updated ext/openssl to 2.0.9

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@65134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-09-17 09:33:59 +02:00 · 2018-10-17 15:30:28 +00:00 · 2018-10-17 15:30:28 +00:00 · 53f3f02bb2
commit 53f3f02bb2
parent e68968288f
19 changed files with 169 additions and 54 deletions
--- a/ext/openssl/History.md
+++ b/ext/openssl/History.md
@ -1,3 +1,26 @@
 Version 2.0.9
 =============
 Security fixes
 --------------
 * OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
  objects. CVE-2018-16395 is assigned for this issue.
  https://hackerone.com/reports/387250
 Bug fixes
 ---------
 * Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
  interrupted.
  [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
  [[GitHub #205]](https://github.com/ruby/openssl/pull/205)
 * Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
  called against an empty instance.
  [[GitHub #200]](https://github.com/ruby/openssl/issues/200)
  [[GitHub #211]](https://github.com/ruby/openssl/pull/211)
 Version 2.0.8
 =============
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@ -33,6 +33,9 @@ end
 Logging::message "=== Checking for system dependent stuff... ===\n"
 have_library("nsl", "t_open")
 have_library("socket", "socket")
 if $mswin || $mingw
  have_library("ws2_32")
 end
 Logging::message "=== Checking for required stuff... ===\n"
 result = pkg_config("openssl") && have_header("openssl/ssl.h")
@ -122,6 +125,10 @@ engines.each { |name|
  OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
 }
 if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
  $defs.push("-DNOCRYPT")
 end
 # added in 0.9.8X
 have_func("EVP_CIPHER_CTX_new")
 have_func("EVP_CIPHER_CTX_free")
--- a/ext/openssl/openssl.gemspec
+++ b/ext/openssl/openssl.gemspec
@ -1,20 +1,20 @@
 # -*- encoding: utf-8 -*-
-# stub: openssl 2.0.8 ruby lib
+# stub: openssl 2.0.9 ruby lib
 # stub: ext/openssl/extconf.rb
 Gem::Specification.new do |s|
  s.name = "openssl".freeze
-  s.version = "2.0.8"
+  s.version = "2.0.9"
  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
  s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata=
  s.require_paths = ["lib".freeze]
  s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze]
-  s.date = "2018-05-12"
+  s.date = "2018-10-17"
  s.description = "It wraps the OpenSSL library.".freeze
  s.email = ["ruby-core@ruby-lang.org".freeze]
  s.extensions = ["ext/openssl/extconf.rb".freeze]
-  s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "History.md".freeze, "README.md".freeze]
+  s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "README.md".freeze, "History.md".freeze]
  s.files = ["BSDL".freeze, "CONTRIBUTING.md".freeze, "History.md".freeze, "LICENSE.txt".freeze, "README.md".freeze, "ext/openssl/deprecation.rb".freeze, "ext/openssl/extconf.rb".freeze, "ext/openssl/openssl_missing.c".freeze, "ext/openssl/openssl_missing.h".freeze, "ext/openssl/ossl.c".freeze, "ext/openssl/ossl.h".freeze, "ext/openssl/ossl_asn1.c".freeze, "ext/openssl/ossl_asn1.h".freeze, "ext/openssl/ossl_bio.c".freeze, "ext/openssl/ossl_bio.h".freeze, "ext/openssl/ossl_bn.c".freeze, "ext/openssl/ossl_bn.h".freeze, "ext/openssl/ossl_cipher.c".freeze, "ext/openssl/ossl_cipher.h".freeze, "ext/openssl/ossl_config.c".freeze, "ext/openssl/ossl_config.h".freeze, "ext/openssl/ossl_digest.c".freeze, "ext/openssl/ossl_digest.h".freeze, "ext/openssl/ossl_engine.c".freeze, "ext/openssl/ossl_engine.h".freeze, "ext/openssl/ossl_hmac.c".freeze, "ext/openssl/ossl_hmac.h".freeze, "ext/openssl/ossl_ns_spki.c".freeze, "ext/openssl/ossl_ns_spki.h".freeze, "ext/openssl/ossl_ocsp.c".freeze, "ext/openssl/ossl_ocsp.h".freeze, "ext/openssl/ossl_pkcs12.c".freeze, "ext/openssl/ossl_pkcs12.h".freeze, "ext/openssl/ossl_pkcs5.c".freeze, "ext/openssl/ossl_pkcs5.h".freeze, "ext/openssl/ossl_pkcs7.c".freeze, "ext/openssl/ossl_pkcs7.h".freeze, "ext/openssl/ossl_pkey.c".freeze, "ext/openssl/ossl_pkey.h".freeze, "ext/openssl/ossl_pkey_dh.c".freeze, "ext/openssl/ossl_pkey_dsa.c".freeze, "ext/openssl/ossl_pkey_ec.c".freeze, "ext/openssl/ossl_pkey_rsa.c".freeze, "ext/openssl/ossl_rand.c".freeze, "ext/openssl/ossl_rand.h".freeze, "ext/openssl/ossl_ssl.c".freeze, "ext/openssl/ossl_ssl.h".freeze, "ext/openssl/ossl_ssl_session.c".freeze, "ext/openssl/ossl_version.h".freeze, "ext/openssl/ossl_x509.c".freeze, "ext/openssl/ossl_x509.h".freeze, "ext/openssl/ossl_x509attr.c".freeze, "ext/openssl/ossl_x509cert.c".freeze, "ext/openssl/ossl_x509crl.c".freeze, "ext/openssl/ossl_x509ext.c".freeze, "ext/openssl/ossl_x509name.c".freeze, "ext/openssl/ossl_x509req.c".freeze, "ext/openssl/ossl_x509revoked.c".freeze, "ext/openssl/ossl_x509store.c".freeze, "ext/openssl/ruby_missing.h".freeze, "lib/openssl.rb".freeze, "lib/openssl/bn.rb".freeze, "lib/openssl/buffering.rb".freeze, "lib/openssl/cipher.rb".freeze, "lib/openssl/config.rb".freeze, "lib/openssl/digest.rb".freeze, "lib/openssl/pkey.rb".freeze, "lib/openssl/ssl.rb".freeze, "lib/openssl/x509.rb".freeze]
  s.homepage = "https://www.ruby-lang.org/".freeze
  s.licenses = ["Ruby".freeze]
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@ -196,7 +196,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
 static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
 	return pkey->pkey._name; }
 #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
-static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
+static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
 	if (a1) *a1 = obj->a1; \
 	if (a2) *a2 = obj->a2; } \
 static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
@ -205,7 +205,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
 	BN_clear_free(obj->a2); obj->a2 = a2; \
 	return 1; }
 #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
-static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
+static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
 	if (a1) *a1 = obj->a1; \
 	if (a2) *a2 = obj->a2; \
 	if (a3) *a3 = obj->a3; } \
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@ -1078,6 +1078,7 @@ static void Init_ossl_locks(void)
 void
 Init_openssl(void)
 {
 #undef rb_intern
    /*
     * Init timezone info
     */
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@ -1412,6 +1412,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
 void
 Init_ossl_asn1(void)
 {
 #undef rb_intern
    VALUE ary;
    int i;
--- a/ext/openssl/ossl_pkcs12.c
+++ b/ext/openssl/ossl_pkcs12.c
@ -237,6 +237,7 @@ ossl_pkcs12_to_der(VALUE self)
 void
 Init_ossl_pkcs12(void)
 {
 #undef rb_intern
 #if 0
    mOSSL = rb_define_module("OpenSSL");
    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@ -1054,6 +1054,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self)
 void
 Init_ossl_pkcs7(void)
 {
 #undef rb_intern
 #if 0
    mOSSL = rb_define_module("OpenSSL");
    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@ -20,6 +20,21 @@ static ID id_private_q;
 /*
 * callback for generating keys
 */
 static VALUE
 call_check_ints0(VALUE arg)
 {
    rb_thread_check_ints();
    return Qnil;
 }
 static void *
 call_check_ints(void *arg)
 {
    int state;
    rb_protect(call_check_ints0, Qnil, &state);
    return (void *)(VALUE)state;
 }
 int
 ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
 {
@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
 	*/
 	rb_protect(rb_yield, ary, &state);
 	if (state) {
 	    arg->stop = 1;
 	    arg->state = state;
 	    return 0;
 	}
    }
    if (arg->interrupted) {
 	arg->interrupted = 0;
 	state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
 	if (state) {
 	    arg->state = state;
 	    return 0;
 	}
    }
    if (arg->stop) return 0;
    return 1;
 }
@ -50,7 +72,7 @@ void
 ossl_generate_cb_stop(void *ptr)
 {
    struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
-    arg->stop = 1;
+    arg->interrupted = 1;
 }
 static void
@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
 void
 Init_ossl_pkey(void)
 {
 #undef rb_intern
 #if 0
    mOSSL = rb_define_module("OpenSSL");
    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
--- a/ext/openssl/ossl_pkey.h
+++ b/ext/openssl/ossl_pkey.h
@ -41,7 +41,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
 struct ossl_generate_cb_arg {
    int yield;
-    int stop;
+    int interrupted;
    int state;
 };
 int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@ -1676,6 +1676,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
 void Init_ossl_ec(void)
 {
 #undef rb_intern
 #if 0
    mPKey = rb_define_module_under(mOSSL, "PKey");
    cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
--- a/ext/openssl/ossl_version.h
+++ b/ext/openssl/ossl_version.h
@ -10,6 +10,6 @@
 #if !defined(_OSSL_VERSION_H_)
 #define _OSSL_VERSION_H_
-#define OSSL_VERSION "2.0.8"
+#define OSSL_VERSION "2.0.9"
 #endif /* _OSSL_VERSION_H_ */
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@ -441,6 +441,7 @@ ossl_x509ext_to_der(VALUE obj)
 void
 Init_ossl_x509ext(void)
 {
 #undef rb_intern
 #if 0
    mOSSL = rb_define_module("OpenSSL");
    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@ -239,14 +239,31 @@ ossl_x509name_to_s_old(VALUE self)
 {
    X509_NAME *name;
    char *buf;
    VALUE str;
    GetX509Name(self, name);
    buf = X509_NAME_oneline(name, NULL, 0);
-    str = rb_str_new2(buf);
+    if (!buf)
-    OPENSSL_free(buf);
+	ossl_raise(eX509NameError, "X509_NAME_oneline");
    return ossl_buf2str(buf, rb_long2int(strlen(buf)));
 }
-    return str;
+static VALUE
 x509name_print(VALUE self, unsigned long iflag)
 {
    X509_NAME *name;
    BIO *out;
    int ret;
    GetX509Name(self, name);
    out = BIO_new(BIO_s_mem());
    if (!out)
 	ossl_raise(eX509NameError, NULL);
    ret = X509_NAME_print_ex(out, name, 0, iflag);
    if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
 	BIO_free(out);
 	ossl_raise(eX509NameError, "X509_NAME_print_ex");
    }
    return ossl_membio2str(out);
 }
 /*
@ -264,25 +281,12 @@ ossl_x509name_to_s_old(VALUE self)
 static VALUE
 ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
 {
-    X509_NAME *name;
+    rb_check_arity(argc, 0, 1);
-    VALUE flag, str;
+    /* name.to_s(nil) was allowed */
-    BIO *out;
+    if (!argc || NIL_P(argv[0]))
    unsigned long iflag;
    rb_scan_args(argc, argv, "01", &flag);
    if (NIL_P(flag))
 	return ossl_x509name_to_s_old(self);
-    else iflag = NUM2ULONG(flag);
+    else
-    if (!(out = BIO_new(BIO_s_mem())))
+	return x509name_print(self, NUM2ULONG(argv[0]));
 	ossl_raise(eX509NameError, NULL);
    GetX509Name(self, name);
    if (!X509_NAME_print_ex(out, name, 0, iflag)){
 	BIO_free(out);
 	ossl_raise(eX509NameError, NULL);
    }
    str = ossl_membio2str(out);
    return str;
 }
 /*
@ -358,7 +362,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
    result = ossl_x509name_cmp0(self, other);
    if (result < 0) return INT2FIX(-1);
-    if (result > 1) return INT2FIX(1);
+    if (result > 0) return INT2FIX(1);
    return INT2FIX(0);
 }
@ -462,6 +466,7 @@ ossl_x509name_to_der(VALUE self)
 void
 Init_ossl_x509name(void)
 {
 #undef rb_intern
    VALUE utf8str, ptrstr, ia5str, hash;
 #if 0
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@ -800,6 +800,7 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
 void
 Init_ossl_x509store(void)
 {
 #undef rb_intern
 #if 0
    mOSSL = rb_define_module("OpenSSL");
    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@ -48,6 +48,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
        assert_equal 2, ssl.peer_cert_chain.size
        assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der
        assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
      ensure
        ssl&.close
        sock&.close
@ -77,6 +79,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
        sock = TCPSocket.new("127.0.0.1", port)
        ssl = OpenSSL::SSL::SSLSocket.new(sock)
        ssl.connect
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
        ssl.close
        assert_not_predicate sock, :closed?
      ensure
@ -88,6 +91,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
        ssl = OpenSSL::SSL::SSLSocket.new(sock)
        ssl.sync_close = true  # !!
        ssl.connect
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
        ssl.close
        assert_predicate sock, :closed?
      ensure
@ -179,7 +183,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
        client_ca_from_server = sslconn.client_ca
        [@cli_cert, @cli_key]
      end
-      server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) }
+      server_connect(port, ctx) { |ssl|
        assert_equal([@ca], client_ca_from_server)
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
      }
    }
  end
@ -276,21 +283,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
    }
    start_server { |port|
      sock = TCPSocket.new("127.0.0.1", port)
      ctx = OpenSSL::SSL::SSLContext.new
      ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
      ctx.verify_callback = Proc.new do |preverify_ok, store_ctx|
        store_ctx.error = OpenSSL::X509::V_OK
        true
      end
-      ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
+      server_connect(port, ctx) { |ssl|
      ssl.sync_close = true
      begin
        ssl.connect
        assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
-      ensure
+        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
-        ssl.close
+      }
      end
    }
    start_server(ignore_listener_error: true) { |port|
@ -377,6 +379,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
    start_server { |port|
      server_connect(port) { |ssl|
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
        assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
        assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
        assert(ssl.post_connection_check("localhost"))
@ -398,6 +402,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
    @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
    start_server { |port|
      server_connect(port) { |ssl|
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
        assert(ssl.post_connection_check("localhost.localdomain"))
        assert(ssl.post_connection_check("127.0.0.1"))
        assert_raise(sslerr){ssl.post_connection_check("localhost")}
@ -418,6 +424,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
    @svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key)
    start_server { |port|
      server_connect(port) { |ssl|
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
        assert(ssl.post_connection_check("localhost.localdomain"))
        assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
        assert_raise(sslerr){ssl.post_connection_check("localhost")}
@ -644,6 +652,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
        ssl.connect
        assert_equal @cli_cert.serial, ssl.peer_cert.serial
        assert_predicate fooctx, :frozen?
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
      ensure
        ssl&.close
        sock.close
@ -655,6 +665,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
        ssl.hostname = "bar.example.com"
        ssl.connect
        assert_equal @svr_cert.serial, ssl.peer_cert.serial
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
      ensure
        ssl&.close
        sock.close
@ -727,7 +739,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
          ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
          ssl.hostname = name
          if expected_ok
-            assert_nothing_raised { ssl.connect }
+            ssl.connect
            ssl.puts "abc"; assert_equal "abc\n", ssl.gets
          else
            assert_handshake_error { ssl.connect }
          end
@ -856,6 +869,7 @@ end
    start_server_version(:SSLv23, ctx_proc) { |port|
      server_connect(port) { |ssl|
        assert_equal(1, num_handshakes)
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
      }
    }
  end
@ -874,6 +888,7 @@ if openssl?(1, 0, 2) || libressl?
      ctx.alpn_protocols = advertised
      server_connect(port, ctx) { |ssl|
        assert_equal(advertised.first, ssl.alpn_protocol)
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
      }
    }
  end
@ -996,14 +1011,11 @@ end
  end
  def test_close_after_socket_close
-    server_proc = proc { |ctx, ssl|
+    start_server { |port|
      # Do nothing
    }
    start_server(server_proc: server_proc) { |port|
      sock = TCPSocket.new("127.0.0.1", port)
      ssl = OpenSSL::SSL::SSLSocket.new(sock)
      ssl.sync_close = true
      ssl.connect
      ssl.puts "abc"; assert_equal "abc\n", ssl.gets
      sock.close
      assert_nothing_raised do
        ssl.close
@ -1068,6 +1080,7 @@ end
        ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
        server_connect(port, ctx) { |ssl|
          assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
          ssl.puts "abc"; assert_equal "abc\n", ssl.gets
        }
      end
    end
@ -1158,6 +1171,7 @@ end
            assert_equal "secp384r1", ssl.tmp_key.group.curve_name
          end
        end
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
      }
      if openssl?(1, 0, 2) || libressl?(2, 5, 1)
@ -1173,6 +1187,7 @@ end
        server_connect(port, ctx) { |ssl|
          assert_equal "secp521r1", ssl.tmp_key.group.curve_name
          ssl.puts "abc"; assert_equal "abc\n", ssl.gets
        }
      end
    end
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@ -113,6 +113,7 @@ __EOS__
    non_resumable = nil
    start_server { |port|
      server_connect_with_session(port, nil, nil) { |ssl|
        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
        non_resumable = ssl.session
      }
    }
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@ -1,4 +1,4 @@
-# coding: US-ASCII
+# coding: ASCII-8BIT
 # frozen_string_literal: false
 require_relative 'utils'
@ -322,6 +322,34 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
    assert_equal("Namiki", ary[5][1])
  end
  def test_to_s
    dn = [
      ["DC", "org"],
      ["DC", "ruby-lang"],
      ["CN", "フー, バー"],
    ]
    name = OpenSSL::X509::Name.new
    dn.each { |x| name.add_entry(*x) }
    assert_equal "/DC=org/DC=ruby-lang/" \
      "CN=\\xE3\\x83\\x95\\xE3\\x83\\xBC, \\xE3\\x83\\x90\\xE3\\x83\\xBC",
      name.to_s
    # OpenSSL escapes characters with MSB by default
    assert_equal \
      "CN=\\E3\\83\\95\\E3\\83\\BC\\, \\E3\\83\\90\\E3\\83\\BC," \
      "DC=ruby-lang,DC=org",
      name.to_s(OpenSSL::X509::Name::RFC2253)
    assert_equal "DC = org, DC = ruby-lang, " \
      "CN = \"\\E3\\83\\95\\E3\\83\\BC, \\E3\\83\\90\\E3\\83\\BC\"",
      name.to_s(OpenSSL::X509::Name::ONELINE)
    empty = OpenSSL::X509::Name.new
    assert_equal "", empty.to_s
    assert_equal "", empty.to_s(OpenSSL::X509::Name::COMPAT)
    assert_equal "", empty.to_s(OpenSSL::X509::Name::RFC2253)
    assert_equal "", empty.to_s(OpenSSL::X509::Name::ONELINE)
  end
  def test_equals2
    n1 = OpenSSL::X509::Name.parse 'CN=a'
    n2 = OpenSSL::X509::Name.parse 'CN=a'
@ -330,10 +358,16 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
  end
  def test_spaceship
-    n1 = OpenSSL::X509::Name.parse 'CN=a'
+    n1 = OpenSSL::X509::Name.new([["CN", "a"]])
-    n2 = OpenSSL::X509::Name.parse 'CN=b'
+    n2 = OpenSSL::X509::Name.new([["CN", "a"]])
    n3 = OpenSSL::X509::Name.new([["CN", "ab"]])
-    assert_equal(-1, n1 <=> n2)
+    assert_equal 0, n1 <=> n2
    assert_equal -1, n1 <=> n3
    assert_equal 0, n2 <=> n1
    assert_equal -1, n2 <=> n3
    assert_equal 1, n3 <=> n1
    assert_equal 1, n3 <=> n2
  end
  def name_hash(name)
--- a/version.h
+++ b/version.h
@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.4.5"
 #define RUBY_RELEASE_DATE "2018-10-18"
-#define RUBY_PATCHLEVEL 334
+#define RUBY_PATCHLEVEL 335
 #define RUBY_RELEASE_YEAR 2018
 #define RUBY_RELEASE_MONTH 10