Skip to content

Commit

Permalink
Fix test_https.rb host, Rakefile
Browse files Browse the repository at this point in the history
Co-authored-by: David Rodríguez <deivid.rodriguez@riseup.net>
  • Loading branch information
MSP-Greg and deivid-rodriguez committed Apr 30, 2021
1 parent f8487a5 commit 4fbd463
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 39 deletions.
2 changes: 1 addition & 1 deletion Rakefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
require "bundler/gem_tasks"
require "bundler/gem_tasks" if defined?(Bundler)
require "rake/testtask"

Rake::TestTask.new(:test) do |t|
Expand Down
62 changes: 24 additions & 38 deletions test/net/http/test_https.rb
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,16 @@ def self.read_fixture(key)
File.read(File.expand_path("../fixtures/#{key}", __dir__))
end

HOST = 'localhost'
HOST_IP = '127.0.0.1'
CA_CERT = OpenSSL::X509::Certificate.new(read_fixture("cacert.pem"))
SERVER_KEY = OpenSSL::PKey.read(read_fixture("server.key"))
SERVER_CERT = OpenSSL::X509::Certificate.new(read_fixture("server.crt"))
DHPARAMS = OpenSSL::PKey::DH.new(read_fixture("dhparams.pem"))
TEST_STORE = OpenSSL::X509::Store.new.tap {|s| s.add_cert(CA_CERT) }

CONFIG = {
'host' => '127.0.0.1',
'host' => HOST,
'proxy_host' => nil,
'proxy_port' => nil,
'ssl_enable' => true,
Expand All @@ -31,7 +33,7 @@ def self.read_fixture(key)
}

def test_get
http = Net::HTTP.new("localhost", config("port"))
http = Net::HTTP.new(HOST, config("port"))
http.use_ssl = true
http.cert_store = TEST_STORE
certs = []
Expand All @@ -43,15 +45,13 @@ def test_get
assert_equal($test_net_http_data, res.body)
}
# TODO: OpenSSL 1.1.1h seems to yield only SERVER_CERT; need to check the incompatibility
certs.zip([CA_CERT, SERVER_CERT][-certs.size..]) do |actual, expected|
certs.zip([CA_CERT, SERVER_CERT][-certs.size..-1]) do |actual, expected|
assert_equal(expected.to_der, actual.to_der)
end
rescue SystemCallError
skip $!
end

def test_get_SNI
http = Net::HTTP.new("localhost", config("port"))
http = Net::HTTP.new(HOST, config("port"))
http.ipaddr = config('host')
http.use_ssl = true
http.cert_store = TEST_STORE
Expand All @@ -64,16 +64,16 @@ def test_get_SNI
assert_equal($test_net_http_data, res.body)
}
# TODO: OpenSSL 1.1.1h seems to yield only SERVER_CERT; need to check the incompatibility
certs.zip([CA_CERT, SERVER_CERT][-certs.size..]) do |actual, expected|
certs.zip([CA_CERT, SERVER_CERT][-certs.size..-1]) do |actual, expected|
assert_equal(expected.to_der, actual.to_der)
end
end

def test_get_SNI_proxy
TCPServer.open("127.0.0.1", 0) {|serv|
TCPServer.open(HOST_IP, 0) {|serv|
_, port, _, _ = serv.addr
client_thread = Thread.new {
proxy = Net::HTTP.Proxy("127.0.0.1", port, 'user', 'password')
proxy = Net::HTTP.Proxy(HOST_IP, port, 'user', 'password')
http = proxy.new("foo.example.org", 8000)
http.ipaddr = "192.0.2.1"
http.use_ssl = true
Expand Down Expand Up @@ -125,23 +125,21 @@ def test_get_SNI_failure
end

def test_post
http = Net::HTTP.new("localhost", config("port"))
http = Net::HTTP.new(HOST, config("port"))
http.use_ssl = true
http.cert_store = TEST_STORE
data = config('ssl_private_key').to_der
http.request_post("/", data, {'content-type' => 'application/x-www-form-urlencoded'}) {|res|
assert_equal(data, res.body)
}
rescue SystemCallError
skip $!
end

def test_session_reuse
# FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h.
# See https://github.com/openssl/openssl/pull/5967 for details.
skip if OpenSSL::OPENSSL_LIBRARY_VERSION =~ /OpenSSL 1.1.0h/

http = Net::HTTP.new("localhost", config("port"))
http = Net::HTTP.new(HOST, config("port"))
http.use_ssl = true
http.cert_store = TEST_STORE

Expand All @@ -154,25 +152,21 @@ def test_session_reuse
end

http.start
assert_equal false, http.instance_variable_get(:@socket).io.session_reused?
http.get("/")
http.finish

http.start
http.get("/")

socket = http.instance_variable_get(:@socket).io
assert_equal true, socket.session_reused?

assert_equal true, http.instance_variable_get(:@socket).io.session_reused?
assert_equal $test_net_http_data, http.get("/").body
http.finish
rescue SystemCallError
skip $!
end

def test_session_reuse_but_expire
# FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h.
skip if OpenSSL::OPENSSL_LIBRARY_VERSION =~ /OpenSSL 1.1.0h/

http = Net::HTTP.new("localhost", config("port"))
http = Net::HTTP.new(HOST, config("port"))
http.use_ssl = true
http.cert_store = TEST_STORE

Expand All @@ -188,8 +182,6 @@ def test_session_reuse_but_expire
assert_equal false, socket.session_reused?

http.finish
rescue SystemCallError
skip $!
end

if ENV["RUBY_OPENSSL_TEST_ALL"]
Expand All @@ -204,14 +196,12 @@ def test_verify
end

def test_verify_none
http = Net::HTTP.new("localhost", config("port"))
http = Net::HTTP.new(HOST, config("port"))
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
http.request_get("/") {|res|
assert_equal($test_net_http_data, res.body)
}
rescue SystemCallError
skip $!
end

def test_skip_hostname_verification
Expand Down Expand Up @@ -240,14 +230,10 @@ def test_fail_if_verify_hostname_is_true
end

def test_certificate_verify_failure
http = Net::HTTP.new("localhost", config("port"))
http = Net::HTTP.new(HOST, config("port"))
http.use_ssl = true
ex = assert_raise(OpenSSL::SSL::SSLError){
begin
http.request_get("/") {|res| }
rescue SystemCallError
skip $!
end
http.request_get("/") {|res| }
}
assert_match(/certificate verify failed/, ex.message)
unless /mswin|mingw/ =~ RUBY_PLATFORM
Expand All @@ -262,25 +248,25 @@ def test_certificate_verify_failure

def test_identity_verify_failure
# the certificate's subject has CN=localhost
http = Net::HTTP.new("127.0.0.1", config("port"))
http = Net::HTTP.new(HOST_IP, config("port"))
http.use_ssl = true
http.cert_store = TEST_STORE
@log_tester = lambda {|_| }
ex = assert_raise(OpenSSL::SSL::SSLError){
http.request_get("/") {|res| }
}
re_msg = /certificate verify failed|hostname \"127.0.0.1\" does not match/
re_msg = /certificate verify failed|hostname \"#{HOST_IP}\" does not match/
assert_match(re_msg, ex.message)
end

def test_timeout_during_SSL_handshake
bug4246 = "expected the SSL connection to have timed out but have not. [ruby-core:34203]"

# listen for connections... but deliberately do not complete SSL handshake
TCPServer.open('localhost', 0) {|server|
TCPServer.open(HOST, 0) {|server|
port = server.addr[1]

conn = Net::HTTP.new('localhost', port)
conn = Net::HTTP.new(HOST, port)
conn.use_ssl = true
conn.read_timeout = 0.01
conn.open_timeout = 0.01
Expand All @@ -295,7 +281,7 @@ def test_timeout_during_SSL_handshake
end

def test_min_version
http = Net::HTTP.new("localhost", config("port"))
http = Net::HTTP.new(HOST, config("port"))
http.use_ssl = true
http.min_version = :TLS1
http.cert_store = TEST_STORE
Expand All @@ -305,7 +291,7 @@ def test_min_version
end

def test_max_version
http = Net::HTTP.new("127.0.0.1", config("port"))
http = Net::HTTP.new(HOST_IP, config("port"))
http.use_ssl = true
http.max_version = :SSL2
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
Expand Down

0 comments on commit 4fbd463

Please sign in to comment.