Fix SSLContext#ciphers=

MariuszCwikla · MariuszCwikla · commit 6b4f7564f4e4 · 2020-11-26T09:22:35.000+01:00
diff --git a/src/main/java/org/jruby/ext/openssl/CipherStrings.java b/src/main/java/org/jruby/ext/openssl/CipherStrings.java
@@ -560,10 +560,16 @@ static Collection<Def> matchingCiphers(final String cipherString, final String[]
 
     private static Collection<Def> matchingExact(final String name, final String[] all,
         final boolean setSuite) {
-        final Def pattern = Definitions.get(name);
+        Def pattern = Definitions.get(name);
         if ( pattern != null ) {
             return matchingPattern(pattern, all, true, setSuite);
         }
+        else {
+            Def cipher = CipherNames.get(name);
+            if (cipher != null) {
+                return Collections.singleton(cipher);
+            }
+        }
         return null; // Collections.emptyList();
     }
 
diff --git a/src/main/java/org/jruby/ext/openssl/SSLContext.java b/src/main/java/org/jruby/ext/openssl/SSLContext.java
@@ -518,7 +518,11 @@ else if ( ciphers instanceof RubyArray ) {
             StringBuilder cipherStr = new StringBuilder();
             String sep = "";
             for ( int i = 0; i < ciphs.size(); i++ ) {
-                cipherStr.append(sep).append( ciphs.eltInternal(i).toString() );
+                IRubyObject elem = ciphs.eltInternal(i);
+                if (elem instanceof RubyArray) {
+                    elem = ((RubyArray) elem).eltInternal(0);
+                }
+                cipherStr.append(sep).append( elem.toString() );
                 sep = ":";
             }
             this.ciphers = cipherStr.toString();
diff --git a/src/test/ruby/ssl/test_context.rb b/src/test/ruby/ssl/test_context.rb
@@ -184,4 +184,37 @@ def test_context_ciphers
     assert_equal [], diff
   end unless java7? # would need to filter out stuff such as ECDHE-RSA-AES128-GCM-SHA256
 
+  def test_set_ciphers_by_group_name
+    context = OpenSSL::SSL::SSLContext.new
+    context.ciphers = "AES"
+
+    actual = context.ciphers.map { |cipher| cipher[0]}
+    assert actual.include?("ECDHE-RSA-AES128-SHA")
+    assert actual.include?("ECDHE-ECDSA-AES128-SHA")
+    assert actual.include?("AES128-SHA")
+  end
+
+  def test_set_ciphers_by_cipher_name
+    context = OpenSSL::SSL::SSLContext.new
+    context.ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"
+    actual = context.ciphers.map { |cipher| cipher[0]}
+    assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256")
+    assert actual.include?("ECDHE-ECDSA-AES256-GCM-SHA384")
+  end
+
+  def test_set_ciphers_by_array_of_names
+    context = OpenSSL::SSL::SSLContext.new
+    context.ciphers = ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384"]
+    actual = context.ciphers.map { |cipher| cipher[0]}
+    assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256")
+    assert actual.include?("ECDHE-ECDSA-AES256-GCM-SHA384")
+  end
+
+  def test_set_ciphers_by_array_of_name_version_bits
+    context = OpenSSL::SSL::SSLContext.new
+    context.ciphers = [["ECDHE-ECDSA-AES128-GCM-SHA256", "TLSv1.2", 128, 128]]
+    actual = context.ciphers.map { |cipher| cipher[0]}
+    assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256")
+  end
+
 end
