* ext/openssl/digest.c ext/openssl/lib/openssl/digest.rb:
Commit patch #9280 from Akinori MUSHA.
Simplify the OpenSSL::Digest class and make use of the
existing Digest framework.
Enhance performance.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@15600 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
r12496. handling EOF is a little differnt in ruby 1.8 and ruby 1.9.
[ruby-dev:31979]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@13706 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Net::HTTP#enable_post_connection_check. [ruby-dev:31960]
* lib/net/imap.rb: hostname should be verified against server's
indentity as persented in the server's certificate. [ruby-dev:31960]
* ext/openssl/lib/net/telnets.rb, ext/openssl/lib/net/ftptls.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@13657 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
be matched with its certificate's commonName) is added.
this verification can be skipped by
"Net::HTTP#enable_post_connection_check=(false)".
suggested by Chris Clark <cclark at isecpartners.com>
* lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to
perform SSL post connection check.
* ext/openssl/lib/openssl/ssl.c
(OpenSSL::SSL::SSLSocket#post_connection_check): refine error message.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@13500 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Fix ruby-Bugs-11513.
* ext/openssl/ossl_pkey_ec.c
New methods EC::Point.[eql,make_affine!,invert!,on_curve?,infinity?]
By default output the same key form as the openssl command.
* ext/openssl/ossl_rand.c
New method Random.status?
* test/openssl/test_ec.rb
New tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@12572 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
they are already checked at configure.
reported by KOBAYASHI Yasuhiro [ruby-list:43225]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11933 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
treat wildcard character in commonName. [ruby-dev:28121]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_x509ext.c (MakeX509ExtFactory): should use
OPENSSL_malloc to allocate X509V3_CTX.
* ext/openssl/ossl_x509ext.c (ossl_x509extfactory_create_ext): use
X509V3_EXT_nconf_nid to avoid SEGV (and to build extensions which
values are placed in separate section).
* test/openssl/test_x509ext.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
not be empty. [ruby-talk:161220]
* test/openssl/test_cipher.rb: add test for Cipher#update("").
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
an instance variable "private" is added to OpenSSL::PKey class.
this ivar is a flag that shows whether there is a private key
in the instance.
* ext/openssl/ossl_engine.c: (ossl_engine_load_privkey): set private
key flag.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::Engine.by_id calls given block before calling
ENGINE_init (block parameter is the return value of this method
itself). this functionality is useful to load dynamic shared
engines. the following code is a sample of loading a key using
OpenSC PKCS #11 module.
require "openssl"
pkcs11 = OpenSSL::Engine.by_id("dynamic"){|e|
e.ctrl_cmd("SO_PATH", "/usr/lib/opensc/engine_pkcs11.so")
e.ctrl_cmd("LIST_ADD", "1")
e.ctrl_cmd("LOAD")
}
pkcs11.ctrl_cmd("PIN", "secret")
key = pkcs11.load_private_key
* ext/openssl/ossl_engine.c (ossl_engine_ctrl_cmd): new method
OpenSSL::Engine#ctrl_cmd. it wraps ENGINE_ctrl_cmd_string.
* ext/openssl/ossl_engine.c (ossl_engine_get_cmds): new method
OpenSSL::Engine#cmds. it returms engine command definitions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9116 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkcs7.c: new class OpenSSL::PKCS7::RecipientInfo.
this class wraps PKCS7_RECIP_INFO struct.
* ext/openssl/ossl_pkcs7.c: OpenSSL::PKCS7::Signer is renamed to
OpenSSL::PKCS7::SignerInfo. ("Signer" remains as an alias of
SignerInfo.)
* test/openssl/test_pkcs7.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9114 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
the argument is a DER string if Base64 decoding failed.
* ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method.
* test/openssl/test_ns_spki.rb: add new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9113 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
these features are enabled if this library is compiled with
OpenSSL 0.9.8 or later.
* test/openssl/test_digest.rb: add test for new digests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9111 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
to get last error on the current thread. And should report
errors are on the stack while OpenSSL.debug is true.
* ext/openssl/ossl.c (ossl_get_errors): new method for debugging
this library.
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.
* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
of unused variable.
* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
set @time to avoid warning.
* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
wrapped functions failed.
* test/openssl/test_x509store.rb: add test for errors.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
should clear data from the buffer which already been output.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9077 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
<openssl/x509_vfy.h> to avoid compilation error of mswin32.
suggested by NAKAMURA Usaku.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8837 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
- SSLContext#client_cert_cb=(aProc). it is called when a client
certificate is requested by a server and no certificate was not
set for the SSLContext. it must return an Array which includes
OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects.
- SSLContext#tmp_dh_callback=(aProc). it is called in key
exchange with DH algorithm. it must return an OpenSSL::PKey::DH
object.
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): ignore the
argument if it's nil.
* ext/openssl/ossl_pkey.c
(GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first.
(DupPrivPKeyPtr): new function.
* ext/openssl/ossl_pkey_dh.c: add default DH parameters.
* ext/openssl/ossl_pkey.h: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
error even if the specified engine could not be loaded. (Dynamic
engines don't have fixed name to load.)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
