Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanups in SSL tests #853

Merged
merged 7 commits into from
Feb 9, 2025
Merged

Cleanups in SSL tests #853

merged 7 commits into from
Feb 9, 2025

Conversation

rhenium
Copy link
Member

@rhenium rhenium commented Feb 6, 2025

This PR contains several mostly-unrelated small improvements in the test code for OpenSSL::SSL.

ssl: remove start_immediately kwarg from test helper start_server

The keyword argument is no longer used by any test cases.

ssl: remove start_server_version from tests

Use start_server instead of start_server_version.

start_server_version is a wrapper around start_server that forces the
server to a specific protocol version using the now-deprecated method
SSLSocket#ssl_version=, but it does more than that. The slightly
different method signature and default values are confusing. Let's
use start_server directly.

ssl: fix test case test_npn_advertised_protocol_too_long

The list of NPN protocols is validated in SSLContext#setup.

The assert_handshake_error is misleading. The client is unable to start
a handshake at all because the server is not running.

ssl: refactor test case test_verify_mode_server_cert

Minimize the amount of code inside the assert_raise block to avoid
accidentally catching a wrong exception.

ssl: fix misuse of assert_handshake_error in tests

assert_handshake_error is useful for checking handshake failures
triggered by the peer, as the underlying socket may be closed
prematurely, leading to different exceptions depending on the platform
and timing.

However, when the local end aborts a handshake, the only possible
exception is OpenSSL::SSL::SSLError. Use stricter assertions in such
cases.

ssl: prefer SSLContext#max_version= in tests

Avoid using the deprecated OpenSSL::SSL::SSLContext#ssl_version= outside
the tests specifically written for it.

Revert "Skip a new test when old OpenSSL"

This reverts commit 8c96a69.

This is no longer necessary since we do not support OpenSSL 1.1.0
anymore.

@rhenium
ssl: remove start_immediately kwarg from test helper start_server
2f31605 
The keyword argument is no longer used by any test cases.
@rhenium
ssl: remove start_server_version from tests
22ed31d 
Use start_server instead of start_server_version.

start_server_version is a wrapper around start_server that forces the
server to a specific protocol version using the now-deprecated method
SSLSocket#ssl_version=, but it does more than that. The slightly
different method signature and default values are confusing. Let's
use start_server directly.
@rhenium
ssl: fix test case test_npn_advertised_protocol_too_long
e8db6ff 
The list of NPN protocols is validated in SSLContext#setup.

The assert_handshake_error is misleading. The client is unable to start
a handshake at all because the server is not running.
@rhenium
ssl: refactor test case test_verify_mode_server_cert
5089b2d 
Minimize the amount of code inside the assert_raise block to avoid
accidentally catching a wrong exception.
@rhenium
ssl: fix misuse of assert_handshake_error in tests
637ba65 
assert_handshake_error is useful for checking handshake failures
triggered by the peer, as the underlying socket may be closed
prematurely, leading to different exceptions depending on the platform
and timing.

However, when the local end aborts a handshake, the only possible
exception is OpenSSL::SSL::SSLError. Use stricter assertions in such
cases.
@rhenium
ssl: prefer SSLContext#max_version= in tests
93a564d 
Avoid using the deprecated OpenSSL::SSL::SSLContext#ssl_version= outside
the tests specifically written for it.
@rhenium
Revert "Skip a new test when old OpenSSL"
4987688 
This reverts commit 8c96a69.

This is no longer necessary since we do not support OpenSSL 1.1.0
anymore.
@rhenium rhenium merged commit 41e07af into ruby:master Feb 9, 2025
53 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rhenium