Use larger keys for webrick test failures.

2020-09-25 14:16:36 +02:00 · 2020-09-25 14:16:36 +02:00 · 94a588ca28
commit 94a588ca28
parent a612f78c69
2 changed files with 57 additions and 0 deletions
--- a/ruby-2.6.0-use-larger-keys-for-SSL-webrick-tests.patch
+++ b/ruby-2.6.0-use-larger-keys-for-SSL-webrick-tests.patch
@ -0,0 +1,52 @@
+From ef6153f727d118d4e7854c0f52d3d8b0e4ed7817 Mon Sep 17 00:00:00 2001
+From: normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Mon, 3 Dec 2018 04:51:08 +0000
+Subject: [PATCH] webrick: fix tests on Debian sid/unstable with OpenSSL 1.1.1a
+
+OpenSSL complains abour our keys being small and weak :<
+Make them big and strong with 2048-bit RSA keys and SHA256 digests
+
+git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+---
+ lib/webrick/ssl.rb             | 4 ++--
+ test/webrick/test_httpproxy.rb | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/webrick/ssl.rb b/lib/webrick/ssl.rb
+index 8a334eaff1..d125083528 100644
+--- a/lib/webrick/ssl.rb
+++ b/lib/webrick/ssl.rb
+@@ -130,7 +130,7 @@ def create_self_signed_cert(bits, cn, comment)
+       aki = ef.create_extension("authorityKeyIdentifier",
+                                 "keyid:always,issuer:always")
+       cert.add_extension(aki)
+-      cert.sign(rsa, OpenSSL::Digest::SHA1.new)
+      cert.sign(rsa, OpenSSL::Digest::SHA256.new)
+ 
+       return [ cert, rsa ]
+     end
+@@ -181,7 +181,7 @@ def setup_ssl_context(config) # :nodoc:
+       unless config[:SSLCertificate]
+         cn = config[:SSLCertName]
+         comment = config[:SSLCertComment]
+-        cert, key = Utils::create_self_signed_cert(1024, cn, comment)
+        cert, key = Utils::create_self_signed_cert(2048, cn, comment)
+         config[:SSLCertificate] = cert
+         config[:SSLPrivateKey] = key
+       end
+diff --git a/test/webrick/test_httpproxy.rb b/test/webrick/test_httpproxy.rb
+index 452e7b94b7..780d95937a 100644
+--- a/test/webrick/test_httpproxy.rb
+++ b/test/webrick/test_httpproxy.rb
+@@ -133,7 +133,7 @@ def make_certificate(key, cn)
+     cert.not_after = Time.now + 3600
+     ef = OpenSSL::X509::ExtensionFactory.new(cert, cert)
+     exts.each {|args| cert.add_extension(ef.create_extension(*args)) }
+-    cert.sign(key, "sha1")
+    cert.sign(key, "sha256")
+     return cert
+   end if defined?(OpenSSL::SSL)
+ 
+-- 
+2.26.2
+
--- a/ruby.spec
+++ b/ruby.spec
@ -174,6 +174,9 @@ Patch43: ruby-2.6.0-use-larger-keys-for-SSL-tests2.patch
 # Regenerate server certificates with larger keys for open-uri tests.
 # https://github.com/ruby/ruby/commit/eaddc972820d49212c495542816f9f7845e7828c
 Patch44: ruby-2.6.4-open-uri-regenerate-server-certificates-for-tests.patch
+# Use larger keys for webrick test failures.
+# https://github.com/ruby/ruby/commit/a063f71a7ccc733d8ab4b997dfc3ffb1ab987afc
+Patch45: ruby-2.6.0-use-larger-keys-for-SSL-webrick-tests.patch

 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@ -569,6 +572,7 @@ rm -rf ext/fiddle/libffi*
 %patch42 -p1
 %patch43 -p1
 %patch44 -p1
+%patch45 -p1

 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@ -1131,6 +1135,7 @@ MSPECOPTS="$MSPECOPTS -P 'File.lchmod raises a NotImplementedError when called'"
 - Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.
 - Use larger keys for test_ssl test failures.
 - Regenerate server certificates with larger keys for open-uri tests.
+- Use larger keys for webrick test failures.

 * Tue Apr 30 2019 Jun Aruga <jaruga@redhat.com> - 2.5.5-105
 - Update to Ruby 2.5.5.