diff options
author | Simon Chopin <simon.chopin@canonical.com> | 2022-04-06 18:43:57 +0200 |
---|---|---|
committer | Florian Wininger <fw.centrale@gmail.com> | 2022-04-29 14:42:49 +0200 |
commit | e4ffdc07b1f0f01ebeab359c1001984912d87437 (patch) | |
tree | 016ec4988ac6936efe5bd109838ed8d3a99acb44 | |
parent | b07e284bd64750150d38bd207e9b7b37a1f15e83 (diff) | |
download | net-ssh-e4ffdc07b1f0f01ebeab359c1001984912d87437.tar.gz |
tests: Enable legacy providers if using OpenSSL 3.0
Quite a few tests rely on outdated algorithms that have been relegated
to the legacy provider in OpenSSL 3.0. `rake test` now loads a custom
OpenSSL configuration file to enable said legacy provider, which is
usually disabled by default.
-rw-r--r-- | Rakefile | 6 | ||||
-rw-r--r-- | test/openssl3.conf | 25 |
2 files changed, 31 insertions, 0 deletions
@@ -95,6 +95,12 @@ Rake::TestTask.new do |t| t.test_files = test_files end +# We need to enable the OpenSSL 3.0 legacy providers for our test suite +require 'openssl' +if OpenSSL::OPENSSL_LIBRARY_VERSION.start_with? "OpenSSL 3" then + ENV['OPENSSL_CONF'] = 'test/openssl3.conf' +end + desc "Run tests of Net::SSH:Test" Rake::TestTask.new do |t| t.name = "test_test" diff --git a/test/openssl3.conf b/test/openssl3.conf new file mode 100644 index 0000000..79bae9a --- /dev/null +++ b/test/openssl3.conf @@ -0,0 +1,25 @@ +openssl_conf = openssl_init + +[openssl_init] +ssl_conf = ssl_sect +providers = provider_sect + +[provider_sect] +default = default_sect +legacy = legacy_sect + +[default_sect] +activate = 1 + +[legacy_sect] +activate = 1 + +[ssl_sect] +system_default = system_default_sect + +[system_default_sect] +CipherString = DEFAULT@SECLEVEL=0 +# system_default = system_default_sect +# +# [system_default_sect] +# Options = UnsafeLegacyRenegotiation |