Project

General

Profile

Actions

Bug #4961

closed

[ext/openssl] SSLSession#initialize fails with OpenSSL 0.9.7

Added by MartinBosslet (Martin Bosslet) over 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Target version:
ruby -v:
trunk r32366
Backport:
[ruby-core:37726]

Description

With Ruby at r32366 and OpenSSL 0.97m on Fedora 15, running

make test-all TESTS="openssl/test_ssl_session.rb"

yields this:

  1. Error:
    test_session_time(OpenSSL::TestSSLSession):
    ArgumentError: unknown type: expecting an asn1 sequence
    /home/martin/Projekte/Ruby/ruby/test/openssl/test_ssl_session.rb:63:in initialize' /home/martin/Projekte/Ruby/ruby/test/openssl/test_ssl_session.rb:63:in new'
    /home/martin/Projekte/Ruby/ruby/test/openssl/test_ssl_session.rb:63:in `test_session_time'

  2. Error:
    test_session_timeout(OpenSSL::TestSSLSession):
    ArgumentError: unknown type: expecting an asn1 sequence
    /home/martin/Projekte/Ruby/ruby/test/openssl/test_ssl_session.rb:76:in initialize' /home/martin/Projekte/Ruby/ruby/test/openssl/test_ssl_session.rb:76:in new'
    /home/martin/Projekte/Ruby/ruby/test/openssl/test_ssl_session.rb:76:in `test_session_timeout'

The error occurs in ossl_ssl_session_initialize:

ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
if (!ctx) {
OSSL_BIO_reset(in);
ctx = d2i_SSL_SESSION_bio(in, NULL);
}

BIO_free(in);

if (!ctx)
ossl_raise(rb_eArgError, "unknown type");

Since the test tries to create a session from a valid PEM encoding,
the first call should already have succeeded but does not. It does
succeed with all 0.9.8 versions I tried with and also with 1.0.0d.

The error has first been reported by Koichi Sasada in [ruby-core:37724],
running on MacOS X and OpenSSL 0.9.7m.

Updated by MartinBosslet (Martin Bosslet) over 11 years ago

OK, I found it. The Base64-encoded session in test_ssl_session.rb contains the field

tlsext_tick [10] OCTET STRING OPTIONAL

This was added with TLS and is not recognized by OpenSSL 0.9.7 yet. So this issue can be fixed
by updating test_ssl_session.rb. I'll change the current Base64 session. Then I'll add another
one that is used only when OpenSSL >= 0.9.8, including the tslext_tick field.

Actions #2

Updated by Anonymous over 11 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r32563.
Martin, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • test/openssl/test_ssl_session.rb: add PEM SSL session without TLS
    extensions. Use this as the default for the tests to ensure
    compatibility with OpenSSL 0.9.7.
    [ Ruby 1.9 - Bug #4961 ] [ruby-core:37726]

Updated by nahi (Hiroshi Nakamura) over 11 years ago

Martin Bosslet wrote:

OK, I found it. The Base64-encoded session in test_ssl_session.rb contains the field

tlsext_tick [10] OCTET STRING OPTIONAL

This was added with TLS and is not recognized by OpenSSL 0.9.7 yet. So this issue can be fixed
by updating test_ssl_session.rb. I'll change the current Base64 session. Then I'll add another
one that is used only when OpenSSL >= 0.9.8, including the tslext_tick field.

My bad. It's me who added the test data... Thank you.

Updated by normalperson (Eric Wong) about 11 years ago

I'm getting the following error on CentOS 5.6, perhaps the version check needs
to be bumped? I am using: OpenSSL 0.9.8e-rhel5 01 Jul 2008

  1. Error:
    test_session_exts_read(OpenSSL::TestSSLSession):
    ArgumentError: unknown type: expecting an asn1 sequence
    test/openssl/test_ssl_session.rb:113:in initialize' test/openssl/test_ssl_session.rb:113:in new'
    test/openssl/test_ssl_session.rb:113:in `test_session_exts_read'

ruby 1.9.3dev (2011-09-17 revision 33290) [x86_64-linux]
OPENSSL_VERSION_NUMBER = 0x90802f

On Debian Squeeze with OpenSSL 0.9.8o, I do not see this.

Updated by MartinBosslet (Martin Bosslet) about 11 years ago

  • Status changed from Closed to Assigned

Thanks Eric, I'll try to sort out the correct version of 0.9.8!

Actions #6

Updated by Anonymous about 11 years ago

  • Status changed from Assigned to Closed

This issue was solved with changeset r33315.
Martin, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • test/openssl/test_ssl_session.rb: execute test_session_exts_read
    only for OpenSSL versions >= 0.9.8k. Thanks, Eric Wong, for
    reporting this.
    [Bug #4961] [ruby-core:37726]
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0