Issue #7197 has been updated by kwilczynski (Krzysztof Wilczynski).


Hey,

I have had a look, and it does look like an upstream problem at the first glance. There seem to be a bug open against this particular version of OpenSSL (openssl and libssl in Ubuntu) describing similar problems that other people reported with any version higher than 1.0.0h and/or 1.0.0j (anything from 1.0.1-1 ownards):

Ubuntu:
  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371

Debian:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452

OpenSSL:
  http://http://rt.openssl.org/Ticket/Display.html?id=2802

Said that, even version 1.0.1c (1.0.1c-3ubuntu2) from 12.10 (Quantal Quetzal) will manifest this problem causing this particular test (OpenSSL::TestSSL#test_tls_v1_2) to fail.

I decied to also check Fedora 17 with their version of OpenSSL 1.0.1 (openssl-1.0.1-0.1.beta2.fc17.x86_64), and then the following two tests will fail:

[  772/11238] OpenSSL::TestSSL#test_tls_v1_1 = 0.01 s
  1) Error:
test_tls_v1_1(OpenSSL::TestSSL):
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unsupported protocol
    /home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:607:in `connect'
    /home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:607:in `server_connect'
    /home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:441:in `block in test_tls_v1_1'
    /home/krzysztof/Development/Projects/Other/ruby/test/openssl/utils.rb:293:in `call'
    /home/krzysztof/Development/Projects/Other/ruby/test/openssl/utils.rb:293:in `start_server'
    /home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:593:in `start_server_version'
    /home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:440:in `test_tls_v1_1'

[  792/11238] OpenSSL::TestX509Certificate#test_dsig_algorithm_mismatch = 0.00 s
  2) Failure:
test_dsig_algorithm_mismatch(OpenSSL::TestX509Certificate) [/home/krzysztof/Projects/ruby/test/openssl/test_x509cert.rb:176]:
OpenSSL::X509::CertificateError expected but nothing was raised.


When you downgrade packages to the last version pre 1.0.1 release in both Ubuntu and Fedora, then none of the OpenSSL tests will fail:

Ubuntu (openssl and libssl) version from 11.10 (Oneiric Ocelot):
  1.0.0e-2ubuntu4.6
  All OpenSSL tests will pass.

Fedora (openssl and openssl-devel) stock version from Fedora 17:
  openssl-1.0.0j-2.fc17.x86_64
  All OpenSSL tests will pass.

There is something going on with the OpenSSL version after 1.0.0j, and I am not sure if this is something that we have to fix, or the upstream.

KW
----------------------------------------
Bug #7197: Error: test_tls_v1_2(OpenSSL::TestSSL)
https://bugs.ruby-lang.org/issues/7197#change-31141

Author: znz (Kazuhiro NISHIYAMA)
Status: Open
Priority: Normal
Assignee: 
Category: ext
Target version: 2.0.0
ruby -v: ruby 2.0.0dev (2012-10-20 trunk 37273) [x86_64-linux]


Ubuntu 12.04.1 LTS 64-bit ???????以????????????????????

  2) Error:
test_tls_v1_2(OpenSSL::TestSSL):
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=unknown state: tlsv1 alert protocol version
    .../test/openssl/test_ssl.rb:607:in `connect'
    .../test/openssl/test_ssl.rb:607:in `server_connect'
    .../test/openssl/test_ssl.rb:468:in `block in test_tls_v1_2'
    .../test/openssl/utils.rb:293:in `call'
    .../test/openssl/utils.rb:293:in `start_server'
    .../test/openssl/test_ssl.rb:593:in `start_server_version'
    .../test/openssl/test_ssl.rb:467:in `test_tls_v1_2'

OpenSSL ??????????以???????????????

% openssl version
OpenSSL 1.0.1 14 Mar 2012
% dpkg -l openssl | grep '^ii'
ii  openssl                                   1.0.1-4ubuntu5.5                           Secure Socket Layer (SSL) binary and related cryptographic tools
%


-- 
http://bugs.ruby-lang.org/