %w(TLSv1_2)) ++ end ++ ++ def ssl_handshake_completed ++ $server_handshake_completed = true ++ EM.stop_event_loop ++ end ++ end ++ ++ module ServerAnyStopAfterHandshake ++ def post_init ++ start_tls(:ssl_version => SSL_AVAIL) + end + + def ssl_handshake_completed +@@ -177,6 +255,7 @@ def ssl_handshake_completed + end + + def test_v3_with_external_client ++ omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3" + $server_handshake_completed = false + EM.run do + setup_timeout(2) +@@ -195,15 +274,17 @@ def test_v3_with_external_client + assert($server_handshake_completed) + end + +- def test_tlsv1_with_external_client ++ # Fixed Server ++ def test_tlsv1_2_with_external_client ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" + $server_handshake_completed = false + EM.run do + setup_timeout(2) +- EM.start_server("127.0.0.1", 16784, ServerTLSv1StopAfterHandshake) ++ EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake) + EM.defer do + sock = TCPSocket.new("127.0.0.1", 16784) + ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :TLSv1_client ++ ctx.ssl_version = :SSLv23_client + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.connect + ssl.close rescue nil +@@ -214,24 +295,44 @@ def test_tlsv1_with_external_client + assert($server_handshake_completed) + end + +- def test_tlsv1_required_with_external_client ++ # Fixed Client ++ def test_any_with_external_client_tlsv1_2 ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" + $server_handshake_completed = false ++ EM.run do ++ setup_timeout(2) ++ EM.start_server("127.0.0.1", 16784, ServerAnyStopAfterHandshake) ++ EM.defer do ++ sock = TCPSocket.new("127.0.0.1", 16784) ++ ctx = OpenSSL::SSL::SSLContext.new ++ ctx.ssl_version = :TLSv1_2_client ++ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ++ ssl.connect ++ ssl.close rescue nil ++ sock.close rescue nil ++ end ++ end ++ ++ assert($server_handshake_completed) ++ end + ++ # Refuse a client? ++ def test_tlsv1_2_required_with_external_client ++ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2" ++ $server_handshake_completed = false + EM.run do + n = 0 + EM.add_periodic_timer(0.5) do + n += 1 + (EM.stop rescue nil) if n == 2 + end +- EM.start_server("127.0.0.1", 16784, ServerTLSv1StopAfterHandshake) ++ EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake) + EM.defer do + sock = TCPSocket.new("127.0.0.1", 16784) + ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :SSLv3_client ++ ctx.ssl_version = :TLSv1_client + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) +- assert_raise OpenSSL::SSL::SSLError do +- ssl.connect +- end ++ assert_raise(OpenSSL::SSL::SSLError) { ssl.connect } + ssl.close rescue nil + sock.close rescue nil + EM.stop rescue nil diff --git a/rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch b/rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch new file mode 100644 index 0000000..2661ac4 --- /dev/null +++ b/rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch @@ -0,0 +1,898 @@ +From dd6cec8d5278e11f2a1752aa7b4a712d53b1f1d3 Mon Sep 17 00:00:00 2001 +From: MSP-Greg +Date: Sun, 13 Jan 2019 21:23:03 -0600 +Subject: [PATCH] Update SSL tests, 1.1.x & TLSv1_3 + +Add Ruby 2.6 to Travis osx for OpenSSL 1.1.0 + +Note that order of 'ssl_handshake_completed' callbacks in TLSv1_3 are reversed +--- + tests/test_ssl_dhparam.rb | 6 +- + tests/test_ssl_ecdh_curve.rb | 45 ++++++ + tests/test_ssl_extensions.rb | 56 +++++--- + tests/test_ssl_methods.rb | 3 + tests/test_ssl_protocols.rb | 322 +++++++++++++++++-------------------------------- + tests/test_ssl_verify.rb | 110 ++++++++++------ + 6 files changed, 263 insertions(+), 279 deletions(-) + +diff --git a/tests/test_ssl_dhparam.rb b/tests/test_ssl_dhparam.rb +index 0a7f01da..e5165caf 100644 +--- a/tests/test_ssl_dhparam.rb ++++ b/tests/test_ssl_dhparam.rb +@@ -8,7 +8,7 @@ def setup + + module Client + def post_init +- start_tls ++ start_tls(:ssl_version => %w(TLSv1_2)) + end + + def ssl_handshake_completed +@@ -24,7 +24,7 @@ def unbind + + module Server + def post_init +- start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH") ++ start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2)) + end + + def ssl_handshake_completed +@@ -35,7 +35,7 @@ def ssl_handshake_completed + + module NoDhServer + def post_init +- start_tls(:cipher_list => "DHE,EDH") ++ start_tls(:cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2)) + end + + def ssl_handshake_completed +diff --git a/tests/test_ssl_ecdh_curve.rb b/tests/test_ssl_ecdh_curve.rb +index c4148ce9..53b8ae24 100644 +--- a/tests/test_ssl_ecdh_curve.rb ++++ b/tests/test_ssl_ecdh_curve.rb +@@ -1,6 +1,11 @@ + require 'em_test_helper' + + class TestSslEcdhCurve < Test::Unit::TestCase ++ if EM.ssl? ++ SSL_LIB_VERS = EM::OPENSSL_LIBRARY_VERSION[/OpenSSL (\d+\.\d+\.\d+)/, 1] ++ .split('.').map(&:to_i) ++ end ++ + module Client + def post_init + start_tls +@@ -17,7 +15,7 @@ def post_init + def ssl_handshake_completed + $client_handshake_completed = true + $client_cipher_name = get_cipher_name +- close_connection ++ close_connection unless /TLSv1\.3/i =~ get_cipher_protocol + end + + def unbind +@@ -27,7 +25,11 @@ def unbind + + module Server + def post_init +- start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH") ++ if (SSL_LIB_VERS <=> [1, 1]) == 1 ++ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2)) ++ else ++ start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH", :ssl_version => %w(TLSv1_2)) ++ end + end + + def ssl_handshake_completed +@@ -36,9 +38,21 @@ def ssl_handshake_completed + end + end + ++ module Server1_3 ++ def post_init ++ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_3)) ++ end ++ ++ def ssl_handshake_completed ++ $server_handshake_completed = true ++ $server_cipher_name = get_cipher_name ++ close_connection if /TLSv1\.3/i =~ get_cipher_protocol ++ end ++ end ++ + module NoCurveServer + def post_init +- start_tls(:cipher_list => "ECDH") ++ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2)) + end + + def ssl_handshake_completed +@@ -50,6 +64,7 @@ def ssl_handshake_completed + def test_no_ecdh_curve + omit_unless(EM.ssl?) + omit_if(rbx?) ++ omit("OpenSSL 1.1.x (and later) auto selects curve") if (SSL_LIB_VERS <=> [1, 1]) == 1 + + $client_handshake_completed, $server_handshake_completed = false, false + +@@ -85,5 +99,27 @@ def test_ecdh_curve + assert_match(/^(AECDH|ECDHE)/, $client_cipher_name) + end + ++ def test_ecdh_curve_tlsv1_3 ++ omit("No SSL") unless EM.ssl? ++ omit_if(EM.library_type == :pure_ruby && RUBY_VERSION < "2.3.0") ++ omit_if(rbx?) ++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3 + ++ $client_handshake_completed, $server_handshake_completed = false, false ++ $server_cipher_name, $client_cipher_name = nil, nil ++ ++ EM.run { ++ EM.start_server("127.0.0.1", 16784, Server1_3) ++ EM.connect("127.0.0.1", 16784, Client) ++ } ++ ++ assert($client_handshake_completed) ++ assert($server_handshake_completed) ++ ++ assert($client_cipher_name.length > 0) ++ assert_equal($client_cipher_name, $server_cipher_name) ++ # see https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites ++ # may depend on OpenSSL build options ++ assert_equal("TLS_AES_256_GCM_SHA384", $client_cipher_name) ++ end + end +diff --git a/tests/test_ssl_extensions.rb b/tests/test_ssl_extensions.rb +index 594feb95..93f4ef5a 100644 +--- a/tests/test_ssl_extensions.rb ++++ b/tests/test_ssl_extensions.rb +@@ -5,43 +5,57 @@ + if EM.ssl? + class TestSslExtensions < Test::Unit::TestCase + ++ IP, PORT = "127.0.0.1", 16784 ++ + module Client +- def ssl_handshake_completed +- $client_handshake_completed = true +- close_connection +- end +- +- def unbind +- EM.stop_event_loop ++ def self.ssl_vers=(val = nil) ++ @@ssl_vers = val + end + + def post_init +- start_tls(:ssl_version => :tlsv1, :sni_hostname => 'example.com') ++ start_tls(:sni_hostname => 'example.com', :ssl_version => @@ssl_vers) + end + end + + module Server +- def ssl_handshake_completed +- $server_handshake_completed = true +- $server_sni_hostname = get_sni_hostname +- end ++ @@handshake_completed = false ++ @@sni_hostname = 'Not set' ++ ++ def self.handshake_completed? ; !!@@handshake_completed end ++ def self.sni_hostname ; @@sni_hostname end + + def post_init +- start_tls(:ssl_version => :TLSv1) ++ start_tls + end +- end + +- def test_tlsext_sni_hostname +- $server_handshake_completed = false ++ def ssl_handshake_completed ++ @@handshake_completed = true ++ @@sni_hostname = get_sni_hostname ++ end ++ end + ++ def client_server(client = nil) + EM.run do +- EM.start_server("127.0.0.1", 16784, Server) +- EM.connect("127.0.0.1", 16784, Client) ++ Client.ssl_vers = client ++ EM.start_server IP, PORT, Server ++ EM.connect IP, PORT, Client ++ EM.add_timer(0.3) { EM.stop_event_loop } + end +- +- assert($server_handshake_completed) +- assert_equal('example.com', $server_sni_hostname) + end ++ ++ def test_tlsext_sni_hostname_1_2 ++ client_server %w(TLSv1_2) ++ assert Server.handshake_completed? ++ assert_equal 'example.com', Server.sni_hostname ++ end ++ ++ def test_tlsext_sni_hostname_1_3 ++ omit("TLSv1_3 is unavailable") unless SSL_AVAIL.include? "tlsv1_3" ++ client_server %w(TLSv1_3) ++ assert Server.handshake_completed? ++ assert_equal 'example.com', Server.sni_hostname ++ end ++ + end + else + warn "EM built without SSL support, skipping tests in #{__FILE__}" +diff --git a/tests/test_ssl_methods.rb b/tests/test_ssl_methods.rb +index 3c45ee5d..022844fd 100644 +--- a/tests/test_ssl_methods.rb ++++ b/tests/test_ssl_methods.rb +@@ -13,6 +13,7 @@ def ssl_handshake_completed + $server_cipher_bits = get_cipher_bits + $server_cipher_name = get_cipher_name + $server_cipher_protocol = get_cipher_protocol ++ EM.stop_event_loop if /TLSv1\.3/ =~ get_cipher_protocol + end + end + +@@ -27,7 +28,7 @@ def ssl_handshake_completed + $client_cipher_bits = get_cipher_bits + $client_cipher_name = get_cipher_name + $client_cipher_protocol = get_cipher_protocol +- EM.stop_event_loop ++ EM.stop_event_loop if /TLSv1\.3/ !~ get_cipher_protocol + end + end + +diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb +index 96c57c23..6b10eb6b 100644 +--- a/tests/test_ssl_protocols.rb ++++ b/tests/test_ssl_protocols.rb +@@ -3,319 +1,224 @@ + require 'openssl' + + if EM.ssl? ++ + class TestSslProtocols < Test::Unit::TestCase + ++ IP, PORT = "127.0.0.1", 16784 ++ RUBY_SSL_GE_2_1 = OpenSSL::VERSION >= '2.1' ++ + module Client +- def ssl_handshake_completed +- $client_handshake_completed = true +- close_connection +- end ++ @@handshake_completed = false + +- def unbind +- EM.stop_event_loop ++ def self.ssl_vers=(val = nil) ++ @@ssl_vers = val + end +- end + +- module Server +- def ssl_handshake_completed +- $server_handshake_completed = true ++ def self.handshake_completed? ++ @@handshake_completed + end +- end + +- module ClientAny +- include Client + def post_init +- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL) ++ @@handshake_completed = false ++ if @@ssl_vers ++ start_tls(:ssl_version => @@ssl_vers) ++ else ++ start_tls ++ end + end +- end + +- module ClientDefault +- include Client +- def post_init +- start_tls +- end +- end +- +- module ClientSSLv3 +- include Client +- def post_init +- start_tls(:ssl_version => %w(SSLv3)) ++ def ssl_handshake_completed ++ @@handshake_completed = true + end + end + +- module ServerSSLv3 +- include Server +- def post_init +- start_tls(:ssl_version => %w(SSLv3)) +- end +- end ++ module Server ++ @@handshake_completed = false + +- module ClientTLSv1_2 +- include Client +- def post_init +- start_tls(:ssl_version => %w(TLSv1_2)) ++ def self.ssl_vers=(val = nil) ++ @@ssl_vers = val + end +- end + +- module ServerTLSv1_2 +- include Server +- def post_init +- start_tls(:ssl_version => %w(TLSv1_2)) +- end +- end ++ def self.handshake_completed? ; @@handshake_completed end + +- module ServerTLSv1CaseInsensitive +- include Server + def post_init +- start_tls(:ssl_version => %w(tlsv1)) +- end +- end +- +- module ServerAny +- include Server +- def post_init +- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL) ++ @@handshake_completed = false ++ if @@ssl_vers ++ start_tls(:ssl_version => @@ssl_vers) ++ else ++ start_tls ++ end + end +- end + +- module ServerDefault +- include Server +- def post_init +- start_tls ++ def ssl_handshake_completed ++ @@handshake_completed = true + end + end + +- module InvalidProtocol +- include Client +- def post_init +- start_tls(:ssl_version => %w(tlsv1 badinput)) ++ def client_server(client = nil, server = nil) ++ EM.run do ++ Client.ssl_vers, Server.ssl_vers = client, server ++ EM.start_server IP, PORT, Server ++ EM.connect IP, PORT, Client ++ EM.add_timer(0.3) { EM.stop_event_loop } + end + end + + def test_invalid_ssl_version + assert_raises(RuntimeError, "Unrecognized SSL/TLS Version: badinput") do +- EM.run do +- EM.start_server("127.0.0.1", 16784, InvalidProtocol) +- EM.connect("127.0.0.1", 16784, InvalidProtocol) +- end ++ client_server %w(tlsv1 badinput), %w(tlsv1 badinput) + end + end + + def test_any_to_v3 + omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerSSLv3) +- EM.connect("127.0.0.1", 16784, ClientAny) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server SSL_AVAIL, %w(SSLv3) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_any_to_tlsv1_2 +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2) +- EM.connect("127.0.0.1", 16784, ClientAny) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server SSL_AVAIL, %w(TLSv1_2) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_case_insensitivity +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerTLSv1CaseInsensitive) +- EM.connect("127.0.0.1", 16784, ClientAny) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ lower_case = SSL_AVAIL.map { |p| p.downcase } ++ client_server %w(tlsv1), lower_case ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_v3_to_any + omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerAny) +- EM.connect("127.0.0.1", 16784, ClientSSLv3) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server %w(SSLv3), SSL_AVAIL ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_tlsv1_2_to_any +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerAny) +- EM.connect("127.0.0.1", 16784, ClientTLSv1_2) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server %w(TLSv1_2), SSL_AVAIL ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_v3_to_v3 + omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerSSLv3) +- EM.connect("127.0.0.1", 16784, ClientSSLv3) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server %w(SSLv3), %w(SSLv3) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_tlsv1_2_to_tlsv1_2 +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2) +- EM.connect("127.0.0.1", 16784, ClientTLSv1_2) +- end ++ client_server %w(TLSv1_2), %w(TLSv1_2) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? ++ end + +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ def test_tlsv1_3_to_tlsv1_3 ++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3 ++ client_server %w(TLSv1_3), %w(TLSv1_3) ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_any_to_any +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerAny) +- EM.connect("127.0.0.1", 16784, ClientAny) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ client_server SSL_AVAIL, SSL_AVAIL ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + + def test_default_to_default +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run do +- EM.start_server("127.0.0.1", 16784, ServerDefault) +- EM.connect("127.0.0.1", 16784, ClientDefault) +- end +- +- assert($client_handshake_completed) +- assert($server_handshake_completed) +- end +- +- module ServerV3StopAfterHandshake +- def post_init +- start_tls(:ssl_version => %w(SSLv3)) +- end +- +- def ssl_handshake_completed +- $server_handshake_completed = true +- EM.stop_event_loop +- end ++ client_server ++ assert Client.handshake_completed? ++ assert Server.handshake_completed? + end + +- module ServerTLSv1_2StopAfterHandshake +- def post_init +- start_tls(:ssl_version => %w(TLSv1_2)) ++ module ServerStopAfterHandshake ++ def self.ssl_vers=(val) ++ @@ssl_vers = val + end + +- def ssl_handshake_completed +- $server_handshake_completed = true +- EM.stop_event_loop +- end +- end ++ def self.handshake_completed? ; @@handshake_completed end + +- module ServerAnyStopAfterHandshake + def post_init +- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL) ++ @@handshake_completed = false ++ start_tls(:ssl_version => @@ssl_vers) + end + + def ssl_handshake_completed +- $server_handshake_completed = true ++ @@handshake_completed = true + EM.stop_event_loop + end + end + +- def test_v3_with_external_client +- omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 +- $server_handshake_completed = false ++ def external_client(ext_min, ext_max, ext_ssl, server) + EM.run do + setup_timeout(2) +- EM.start_server("127.0.0.1", 16784, ServerV3StopAfterHandshake) ++ ServerStopAfterHandshake.ssl_vers = server ++ EM.start_server(IP, PORT, ServerStopAfterHandshake) + EM.defer do +- sock = TCPSocket.new("127.0.0.1", 16784) ++ sock = TCPSocket.new(IP, PORT) + ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :SSLv3_client ++ if RUBY_SSL_GE_2_1 ++ ctx.min_version = ext_min if ext_min ++ ctx.max_version = ext_max if ext_max ++ else ++ ctx.ssl_version = ext_ssl ++ end + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + ssl.connect + ssl.close rescue nil + sock.close rescue nil + end + end ++ assert ServerStopAfterHandshake.handshake_completed? ++ end + +- assert($server_handshake_completed) ++ def test_v3_with_external_client ++ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3 ++ external_client nil, nil, :SSLv3_client, %w(SSLv3) + end + + # Fixed Server + def test_tlsv1_2_with_external_client +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $server_handshake_completed = false +- EM.run do +- setup_timeout(2) +- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake) +- EM.defer do +- sock = TCPSocket.new("127.0.0.1", 16784) +- ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :SSLv23 +- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) +- ssl.connect +- ssl.close rescue nil +- sock.close rescue nil +- end +- end ++ external_client nil, nil, :SSLv23_client, %w(TLSv1_2) ++ end + +- assert($server_handshake_completed) ++ def test_tlsv1_3_with_external_client ++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3 ++ external_client nil, nil, :SSLv23_client, %w(TLSv1_3) + end + + # Fixed Client + def test_any_with_external_client_tlsv1_2 +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $server_handshake_completed = false +- EM.run do +- setup_timeout(2) +- EM.start_server("127.0.0.1", 16784, ServerAnyStopAfterHandshake) +- EM.defer do +- sock = TCPSocket.new("127.0.0.1", 16784) +- ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :TLSv1_2 +- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) +- ssl.connect +- ssl.close rescue nil +- sock.close rescue nil +- end +- end ++ external_client :TLS1_2, :TLS1_2, :TLSv1_2_client, SSL_AVAIL ++ end + +- assert($server_handshake_completed) ++ def test_any_with_external_client_tlsv1_3 ++ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3 ++ external_client :TLS1_3, :TLS1_3, :TLSv1_2_client, SSL_AVAIL + end + + # Refuse a client? + def test_tlsv1_2_required_with_external_client +- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2" +- $server_handshake_completed = false + EM.run do + n = 0 + EM.add_periodic_timer(0.5) do + n += 1 + (EM.stop rescue nil) if n == 2 + end +- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake) ++ ServerStopAfterHandshake.ssl_vers = %w(TLSv1_2) ++ EM.start_server(IP, PORT, ServerStopAfterHandshake) + EM.defer do +- sock = TCPSocket.new("127.0.0.1", 16784) ++ sock = TCPSocket.new(IP, PORT) + ctx = OpenSSL::SSL::SSLContext.new +- ctx.ssl_version = :TLSv1 ++ if RUBY_SSL_GE_2_1 ++ ctx.max_version = :TLS1_1 ++ else ++ ctx.ssl_version = :TLSv1_client ++ end + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) + assert_raise(OpenSSL::SSL::SSLError) { ssl.connect } + ssl.close rescue nil +@@ -323,10 +226,9 @@ def test_tlsv1_2_required_with_external_client + EM.stop rescue nil + end + end +- +- assert(!$server_handshake_completed) ++ assert !ServerStopAfterHandshake.handshake_completed? + end + end + else + warn "EM built without SSL support, skipping tests in #{__FILE__}" +-end ++end +\ No newline at end of file +diff --git a/tests/test_ssl_verify.rb b/tests/test_ssl_verify.rb +index 00ec1466..0c84e97e 100644 +--- a/tests/test_ssl_verify.rb ++++ b/tests/test_ssl_verify.rb +@@ -1,74 +1,100 @@ + require 'em_test_helper' + + class TestSslVerify < Test::Unit::TestCase +- def setup +- $dir = File.dirname(File.expand_path(__FILE__)) + '/' +- $cert_from_file = File.read($dir+'client.crt') +- end ++ ++ DIR = File.dirname(File.expand_path(__FILE__)) + '/' ++ CERT_FROM_FILE = File.read(DIR+'client.crt') ++ ++ IP, PORT = "127.0.0.1", 16784 + + module ClientNoCert +- def connection_completed ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ ++ def post_init ++ @@handshake_completed = false + start_tls() + end + + def ssl_handshake_completed +- $client_handshake_completed = true +- close_connection ++ @@handshake_completed = true + end + + def unbind +- EM.stop_event_loop ++ @@handshake_completed = false + end + end + + module Client +- def connection_completed +- start_tls(:private_key_file => $dir+'client.key', :cert_chain_file => $dir+'client.crt') ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ def self.timer=(val) ; @@timer = val end ++ ++ def post_init #G connection_completed ++ @client_closed = false ++ @@handshake_completed = nil ++ @@timer = false ++ start_tls(:private_key_file => DIR+'client.key', :cert_chain_file => DIR+'client.crt') + end + + def ssl_handshake_completed +- $client_handshake_completed = true +- close_connection ++ @@handshake_completed = true + end + + def unbind +- EM.stop_event_loop ++ @@handshake_completed = false unless @@timer + end + end + + module AcceptServer ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ def self.cert ; @@cert end ++ + def post_init ++ @@cert = nil ++ @@handshake_completed = false + start_tls(:verify_peer => true) + end + + def ssl_verify_peer(cert) +- $cert_from_server = cert ++ @@cert = cert + true + end + + def ssl_handshake_completed +- $server_handshake_completed = true ++ @@handshake_completed = true + end + end + + module DenyServer ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ def self.cert ; @@cert end ++ + def post_init ++ @@cert = nil ++ @@handshake_completed = nil + start_tls(:verify_peer => true) + end + + def ssl_verify_peer(cert) +- $cert_from_server = cert ++ @@cert = cert + # Do not accept the peer. This should now cause the connection to shut down without the SSL handshake being completed. + false + end + + def ssl_handshake_completed +- $server_handshake_completed = true ++ @@handshake_completed = true + end + end + + module FailServerNoPeerCert ++ @@handshake_completed = nil ++ def self.handshake_completed? ; !!@@handshake_completed end ++ + def post_init ++ @@handshake_completed = false + start_tls(:verify_peer => true, :fail_if_no_peer_cert => true) + end + +@@ -77,52 +103,52 @@ def ssl_verify_peer(cert) + end + + def ssl_handshake_completed +- $server_handshake_completed = true ++ @@handshake_completed = true + end + end + ++ def em_run(server, client) ++ EM.run { ++ EM.start_server IP, PORT, server ++ EM.connect IP, PORT, client ++ EM.add_timer(0.3) { ++ Client.timer = true ++ EM.stop_event_loop ++ } ++ } ++ end ++ + def test_fail_no_peer_cert + omit_unless(EM.ssl?) + omit_if(rbx?) + +- $client_handshake_completed, $server_handshake_completed = false, false ++ em_run FailServerNoPeerCert, ClientNoCert + +- EM.run { +- EM.start_server("127.0.0.1", 16784, FailServerNoPeerCert) +- EM.connect("127.0.0.1", 16784, ClientNoCert) +- } +- +- assert(!$client_handshake_completed) +- assert(!$server_handshake_completed) ++ assert !ClientNoCert.handshake_completed? ++ assert !FailServerNoPeerCert.handshake_completed? + end + + def test_accept_server + omit_unless(EM.ssl?) + omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain + omit_if(rbx?) +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run { +- EM.start_server("127.0.0.1", 16784, AcceptServer) +- EM.connect("127.0.0.1", 16784, Client).instance_variable_get("@signature") +- } + +- assert_equal($cert_from_file, $cert_from_server) +- assert($client_handshake_completed) +- assert($server_handshake_completed) ++ em_run AcceptServer, Client ++ ++ assert_equal CERT_FROM_FILE, AcceptServer.cert ++ assert Client.handshake_completed? ++ assert AcceptServer.handshake_completed? + end + + def test_deny_server + omit_unless(EM.ssl?) + omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain + omit_if(rbx?) +- $client_handshake_completed, $server_handshake_completed = false, false +- EM.run { +- EM.start_server("127.0.0.1", 16784, DenyServer) +- EM.connect("127.0.0.1", 16784, Client) +- } + +- assert_equal($cert_from_file, $cert_from_server) +- assert(!$client_handshake_completed) +- assert(!$server_handshake_completed) ++ em_run DenyServer, Client ++ ++ assert_equal CERT_FROM_FILE, DenyServer.cert ++ assert !Client.handshake_completed? ++ assert !DenyServer.handshake_completed? + end + end diff --git a/rubygem-eventmachine-1.2.7-Update-runtime-files-for-TLS13-no-SSL-OpenSSL-lib-info.patch b/rubygem-eventmachine-1.2.7-Update-runtime-files-for-TLS13-no-SSL-OpenSSL-lib-info.patch new file mode 100644 index 0000000..7f482ab --- /dev/null +++ b/rubygem-eventmachine-1.2.7-Update-runtime-files-for-TLS13-no-SSL-OpenSSL-lib-info.patch @@ -0,0 +1,113 @@ +From 0904385936ef4ecae4519f4f7b8f829a3608afcd Mon Sep 17 00:00:00 2001 +From: MSP-Greg +Date: Sun, 13 Jan 2019 08:47:36 -0600 +Subject: [PATCH] Update runtime files for TLS 1.3, no SSL, OpenSSL lib info + +Add several constants related to OpenSSL & TLS 1.3 +EM::OPENSSL_LIBRARY_VERSION +EM::OPENSSL_VERSION + +EM_PROTO_TLSv1_3 +EM::OPENSSL_NO_SSL2 +EM::OPENSSL_NO_SSL3 +--- + ext/eventmachine.h | 5 +++++ + ext/rubymain.cpp | 28 ++++++++++++++++++++++++++++ + ext/ssl.cpp | 5 +++++ + lib/em/connection.rb | 5 +++++ + 4 files changed, 43 insertions(+) + +diff --git a/ext/eventmachine.h b/ext/eventmachine.h +index 2861276b..788f1ca4 100644 +--- a/ext/eventmachine.h ++++ b/ext/eventmachine.h +@@ -44,7 +44,12 @@ extern "C" { + EM_PROTO_SSLv3 = 4, + EM_PROTO_TLSv1 = 8, + EM_PROTO_TLSv1_1 = 16, ++#ifdef TLS1_3_VERSION ++ EM_PROTO_TLSv1_2 = 32, ++ EM_PROTO_TLSv1_3 = 64 ++#else + EM_PROTO_TLSv1_2 = 32 ++#endif + }; + + void evma_initialize_library (EMCallback); +diff --git a/ext/rubymain.cpp b/ext/rubymain.cpp +index c5ea628e..0194aaea 100644 +--- a/ext/rubymain.cpp ++++ b/ext/rubymain.cpp +@@ -1511,5 +1511,33 @@ extern "C" void Init_rubyeventmachine() + rb_define_const (EmModule, "EM_PROTO_TLSv1", INT2NUM(EM_PROTO_TLSv1 )); + rb_define_const (EmModule, "EM_PROTO_TLSv1_1", INT2NUM(EM_PROTO_TLSv1_1)); + rb_define_const (EmModule, "EM_PROTO_TLSv1_2", INT2NUM(EM_PROTO_TLSv1_2)); ++#ifdef TLS1_3_VERSION ++ rb_define_const (EmModule, "EM_PROTO_TLSv1_3", INT2NUM(EM_PROTO_TLSv1_3)); ++#endif ++ ++#ifdef OPENSSL_NO_SSL3 ++ /* True if SSL3 is not available */ ++ rb_define_const (EmModule, "OPENSSL_NO_SSL3", Qtrue); ++ rb_define_const (EmModule, "OPENSSL_NO_SSL2", Qtrue); ++#else ++ rb_define_const (EmModule, "OPENSSL_NO_SSL3", Qfalse); ++#ifdef OPENSSL_NO_SSL2 ++ rb_define_const (EmModule, "OPENSSL_NO_SSL2", Qtrue); ++#else ++ rb_define_const (EmModule, "OPENSSL_NO_SSL2", Qfalse); ++#endif ++#endif ++ ++ // OpenSSL Build / Runtime/Load versions ++ ++ /* Version of OpenSSL that EventMachine was compiled with */ ++ rb_define_const(EmModule, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT)); ++ ++#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000 ++ /* Version of OpenSSL that EventMachine loaded with */ ++ rb_define_const(EmModule, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION))); ++#else ++ rb_define_const(EmModule, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION))); ++#endif + } + +diff --git a/ext/ssl.cpp b/ext/ssl.cpp +index 8d5e038a..c83e5b09 100644 +--- a/ext/ssl.cpp ++++ b/ext/ssl.cpp +@@ -180,6 +180,11 @@ SslContext_t::SslContext_t (bool is_server, const std::string &privkeyfile, cons + SSL_CTX_set_options (pCtx, SSL_OP_NO_TLSv1_2); + #endif + ++ #ifdef SSL_OP_NO_TLSv1_3 ++ if (!(ssl_version & EM_PROTO_TLSv1_3)) ++ SSL_CTX_set_options (pCtx, SSL_OP_NO_TLSv1_3); ++ #endif ++ + #ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS); + #endif +diff --git a/lib/em/connection.rb b/lib/em/connection.rb +index 7d45e92f..b5f8b0ad 100644 +--- a/lib/em/connection.rb ++++ b/lib/em/connection.rb +@@ -436,6 +436,9 @@ def start_tls args={} + protocols_bitmask |= EventMachine::EM_PROTO_TLSv1 + protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1 + protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2 ++ if EventMachine.const_defined? :EM_PROTO_TLSv1_3 ++ protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_3 ++ end + else + [ssl_version].flatten.each do |p| + case p.to_s.downcase +@@ -449,6 +452,8 @@ def start_tls args={} + protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1 + when 'tlsv1_2' + protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2 ++ when 'tlsv1_3' ++ protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_3 + else + raise("Unrecognized SSL/TLS Protocol: #{p}") + end diff --git a/rubygem-eventmachine.spec b/rubygem-eventmachine.spec new file mode 100644 index 0000000..af64257 --- /dev/null +++ b/rubygem-eventmachine.spec @@ -0,0 +1,106 @@ +%global gem_name eventmachine +%{!?network: %global network 0} +Name: rubygem-%{gem_name} +Version: 1.2.7 +Release: 1 +Summary: Ruby/EventMachine library +License: GPLv2 or Ruby +URL: http://rubyeventmachine.com +Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem +Patch0: rubygem-eventmachine-1.2.7-OpenSSL-1.1.0-test-updates.patch +Patch1: rubygem-eventmachine-1.2.7-Update-runtime-files-for-TLS13-no-SSL-OpenSSL-lib-info.patch +Patch2: rubygem-eventmachine-1.2.7-Move-console-SSL-Info-code-to-em_test_helper.patch +Patch3: rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch +BuildRequires: ruby(release) +BuildRequires: rubygems-devel +BuildRequires: ruby-devel +BuildRequires: gcc-c++ +BuildRequires: openssl-devel +BuildRequires: rubygem(test-unit) +%description +EventMachine implements a fast, single-threaded engine for arbitrary network +communications. It's extremely easy to use in Ruby. EventMachine wraps all +interactions with IP sockets, allowing programs to concentrate on the +implementation of network protocols. It can be used to create both network +servers and clients. To create a server or client, a Ruby program only needs +to specify the IP address and port, and provide a Module that implements the +communications protocol. Implementations of several standard network protocols +are provided with the package, primarily to serve as examples. The real goal +of EventMachine is to enable programs to easily interface with other programs +using TCP/IP, especially if custom protocols are required. + +%package doc +Summary: Documentation for %{name} +Requires: %{name} = %{version}-%{release} +BuildArch: noarch +%description doc +Documentation for %{name}. + +%prep +%setup -q -n %{gem_name}-%{version} +sed -i '/SSL_CTX_set_cipher_list/ s/".*"/"PROFILE=SYSTEM"/' ext/ssl.cpp +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +gem build ../%{gem_name}-%{version}.gemspec +%gem_install + +%install +mkdir -p %{buildroot}%{gem_dir} +cp -a .%{gem_dir}/* \ + %{buildroot}%{gem_dir}/ +mkdir -p %{buildroot}%{gem_extdir_mri} +cp -a .%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/ +rm -rf %{buildroot}%{gem_instdir}/ext/ + +%check +pushd .%{gem_instdir} +ruby -Ilib:$(dirs +1)%{gem_extdir_mri}:tests -e "Dir.glob './tests/**/test_*.rb', &method(:require)" -- \ + --verbose \ + --ignore-name /^test_exception_on_unbind$/ \ + --ignore-name /^test_.*v3.*$/ \ + --ignore-name /^test_no_ecdh_curve$/ \ + --ignore-name=/^test_cookie$/ \ + --ignore-name=/^test_http_client$/ \ + --ignore-name=/^test_http_client_1$/ \ + --ignore-name=/^test_http_client_2$/ \ + --ignore-name=/^test_version_1_0$/ \ + --ignore-name=/^test_https_get$/ \ + --ignore-name=/^test_get$/ \ + --ignore-name=/^test_get_pipeline$/ \ + --ignore-name=/^test_ipv6_udp_local_server$/ \ +%if 0%{network} < 1 + --ignore-name=/^test_a$/ \ + --ignore-name=/^test_a_pair$/ \ + --ignore-name=/^test_bad_host$/ \ + --ignore-name=/^test_failure_timer_cleanup$/ \ + --ignore-name=/^test_timer_cleanup$/ \ + --ignore-name=/^test_nameserver$/ \ +%endif +popd + +%files +%dir %{gem_instdir} +%{gem_extdir_mri} +%license %{gem_instdir}/GNU +%license %{gem_instdir}/LICENSE +%{gem_libdir} +%exclude %{gem_cache} +%{gem_spec} + +%files doc +%doc %{gem_docdir} +%doc %{gem_instdir}/CHANGELOG.md +%doc %{gem_instdir}/README.md +%doc %{gem_instdir}/docs +%{gem_instdir}/examples +%{gem_instdir}/java +%{gem_instdir}/rakelib +%{gem_instdir}/tests + +%changelog +* Sat Jul 25 2020 wutao - 1.2.7-1 +- package init diff --git a/rubygem-eventmachine.yaml b/rubygem-eventmachine.yaml new file mode 100644 index 0000000..8d3b034 --- /dev/null +++ b/rubygem-eventmachine.yaml @@ -0,0 +1,4 @@ +version_control: github +src_repo: eventmachine/eventmachine +tag_prefix: "^v" +seperator: "."