ssl: add a more direct test case for errors in servername_cb

rhenium · rhenium · commit 724a8e63c922 · 2025-03-05T20:09:14.000+09:00
An exception raised in the SSLContext#servername_cb callback aborts the
handshake and sends an "unrecognized_name" alert to the client. Add more
direct assertions for this scenario.
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
@@ -1057,36 +1057,44 @@ def test_tlsext_hostname
     end
   end
 
-  def test_servername_cb_raises_an_exception_on_unknown_objects
-    hostname = 'example.org'
-
-    ctx2 = OpenSSL::SSL::SSLContext.new
-    ctx2.cert = @svr_cert
-    ctx2.key = @svr_key
-    ctx2.servername_cb = lambda { |args| Object.new }
-
+  def test_servername_cb_exception
     sock1, sock2 = socketpair
 
+    t = Thread.new {
+      s1 = OpenSSL::SSL::SSLSocket.new(sock1)
+      s1.hostname = "localhost"
+      assert_raise_with_message(OpenSSL::SSL::SSLError, /unrecognized.name/i) {
+        s1.connect
+      }
+    }
+
+    ctx2 = OpenSSL::SSL::SSLContext.new
+    ctx2.servername_cb = lambda { |args| raise RuntimeError, "foo" }
     s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2)
+    assert_raise_with_message(RuntimeError, "foo") { s2.accept }
+    assert t.join
+  ensure
+    sock1.close
+    sock2.close
+  end
 
-    ctx1 = OpenSSL::SSL::SSLContext.new
+  def test_servername_cb_raises_an_exception_on_unknown_objects
+    sock1, sock2 = socketpair
 
-    s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
-    s1.hostname = hostname
     t = Thread.new {
-      assert_raise(OpenSSL::SSL::SSLError) do
-        s1.connect
-      end
+      s1 = OpenSSL::SSL::SSLSocket.new(sock1)
+      s1.hostname = "localhost"
+      assert_raise(OpenSSL::SSL::SSLError) { s1.connect }
     }
 
-    assert_raise(ArgumentError) do
-      s2.accept
-    end
-
+    ctx2 = OpenSSL::SSL::SSLContext.new
+    ctx2.servername_cb = lambda { |args| Object.new }
+    s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2)
+    assert_raise(ArgumentError) { s2.accept }
     assert t.join
   ensure
-    sock1.close if sock1
-    sock2.close if sock2
+    sock1.close
+    sock2.close
   end
 
   def test_accept_errors_include_peeraddr
