Project

General

Profile

Actions

Bug #11366

closed

Don't force SSLv3 in test, as it is insecure and may not be supported

Added by jeremyevans0 (Jeremy Evans) over 9 years ago. Updated about 9 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev (2015-07-16 openbsd 51261) [x86_64-openbsd]
[ruby-core:70018]

Description

LibreSSL disables SSLv3 by default, and there's no reason this code
should require SSLv3.


Files


Related issues 2 (0 open2 closed)

Related to Ruby master - Bug #11367: Use OP_NO_TICKET when testing SSL session cache callbacksClosedActions
Related to Ruby master - Bug #10046: OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failuresClosedActions

Updated by vo.x (Vit Ondruch) over 9 years ago

This was reported as #10046, but I am not sure if this patch actually works everywhere ...

Updated by jeremyevans0 (Jeremy Evans) over 9 years ago

I think this change may require #11367 to work correctly.

You were right. This patch alone fails:

  1) Failure:
OpenSSL::TestSSLSession#test_ctx_server_session_cb [/builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:317]:
exceptions on 1 threads:
#<Thread:0x007f4b8b26aa10@/builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:308 dead>:
/builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:365:in `pass': execution expired (Timeout::Error)
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:365:in `block (3 levels) in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:364:in `block (2 levels) in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:355:in `times'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:355:in `block in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:310:in `call'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:310:in `block (2 levels) in start_server'

but when I apply the patch from #11367, it passes just fine.

Actions #3

Updated by vo.x (Vit Ondruch) over 9 years ago

  • Related to Bug #11367: Use OP_NO_TICKET when testing SSL session cache callbacks added
Actions #4

Updated by vo.x (Vit Ondruch) over 9 years ago

  • Related to Bug #10046: OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failures added
Actions #5

Updated by Anonymous over 9 years ago

  • Status changed from Open to Closed

Applied in changeset r51649.


  • test/openssl/test_ssl_session.rb: Fix tests so that they take in to
    account OpenSSL installations that have SSLv3 disabled by default.
    Thanks Jeremy Evans for the patches.
    [Bug #11366] [Bug #11367]

Updated by nagachika (Tomoyuki Chikanaga) about 9 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE

r51569 and r51649 were backported into ruby_2_2 branch at r52414.

Updated by usa (Usaku NAKAMURA) about 9 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE to 2.0.0: UNKNOWN, 2.1: DONE, 2.2: DONE

ruby_2_1 r52638 merged revision(s) 51569,51649.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0