Bug #11366: Don't force SSLv3 in test, as it is insecure and may not be supported - Ruby - Ruby Issue Tracking System

Custom queries

Backport 3.2
Backport 3.3
Backport 3.4
bugs: unassigned
DevMeeting
matz
Open issues with attachment
Windows

Actions

Copy link

Bug #11366

closed

Don't force SSLv3 in test, as it is insecure and may not be supported

Added by jeremyevans0 (Jeremy Evans) about 10 years ago. Updated almost 10 years ago.

Status:

Closed

Assignee:

Target version:

ruby -v:

ruby 2.3.0dev (2015-07-16 openbsd 51261) [x86_64-openbsd]

Backport:

2.0.0: UNKNOWN, 2.1: DONE, 2.2: DONE

[ruby-core:70018]

Description

LibreSSL disables SSLv3 by default, and there's no reason this code
should require SSLv3.

Files

0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch (932 Bytes) 0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch

jeremyevans0 (Jeremy Evans), 07/17/2015 09:35 PM

Related issues 2 (0 open — 2 closed)

	Related to Ruby - Bug #11367: Use OP_NO_TICKET when testing SSL session cache callbacks	Closed					Actions
	Related to Ruby - Bug #10046: OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failures	Closed					Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

#1 [ruby-core:70029]

Updated by vo.x (Vit Ondruch) about 10 years ago

This was reported as #10046, but I am not sure if this patch actually works everywhere ...

Actions

Copy link

#2 [ruby-core:70032]

Updated by jeremyevans0 (Jeremy Evans) about 10 years ago

I think this change may require #11367 to work correctly.

You were right. This patch alone fails:

  1) Failure:
OpenSSL::TestSSLSession#test_ctx_server_session_cb [/builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:317]:
exceptions on 1 threads:
#<Thread:0x007f4b8b26aa10@/builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:308 dead>:
/builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:365:in `pass': execution expired (Timeout::Error)
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:365:in `block (3 levels) in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:364:in `block (2 levels) in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:355:in `times'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:355:in `block in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:310:in `call'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:310:in `block (2 levels) in start_server'

but when I apply the patch from #11367, it passes just fine.

Actions

Copy link

Updated by vo.x (Vit Ondruch) about 10 years ago

Related to Bug #11367: Use OP_NO_TICKET when testing SSL session cache callbacks added

Actions

Copy link

Updated by vo.x (Vit Ondruch) about 10 years ago

Related to Bug #10046: OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failures added

Actions

Copy link

Updated by Anonymous about 10 years ago

Status changed from Open to Closed

Applied in changeset r51649.

test/openssl/test_ssl_session.rb: Fix tests so that they take in to
account OpenSSL installations that have SSLv3 disabled by default.
Thanks Jeremy Evans code@jeremyevans.net for the patches.
[Bug #11366] [Bug #11367]

Actions

Copy link

#6 [ruby-core:71287]

Updated by nagachika (Tomoyuki Chikanaga) almost 10 years ago

Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE

r51569 and r51649 were backported into ruby_2_2 branch at r52414.

Actions

Copy link

#7 [ruby-core:71551]

Updated by usa (Usaku NAKAMURA) almost 10 years ago

Backport changed from 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE to 2.0.0: UNKNOWN, 2.1: DONE, 2.2: DONE

ruby_2_1 r52638 merged revision(s) 51569,51649.

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0Like0Like0Like0Like0

Project

General

Profile

Ruby

Tags

Custom queries

Bug #11366

Don't force SSLv3 in test, as it is insecure and may not be supported

Updated by vo.x (Vit Ondruch) about 10 years ago

Updated by jeremyevans0 (Jeremy Evans) about 10 years ago

Updated by vo.x (Vit Ondruch) about 10 years ago

Updated by vo.x (Vit Ondruch) about 10 years ago

Updated by Anonymous about 10 years ago

Updated by nagachika (Tomoyuki Chikanaga) almost 10 years ago

Updated by usa (Usaku NAKAMURA) almost 10 years ago