Issue #7197 has been updated by shugo (Shugo Maeda).


shugo (Shugo Maeda) wrote:
> I've found that test_tls_v1_2 passes using the TLSv1_2_client method explicitly,
> even if OPENSSL_NO_TLS1_2_CLIENT is set.
(snip)
> But, I think this ticket can be just closed as a third party's issue.

I've investigated the problem further, and have found that this workaround in upstream is for broken servers.
So TLS 1.2 might not be supported in the SSLv23 method until such servers go away.

Unfortunately, there seems be no way to know whether OPENSSL_NO_TLS1_2_CLIENT is set, so it might be better to fix test_tls_v1_2 to use the TLSv1_2_client method explicitly.


----------------------------------------
Bug #7197: Error: test_tls_v1_2(OpenSSL::TestSSL)
https://bugs.ruby-lang.org/issues/7197#change-34698

Author: znz (Kazuhiro NISHIYAMA)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0
ruby -v: ruby 2.0.0dev (2012-10-20 trunk 37273) [x86_64-linux]


Ubuntu 12.04.1 LTS 64-bit ???????以????????????????????

  2) Error:
test_tls_v1_2(OpenSSL::TestSSL):
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=unknown state: tlsv1 alert protocol version
    .../test/openssl/test_ssl.rb:607:in `connect'
    .../test/openssl/test_ssl.rb:607:in `server_connect'
    .../test/openssl/test_ssl.rb:468:in `block in test_tls_v1_2'
    .../test/openssl/utils.rb:293:in `call'
    .../test/openssl/utils.rb:293:in `start_server'
    .../test/openssl/test_ssl.rb:593:in `start_server_version'
    .../test/openssl/test_ssl.rb:467:in `test_tls_v1_2'

OpenSSL ??????????以???????????????

% openssl version
OpenSSL 1.0.1 14 Mar 2012
% dpkg -l openssl | grep '^ii'
ii  openssl                                   1.0.1-4ubuntu5.5                           Secure Socket Layer (SSL) binary and related cryptographic tools
%


-- 
http://bugs.ruby-lang.org/