* ext/openssl/extconf.rb: Should check SSLv2_*method.
openssl compiled with "no-ssl2" the extconf don't fail
when running `make' having this compilation errors.
Patched by Laurent Arnoud. fixes#4562, #4556
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@32234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ssl_session.c
(ossl_ssl_session_{get,set}_time{,out}): fixed a bug introduced by
backporting. (see [ruby-dev:40573]) use long in according to
OpenSSL API. (SSL_SESSION_{get,set}_time{,out})
* ext/openssl/ossl_x509name.c: added X509::Name#hash_old as a wrapper
for X509_NAME_hash_old in OpenSSL 1.0.0.
* test/openssl/test_x509name.rb (test_hash): make test pass with
OpenSSL 1.0.0.
* test/openssl/test_x509*: make tests pass with OpenSSL 1.0.0b5.
* PKey::PKey#verify raises an exception when a given PKey does not
match with signature.
* PKey::DSA#sign accepts SHA1, SHA256 other than DSS1.
* backport the commit from trunk:
Sun Feb 28 11:49:35 2010 NARUSE, Yui <naruse@ruby-lang.org>
* openssl/ossl.c (OSSL_IMPL_SK2ARY): for OpenSSL 1.0.
patched by Jeroen van Meeuwen at [ruby-core:25210]
fixed by Nobuyoshi Nakada [ruby-core:25238],
Hongli Lai [ruby-core:27417],
and Motohiro KOSAKI [ruby-core:28063]
* ext/openssl/ossl_ssl.c (ossl_ssl_method_tab),
(ossl_ssl_cipher_to_ary): constified.
* ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls):
split pkcs7_get_certs_or_crls.
* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
truncated with ec_key.group.order.size after openssl 0.9.8m for
FIPS 186-3 compliance.
WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
false when you pass dgst longer than expected (no truncation
performed).
* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
* ext/openssl/ossl_config.c: defined own IMPLEMENT_LHASH_DOALL_ARG_FN_098
macro according to IMPLEMENT_LHASH_DOALL_ARG_FN in OpenSSL 0.9.8m.
OpenSSL 1.0.0beta5 has a slightly different definiton so it could
be a temporal workaround for 0.9.8 and 1.0.0 dual support.
* ext/openssl/ossl_pkcs5.c (ossl_pkcs5_pbkdf2_hmac): follows function
definition in OpenSSL 1.0.0beta5. PKCS5_PBKDF2_HMAC is from 1.0.0
(0.9.8 only has PKCS5_PBKDF2_HMAC_SHA1)
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_eq): do not use
SSL_SESSION_cmp and implement equality func by ousrself. See the
comment.
* ext/openssl/extconf.rb: check some functions added at OpenSSL 1.0.0.
* ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which
exists.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@28367 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl: backport fixes in 1.9.
* r25019 by marcandre
* ossl_ocsp.c (ossl_ocspres_to_der): Bug fix in Response#to_def.
Patch by Chris Chandler [ruby-core:18411]
* r25017 by marcandre
* ossl_config.c (ossl_config_add_value_m,
ossl_config_set_section): Check if frozen (or untrusted for
$SECURE >= 4) [ruby-core:18377]
* r22925 by nobu
* ext/openssl/openssl_missing.h (i2d_of_void): cast for callbacks.
[ruby-core:22860]
* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a
warning.
* ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may
be larger than long.
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time),
(ossl_ssl_session_get_timeout): use TIMET2NUM() to convert
time_t.
* r22924 by nobu
* ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): should use
OPENSSL_free instead of free. a patch from Charlie Savage at
[ruby-core:22858].
* r22918 by akr
* ext/openssl: suppress warnings.
* ext/openssl/ossl.h (OSSL_Debug): don't use gcc extention for
variadic macro.
* r22666 by akr
* ext/openssl/lib/openssl/buffering.rb: define Buffering module
under OpenSSL. [ruby-dev:37906]
* r22440 by nobu
* ext/openssl/ossl_ocsp.c (ossl_ocspbres_verify): OCSP_basic_verify
returns positive value on success, not non-zero.
[ruby-core:21762]
* r22378 by akr
* ext/openssl: avoid cyclic require.
* ext/openssl/lib/openssl/ssl-internal.rb: renamed from ssl.rb
* ext/openssl/lib/openssl/x509-internal.rb: renamed from x509.rb.
[ruby-dev:38018]
* r22101 by nobu
* ext/openssl/ossl_cipher.c (add_cipher_name_to_ary): used
conditionally.
* r21510 by akr
* ext/openssl/ossl.c (ossl_raise): abolish a warning.
* r21208 by akr
* ext/openssl/ossl_digest.c (GetDigestPtr): use StringValueCStr
instead of STR2CSTR.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
(ossl_ec_group_initialize): ditto.
* r19420 by mame
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_to_string): comment out
fragments of unused code.
* r18975 by nobu
* ext/openssl/ossl_ocsp.c (ossl_ocspres_initialize): fix for
initialization of r18168.
* r18971 by nobu
* ext/openssl/ossl_config.c (Init_ossl_config): removed C99ism.
* r18944 by matz
* ext/openssl/ossl_config.c (Init_ossl_config): memory leak fixed.
a patch <shinichiro.hamaji at gmail.com> in [ruby-dev:35880].
* ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): ditto.
* r18917 by nobu
* ext/openssl/ossl_x509attr.c (ossl_x509attr_initialize): fix for
initialization of r18168.
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_initialize): ditto.
* ext/openssl/ossl_x509name.c (ossl_x509name_initialize): ditto.
* r18283 by nobu
* ext/openssl/ossl_asn1.c (ossl_asn1_get_asn1type): suppress
warnings on platforms which int size differs from pointer size.
* r18181 by nobu
* ext/openssl/openssl_missing.h (d2i_of_void): define for older
versions. [ruby-dev:35637]
* r18168 by nobu
* ext/openssl: suppress warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@28004 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add a null check for ssl; submitted by akira yamada
in [ruby-dev:34950].
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): Define OP_NO_TICKET if
SSL_OP_NO_TICKET is present; submitted by akira yamada
in [ruby-dev:34944].
* test/openssl/test_ssl.rb (OpenSSL#test_server_session): Add a
workaround for the case where OpenSSL is configured with
--enable-tlsext; submitted by akira yamada in [ruby-dev:34944].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@16857 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
to get last error on the current thread. And should report
errors are on the stack while OpenSSL.debug is true.
* ext/openssl/ossl.c (ossl_get_errors): new method for debugging
this library.
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.
* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
of unused variable.
* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
set @time to avoid warning.
* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
wrapped functions failed.
* test/openssl/test_x509store.rb: add test for errors.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
- SSLContext#client_cert_cb=(aProc). it is called when a client
certificate is requested by a server and no certificate was not
set for the SSLContext. it must return an Array which includes
OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects.
- SSLContext#tmp_dh_callback=(aProc). it is called in key
exchange with DH algorithm. it must return an OpenSSL::PKey::DH
object.
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): ignore the
argument if it's nil.
* ext/openssl/ossl_pkey.c
(GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first.
(DupPrivPKeyPtr): new function.
* ext/openssl/ossl_pkey_dh.c: add default DH parameters.
* ext/openssl/ossl_pkey.h: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
ossl_ssl_write):
- need to set errno on Win32 platform.
- should call rb_sys_fail instead of rasing SSLError if
SSL_ERROR_SYSCALL occured.
- should wait for that the underlying IO become readable or
writable if the error was SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE. [ruby-dev:25795]
* ext/openssl/lib/openssl/buffering.rb
(Buffering#initialize): should set @eof and @rbuffer.
(Buffering#fill_rbuff): should rescue Errno::EAGAIN.
(Buffering#consume_rbuf): pointless eof flag resetting is deleted.
(Buffering#read): should return an empty string if the specified
size is zero.
(Buffering#readpartial): new method.
(Buffering#readline): fix typo.
(Buffering#getc): return the first character of string correctly.
(Buffering#each): fix typo. suggested by Brian Ollenberger.
(Buffering#readchar): fix typo.
(Buffering#eof?): should read again it the input buffer is empty.
(Buffering#do_write): should rescue Errno::EAGAIN.
(Buffering#puts): use "\n" as the output field separator.
* ext/openssl/lib/openssl/ssl.rb: set non-blocking flag to the
underlying IO.
* ext/openssl/extconf.rb: get rid of GNUmakefile generation.
* text/openssl/test_pair.rb: test for IO like methods.
* test/ruby/ut_eof.rb: test about empty file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8104 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/cgi/session.rb (CGI::Session::initialize): generate new
session if given session_id does not exist. [ruby-list:40368]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
- should return an empty string if specified length to read is 0.
- should check for pending data and wait for fd before reading.
- call underlying IO's sysread if SSL session is not started.
[ruby-dev:24072], [ruby-dev:24075]
* ext/openssl/ossl_ssl.c (ossl_ssl_write):
- call underlying IO's syswrite if SSL session is not started.
* ext/openssl/ossl_ssl.c (ossl_ssl_pending): new method
OpenSSL::SSL#pending.
* ext/openssl/lib/openssl/buffering.rb: should not use select.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
to specify a string to be written.
* ext/openssl/lib/openssl/buffering.rb (OpenSSL::Buffering#read):
take optional second argument to specify a string to be written.
* ext/openssl/lib/openssl/buffering.rb (OpenSSL::Buffering#gets):
refine regexp for end-of-line.
* ext/opnessl/lib/openssl/ssl.rb
(OpenSSL::SSL::SocketForwarder#listen): fix typo.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6550 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
status by SSL_get_error().
* ext/openssl/ossl_ssl.c (ossl_ssl_write): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5278 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
SSL_connect and SSL_accept; if SSL_connect (or SSL_accept) returned
but not finished the handshake process, we should retry it.
* ext/openssl/ossl_ssl.c (ossl_ssl_connect): call ossl_start_ssl.
* ext/openssl/ossl_ssl.c (ossl_ssl_accept): ditto.
* ext/openssl/ossl_ssl.c (ossl_ssl_read): allow signal traps.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5127 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/https.rb (HTTPRequest#meta_vars): create
SSL_CLIENT_CERT_CHAIN_n from @client_cert_chain.
* ext/openssl/ossl_ssl.c (ossl_ssl_get_peer_cert_chain): return nil
if no cert-chain was given.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4897 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
SSLSocket#peer_cert_chain.
* ext/openssl/ossl_x509req.c (GetX509ReqPtr): new function
which returns underlying X509_REQ.
* ext/openssl/ossl_x509ext.c (ossl_x509extfactory_set_issuer_cert,
ossl_x509extfactory_set_subject_cert, ossl_x509extfactory_set_crl,
ossl_x509extfactory_set_subject_req, ossl_x509extfactory_set_config):
use underlying C struct without duplication not to leak momory.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
add new method to inherit @sync from @io.sync.
* ext/openssl/lib/net/protocols.rb (SSLIO#ssl_connect): no need to
set sync flag explicitly.
* ext/openssl/ossl_ssl.c (ossl_sslctx_initialize): call super.
* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): set extra chain
certificates in @extra_chain_cert.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4859 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
compatibility stuff. and remove DEFINE_ALLOC_WRAPPER from
all sources.
* ext/openssl/ossl_x509ext.c (X509::Extension.new): new method.
* ext/openssl/ossl_x509ext.c (X509::Extension#oid=): new method.
* ext/openssl/ossl_x509ext.c (X509::Extension#value=): new method.
* ext/openssl/ossl_x509ext.c (X509::Extension#critical=): new method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4522 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
a builtin.
* ext/openssl/lib/openssl/buffering.rb (Buffering#close): ditto.
* ext/openssl/lib/openssl/buffering.rb (Buffering#puts): should
add a return to the tails of each line.
* ext/openssl/lib/openssl/ssl.rb: new class OpenSSL::SSL::SSLServer.
* ext/openssl/lib/net/protocols.rb (SSLIO#ssl_connect): use sync_close.
* ext/openssl/sample/echo_svr.rb: use SSLServer.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4407 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
from 1k to 16k bytes. [ruby-talk:78603]
* ext/openssl/ossl_ssl.c (ossl_sslctx_s_alloc): enable
partial write to allow interruption in SSLSocket#sysread.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4363 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ssl.c (TO_SOCKET): define special version when
_WIN32 is defined. this is ruby's problem, not OpenSSL.
* win32/win32.c: remove some old comments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4172 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
