* test/openssl/test_ssl.rb: Add a test for it.
Thanks to Eric Wong for the patch.
[Ruby 1.9 - Feature #5183] [ruby-core:38911]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32973 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
SSLError from SSLSocket just after invoking SSLSocket#close.
OpenSSL's SSL_shutdown could try to send alert packet and it might
set SSLerr(global error stack) as the result. It causes the next
SSL read/write operation to fail by unrelated reason.
By design, we're ignoring any error at SSL_shutdown() so we clear
global error stack after SSL_shutdown is called. See #5039.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
connection more gracefully. Call SSL_shutdown() max 4 times until it
returns 1 (success). Bi-directional SSL close has several states but
SSL_shutdown() kicks only 1 transition per call. Max 4 is from
mod_ssl.c of Apache httpd that says 'max 2x pending * 2x data = 4'.
See #4237.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32219 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL from the callback for SSL_CTX_sess_set_get_cb().
Returning 0 means to OpenSSL that the the session is still valid
(since we created Ruby Session object) and was not freed by us with
SSL_SESSION_free(). Call SSLContext#remove_session(sess) in
session_get_cb block if you don't want OpenSSL to cache the session
internally.
This potential issue was pointed by Ippei Obayashi. See #4416.
* test/openssl/test_ssl_session.rb (test_ctx_server_session_cb): Test
it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32204 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::SSL::SSLContext#session_remove_cb was broken. It wrongly
tried to call the session_*new*_cb callback.
* test/openssl/test_ssl_session.rb (class OpenSSL): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
However, the problem is not revised in this.
This adds the control of using function of SSLv2 in made macro by function check.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31528 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add additional documentation for OpenSSL::SSL::SSLContext and
OpenSSL::SSL::SSLSocket.
Move "let rdoc know about mOSSL" comments so they don't show up in output.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30090 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
blocked on Windows while blocking call for SSLSocket. Need to
convert errno for letting rb_io_wait_readable detect EWOULDBLOCK.
Patch by arton. ref #3794.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29197 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
use sk_SSL_CIPHER_num and sk_SSL_CIPHER_value instead of cast.
patched by Takahiro Kambe [ruby-dev:41530]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28282 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
which allows net/https to specify timeout. [ruby-core:24812]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27282 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
[ruby-core:22860]
* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a
warning.
* ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may
be larger than long.
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time),
(ossl_ssl_session_get_timeout): use TIMET2NUM() to convert
time_t.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22925 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG doesn't fit into Fixnum.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::SSL::SSLSocket should implement read_nonblock. a patch
from Aaron Patterson in [ruby-core:20277]. fix: #814 [ruby-core:20241]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20493 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add a null check for ssl; submitted by akira yamada
in [ruby-dev:34950].
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): Define OP_NO_TICKET if
SSL_OP_NO_TICKET is present; submitted by akira yamada
in [ruby-dev:34944].
* test/openssl/test_ssl.rb (OpenSSL#test_server_session): Add a
workaround for the case where OpenSSL is configured with
--enable-tlsext; submitted by akira yamada in [ruby-dev:34944].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16842 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
New method SSLContext#setup to aid C extension writers.
* test/openssl/test_ssl.rb: Add tests for new method and sessions.
Use threads for ssl server instead of forking.
* ext/openssl/ossl_version.h: Bump version.
* ext/openssl/ossl_x509ext.c: Fix warnings.
* test/openssl/utils.rb: Fix warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16111 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
new method OpenSSL::SSL::SSLContext#ssl_version to wrap
SSL_CTX_set_ssl_version.
* ext/openssl/ossl_ssl.c (ossl_ssl_get_verify_result):
new method OpenSSL::SSL::SSLSocket#verify_result to wrap
SSL_get_verrify_result.
* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLContext.build):
new method to build OpenSSL::SSL::SSLContext with Hash parameters.
this method provides safety default parameters than SSLContext.new.
* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL.verify_cetificate_identity):
new module function: pull out identity verification process
from OpenSSL::SSL::SSLSocket#post_connection_check.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14270 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
