Use OpenSSL::TestCase instead of OpenSSL::SSLTestCase.
Prefer assert_true and assert_false over the bare assert and refute.
OpenSSL.fixed_length_secure_compare and OpenSSL.secure_compare will
only return true or false, and it should be checked.
3d9938ed40
Update GitHub Actions workflows to set OSSL_TEST_ALL=1.
Exclude a few slow tests that are not critical for local development,
unless OSSL_TEST_ALL=1 is set. The bindings code paths are still reached
by other tests with smaller inputs, and failures in those would likely
indicate an issue in OpenSSL rather than in the bindings.
Newly excluded tests include generating large DSA keys and measuring
CRYPTO_memcmp() timing. These tests currently take nearly half of the
total runtime.
382eca2aec
The benchmark library is planned to become a bundled gem in Ruby 3.5.
While we can add it in our Gemfile, it is only used in
test_memcmp_timing and the usage can be easily replaced with a few
Process.clock_gettime calls.
9a746ed1a4
The test case test_error_data utilizes the error message generated by
X509V3_EXT_nconf_nid(). The next commit will use X509V3_EXT_nconf(),
which generates a slightly different error message. Let's adapt the
check to it.
9cdfa3a4d1
Error entries in the OpenSSL error queue may contain additional
contextual information associated with the error, which can be helpful
when debugging.
This "additional data" is currently only printed to stderr when
OpenSSL.debug is enabled. Let's include this in the exception messages
raised with ossl_raise(), too.
$ ruby -Ilib -ropenssl -e'OpenSSL.debug=true; OpenSSL::SSL::SSLContext.new.ecdh_curves="P-256:not-a-curve"'
-e:1: warning: error on stack: error:0A080106:SSL routines:gid_cb:passed invalid argument (group 'not-a-curve' cannot be set)
-e:1:in `ecdh_curves=': passed invalid argument (group 'not-a-curve' cannot be set) (OpenSSL::SSL::SSLError)
from -e:1:in `<main>'
1c5bbdd68e
