* ext/openssl/extconf.rb: Use exception raising instead of message
and/or abort. We want to display error message to console _and_
logging into mkmf.log.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
before ossl_raise. this cause a test failure on Linux.
20120507T190102Z.log.html.gz
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35583 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::SSL::OP_NO_TLSv1_1
OpenSSL::SSL::OP_NO_TLSv1_2
to allow blocking specific TLS versions. Thanks to Justin Guyett for
pointing this out to me.
* test/openssl/test_ssl.rb: add tests to assert correct behavior when
blocking certain versions of TLS/SSL both on server and client side.
Also refactored tests to reduce boilerplate code a little.
* test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where
client rejects the connection because a forbidden protocol version
was used.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
SSLContext#version to inspect the version that was negotiated for
a given connection.
* ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support.
* test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they
are supported by the native OpenSSL being used.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/openssl/test_pkcs7.rb: assert correct behavior for it.
Thanks to Matt Venables for reporting the issue.
[ruby-core:43250][Bug #6134]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35167 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
values for Primitive instances.
* test/openssl/test_asn1.rb: Assert consistent behavior when
encoding nil values: Primitives raise TypeError, Constructives
raise NoMethodError.
Fixes [ruby-core:43009][Bug #6102]
-This line, and those below, will be ignored--
M test/openssl/test_asn1.rb
M ext/openssl/ossl_asn1.c
M ChangeLog
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35159 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This reverts commit r35102.
It breaks tests on FreeBSD.
6) Failure:
test_new_with_exponent(OpenSSL::TestPKeyRSA)
[/usr/home/chkbuild/build/ruby-trunk/20120323T010301Z/ruby/test/openssl/test_pkey_rsa.rb:59]:
<3> expected but was
<12884901891>.
7) Failure:
test_new_exponent_default(OpenSSL::TestPKeyRSA)
[/usr/home/chkbuild/build/ruby-trunk/20120323T010301Z/ruby/test/openssl/test_pkey_rsa.rb:52]:
<65537> expected but was
<281479271743489>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35116 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
option to prevent BEAST attack. See [Bug #5353].
In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
TLS-CBC-IV vulunerability described at
http://www.openssl.org/~bodo/tls-cbc.txt
It's known issue of TLSv1/SSLv3 but it attracts lots of attention
these days as BEAST attack. (CVE-2011-3389)
Until now ossl sets OP_ALL at SSLContext allocation and call
SSL_CTX_set_options at connection. SSL_CTX_set_options updates the
value by using |= so bits set by OP_ALL cannot be unset afterwards.
This commit changes to call SSL_CTX_set_options only 1 time for each
SSLContext. It sets the specified value if SSLContext#options= are
called and sets OP_ALL if not.
To help users to unset bits in OP_ALL, this commit also adds several
constant to SSL such as
OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were
not exposed in Ruby because there's no way to unset bits in OP_ALL
before.
Following is an example to enable 0/n split for BEAST prevention.
ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS
* test/openssl/test_ssl.rb: Test above option exists.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
unrecognized OIDs instead of the sn "UNDEF".
* test/openssl/test_x509name.rb: Add tests for the fixed behavior.
Patch provided by Paul Kehrer, thanḱ you!
[ruby-core:41769] [Feature #5787]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34481 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Thanks to Mantas Mikulenas for noticing and providing a patch!
[ruby-core:42358] [Bug #5972]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34469 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (ossl_pem_passwd_cb0, ossl_verify_cb):
pem_passwd_cb and verify_cb ignores the exception raised in a
callback proc so it should clear $! for subsequent execution.
That's said, both subsequent processes for pem_passwd_cb and
verify_cb raises another exception before leaking $! to Ruby world.
We cannot test this fix in Ruby land.
* test/openssl/test_pkey_rsa.rb
(test_read_private_key_pem_pw_exception): Test for pem_passwd_cb +
exception.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34078 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
exponent value correctly. Awful bug. This bug caused exponent of
generated key to be always '1'. By default, and regardless of e
given as a parameter.
!!! Keys generated by this code (trunk after 2011-09-01) must be
re-generated !!! (ruby_1_9_3 is safe)
* test/openssl/test_pkey_rsa.rb: Add tests for default exponent and
specifying exponent by a parameter.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33633 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
binary data.
* test/openssl/test_ssl.rb: Add test for it.
Thanks to Niklas Baumstark for reporting the issue!
[Ruby 1.9 - Bug #5233] [ruby-core:39120]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
fed arbitrary string values.
Clearly distinguish between the cases "universal, infinite and
not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly
infinite". Raise error for universal tags that are not infinite.
* test/openssl/test_asn1.rb: add a test for this.
Thanks to Hiroshi Yoshida for reporting this bug.
[Bug #5363] [ruby-dev:44542]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33333 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
