On Sat, Feb 05, 2022 at 11:18:18AM -0700, Theo Buehler wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: t...@cvs.openbsd.org 2022/02/05 11:18:18
>
> Modified files:
> lib/libssl : s3_lib.c ssl_ciphers.c tls1.h
>
> Log message:
> Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
>
> OpenSSL chose to break the previous naming convention for ciphers and
> to adopt TLS_* "RFC" names instead. Unfortunately, these names are
> exposed in several APIs and some language bindings test for these
> non-standard names instead of cipher values, which is ... unfortunate
> (others would say "plain crazy").
>
> We currently have to maintain patches in regress and ports (p5-Net-SSLeay,
> openssl-ruby-tests - which means that Ruby will pick this up at some point)
> to work around this difference and that's just not worth the effort.
>
> The old AEAD- names will become aliases and continue to work, but in
> openssl ciphers and netcat output the TLS_* names will now be displayed.
>
> "I would be very happy if this gets committed" bluhm
> ok beck inoguchi, begrudgingly ok jsing
4) Failure: test_ciphersuites_method_tls_connection(OpenSSL::TestSSL):
exceptions on 1 threads:
#<Thread:0x00000513984450b0
/usr/local/share/openssl-ruby-tests/test/openssl/utils.rb:263 dead>:
/usr/local/lib/ruby/gems/3.0/gems/test-unit-3.3.7/lib/test/unit/assertions.rb:59:in
`block in assert_block': <"AEAD-AES128-GCM-SHA256">("UTF-8") expected but was
<"TLS_AES_128_GCM_SHA256">("ASCII-8BIT"). (Test::Unit::AssertionFailedError)
from
/usr/local/lib/ruby/gems/3.0/gems/test-unit-3.3.7/lib/test/unit/assertions.rb:1640:in
`_wrap_assertion'
from
/usr/local/lib/ruby/gems/3.0/gems/test-unit-3.3.7/lib/test/unit/assertions.rb:53:in
`assert_block'
from
/usr/local/lib/ruby/gems/3.0/gems/test-unit-3.3.7/lib/test/unit/assertions.rb:244:in
`assert_equal'
from
/usr/local/share/openssl-ruby-tests/test/openssl/test_ssl.rb:1590:in `block (3
levels) in test_ciphersuites_method_tls_connection'
from
/usr/local/share/openssl-ruby-tests/test/openssl/test_ssl.rb:1834:in
`server_connect'
from
/usr/local/share/openssl-ruby-tests/test/openssl/test_ssl.rb:1588:in `block (2
levels) in test_ciphersuites_method_tls_connection'
from
/usr/local/share/openssl-ruby-tests/test/openssl/test_ssl.rb:1583:in `each'
from
/usr/local/share/openssl-ruby-tests/test/openssl/test_ssl.rb:1583:in `block in
test_ciphersuites_method_tls_connection'
from /usr/local/share/openssl-ruby-tests/test/openssl/utils.rb:267:in
`block (2 levels) in start_server'
/usr/local/share/openssl-ruby-tests/test/openssl/envutil.rb:281:in
`assert_join_threads'
/usr/local/share/openssl-ruby-tests/test/openssl/utils.rb:289:in `block in
start_server'
/usr/local/share/openssl-ruby-tests/test/openssl/utils.rb:210:in `pipe'
/usr/local/share/openssl-ruby-tests/test/openssl/utils.rb:210:in `start_server'
/usr/local/share/openssl-ruby-tests/test/openssl/test_ssl.rb:1582:in
`test_ciphersuites_method_tls_connection'
1579: csuite = ['AEAD-AES128-GCM-SHA256', 'TLSv1.3', 128, 128]
1580: inputs = [csuite[0], [csuite[0]], [csuite]]
1581:
=> 1582: start_server do |port|
1583: inputs.each do |input|
1584: cli_ctx = OpenSSL::SSL::SSLContext.new
1585: cli_ctx.min_version = cli_ctx.max_version =
OpenSSL::SSL::TLS1_3_VERSION
Finished in 33.339940378 seconds.
-------------------------------------------------------------------------------
514 tests, 4218 assertions, 1 failures, 0 errors, 18 pendings, 0 omissions, 0
notifications
96.3035% passed
-------------------------------------------------------------------------------
15.42 tests/s, 126.51 assertions/s
*** Error 1 in openssl-ruby (Makefile:43 '.test')
*** Error 2 in openssl-ruby (Makefile:57 'retest')
FAILED
