* ext/openssl/ossl_asn1.c (obj_to_asn1bool): fixed ASN1::Boolean
encoding issue for OpenSSL 1.0.0 compatibility.
ASN1::Boolean.new(false).to_der wrongly generated "\1\1\377" which
means 'true'.
ASN1_TYPE_set of OpenSSL <= 0.9.8 treats value 0x100 as 'false'
but OpenSSL >= 1.0.0 treats it as 'true'. ruby-ossl was using
0x100 for 'false' for backward compatibility. Just use 0x0 for
the case OpenSSL >= OpenSSL 0.9.7.
* test/openssl/test_asn1.rb: test added.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29075 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_config.c, ext/openssl/lib/openssl/config.rb,
ext/openssl/lib/openssl.rb: reimplement OpenSSL::Config in Ruby.
Now it should work on windows.
* test/openssl/test_config.rb: added tests for OpenSSL::Config#dup.
* test/openssl/test_config.rb: added tests for Config#clone.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29048 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
truncated with ec_key.group.order.size after openssl 0.9.8m for
FIPS 186-3 compliance.
WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
false when you pass dgst longer than expected (no truncation
performed).
* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27645 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
test_x509req.rb}:
fix false positive tests because of OpenSSL spec change.
patched by originally Hongli Lai [ruby-core:27417],
and fixed by Motohiro KOSAKI [ruby-core:28063]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26780 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
remove false positive tests because of OpenSSL spec change.
patched by Motohiro KOSAKI [ruby-core:28063]
see also [ruby-dev:40077]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26779 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::SSL::SSLSocket should implement read_nonblock. a patch
from Aaron Patterson in [ruby-core:20277]. fix: #814 [ruby-core:20241]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20493 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?),
when use default SSLContext. [ruby-dev:36167]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@19268 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add a null check for ssl; submitted by akira yamada
in [ruby-dev:34950].
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): Define OP_NO_TICKET if
SSL_OP_NO_TICKET is present; submitted by akira yamada
in [ruby-dev:34944].
* test/openssl/test_ssl.rb (OpenSSL#test_server_session): Add a
workaround for the case where OpenSSL is configured with
--enable-tlsext; submitted by akira yamada in [ruby-dev:34944].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16842 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
New method SSLContext#setup to aid C extension writers.
* test/openssl/test_ssl.rb: Add tests for new method and sessions.
Use threads for ssl server instead of forking.
* ext/openssl/ossl_version.h: Bump version.
* ext/openssl/ossl_x509ext.c: Fix warnings.
* test/openssl/utils.rb: Fix warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16111 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
new method OpenSSL::SSL::SSLContext#ssl_version to wrap
SSL_CTX_set_ssl_version.
* ext/openssl/ossl_ssl.c (ossl_ssl_get_verify_result):
new method OpenSSL::SSL::SSLSocket#verify_result to wrap
SSL_get_verrify_result.
* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLContext.build):
new method to build OpenSSL::SSL::SSLContext with Hash parameters.
this method provides safety default parameters than SSLContext.new.
* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL.verify_cetificate_identity):
new module function: pull out identity verification process
from OpenSSL::SSL::SSLSocket#post_connection_check.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14270 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Fix ruby-Bugs-11513.
* ext/openssl/ossl_pkey_ec.c
New methods EC::Point.[eql,make_affine!,invert!,on_curve?,infinity?]
By default output the same key form as the openssl command.
* ext/openssl/ossl_rand.c
New method Random.status?
* test/openssl/test_ec.rb
New tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12571 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_x509ext.c (MakeX509ExtFactory): should use
OPENSSL_malloc to allocate X509V3_CTX.
* ext/openssl/ossl_x509ext.c (ossl_x509extfactory_create_ext): use
X509V3_EXT_nconf_nid to avoid SEGV (and to build extensions which
values are placed in separate section).
* test/openssl/test_x509ext.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
not be empty. [ruby-talk:161220]
* test/openssl/test_cipher.rb: add test for Cipher#update("").
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
an instance variable "private" is added to OpenSSL::PKey class.
this ivar is a flag that shows whether there is a private key
in the instance.
* ext/openssl/ossl_engine.c: (ossl_engine_load_privkey): set private
key flag.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
to avoid a bug of PKCS7_enctypt() (only if ext/openssl is
compiled with OpenSSL-0.9.7d or earlier versions).
http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9130 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkcs7.c: new class OpenSSL::PKCS7::RecipientInfo.
this class wraps PKCS7_RECIP_INFO struct.
* ext/openssl/ossl_pkcs7.c: OpenSSL::PKCS7::Signer is renamed to
OpenSSL::PKCS7::SignerInfo. ("Signer" remains as an alias of
SignerInfo.)
* test/openssl/test_pkcs7.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9094 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
the argument as a string.
* ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method.
* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
set @time to avoid warning.
* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
wrapped functions fails.
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.
* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
of unused variable.
* test/openssl/test_ns_spki.rb: add new file.
* test/openssl/test_x509store.rb: add test for error.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9021 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
- SSLContext#client_cert_cb is a Proc. it is called when a client
certificate is requested by a server and no certificate was yet
set for the SSLContext. it must return an Array which includes
OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects.
- SSLContext#tmp_dh_callback is called in key exchange with DH
algorithm. it must return an OpenSSL::PKey::DH object.
* ext/openssl/ossl_ssl.c:
(ossl_sslctx_set_ciphers): ignore the argument if it's nil.
(ossl_start_ssl, ossl_ssl_write): call rb_sys_fail if errno isn't 0.
[ruby-dev:25831]
* ext/openssl/ossl_pkey.c
(GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first.
(DupPrivPKeyPtr): new function.
* ext/openssl/ossl_pkey_dh.c: add default DH parameters.
* ext/openssl/ossl_pkey.h: ditto.
* ext/openssl/lib/openssl/cipher.rb: fix typo. [ruby-dev:24285]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8129 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
