packages/rubygem-eventmachine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!1 package init

Browse Source 
Merge pull request !1 from small_leek/master
This commit is contained in:
openeuler-ci-bot 2020-08-18 19:18:24 +08:00 committed by Gitee
commit 922e64c74a
7 changed files with 1593 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
eventmachine-1.2.7.gem Normal file
View File

Binary file not shown.

221
rubygem-eventmachine-1.2.7-Move-console-SSL-Info-code-to-em_test_helper.patch Normal file
View File

@ -0,0 +1,221 @@
From fc95df7a31ae5694f6a762c0c3d4f5c79c3ee40b Mon Sep 17 00:00:00 2001
From: MSP-Greg <greg.mpls@gmail.com>
Date: Sun, 13 Jan 2019 16:10:30 -0600
Subject: [PATCH] Remove some old Ruby version code, Travis to xenial (only
TLS, no SSL)
Move console 'SSL Info' code to em_test_helper.rb
Prev code assumed SSLv3 was available, newer OpenSSL versions are often built without
---
tests/em_test_helper.rb | 27 +++++++++++++++++++--
tests/test_ssl_protocols.rb | 46 +++++++++++++------------------------
2 files changed, 41 insertions(+), 32 deletions(-)
diff --git a/tests/em_test_helper.rb b/tests/em_test_helper.rb
index eb322482..2682849c 100644
--- a/tests/em_test_helper.rb
+++ b/tests/em_test_helper.rb
@@ -4,9 +4,32 @@
require 'rbconfig'
require 'socket'
-puts "EM Library Type: #{EM.library_type}"
-
class Test::Unit::TestCase
+
+ # below outputs in to console on load
+ # SSL_AVAIL is used by SSL tests
+ puts "", RUBY_DESCRIPTION
+ puts "\nEM.library_type #{EM.library_type.to_s.ljust(16)} EM.ssl? #{EM.ssl?}"
+ if EM.ssl?
+ require 'openssl'
+ ssl_lib_vers = OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ?
+ OpenSSL::OPENSSL_LIBRARY_VERSION : 'na'
+ puts "OpenSSL OPENSSL_LIBRARY_VERSION: #{ssl_lib_vers}\n" \
+ " OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \
+ " EM OPENSSL_LIBRARY_VERSION: #{EM::OPENSSL_LIBRARY_VERSION}\n" \
+ " OPENSSL_VERSION: #{EM::OPENSSL_VERSION}"
+
+ # assumes all 2.x versions include support for TLSv1_2
+ temp = []
+ temp << 'SSLv2' unless EM::OPENSSL_NO_SSL2
+ temp << 'SSLv3' unless EM::OPENSSL_NO_SSL3
+ temp += %w[TLSv1 TLSv1_1 TLSv1_2]
+ temp << 'TLSv1_3' if EM.const_defined? :EM_PROTO_TLSv1_3
+ temp.sort!
+ puts " SSL_AVAIL: #{temp.join(' ')}", ""
+ SSL_AVAIL = temp.freeze
+ end
+
class EMTestTimeout < StandardError ; end
def setup_timeout(timeout = TIMEOUT_INTERVAL)
diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb
index 181abbc3..96c57c23 100644
--- a/tests/test_ssl_protocols.rb
+++ b/tests/test_ssl_protocols.rb
@@ -6,20 +6,6 @@
if EM.ssl?
class TestSslProtocols < Test::Unit::TestCase
- # equal to base METHODS, downcased, like ["tlsv1, "tlsv1_1", "tlsv1_2"]
- if RUBY_VERSION == "1.8.7"
- SSL_AVAIL = ["sslv3", "tlsv1"]
- else
- SSL_AVAIL = ::OpenSSL::SSL::SSLContext::METHODS.select { |i| i =~ /[^\d]\d\z/ }.map { |i| i.to_s.downcase }
- end
-
- libr_vers = OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ?
- OpenSSL::OPENSSL_VERSION : 'na'
-
- puts "OPENSSL_LIBRARY_VERSION: #{libr_vers}\n" \
- " OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \
- " SSL_AVAIL: #{SSL_AVAIL.join(' ')}"
-
module Client
def ssl_handshake_completed
$client_handshake_completed = true
@@ -40,7 +25,7 @@ def ssl_handshake_completed
module ClientAny
include Client
def post_init
- start_tls(:ssl_version => SSL_AVAIL)
+ start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
end
end
@@ -89,7 +74,7 @@ def post_init
module ServerAny
include Server
def post_init
- start_tls(:ssl_version => SSL_AVAIL)
+ start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
end
end
@@ -117,7 +102,7 @@ def test_invalid_ssl_version
end
def test_any_to_v3
- omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
EM.start_server("127.0.0.1", 16784, ServerSSLv3)
@@ -129,7 +114,7 @@ def test_any_to_v3
end
def test_any_to_tlsv1_2
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
@@ -152,7 +137,7 @@ def test_case_insensitivity
end
def test_v3_to_any
- omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
EM.start_server("127.0.0.1", 16784, ServerAny)
@@ -164,7 +149,7 @@ def test_v3_to_any
end
def test_tlsv1_2_to_any
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
EM.start_server("127.0.0.1", 16784, ServerAny)
@@ -176,7 +161,7 @@ def test_tlsv1_2_to_any
end
def test_v3_to_v3
- omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
EM.start_server("127.0.0.1", 16784, ServerSSLv3)
@@ -188,7 +173,7 @@ def test_v3_to_v3
end
def test_tlsv1_2_to_tlsv1_2
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
@@ -245,7 +230,7 @@ def ssl_handshake_completed
module ServerAnyStopAfterHandshake
def post_init
- start_tls(:ssl_version => SSL_AVAIL)
+ start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
end
def ssl_handshake_completed
@@ -255,7 +240,7 @@ def ssl_handshake_completed
end
def test_v3_with_external_client
- omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
+ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
$server_handshake_completed = false
EM.run do
setup_timeout(2)
@@ -276,7 +261,7 @@ def test_v3_with_external_client
# Fixed Server
def test_tlsv1_2_with_external_client
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
$server_handshake_completed = false
EM.run do
setup_timeout(2)
@@ -284,7 +269,7 @@ def test_tlsv1_2_with_external_client
EM.defer do
sock = TCPSocket.new("127.0.0.1", 16784)
ctx = OpenSSL::SSL::SSLContext.new
- ctx.ssl_version = :SSLv23_client
+ ctx.ssl_version = :SSLv23
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.connect
ssl.close rescue nil
@@ -297,7 +282,7 @@ def test_tlsv1_2_with_external_client
# Fixed Client
def test_any_with_external_client_tlsv1_2
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
$server_handshake_completed = false
EM.run do
setup_timeout(2)
@@ -305,7 +290,7 @@ def test_any_with_external_client_tlsv1_2
EM.defer do
sock = TCPSocket.new("127.0.0.1", 16784)
ctx = OpenSSL::SSL::SSLContext.new
- ctx.ssl_version = :TLSv1_2_client
+ ctx.ssl_version = :TLSv1_2
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.connect
ssl.close rescue nil
@@ -318,7 +303,7 @@ def test_any_with_external_client_tlsv1_2
# Refuse a client?
def test_tlsv1_2_required_with_external_client
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
$server_handshake_completed = false
EM.run do
n = 0
@@ -330,7 +315,7 @@ def test_tlsv1_2_required_with_external_client
EM.defer do
sock = TCPSocket.new("127.0.0.1", 16784)
ctx = OpenSSL::SSL::SSLContext.new
- ctx.ssl_version = :TLSv1_client
+ ctx.ssl_version = :TLSv1
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
ssl.close rescue nil

251
rubygem-eventmachine-1.2.7-OpenSSL-1.1.0-test-updates.patch Normal file
View File

@ -0,0 +1,251 @@
From 506a0c6d2f039c78c0f7d96a31b11b73aa36dccd Mon Sep 17 00:00:00 2001
From: MSP-Greg <MSP-Greg@users.noreply.github.com>
Date: Sat, 8 Jul 2017 14:28:50 -0500
Subject: [PATCH] OpenSSL 1.1.0 test updates
---
tests/test_ssl_protocols.rb | 127 ++++++++++++++++++++++++++++++++----
1 file changed, 114 insertions(+), 13 deletions(-)
diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb
index bcb68246..e7b16370 100644
--- a/tests/test_ssl_protocols.rb
+++ b/tests/test_ssl_protocols.rb
@@ -6,6 +6,20 @@
if EM.ssl?
class TestSslProtocols < Test::Unit::TestCase
+ # equal to base METHODS, downcased, like ["tlsv1, "tlsv1_1", "tlsv1_2"]
+ if RUBY_VERSION == "1.8.7"
+ SSL_AVAIL = ["sslv3", "tlsv1"]
+ else
+ SSL_AVAIL = ::OpenSSL::SSL::SSLContext::METHODS.select { |i| i =~ /[^\d]\d\z/ }.map { |i| i.to_s.downcase }
+ end
+
+ libr_vers = OpenSSL.const_defined?(:OPENSSL_LIBRARY_VERSION) ?
+ OpenSSL::OPENSSL_VERSION : 'na'
+
+ puts "OPENSSL_LIBRARY_VERSION: #{libr_vers}\n" \
+ " OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}\n" \
+ " SSL_AVAIL: #{SSL_AVAIL.join(' ')}"
+
module Client
def ssl_handshake_completed
$client_handshake_completed = true
@@ -26,7 +40,7 @@ def ssl_handshake_completed
module ClientAny
include Client
def post_init
- start_tls(:ssl_version => %w(sslv2 sslv3 tlsv1 tlsv1_1 tlsv1_2))
+ start_tls(:ssl_version => SSL_AVAIL)
end
end
@@ -51,6 +65,20 @@ def post_init
end
end
+ module ClientTLSv1_2
+ include Client
+ def post_init
+ start_tls(:ssl_version => %w(TLSv1_2))
+ end
+ end
+
+ module ServerTLSv1_2
+ include Server
+ def post_init
+ start_tls(:ssl_version => %w(TLSv1_2))
+ end
+ end
+
module ServerTLSv1CaseInsensitive
include Server
def post_init
@@ -61,7 +89,7 @@ def post_init
module ServerAny
include Server
def post_init
- start_tls(:ssl_version => %w(sslv2 sslv3 tlsv1 tlsv1_1 tlsv1_2))
+ start_tls(:ssl_version => SSL_AVAIL)
end
end
@@ -89,6 +117,7 @@ def test_invalid_ssl_version
end
def test_any_to_v3
+ omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
EM.start_server("127.0.0.1", 16784, ServerSSLv3)
@@ -99,6 +128,18 @@ def test_any_to_v3
assert($server_handshake_completed)
end
+ def test_any_to_tlsv1_2
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ $client_handshake_completed, $server_handshake_completed = false, false
+ EM.run do
+ EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
+ EM.connect("127.0.0.1", 16784, ClientAny)
+ end
+
+ assert($client_handshake_completed)
+ assert($server_handshake_completed)
+ end
+
def test_case_insensitivity
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
@@ -111,6 +152,7 @@ def test_case_insensitivity
end
def test_v3_to_any
+ omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
EM.start_server("127.0.0.1", 16784, ServerAny)
@@ -121,7 +163,20 @@ def test_v3_to_any
assert($server_handshake_completed)
end
+ def test_tlsv1_2_to_any
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ $client_handshake_completed, $server_handshake_completed = false, false
+ EM.run do
+ EM.start_server("127.0.0.1", 16784, ServerAny)
+ EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
+ end
+
+ assert($client_handshake_completed)
+ assert($server_handshake_completed)
+ end
+
def test_v3_to_v3
+ omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
EM.start_server("127.0.0.1", 16784, ServerSSLv3)
@@ -132,6 +187,18 @@ def test_v3_to_v3
assert($server_handshake_completed)
end
+ def test_tlsv1_2_to_tlsv1_2
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ $client_handshake_completed, $server_handshake_completed = false, false
+ EM.run do
+ EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
+ EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
+ end
+
+ assert($client_handshake_completed)
+ assert($server_handshake_completed)
+ end
+
def test_any_to_any
$client_handshake_completed, $server_handshake_completed = false, false
EM.run do
@@ -165,9 +232,20 @@ def ssl_handshake_completed
end
end
- module ServerTLSv1StopAfterHandshake
+ module ServerTLSv1_2StopAfterHandshake
def post_init
- start_tls(:ssl_version => %w(TLSv1))
+ start_tls(:ssl_version => %w(TLSv1_2))
+ end
+
+ def ssl_handshake_completed
+ $server_handshake_completed = true
+ EM.stop_event_loop
+ end
+ end
+
+ module ServerAnyStopAfterHandshake
+ def post_init
+ start_tls(:ssl_version => SSL_AVAIL)
end
def ssl_handshake_completed
@@ -177,6 +255,7 @@ def ssl_handshake_completed
end
def test_v3_with_external_client
+ omit("SSLv3 is (correctly) unavailable") unless SSL_AVAIL.include? "sslv3"
$server_handshake_completed = false
EM.run do
setup_timeout(2)
@@ -195,15 +274,17 @@ def test_v3_with_external_client
assert($server_handshake_completed)
end
- def test_tlsv1_with_external_client
+ # Fixed Server
+ def test_tlsv1_2_with_external_client
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
$server_handshake_completed = false
EM.run do
setup_timeout(2)
- EM.start_server("127.0.0.1", 16784, ServerTLSv1StopAfterHandshake)
+ EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
EM.defer do
sock = TCPSocket.new("127.0.0.1", 16784)
ctx = OpenSSL::SSL::SSLContext.new
- ctx.ssl_version = :TLSv1_client
+ ctx.ssl_version = :SSLv23_client
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.connect
ssl.close rescue nil
@@ -214,24 +295,44 @@ def test_tlsv1_with_external_client
assert($server_handshake_completed)
end
- def test_tlsv1_required_with_external_client
+ # Fixed Client
+ def test_any_with_external_client_tlsv1_2
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
$server_handshake_completed = false
+ EM.run do
+ setup_timeout(2)
+ EM.start_server("127.0.0.1", 16784, ServerAnyStopAfterHandshake)
+ EM.defer do
+ sock = TCPSocket.new("127.0.0.1", 16784)
+ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.ssl_version = :TLSv1_2_client
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+ ssl.connect
+ ssl.close rescue nil
+ sock.close rescue nil
+ end
+ end
+
+ assert($server_handshake_completed)
+ end
+ # Refuse a client?
+ def test_tlsv1_2_required_with_external_client
+ omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "tlsv1_2"
+ $server_handshake_completed = false
EM.run do
n = 0
EM.add_periodic_timer(0.5) do
n += 1
(EM.stop rescue nil) if n == 2
end
- EM.start_server("127.0.0.1", 16784, ServerTLSv1StopAfterHandshake)
+ EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
EM.defer do
sock = TCPSocket.new("127.0.0.1", 16784)
ctx = OpenSSL::SSL::SSLContext.new
- ctx.ssl_version = :SSLv3_client
+ ctx.ssl_version = :TLSv1_client
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
- assert_raise OpenSSL::SSL::SSLError do
- ssl.connect
- end
+ assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
ssl.close rescue nil
sock.close rescue nil
EM.stop rescue nil

898
rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch Normal file
View File

@ -0,0 +1,898 @@
From dd6cec8d5278e11f2a1752aa7b4a712d53b1f1d3 Mon Sep 17 00:00:00 2001
From: MSP-Greg <greg.mpls@gmail.com>
Date: Sun, 13 Jan 2019 21:23:03 -0600
Subject: [PATCH] Update SSL tests, 1.1.x & TLSv1_3
Add Ruby 2.6 to Travis osx for OpenSSL 1.1.0
Note that order of 'ssl_handshake_completed' callbacks in TLSv1_3 are reversed
---
tests/test_ssl_dhparam.rb | 6 +-
tests/test_ssl_ecdh_curve.rb | 45 ++++++
tests/test_ssl_extensions.rb | 56 +++++---
tests/test_ssl_methods.rb | 3
tests/test_ssl_protocols.rb | 322 +++++++++++++++++--------------------------------
tests/test_ssl_verify.rb | 110 ++++++++++------
6 files changed, 263 insertions(+), 279 deletions(-)
diff --git a/tests/test_ssl_dhparam.rb b/tests/test_ssl_dhparam.rb
index 0a7f01da..e5165caf 100644
--- a/tests/test_ssl_dhparam.rb
+++ b/tests/test_ssl_dhparam.rb
@@ -8,7 +8,7 @@ def setup
module Client
def post_init
- start_tls
+ start_tls(:ssl_version => %w(TLSv1_2))
end
def ssl_handshake_completed
@@ -24,7 +24,7 @@ def unbind
module Server
def post_init
- start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH")
+ start_tls(:dhparam => $dhparam_file, :cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2))
end
def ssl_handshake_completed
@@ -35,7 +35,7 @@ def ssl_handshake_completed
module NoDhServer
def post_init
- start_tls(:cipher_list => "DHE,EDH")
+ start_tls(:cipher_list => "DHE,EDH", :ssl_version => %w(TLSv1_2))
end
def ssl_handshake_completed
diff --git a/tests/test_ssl_ecdh_curve.rb b/tests/test_ssl_ecdh_curve.rb
index c4148ce9..53b8ae24 100644
--- a/tests/test_ssl_ecdh_curve.rb
+++ b/tests/test_ssl_ecdh_curve.rb
@@ -1,6 +1,11 @@
require 'em_test_helper'
class TestSslEcdhCurve < Test::Unit::TestCase
+ if EM.ssl?
+ SSL_LIB_VERS = EM::OPENSSL_LIBRARY_VERSION[/OpenSSL (\d+\.\d+\.\d+)/, 1]
+ .split('.').map(&:to_i)
+ end
+
module Client
def post_init
start_tls
@@ -17,7 +15,7 @@ def post_init
def ssl_handshake_completed
$client_handshake_completed = true
$client_cipher_name = get_cipher_name
- close_connection
+ close_connection unless /TLSv1\.3/i =~ get_cipher_protocol
end
def unbind
@@ -27,7 +25,11 @@ def unbind
module Server
def post_init
- start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH")
+ if (SSL_LIB_VERS <=> [1, 1]) == 1
+ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2))
+ else
+ start_tls(:ecdh_curve => "prime256v1", :cipher_list => "ECDH", :ssl_version => %w(TLSv1_2))
+ end
end
def ssl_handshake_completed
@@ -36,9 +38,21 @@ def ssl_handshake_completed
end
end
+ module Server1_3
+ def post_init
+ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_3))
+ end
+
+ def ssl_handshake_completed
+ $server_handshake_completed = true
+ $server_cipher_name = get_cipher_name
+ close_connection if /TLSv1\.3/i =~ get_cipher_protocol
+ end
+ end
+
module NoCurveServer
def post_init
- start_tls(:cipher_list => "ECDH")
+ start_tls(:cipher_list => "ECDH", :ssl_version => %w(TLSv1_2))
end
def ssl_handshake_completed
@@ -50,6 +64,7 @@ def ssl_handshake_completed
def test_no_ecdh_curve
omit_unless(EM.ssl?)
omit_if(rbx?)
+ omit("OpenSSL 1.1.x (and later) auto selects curve") if (SSL_LIB_VERS <=> [1, 1]) == 1
$client_handshake_completed, $server_handshake_completed = false, false
@@ -85,5 +99,27 @@ def test_ecdh_curve
assert_match(/^(AECDH|ECDHE)/, $client_cipher_name)
end
+ def test_ecdh_curve_tlsv1_3
+ omit("No SSL") unless EM.ssl?
+ omit_if(EM.library_type == :pure_ruby && RUBY_VERSION < "2.3.0")
+ omit_if(rbx?)
+ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
+ $client_handshake_completed, $server_handshake_completed = false, false
+ $server_cipher_name, $client_cipher_name = nil, nil
+
+ EM.run {
+ EM.start_server("127.0.0.1", 16784, Server1_3)
+ EM.connect("127.0.0.1", 16784, Client)
+ }
+
+ assert($client_handshake_completed)
+ assert($server_handshake_completed)
+
+ assert($client_cipher_name.length > 0)
+ assert_equal($client_cipher_name, $server_cipher_name)
+ # see https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
+ # may depend on OpenSSL build options
+ assert_equal("TLS_AES_256_GCM_SHA384", $client_cipher_name)
+ end
end
diff --git a/tests/test_ssl_extensions.rb b/tests/test_ssl_extensions.rb
index 594feb95..93f4ef5a 100644
--- a/tests/test_ssl_extensions.rb
+++ b/tests/test_ssl_extensions.rb
@@ -5,43 +5,57 @@
if EM.ssl?
class TestSslExtensions < Test::Unit::TestCase
+ IP, PORT = "127.0.0.1", 16784
+
module Client
- def ssl_handshake_completed
- $client_handshake_completed = true
- close_connection
- end
-
- def unbind
- EM.stop_event_loop
+ def self.ssl_vers=(val = nil)
+ @@ssl_vers = val
end
def post_init
- start_tls(:ssl_version => :tlsv1, :sni_hostname => 'example.com')
+ start_tls(:sni_hostname => 'example.com', :ssl_version => @@ssl_vers)
end
end
module Server
- def ssl_handshake_completed
- $server_handshake_completed = true
- $server_sni_hostname = get_sni_hostname
- end
+ @@handshake_completed = false
+ @@sni_hostname = 'Not set'
+
+ def self.handshake_completed? ; !!@@handshake_completed end
+ def self.sni_hostname ; @@sni_hostname end
def post_init
- start_tls(:ssl_version => :TLSv1)
+ start_tls
end
- end
- def test_tlsext_sni_hostname
- $server_handshake_completed = false
+ def ssl_handshake_completed
+ @@handshake_completed = true
+ @@sni_hostname = get_sni_hostname
+ end
+ end
+ def client_server(client = nil)
EM.run do
- EM.start_server("127.0.0.1", 16784, Server)
- EM.connect("127.0.0.1", 16784, Client)
+ Client.ssl_vers = client
+ EM.start_server IP, PORT, Server
+ EM.connect IP, PORT, Client
+ EM.add_timer(0.3) { EM.stop_event_loop }
end
-
- assert($server_handshake_completed)
- assert_equal('example.com', $server_sni_hostname)
end
+
+ def test_tlsext_sni_hostname_1_2
+ client_server %w(TLSv1_2)
+ assert Server.handshake_completed?
+ assert_equal 'example.com', Server.sni_hostname
+ end
+
+ def test_tlsext_sni_hostname_1_3
+ omit("TLSv1_3 is unavailable") unless SSL_AVAIL.include? "tlsv1_3"
+ client_server %w(TLSv1_3)
+ assert Server.handshake_completed?
+ assert_equal 'example.com', Server.sni_hostname
+ end
+
end
else
warn "EM built without SSL support, skipping tests in #{__FILE__}"
diff --git a/tests/test_ssl_methods.rb b/tests/test_ssl_methods.rb
index 3c45ee5d..022844fd 100644
--- a/tests/test_ssl_methods.rb
+++ b/tests/test_ssl_methods.rb
@@ -13,6 +13,7 @@ def ssl_handshake_completed
$server_cipher_bits = get_cipher_bits
$server_cipher_name = get_cipher_name
$server_cipher_protocol = get_cipher_protocol
+ EM.stop_event_loop if /TLSv1\.3/ =~ get_cipher_protocol
end
end
@@ -27,7 +28,7 @@ def ssl_handshake_completed
$client_cipher_bits = get_cipher_bits
$client_cipher_name = get_cipher_name
$client_cipher_protocol = get_cipher_protocol
- EM.stop_event_loop
+ EM.stop_event_loop if /TLSv1\.3/ !~ get_cipher_protocol
end
end
diff --git a/tests/test_ssl_protocols.rb b/tests/test_ssl_protocols.rb
index 96c57c23..6b10eb6b 100644
--- a/tests/test_ssl_protocols.rb
+++ b/tests/test_ssl_protocols.rb
@@ -3,319 +1,224 @@
require 'openssl'
if EM.ssl?
+
class TestSslProtocols < Test::Unit::TestCase
+ IP, PORT = "127.0.0.1", 16784
+ RUBY_SSL_GE_2_1 = OpenSSL::VERSION >= '2.1'
+
module Client
- def ssl_handshake_completed
- $client_handshake_completed = true
- close_connection
- end
+ @@handshake_completed = false
- def unbind
- EM.stop_event_loop
+ def self.ssl_vers=(val = nil)
+ @@ssl_vers = val
end
- end
- module Server
- def ssl_handshake_completed
- $server_handshake_completed = true
+ def self.handshake_completed?
+ @@handshake_completed
end
- end
- module ClientAny
- include Client
def post_init
- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
+ @@handshake_completed = false
+ if @@ssl_vers
+ start_tls(:ssl_version => @@ssl_vers)
+ else
+ start_tls
+ end
end
- end
- module ClientDefault
- include Client
- def post_init
- start_tls
- end
- end
-
- module ClientSSLv3
- include Client
- def post_init
- start_tls(:ssl_version => %w(SSLv3))
+ def ssl_handshake_completed
+ @@handshake_completed = true
end
end
- module ServerSSLv3
- include Server
- def post_init
- start_tls(:ssl_version => %w(SSLv3))
- end
- end
+ module Server
+ @@handshake_completed = false
- module ClientTLSv1_2
- include Client
- def post_init
- start_tls(:ssl_version => %w(TLSv1_2))
+ def self.ssl_vers=(val = nil)
+ @@ssl_vers = val
end
- end
- module ServerTLSv1_2
- include Server
- def post_init
- start_tls(:ssl_version => %w(TLSv1_2))
- end
- end
+ def self.handshake_completed? ; @@handshake_completed end
- module ServerTLSv1CaseInsensitive
- include Server
def post_init
- start_tls(:ssl_version => %w(tlsv1))
- end
- end
-
- module ServerAny
- include Server
- def post_init
- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
+ @@handshake_completed = false
+ if @@ssl_vers
+ start_tls(:ssl_version => @@ssl_vers)
+ else
+ start_tls
+ end
end
- end
- module ServerDefault
- include Server
- def post_init
- start_tls
+ def ssl_handshake_completed
+ @@handshake_completed = true
end
end
- module InvalidProtocol
- include Client
- def post_init
- start_tls(:ssl_version => %w(tlsv1 badinput))
+ def client_server(client = nil, server = nil)
+ EM.run do
+ Client.ssl_vers, Server.ssl_vers = client, server
+ EM.start_server IP, PORT, Server
+ EM.connect IP, PORT, Client
+ EM.add_timer(0.3) { EM.stop_event_loop }
end
end
def test_invalid_ssl_version
assert_raises(RuntimeError, "Unrecognized SSL/TLS Version: badinput") do
- EM.run do
- EM.start_server("127.0.0.1", 16784, InvalidProtocol)
- EM.connect("127.0.0.1", 16784, InvalidProtocol)
- end
+ client_server %w(tlsv1 badinput), %w(tlsv1 badinput)
end
end
def test_any_to_v3
omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run do
- EM.start_server("127.0.0.1", 16784, ServerSSLv3)
- EM.connect("127.0.0.1", 16784, ClientAny)
- end
-
- assert($client_handshake_completed)
- assert($server_handshake_completed)
+ client_server SSL_AVAIL, %w(SSLv3)
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
end
def test_any_to_tlsv1_2
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run do
- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
- EM.connect("127.0.0.1", 16784, ClientAny)
- end
-
- assert($client_handshake_completed)
- assert($server_handshake_completed)
+ client_server SSL_AVAIL, %w(TLSv1_2)
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
end
def test_case_insensitivity
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run do
- EM.start_server("127.0.0.1", 16784, ServerTLSv1CaseInsensitive)
- EM.connect("127.0.0.1", 16784, ClientAny)
- end
-
- assert($client_handshake_completed)
- assert($server_handshake_completed)
+ lower_case = SSL_AVAIL.map { |p| p.downcase }
+ client_server %w(tlsv1), lower_case
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
end
def test_v3_to_any
omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run do
- EM.start_server("127.0.0.1", 16784, ServerAny)
- EM.connect("127.0.0.1", 16784, ClientSSLv3)
- end
-
- assert($client_handshake_completed)
- assert($server_handshake_completed)
+ client_server %w(SSLv3), SSL_AVAIL
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
end
def test_tlsv1_2_to_any
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run do
- EM.start_server("127.0.0.1", 16784, ServerAny)
- EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
- end
-
- assert($client_handshake_completed)
- assert($server_handshake_completed)
+ client_server %w(TLSv1_2), SSL_AVAIL
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
end
def test_v3_to_v3
omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run do
- EM.start_server("127.0.0.1", 16784, ServerSSLv3)
- EM.connect("127.0.0.1", 16784, ClientSSLv3)
- end
-
- assert($client_handshake_completed)
- assert($server_handshake_completed)
+ client_server %w(SSLv3), %w(SSLv3)
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
end
def test_tlsv1_2_to_tlsv1_2
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run do
- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2)
- EM.connect("127.0.0.1", 16784, ClientTLSv1_2)
- end
+ client_server %w(TLSv1_2), %w(TLSv1_2)
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
+ end
- assert($client_handshake_completed)
- assert($server_handshake_completed)
+ def test_tlsv1_3_to_tlsv1_3
+ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
+ client_server %w(TLSv1_3), %w(TLSv1_3)
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
end
def test_any_to_any
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run do
- EM.start_server("127.0.0.1", 16784, ServerAny)
- EM.connect("127.0.0.1", 16784, ClientAny)
- end
-
- assert($client_handshake_completed)
- assert($server_handshake_completed)
+ client_server SSL_AVAIL, SSL_AVAIL
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
end
def test_default_to_default
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run do
- EM.start_server("127.0.0.1", 16784, ServerDefault)
- EM.connect("127.0.0.1", 16784, ClientDefault)
- end
-
- assert($client_handshake_completed)
- assert($server_handshake_completed)
- end
-
- module ServerV3StopAfterHandshake
- def post_init
- start_tls(:ssl_version => %w(SSLv3))
- end
-
- def ssl_handshake_completed
- $server_handshake_completed = true
- EM.stop_event_loop
- end
+ client_server
+ assert Client.handshake_completed?
+ assert Server.handshake_completed?
end
- module ServerTLSv1_2StopAfterHandshake
- def post_init
- start_tls(:ssl_version => %w(TLSv1_2))
+ module ServerStopAfterHandshake
+ def self.ssl_vers=(val)
+ @@ssl_vers = val
end
- def ssl_handshake_completed
- $server_handshake_completed = true
- EM.stop_event_loop
- end
- end
+ def self.handshake_completed? ; @@handshake_completed end
- module ServerAnyStopAfterHandshake
def post_init
- start_tls(:ssl_version => TestSslProtocols::SSL_AVAIL)
+ @@handshake_completed = false
+ start_tls(:ssl_version => @@ssl_vers)
end
def ssl_handshake_completed
- $server_handshake_completed = true
+ @@handshake_completed = true
EM.stop_event_loop
end
end
- def test_v3_with_external_client
- omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
- $server_handshake_completed = false
+ def external_client(ext_min, ext_max, ext_ssl, server)
EM.run do
setup_timeout(2)
- EM.start_server("127.0.0.1", 16784, ServerV3StopAfterHandshake)
+ ServerStopAfterHandshake.ssl_vers = server
+ EM.start_server(IP, PORT, ServerStopAfterHandshake)
EM.defer do
- sock = TCPSocket.new("127.0.0.1", 16784)
+ sock = TCPSocket.new(IP, PORT)
ctx = OpenSSL::SSL::SSLContext.new
- ctx.ssl_version = :SSLv3_client
+ if RUBY_SSL_GE_2_1
+ ctx.min_version = ext_min if ext_min
+ ctx.max_version = ext_max if ext_max
+ else
+ ctx.ssl_version = ext_ssl
+ end
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.connect
ssl.close rescue nil
sock.close rescue nil
end
end
+ assert ServerStopAfterHandshake.handshake_completed?
+ end
- assert($server_handshake_completed)
+ def test_v3_with_external_client
+ omit("SSLv3 is (correctly) unavailable") if EM::OPENSSL_NO_SSL3
+ external_client nil, nil, :SSLv3_client, %w(SSLv3)
end
# Fixed Server
def test_tlsv1_2_with_external_client
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
- $server_handshake_completed = false
- EM.run do
- setup_timeout(2)
- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
- EM.defer do
- sock = TCPSocket.new("127.0.0.1", 16784)
- ctx = OpenSSL::SSL::SSLContext.new
- ctx.ssl_version = :SSLv23
- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
- ssl.connect
- ssl.close rescue nil
- sock.close rescue nil
- end
- end
+ external_client nil, nil, :SSLv23_client, %w(TLSv1_2)
+ end
- assert($server_handshake_completed)
+ def test_tlsv1_3_with_external_client
+ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
+ external_client nil, nil, :SSLv23_client, %w(TLSv1_3)
end
# Fixed Client
def test_any_with_external_client_tlsv1_2
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
- $server_handshake_completed = false
- EM.run do
- setup_timeout(2)
- EM.start_server("127.0.0.1", 16784, ServerAnyStopAfterHandshake)
- EM.defer do
- sock = TCPSocket.new("127.0.0.1", 16784)
- ctx = OpenSSL::SSL::SSLContext.new
- ctx.ssl_version = :TLSv1_2
- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
- ssl.connect
- ssl.close rescue nil
- sock.close rescue nil
- end
- end
+ external_client :TLS1_2, :TLS1_2, :TLSv1_2_client, SSL_AVAIL
+ end
- assert($server_handshake_completed)
+ def test_any_with_external_client_tlsv1_3
+ omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
+ external_client :TLS1_3, :TLS1_3, :TLSv1_2_client, SSL_AVAIL
end
# Refuse a client?
def test_tlsv1_2_required_with_external_client
- omit("TLSv1_2 is unavailable") unless SSL_AVAIL.include? "TLSv1_2"
- $server_handshake_completed = false
EM.run do
n = 0
EM.add_periodic_timer(0.5) do
n += 1
(EM.stop rescue nil) if n == 2
end
- EM.start_server("127.0.0.1", 16784, ServerTLSv1_2StopAfterHandshake)
+ ServerStopAfterHandshake.ssl_vers = %w(TLSv1_2)
+ EM.start_server(IP, PORT, ServerStopAfterHandshake)
EM.defer do
- sock = TCPSocket.new("127.0.0.1", 16784)
+ sock = TCPSocket.new(IP, PORT)
ctx = OpenSSL::SSL::SSLContext.new
- ctx.ssl_version = :TLSv1
+ if RUBY_SSL_GE_2_1
+ ctx.max_version = :TLS1_1
+ else
+ ctx.ssl_version = :TLSv1_client
+ end
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
assert_raise(OpenSSL::SSL::SSLError) { ssl.connect }
ssl.close rescue nil
@@ -323,10 +226,9 @@ def test_tlsv1_2_required_with_external_client
EM.stop rescue nil
end
end
-
- assert(!$server_handshake_completed)
+ assert !ServerStopAfterHandshake.handshake_completed?
end
end
else
warn "EM built without SSL support, skipping tests in #{__FILE__}"
-end
+end
\ No newline at end of file
diff --git a/tests/test_ssl_verify.rb b/tests/test_ssl_verify.rb
index 00ec1466..0c84e97e 100644
--- a/tests/test_ssl_verify.rb
+++ b/tests/test_ssl_verify.rb
@@ -1,74 +1,100 @@
require 'em_test_helper'
class TestSslVerify < Test::Unit::TestCase
- def setup
- $dir = File.dirname(File.expand_path(__FILE__)) + '/'
- $cert_from_file = File.read($dir+'client.crt')
- end
+
+ DIR = File.dirname(File.expand_path(__FILE__)) + '/'
+ CERT_FROM_FILE = File.read(DIR+'client.crt')
+
+ IP, PORT = "127.0.0.1", 16784
module ClientNoCert
- def connection_completed
+ @@handshake_completed = nil
+ def self.handshake_completed? ; !!@@handshake_completed end
+
+ def post_init
+ @@handshake_completed = false
start_tls()
end
def ssl_handshake_completed
- $client_handshake_completed = true
- close_connection
+ @@handshake_completed = true
end
def unbind
- EM.stop_event_loop
+ @@handshake_completed = false
end
end
module Client
- def connection_completed
- start_tls(:private_key_file => $dir+'client.key', :cert_chain_file => $dir+'client.crt')
+ @@handshake_completed = nil
+ def self.handshake_completed? ; !!@@handshake_completed end
+ def self.timer=(val) ; @@timer = val end
+
+ def post_init #G connection_completed
+ @client_closed = false
+ @@handshake_completed = nil
+ @@timer = false
+ start_tls(:private_key_file => DIR+'client.key', :cert_chain_file => DIR+'client.crt')
end
def ssl_handshake_completed
- $client_handshake_completed = true
- close_connection
+ @@handshake_completed = true
end
def unbind
- EM.stop_event_loop
+ @@handshake_completed = false unless @@timer
end
end
module AcceptServer
+ @@handshake_completed = nil
+ def self.handshake_completed? ; !!@@handshake_completed end
+ def self.cert ; @@cert end
+
def post_init
+ @@cert = nil
+ @@handshake_completed = false
start_tls(:verify_peer => true)
end
def ssl_verify_peer(cert)
- $cert_from_server = cert
+ @@cert = cert
true
end
def ssl_handshake_completed
- $server_handshake_completed = true
+ @@handshake_completed = true
end
end
module DenyServer
+ @@handshake_completed = nil
+ def self.handshake_completed? ; !!@@handshake_completed end
+ def self.cert ; @@cert end
+
def post_init
+ @@cert = nil
+ @@handshake_completed = nil
start_tls(:verify_peer => true)
end
def ssl_verify_peer(cert)
- $cert_from_server = cert
+ @@cert = cert
# Do not accept the peer. This should now cause the connection to shut down without the SSL handshake being completed.
false
end
def ssl_handshake_completed
- $server_handshake_completed = true
+ @@handshake_completed = true
end
end
module FailServerNoPeerCert
+ @@handshake_completed = nil
+ def self.handshake_completed? ; !!@@handshake_completed end
+
def post_init
+ @@handshake_completed = false
start_tls(:verify_peer => true, :fail_if_no_peer_cert => true)
end
@@ -77,52 +103,52 @@ def ssl_verify_peer(cert)
end
def ssl_handshake_completed
- $server_handshake_completed = true
+ @@handshake_completed = true
end
end
+ def em_run(server, client)
+ EM.run {
+ EM.start_server IP, PORT, server
+ EM.connect IP, PORT, client
+ EM.add_timer(0.3) {
+ Client.timer = true
+ EM.stop_event_loop
+ }
+ }
+ end
+
def test_fail_no_peer_cert
omit_unless(EM.ssl?)
omit_if(rbx?)
- $client_handshake_completed, $server_handshake_completed = false, false
+ em_run FailServerNoPeerCert, ClientNoCert
- EM.run {
- EM.start_server("127.0.0.1", 16784, FailServerNoPeerCert)
- EM.connect("127.0.0.1", 16784, ClientNoCert)
- }
-
- assert(!$client_handshake_completed)
- assert(!$server_handshake_completed)
+ assert !ClientNoCert.handshake_completed?
+ assert !FailServerNoPeerCert.handshake_completed?
end
def test_accept_server
omit_unless(EM.ssl?)
omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain
omit_if(rbx?)
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run {
- EM.start_server("127.0.0.1", 16784, AcceptServer)
- EM.connect("127.0.0.1", 16784, Client).instance_variable_get("@signature")
- }
- assert_equal($cert_from_file, $cert_from_server)
- assert($client_handshake_completed)
- assert($server_handshake_completed)
+ em_run AcceptServer, Client
+
+ assert_equal CERT_FROM_FILE, AcceptServer.cert
+ assert Client.handshake_completed?
+ assert AcceptServer.handshake_completed?
end
def test_deny_server
omit_unless(EM.ssl?)
omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain
omit_if(rbx?)
- $client_handshake_completed, $server_handshake_completed = false, false
- EM.run {
- EM.start_server("127.0.0.1", 16784, DenyServer)
- EM.connect("127.0.0.1", 16784, Client)
- }
- assert_equal($cert_from_file, $cert_from_server)
- assert(!$client_handshake_completed)
- assert(!$server_handshake_completed)
+ em_run DenyServer, Client
+
+ assert_equal CERT_FROM_FILE, DenyServer.cert
+ assert !Client.handshake_completed?
+ assert !DenyServer.handshake_completed?
end
end

113
rubygem-eventmachine-1.2.7-Update-runtime-files-for-TLS13-no-SSL-OpenSSL-lib-info.patch Normal file
View File

@ -0,0 +1,113 @@
From 0904385936ef4ecae4519f4f7b8f829a3608afcd Mon Sep 17 00:00:00 2001
From: MSP-Greg <greg.mpls@gmail.com>
Date: Sun, 13 Jan 2019 08:47:36 -0600
Subject: [PATCH] Update runtime files for TLS 1.3, no SSL, OpenSSL lib info
Add several constants related to OpenSSL & TLS 1.3
EM::OPENSSL_LIBRARY_VERSION
EM::OPENSSL_VERSION
EM_PROTO_TLSv1_3
EM::OPENSSL_NO_SSL2
EM::OPENSSL_NO_SSL3
---
ext/eventmachine.h | 5 +++++
ext/rubymain.cpp | 28 ++++++++++++++++++++++++++++
ext/ssl.cpp | 5 +++++
lib/em/connection.rb | 5 +++++
4 files changed, 43 insertions(+)
diff --git a/ext/eventmachine.h b/ext/eventmachine.h
index 2861276b..788f1ca4 100644
--- a/ext/eventmachine.h
+++ b/ext/eventmachine.h
@@ -44,7 +44,12 @@ extern "C" {
EM_PROTO_SSLv3 = 4,
EM_PROTO_TLSv1 = 8,
EM_PROTO_TLSv1_1 = 16,
+#ifdef TLS1_3_VERSION
+ EM_PROTO_TLSv1_2 = 32,
+ EM_PROTO_TLSv1_3 = 64
+#else
EM_PROTO_TLSv1_2 = 32
+#endif
};
void evma_initialize_library (EMCallback);
diff --git a/ext/rubymain.cpp b/ext/rubymain.cpp
index c5ea628e..0194aaea 100644
--- a/ext/rubymain.cpp
+++ b/ext/rubymain.cpp
@@ -1511,5 +1511,33 @@ extern "C" void Init_rubyeventmachine()
rb_define_const (EmModule, "EM_PROTO_TLSv1", INT2NUM(EM_PROTO_TLSv1 ));
rb_define_const (EmModule, "EM_PROTO_TLSv1_1", INT2NUM(EM_PROTO_TLSv1_1));
rb_define_const (EmModule, "EM_PROTO_TLSv1_2", INT2NUM(EM_PROTO_TLSv1_2));
+#ifdef TLS1_3_VERSION
+ rb_define_const (EmModule, "EM_PROTO_TLSv1_3", INT2NUM(EM_PROTO_TLSv1_3));
+#endif
+
+#ifdef OPENSSL_NO_SSL3
+ /* True if SSL3 is not available */
+ rb_define_const (EmModule, "OPENSSL_NO_SSL3", Qtrue);
+ rb_define_const (EmModule, "OPENSSL_NO_SSL2", Qtrue);
+#else
+ rb_define_const (EmModule, "OPENSSL_NO_SSL3", Qfalse);
+#ifdef OPENSSL_NO_SSL2
+ rb_define_const (EmModule, "OPENSSL_NO_SSL2", Qtrue);
+#else
+ rb_define_const (EmModule, "OPENSSL_NO_SSL2", Qfalse);
+#endif
+#endif
+
+ // OpenSSL Build / Runtime/Load versions
+
+ /* Version of OpenSSL that EventMachine was compiled with */
+ rb_define_const(EmModule, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT));
+
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
+ /* Version of OpenSSL that EventMachine loaded with */
+ rb_define_const(EmModule, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
+#else
+ rb_define_const(EmModule, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
+#endif
}
diff --git a/ext/ssl.cpp b/ext/ssl.cpp
index 8d5e038a..c83e5b09 100644
--- a/ext/ssl.cpp
+++ b/ext/ssl.cpp
@@ -180,6 +180,11 @@ SslContext_t::SslContext_t (bool is_server, const std::string &privkeyfile, cons
SSL_CTX_set_options (pCtx, SSL_OP_NO_TLSv1_2);
#endif
+ #ifdef SSL_OP_NO_TLSv1_3
+ if (!(ssl_version & EM_PROTO_TLSv1_3))
+ SSL_CTX_set_options (pCtx, SSL_OP_NO_TLSv1_3);
+ #endif
+
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS);
#endif
diff --git a/lib/em/connection.rb b/lib/em/connection.rb
index 7d45e92f..b5f8b0ad 100644
--- a/lib/em/connection.rb
+++ b/lib/em/connection.rb
@@ -436,6 +436,9 @@ def start_tls args={}
protocols_bitmask |= EventMachine::EM_PROTO_TLSv1
protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1
protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2
+ if EventMachine.const_defined? :EM_PROTO_TLSv1_3
+ protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_3
+ end
else
[ssl_version].flatten.each do |p|
case p.to_s.downcase
@@ -449,6 +452,8 @@ def start_tls args={}
protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1
when 'tlsv1_2'
protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2
+ when 'tlsv1_3'
+ protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_3
else
raise("Unrecognized SSL/TLS Protocol: #{p}")
end

106
rubygem-eventmachine.spec Normal file
View File

@ -0,0 +1,106 @@
%global gem_name eventmachine
%{!?network: %global network 0}
Name: rubygem-%{gem_name}
Version: 1.2.7
Release: 1
Summary: Ruby/EventMachine library
License: GPLv2 or Ruby
URL: http://rubyeventmachine.com
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
Patch0: rubygem-eventmachine-1.2.7-OpenSSL-1.1.0-test-updates.patch
Patch1: rubygem-eventmachine-1.2.7-Update-runtime-files-for-TLS13-no-SSL-OpenSSL-lib-info.patch
Patch2: rubygem-eventmachine-1.2.7-Move-console-SSL-Info-code-to-em_test_helper.patch
Patch3: rubygem-eventmachine-1.2.7-Openssl-1.1.1-updates.patch
BuildRequires: ruby(release)
BuildRequires: rubygems-devel
BuildRequires: ruby-devel
BuildRequires: gcc-c++
BuildRequires: openssl-devel
BuildRequires: rubygem(test-unit)
%description
EventMachine implements a fast, single-threaded engine for arbitrary network
communications. It's extremely easy to use in Ruby. EventMachine wraps all
interactions with IP sockets, allowing programs to concentrate on the
implementation of network protocols. It can be used to create both network
servers and clients. To create a server or client, a Ruby program only needs
to specify the IP address and port, and provide a Module that implements the
communications protocol. Implementations of several standard network protocols
are provided with the package, primarily to serve as examples. The real goal
of EventMachine is to enable programs to easily interface with other programs
using TCP/IP, especially if custom protocols are required.
%package doc
Summary: Documentation for %{name}
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
%description doc
Documentation for %{name}.
%prep
%setup -q -n %{gem_name}-%{version}
sed -i '/SSL_CTX_set_cipher_list/ s/".*"/"PROFILE=SYSTEM"/' ext/ssl.cpp
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
gem build ../%{gem_name}-%{version}.gemspec
%gem_install
%install
mkdir -p %{buildroot}%{gem_dir}
cp -a .%{gem_dir}/* \
%{buildroot}%{gem_dir}/
mkdir -p %{buildroot}%{gem_extdir_mri}
cp -a .%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/
rm -rf %{buildroot}%{gem_instdir}/ext/
%check
pushd .%{gem_instdir}
ruby -Ilib:$(dirs +1)%{gem_extdir_mri}:tests -e "Dir.glob './tests/**/test_*.rb', &method(:require)" -- \
--verbose \
--ignore-name /^test_exception_on_unbind$/ \
--ignore-name /^test_.*v3.*$/ \
--ignore-name /^test_no_ecdh_curve$/ \
--ignore-name=/^test_cookie$/ \
--ignore-name=/^test_http_client$/ \
--ignore-name=/^test_http_client_1$/ \
--ignore-name=/^test_http_client_2$/ \
--ignore-name=/^test_version_1_0$/ \
--ignore-name=/^test_https_get$/ \
--ignore-name=/^test_get$/ \
--ignore-name=/^test_get_pipeline$/ \
--ignore-name=/^test_ipv6_udp_local_server$/ \
%if 0%{network} < 1
--ignore-name=/^test_a$/ \
--ignore-name=/^test_a_pair$/ \
--ignore-name=/^test_bad_host$/ \
--ignore-name=/^test_failure_timer_cleanup$/ \
--ignore-name=/^test_timer_cleanup$/ \
--ignore-name=/^test_nameserver$/ \
%endif
popd
%files
%dir %{gem_instdir}
%{gem_extdir_mri}
%license %{gem_instdir}/GNU
%license %{gem_instdir}/LICENSE
%{gem_libdir}
%exclude %{gem_cache}
%{gem_spec}
%files doc
%doc %{gem_docdir}
%doc %{gem_instdir}/CHANGELOG.md
%doc %{gem_instdir}/README.md
%doc %{gem_instdir}/docs
%{gem_instdir}/examples
%{gem_instdir}/java
%{gem_instdir}/rakelib
%{gem_instdir}/tests
%changelog
* Sat Jul 25 2020 wutao <wutao61@huawei.com> - 1.2.7-1
- package init

4
rubygem-eventmachine.yaml Normal file
View File

@ -0,0 +1,4 @@
version_control: github
src_repo: eventmachine/eventmachine
tag_prefix: "^v"
seperator: "."