Bug #6221
closedOpenSSL 1.0.1 is breaking the drb test suite
Description
Hi,
I'm having problem with running drb_ssl tests with Ruby 1.9.3.p125 and OpenSSL 1.0.1, originally reported at [1]. Martin Bosslet told me to open this new issue for drb_ssl. So here is the problem:
$ make test-all TESTS="test/drb/test_drbssl.rb"
/builddir/build/BUILD/ruby-1.9.3-p125/lib/drb/ssl.rb:185: warning: SSL_accept returned=1 errno=0 state=SSLv3 write key exchange A: EVP lib (OpenSSL::SSL::SSLError)
(I previously set config[:verbose] = true in ut_array_drbssl.rb, to see this message.)
I'm reproduce this on Fedora 17/rawhide only with OpenSSL 1.0.1.
Thanks!
Updated by mame (Yusuke Endoh) over 12 years ago
- Status changed from Open to Assigned
Updated by vo.x (Vit Ondruch) over 12 years ago
This issue is still present. Testing with ruby 2.0.0dev (2012-04-17 trunk 35368) [x86_64-linux]
Updated by akr (Akira Tanaka) over 12 years ago
I found http://rt.openssl.org/Ticket/Display.html?id=2769 .
How about the following patch?
Index: lib/drb/ssl.rb¶
--- lib/drb/ssl.rb (revision 35430)
+++ lib/drb/ssl.rb (working copy)
@@ -54,7 +54,7 @@ module DRb
return
end
-
rsa = OpenSSL::PKey::RSA.new(512){|p, n|
-
rsa = OpenSSL::PKey::RSA.new(1024){|p, n| next unless self[:verbose] case p when 0; $stderr.putc "." # BN_generate_prime
Updated by vo.x (Vit Ondruch) over 12 years ago
akr (Akira Tanaka) wrote:
How about the following patch?
It seems it fixes my issues. I cannot reproduce the test error any more with the patch applied.
Updated by akr (Akira Tanaka) over 12 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r35434.
Bohuslav, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- lib/drb/ssl.rb: generate 1024 bits RSA key instead of 512 bits.
OpenSSL 1.0.1 rejects 512 bits RSA key for TLS1.2 with SHA512.
http://rt.openssl.org/Ticket/Display.html?id=2769&user=guest&pass=guest
reported by Bohuslav Kabrda.
[ruby-core:43844] [ruby-trunk - Bug #6221]
Updated by akr (Akira Tanaka) over 12 years ago
I committed the patch.
Note that the link I shown needs user and pass parameters as:
http://rt.openssl.org/Ticket/Display.html?id=2769&user=guest&pass=guest