Skip to content

Commit a5e26bc

Browse files
rheniumrhenium
committed
test/test_ssl_session: set client protocol version explicitly
Clients that implement TLS 1.3's Middlebox Compatibility Mode will always provide a non-empty session ID in the ClientHello. This means the "get" callback for the server-side session caching may be called for the initial connection.
1 parent 71057ca commit a5e26bc

File tree

1 file changed

+9
-5
lines changed

1 file changed

+9
-5
lines changed

test/test_ssl_session.rb

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -198,7 +198,9 @@ def test_server_session_cache
198198
first_session = nil
199199
10.times do |i|
200200
connections = i
201-
server_connect_with_session(port, nil, first_session) { |ssl|
201+
cctx = OpenSSL::SSL::SSLContext.new
202+
cctx.ssl_version = :TLSv1_2
203+
server_connect_with_session(port, cctx, first_session) { |ssl|
202204
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
203205
first_session ||= ssl.session
204206

@@ -257,6 +259,8 @@ def test_ctx_server_session_cb
257259

258260
connections = nil
259261
called = {}
262+
cctx = OpenSSL::SSL::SSLContext.new
263+
cctx.ssl_version = :TLSv1_2
260264
sctx = nil
261265
ctx_proc = Proc.new { |ctx|
262266
sctx = ctx
@@ -292,7 +296,7 @@ def test_ctx_server_session_cb
292296
}
293297
start_server(ctx_proc: ctx_proc) do |port|
294298
connections = 0
295-
sess0 = server_connect_with_session(port, nil, nil) { |ssl|
299+
sess0 = server_connect_with_session(port, cctx, nil) { |ssl|
296300
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
297301
assert_equal false, ssl.session_reused?
298302
ssl.session
@@ -307,7 +311,7 @@ def test_ctx_server_session_cb
307311

308312
# Internal cache hit
309313
connections = 1
310-
server_connect_with_session(port, nil, sess0.dup) { |ssl|
314+
server_connect_with_session(port, cctx, sess0.dup) { |ssl|
311315
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
312316
assert_equal true, ssl.session_reused?
313317
ssl.session
@@ -328,7 +332,7 @@ def test_ctx_server_session_cb
328332

329333
# External cache hit
330334
connections = 2
331-
sess2 = server_connect_with_session(port, nil, sess0.dup) { |ssl|
335+
sess2 = server_connect_with_session(port, cctx, sess0.dup) { |ssl|
332336
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
333337
if !ssl.session_reused? && openssl?(1, 1, 0) && !openssl?(1, 1, 0, 7)
334338
# OpenSSL >= 1.1.0, < 1.1.0g
@@ -355,7 +359,7 @@ def test_ctx_server_session_cb
355359

356360
# Cache miss
357361
connections = 3
358-
sess3 = server_connect_with_session(port, nil, sess0.dup) { |ssl|
362+
sess3 = server_connect_with_session(port, cctx, sess0.dup) { |ssl|
359363
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
360364
assert_equal false, ssl.session_reused?
361365
ssl.session

0 commit comments

Comments
 (0)