THRIFT-4525: add ruby cross test ssl support
Client: rb
This closes #1514
diff --git a/Makefile.am b/Makefile.am
index 205ea82..cdb8bd2 100755
--- a/Makefile.am
+++ b/Makefile.am
@@ -65,14 +65,14 @@
if WITH_PYTHON
crossfeature: precross
- $(CROSS_PY) test/test.py --retry-count 3 --features .* --skip-known-failures --server $(CROSS_LANGS_COMMA_SEPARATED)
+ $(CROSS_PY) test/test.py --retry-count 5 --features .* --skip-known-failures --server $(CROSS_LANGS_COMMA_SEPARATED)
else
# feature test needs python build
crossfeature:
endif
cross-%: precross crossfeature
- $(CROSS_PY) test/test.py --retry-count 3 --skip-known-failures --server $(CROSS_LANGS_COMMA_SEPARATED) --client $(CROSS_LANGS_COMMA_SEPARATED) --regex "$*"
+ $(CROSS_PY) test/test.py --retry-count 5 --skip-known-failures --server $(CROSS_LANGS_COMMA_SEPARATED) --client $(CROSS_LANGS_COMMA_SEPARATED) --regex "$*"
cross: cross-.*
diff --git a/test/crossrunner/report.py b/test/crossrunner/report.py
index 5878222..5baf161 100644
--- a/test/crossrunner/report.py
+++ b/test/crossrunner/report.py
@@ -162,7 +162,9 @@
'ECONNREFUSED',
'econnrefused', # erl
'CONNECTION-REFUSED-ERROR', # cl
+ 'connect ENOENT', # nodejs domain socket
'No such file or directory', # domain socket
+ 'Sockets.TcpClient.Connect', # csharp
])),
}
diff --git a/test/known_failures_Linux.json b/test/known_failures_Linux.json
index 16a912d..f767649 100644
--- a/test/known_failures_Linux.json
+++ b/test/known_failures_Linux.json
@@ -65,24 +65,24 @@
"cpp-java_multij-json_http-ip-ssl",
"cpp-java_multij_http-ip",
"cpp-java_multij_http-ip-ssl",
+ "cpp-nodejs_binary_http-domain",
"cpp-nodejs_binary_http-ip",
"cpp-nodejs_binary_http-ip-ssl",
- "cpp-nodejs_binary_http-domain",
+ "cpp-nodejs_compact_http-domain",
"cpp-nodejs_compact_http-ip",
"cpp-nodejs_compact_http-ip-ssl",
- "cpp-nodejs_compact_http-domain",
+ "cpp-nodejs_json_http-domain",
"cpp-nodejs_json_http-ip",
"cpp-nodejs_json_http-ip-ssl",
- "cpp-nodejs_json_http-domain",
+ "cpp-nodejs_multi-binary_http-domain",
"cpp-nodejs_multi-binary_http-ip",
"cpp-nodejs_multi-binary_http-ip-ssl",
- "cpp-nodejs_multi-binary_http-domain",
+ "cpp-nodejs_multic-compact_http-domain",
"cpp-nodejs_multic-compact_http-ip",
"cpp-nodejs_multic-compact_http-ip-ssl",
- "cpp-nodejs_multic-compact_http-domain",
+ "cpp-nodejs_multij-json_http-domain",
"cpp-nodejs_multij-json_http-ip",
"cpp-nodejs_multij-json_http-ip-ssl",
- "cpp-nodejs_multij-json_http-domain",
"cpp-rs_multi_buffered-ip",
"cpp-rs_multi_framed-ip",
"cpp-rs_multic_buffered-ip",
@@ -97,6 +97,14 @@
"csharp-erl_binary_framed-ip-ssl",
"csharp-erl_compact_buffered-ip-ssl",
"csharp-erl_compact_framed-ip-ssl",
+ "csharp-rb_binary-accel_buffered-ip-ssl",
+ "csharp-rb_binary-accel_framed-ip-ssl",
+ "csharp-rb_binary_buffered-ip-ssl",
+ "csharp-rb_binary_framed-ip-ssl",
+ "csharp-rb_compact_buffered-ip-ssl",
+ "csharp-rb_compact_framed-ip-ssl",
+ "csharp-rb_json_buffered-ip-ssl",
+ "csharp-rb_json_framed-ip-ssl",
"d-cl_binary_buffered-ip",
"d-cl_binary_framed-ip",
"d-cpp_binary_buffered-ip",
@@ -201,11 +209,17 @@
"erl-nodejs_binary_buffered-ip",
"erl-nodejs_compact_buffered-ip",
"erl-rb_binary-accel_buffered-ip",
+ "erl-rb_binary-accel_buffered-ip-ssl",
"erl-rb_binary-accel_framed-ip",
+ "erl-rb_binary-accel_framed-ip-ssl",
"erl-rb_binary_buffered-ip",
+ "erl-rb_binary_buffered-ip-ssl",
"erl-rb_binary_framed-ip",
+ "erl-rb_binary_framed-ip-ssl",
"erl-rb_compact_buffered-ip",
+ "erl-rb_compact_buffered-ip-ssl",
"erl-rb_compact_framed-ip",
+ "erl-rb_compact_framed-ip-ssl",
"go-cpp_binary_http-ip",
"go-cpp_binary_http-ip-ssl",
"go-cpp_compact_http-ip",
@@ -239,15 +253,15 @@
"netcore-csharp_compact_framed-ip-ssl",
"netcore-csharp_json_buffered-ip-ssl",
"netcore-csharp_json_framed-ip-ssl",
+ "nodejs-cpp_binary_http-domain",
"nodejs-cpp_binary_http-ip",
"nodejs-cpp_binary_http-ip-ssl",
- "nodejs-cpp_binary_http-domain",
+ "nodejs-cpp_compact_http-domain",
"nodejs-cpp_compact_http-ip",
"nodejs-cpp_compact_http-ip-ssl",
- "nodejs-cpp_compact_http-domain",
+ "nodejs-cpp_json_http-domain",
"nodejs-cpp_json_http-ip",
"nodejs-cpp_json_http-ip-ssl",
- "nodejs-cpp_json_http-domain",
"nodejs-d_binary_http-ip",
"nodejs-d_binary_http-ip-ssl",
"nodejs-d_compact_http-ip",
@@ -290,8 +304,12 @@
"nodejs-netcore_json_framed-ip-ssl",
"perl-rs_multi_buffered-ip",
"perl-rs_multi_framed-ip",
+ "rb-cpp_json_buffered-domain",
"rb-cpp_json_buffered-ip",
+ "rb-cpp_json_buffered-ip-ssl",
+ "rb-cpp_json_framed-domain",
"rb-cpp_json_framed-ip",
+ "rb-cpp_json_framed-ip-ssl",
"rs-cpp_binary_buffered-ip",
"rs-cpp_binary_framed-ip",
"rs-cpp_compact_buffered-ip",
diff --git a/test/rb/integration/TestClient.rb b/test/rb/integration/TestClient.rb
index 5259680..639aca9 100755
--- a/test/rb/integration/TestClient.rb
+++ b/test/rb/integration/TestClient.rb
@@ -27,19 +27,21 @@
require 'thrift_test'
$domain_socket = nil
-$protocolType = "binary"
$host = "localhost"
$port = 9090
+$protocolType = "binary"
+$ssl = false
$transport = "buffered"
ARGV.each do|a|
if a == "--help"
puts "Allowed options:"
puts "\t -h [ --help ] \t produce help message"
- puts "\t--domain-socket arg (=) \t Unix domain socket path - if not empty, host and port are ignored"
- puts "\t--host arg (=localhost) \t Host to connect"
- puts "\t--port arg (=9090) \t Port number to listen"
+ puts "\t--domain-socket arg (=) \t Unix domain socket path"
+ puts "\t--host arg (=localhost) \t Host to connect \t not valid with domain-socket"
+ puts "\t--port arg (=9090) \t Port number to listen \t not valid with domain-socket"
puts "\t--protocol arg (=binary) \t protocol: accel, binary, compact, json"
+ puts "\t--ssl \t use ssl \t not valid with domain-socket"
puts "\t--transport arg (=buffered) transport: buffered, framed, http"
exit
elsif a.start_with?("--domain-socket")
@@ -48,21 +50,37 @@
$host = a.split("=")[1]
elsif a.start_with?("--protocol")
$protocolType = a.split("=")[1]
+ elsif a == "--ssl"
+ $ssl = true
elsif a.start_with?("--transport")
$transport = a.split("=")[1]
elsif a.start_with?("--port")
$port = a.split("=")[1].to_i
end
end
-ARGV=[]
class SimpleClientTest < Test::Unit::TestCase
def setup
unless @socket
if $domain_socket.to_s.strip.empty?
- @socket = Thrift::Socket.new($host, $port)
+ if $ssl
+ # the working directory for ruby crosstest is test/rb/gen-rb
+ keysDir = File.join(File.dirname(File.dirname(Dir.pwd)), "keys")
+ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.ca_file = File.join(keysDir, "CA.pem")
+ ctx.cert = OpenSSL::X509::Certificate.new(File.open(File.join(keysDir, "client.crt")))
+ ctx.cert_store = OpenSSL::X509::Store.new
+ ctx.cert_store.add_file(File.join(keysDir, 'server.pem'))
+ ctx.key = OpenSSL::PKey::RSA.new(File.open(File.join(keysDir, "client.key")))
+ ctx.options = OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
+ ctx.ssl_version = :SSLv23
+ ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
+ @socket = Thrift::SSLSocket.new($host, $port, nil, ctx)
+ else
+ @socket = Thrift::Socket.new($host, $port)
+ end
else
- @socket = Thrift::UNIXSocket.new($domain_socket)
+ @socket = Thrift::UNIXSocket.new($domain_socket)
end
if $transport == "buffered"
@@ -84,7 +102,7 @@
else
raise 'Unknown protocol type'
end
- @client = Thrift::Test::ThriftTest::Client.new(@protocol)
+ @client = Thrift::Test::ThriftTest::Client.new(@protocol)
@socket.open
end
end
diff --git a/test/rb/integration/TestServer.rb b/test/rb/integration/TestServer.rb
index 079298d..7caf6a8 100755
--- a/test/rb/integration/TestServer.rb
+++ b/test/rb/integration/TestServer.rb
@@ -110,6 +110,7 @@
port = 9090
protocol = "binary"
@protocolFactory = nil
+ssl = false
transport = "buffered"
@transportFactory = nil
@@ -117,15 +118,18 @@
if a == "--help"
puts "Allowed options:"
puts "\t -h [ --help ] \t produce help message"
- puts "\t--domain-socket arg (=) \t Unix domain socket path - if not empty, port is ignored"
- puts "\t--port arg (=9090) \t Port number to listen"
+ puts "\t--domain-socket arg (=) \t Unix domain socket path"
+ puts "\t--port arg (=9090) \t Port number to listen \t not valid with domain-socket"
puts "\t--protocol arg (=binary) \t protocol: accel, binary, compact, json"
+ puts "\t--ssl \t use ssl \t not valid with domain-socket"
puts "\t--transport arg (=buffered) transport: buffered, framed, http"
exit
elsif a.start_with?("--domain-socket")
domain_socket = a.split("=")[1]
elsif a.start_with?("--protocol")
protocol = a.split("=")[1]
+ elsif a == "--ssl"
+ ssl = true
elsif a.start_with?("--transport")
transport = a.split("=")[1]
elsif a.start_with?("--port")
@@ -157,7 +161,22 @@
@processor = Thrift::Test::ThriftTest::Processor.new(@handler)
@transport = nil
if domain_socket.to_s.strip.empty?
- @transport = Thrift::ServerSocket.new(port)
+ if ssl
+ # the working directory for ruby crosstest is test/rb/gen-rb
+ keysDir = File.join(File.dirname(File.dirname(Dir.pwd)), "keys")
+ ctx = OpenSSL::SSL::SSLContext.new
+ ctx.ca_file = File.join(keysDir, "CA.pem")
+ ctx.cert = OpenSSL::X509::Certificate.new(File.open(File.join(keysDir, "server.crt")))
+ ctx.cert_store = OpenSSL::X509::Store.new
+ ctx.cert_store.add_file(File.join(keysDir, 'client.pem'))
+ ctx.key = OpenSSL::PKey::RSA.new(File.open(File.join(keysDir, "server.key")))
+ ctx.options = OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
+ ctx.ssl_version = :SSLv23
+ ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
+ @transport = Thrift::SSLServerSocket.new(nil, port, ctx)
+ else
+ @transport = Thrift::ServerSocket.new(port)
+ end
else
@transport = Thrift::UNIXServerSocket.new(domain_socket)
end
diff --git a/test/tests.json b/test/tests.json
index 511be5f..4641f22 100644
--- a/test/tests.json
+++ b/test/tests.json
@@ -366,7 +366,8 @@
"timeout": 5,
"command": [
"ruby",
- "../integration/TestClient.rb"
+ "../integration/TestClient.rb",
+ "--"
]
},
"transports": [
@@ -375,7 +376,8 @@
],
"sockets": [
"domain",
- "ip"
+ "ip",
+ "ip-ssl"
],
"protocols": [
"binary",