Project

General

Profile

Actions
Copy link

Bug #11366

closed

Don't force SSLv3 in test, as it is insecure and may not be supported

Added by jeremyevans0 (Jeremy Evans) about 10 years ago. Updated almost 10 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev (2015-07-16 openbsd 51261) [x86_64-openbsd]
Backport:
2.0.0: UNKNOWN, 2.1: DONE, 2.2: DONE
[ruby-core:70018]

Description

LibreSSL disables SSLv3 by default, and there's no reason this code
should require SSLv3.

Files

0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch (932 Bytes) 0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch jeremyevans0 (Jeremy Evans), 07/17/2015 09:35 PM

Related issues 2 (0 open2 closed)

Related to Ruby - Bug #11367: Use OP_NO_TICKET when testing SSL session cache callbacksClosedActions
Related to Ruby - Bug #10046: OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failuresClosedActions
Actions
Copy link
 #1 [ruby-core:70029]

Updated by vo.x (Vit Ondruch) about 10 years ago

This was reported as #10046, but I am not sure if this patch actually works everywhere ...

Actions
Copy link
 #2 [ruby-core:70032]

Updated by jeremyevans0 (Jeremy Evans) about 10 years ago

I think this change may require #11367 to work correctly.

You were right. This patch alone fails:

  1) Failure:
OpenSSL::TestSSLSession#test_ctx_server_session_cb [/builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:317]:
exceptions on 1 threads:
#<Thread:0x007f4b8b26aa10@/builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:308 dead>:
/builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:365:in `pass': execution expired (Timeout::Error)
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:365:in `block (3 levels) in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:364:in `block (2 levels) in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:355:in `times'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/test_ssl_session.rb:355:in `block in test_ctx_server_session_cb'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:310:in `call'
	from /builddir/build/BUILD/ruby-2.2.2/test/openssl/utils.rb:310:in `block (2 levels) in start_server'

but when I apply the patch from #11367, it passes just fine.

Actions
Copy link
 #3

Updated by vo.x (Vit Ondruch) about 10 years ago

  • Related to Bug #11367: Use OP_NO_TICKET when testing SSL session cache callbacks added
Actions
Copy link
 #4

Updated by vo.x (Vit Ondruch) about 10 years ago

  • Related to Bug #10046: OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failures added
Actions
Copy link
 #5

Updated by Anonymous about 10 years ago

  • Status changed from Open to Closed

Applied in changeset r51649.

  • test/openssl/test_ssl_session.rb: Fix tests so that they take in to
    account OpenSSL installations that have SSLv3 disabled by default.
    Thanks Jeremy Evans for the patches.
    [Bug #11366] [Bug #11367]
Actions
Copy link
 #6 [ruby-core:71287]

Updated by nagachika (Tomoyuki Chikanaga) almost 10 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE

r51569 and r51649 were backported into ruby_2_2 branch at r52414.

Actions
Copy link
 #7 [ruby-core:71551]

Updated by usa (Usaku NAKAMURA) almost 10 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE to 2.0.0: UNKNOWN, 2.1: DONE, 2.2: DONE

ruby_2_1 r52638 merged revision(s) 51569,51649.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0