Project

General

Profile

Actions
Copy link

Bug #11366

closed

Don't force SSLv3 in test, as it is insecure and may not be supported

Added by jeremyevans0 (Jeremy Evans) over 9 years ago. Updated almost 9 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev (2015-07-16 openbsd 51261) [x86_64-openbsd]
Backport:
2.0.0: UNKNOWN, 2.1: DONE, 2.2: DONE
[ruby-core:70018]

Description

LibreSSL disables SSLv3 by default, and there's no reason this code
should require SSLv3.

Files

0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch (932 Bytes) 0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch jeremyevans0 (Jeremy Evans), 07/17/2015 09:35 PM

Related issues 2 (0 open2 closed)

Related to Ruby master - Bug #11367: Use OP_NO_TICKET when testing SSL session cache callbacksClosedActions
Related to Ruby master - Bug #10046: OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failuresClosedActions
Actions
Copy link
 #1 [ruby-core:70029]

Updated by vo.x (Vit Ondruch) over 9 years ago

This was reported as #10046, but I am not sure if this patch actually works everywhere ...

Actions
Copy link
 #2 [ruby-core:70032]

Updated by jeremyevans0 (Jeremy Evans) over 9 years ago

I think this change may require #11367 to work correctly.

You were right. This patch alone fails:

  1) Failure:
OpenSSL::TestSSLSession#test_ctx_server_session_cb [/builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:317]:
exceptions on 1 threads:
#<Thread:0x007f4b8b26aa10@/builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:308 dead>:
/builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:365:in `pass': execution expired (Timeout::Error)
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:365:in `block (3 levels) in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:364:in `block (2 levels) in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:355:in `times'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:355:in `block in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:310:in `call'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:310:in `block (2 levels) in start_server'

but when I apply the patch from #11367, it passes just fine.

Actions
Copy link
 #3

Updated by vo.x (Vit Ondruch) over 9 years ago

  • Related to Bug #11367: Use OP_NO_TICKET when testing SSL session cache callbacks added
Actions
Copy link
 #4

Updated by vo.x (Vit Ondruch) over 9 years ago

  • Related to Bug #10046: OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failures added
Actions
Copy link
 #5

Updated by Anonymous about 9 years ago

  • Status changed from Open to Closed

Applied in changeset r51649.

  • test/openssl/test_ssl_session.rb: Fix tests so that they take in to
    account OpenSSL installations that have SSLv3 disabled by default.
    Thanks Jeremy Evans for the patches.
    [Bug #11366] [Bug #11367]
Actions
Copy link
 #6 [ruby-core:71287]

Updated by nagachika (Tomoyuki Chikanaga) about 9 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE

r51569 and r51649 were backported into ruby_2_2 branch at r52414.

Actions
Copy link
 #7 [ruby-core:71551]

Updated by usa (Usaku NAKAMURA) almost 9 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE to 2.0.0: UNKNOWN, 2.1: DONE, 2.2: DONE

ruby_2_1 r52638 merged revision(s) 51569,51649.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0