Applied patch to disable tests using outdated SSL certificates

7 months ago · 09d3575ee8
parent 548db1d4ab
commit 09d3575ee8
2 changed files with 159 additions and 1 deletions
--- a/SOURCES/0001-Skip-some-SSL-tests.patch
+++ b/SOURCES/0001-Skip-some-SSL-tests.patch
@ -0,0 +1,151 @@
+From 005f3b31f9520e22605a359e8a5b36d9855621a5 Mon Sep 17 00:00:00 2001
+From: tigro <tigro@msvsphere-os.ru>
+Date: Fri, 12 Apr 2024 13:58:34 +0300
+Subject: [PATCH] Skip some SSL tests
+
+---
+ test/net/ftp/test_ftp.rb    | 6 ++++++
+ test/net/http/test_https.rb | 6 ++++++
+ test/net/imap/test_imap.rb  | 2 ++
+ test/openssl/test_ssl.rb    | 1 +
+ 4 files changed, 15 insertions(+)
+
+diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb
+index 8e0a688..889a702 100644
+--- a/test/net/ftp/test_ftp.rb
+++ b/test/net/ftp/test_ftp.rb
+@@ -1716,6 +1716,7 @@ EOF
+     end
+ 
+     def test_tls_with_ca_file
+      skip "Old Certs"
+       assert_nothing_raised do
+         tls_test do |port|
+           begin
+@@ -1752,6 +1753,7 @@ EOF
+     end
+ 
+     def test_active_private_data_connection
+      skip "Old Certs"
+       server = TCPServer.new(SERVER_ADDR, 0)
+       port = server.addr[1]
+       commands = []
+@@ -1836,6 +1838,7 @@ EOF
+     end
+ 
+     def test_passive_private_data_connection
+      skip "Old Certs"
+       server = TCPServer.new(SERVER_ADDR, 0)
+       port = server.addr[1]
+       commands = []
+@@ -1919,6 +1922,7 @@ EOF
+     end
+ 
+     def test_active_clear_data_connection
+      skip "Old Certs"
+       server = TCPServer.new(SERVER_ADDR, 0)
+       port = server.addr[1]
+       commands = []
+@@ -1988,6 +1992,7 @@ EOF
+     end
+ 
+     def test_passive_clear_data_connection
+      skip "Old Certs"
+       server = TCPServer.new(SERVER_ADDR, 0)
+       port = server.addr[1]
+       commands = []
+@@ -2083,6 +2088,7 @@ EOF
+   end
+ 
+   def test_abort_tls
+    skip "Old Certs"
+     return unless defined?(OpenSSL)
+ 
+     commands = []
+diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb
+index 3a23410..59d327d 100644
+--- a/test/net/http/test_https.rb
+++ b/test/net/http/test_https.rb
+@@ -33,6 +33,7 @@ class TestNetHTTPS < Test::Unit::TestCase
+   }
+ 
+   def test_get
+    skip "Old Certs"
+     http = Net::HTTP.new("localhost", config("port"))
+     http.use_ssl = true
+     http.cert_store = TEST_STORE
+@@ -53,6 +54,7 @@ class TestNetHTTPS < Test::Unit::TestCase
+   end
+ 
+   def test_post
+    skip "Old Certs"
+     http = Net::HTTP.new("localhost", config("port"))
+     http.use_ssl = true
+     http.cert_store = TEST_STORE
+@@ -65,6 +67,7 @@ class TestNetHTTPS < Test::Unit::TestCase
+   end
+ 
+   def test_session_reuse
+    skip "Old Certs"
+     # FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h.
+     # See https://github.com/openssl/openssl/pull/5967 for details.
+     skip if OpenSSL::OPENSSL_LIBRARY_VERSION =~ /OpenSSL 1.1.0h/
+@@ -89,6 +92,7 @@ class TestNetHTTPS < Test::Unit::TestCase
+   end
+ 
+   def test_session_reuse_but_expire
+    skip "Old Certs"
+     # FIXME: The new_session_cb is known broken for clients in OpenSSL 1.1.0h.
+     skip if OpenSSL::OPENSSL_LIBRARY_VERSION =~ /OpenSSL 1.1.0h/
+ 
+@@ -190,6 +194,7 @@ class TestNetHTTPS < Test::Unit::TestCase
+   end
+ 
+   def test_min_version
+    skip "Old Certs"
+     http = Net::HTTP.new("localhost", config("port"))
+     http.use_ssl = true
+     http.min_version = :TLS1
+@@ -200,6 +205,7 @@ class TestNetHTTPS < Test::Unit::TestCase
+   end
+ 
+   def test_max_version
+    skip "Old Certs"
+     http = Net::HTTP.new("127.0.0.1", config("port"))
+     http.use_ssl = true
+     http.max_version = :SSL2
+diff --git a/test/net/imap/test_imap.rb b/test/net/imap/test_imap.rb
+index 41f25fe..066bed0 100644
+--- a/test/net/imap/test_imap.rb
+++ b/test/net/imap/test_imap.rb
+@@ -76,6 +76,7 @@ class IMAPTest < Test::Unit::TestCase
+     end
+ 
+     def test_imaps_with_ca_file
+      skip "Old Certs"
+       assert_nothing_raised do
+         imaps_test do |port|
+           begin
+@@ -114,6 +115,7 @@ class IMAPTest < Test::Unit::TestCase
+ 
+   if defined?(OpenSSL::SSL)
+     def test_starttls
+      skip "Old Certs"
+       imap = nil
+       starttls_test do |port|
+         imap = Net::IMAP.new("localhost", :port => port)
+diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
+index 060c1f1..71e573c 100644
+--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
+@@ -291,6 +291,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
+   end
+ 
+   def test_starttls
+    skip "Old Certs"
+     server_proc = -> (ctx, ssl) {
+       while line = ssl.gets
+         if line =~ /^STARTTLS$/
+-- 
+2.44.0
+
--- a/SPECS/ruby.spec
+++ b/SPECS/ruby.spec
@ -21,7 +21,7 @@
 %endif


-%global release 111
+%global release 111.inferit

 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}

@ -231,6 +231,8 @@ Patch41: ruby-2.7.8-Fix-CVE-2023-28755-ReDos-vulnerability-in-URI.patch
 # https://github.com/ruby/ruby/commit/e3f18f7d2e034f20053d7bf2fc7a50f8b7e1a27a
 Patch42: ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch

+# MSVSphere OS patches
+Patch1001: 0001-Skip-some-SSL-tests.patch

 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@ -643,6 +645,8 @@ sed -i 's/"evaluation\/incorrect_words.yaml"\.freeze, //' \
 %patch40 -p1
 %patch41 -p1
 %patch42 -p1
+# MSVSphere OS patches
+%patch1001 -p1

 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@ -1195,6 +1199,9 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
 %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec

 %changelog
+* Wed Apr 17 2024 Arkady L. Shane <tigro@msvsphere-os.ru> 2.5.9-111.inferit
+- Applied patch to disable tests using outdated SSL certificates
+
 * Tue Dec 12 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.5.9-111
 - Rebuilt for MSVSphere 8.8