mirror of
https://github.com/ruby/ruby.git
synced 2025-08-25 22:14:37 +02:00
912f1cda0d
Remove the OSSL_DEBUG flag and OpenSSL.mem_check_start which is only
compiled when the flag is given. They are meant purely for development
of Ruby/OpenSSL.
OpenSSL.mem_check_start helped us find memory leak bugs in past, but
it is no longer working with the recent OpenSSL versions. Let's just
remove it now.
8c7a6a17e2
52 lines
1.5 KiB
Ruby
52 lines
1.5 KiB
Ruby
# frozen_string_literal: true
|
|
require_relative 'utils'
|
|
|
|
if defined?(OpenSSL)
|
|
|
|
class OpenSSL::TestFIPS < OpenSSL::TestCase
|
|
def test_fips_mode_get_is_true_on_fips_mode_enabled
|
|
unless ENV["TEST_RUBY_OPENSSL_FIPS_ENABLED"]
|
|
omit "Only for FIPS mode environment"
|
|
end
|
|
|
|
assert_separately(["-ropenssl"], <<~"end;")
|
|
assert OpenSSL.fips_mode == true, ".fips_mode should return true on FIPS mode enabled"
|
|
end;
|
|
end
|
|
|
|
def test_fips_mode_get_is_false_on_fips_mode_disabled
|
|
if ENV["TEST_RUBY_OPENSSL_FIPS_ENABLED"]
|
|
omit "Only for non-FIPS mode environment"
|
|
end
|
|
|
|
assert_separately(["-ropenssl"], <<~"end;")
|
|
message = ".fips_mode should return false on FIPS mode disabled. " \
|
|
"If you run the test on FIPS mode, please set " \
|
|
"TEST_RUBY_OPENSSL_FIPS_ENABLED=true"
|
|
assert OpenSSL.fips_mode == false, message
|
|
end;
|
|
end
|
|
|
|
def test_fips_mode_is_reentrant
|
|
OpenSSL.fips_mode = false
|
|
OpenSSL.fips_mode = false
|
|
end
|
|
|
|
def test_fips_mode_get_with_fips_mode_set
|
|
omit('OpenSSL is not FIPS-capable') unless OpenSSL::OPENSSL_FIPS
|
|
|
|
assert_separately(["-ropenssl"], <<~"end;")
|
|
begin
|
|
OpenSSL.fips_mode = true
|
|
assert OpenSSL.fips_mode == true, ".fips_mode should return true when .fips_mode=true"
|
|
|
|
OpenSSL.fips_mode = false
|
|
assert OpenSSL.fips_mode == false, ".fips_mode should return false when .fips_mode=false"
|
|
rescue OpenSSL::OpenSSLError
|
|
pend "Could not set FIPS mode (OpenSSL::OpenSSLError: \#$!); skipping"
|
|
end
|
|
end;
|
|
end
|
|
end
|
|
|
|
end
|