and use `rb_apply` to clean up calls to `rb_protect`.
* ext/openssl/ossl_ssl.c (ossl_tmp_dh_callback): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51458 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
always holds a reference to the SSLContext object, which will have
the callback object. Ask the context for the callback instead of
storing the callback in two places.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
`tmp_dh_callback` to Ruby, and call it when setting up an SSL
connection. This allows us to move the "default" behavior to the
reader method.
* ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of
accessing the SSLContext's internals.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
object returned by the servername callback on to the socket as an
instance variable. If the callback allocated a new context object
and didn't keep a reference to it, it could be GC'd out from under
the socket object.
* test/openssl/test_ssl.rb (class OpenSSL): test for change.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
specifically setting the tmp_dh_callback to nil.
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto
* test/openssl/test_pair.rb (module OpenSSL): add a test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
tmp_dh_callback Ruby code and set it as a default in `initialize`.
* ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_512_GEN):
move this constant to Ruby.
* ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_1024_GEN):
ditto
* ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto
* ext/openssl/ossl_ssl.c (ossl_tmp_dh_callback): ditto
* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): tmp_dh_callback should
always be set, so we can remove this conditional
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51380 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL [copies the string returned by the pointe](9f040d6dec/ssl/t1_lib.c (L1800-1809)), so it should be safe to just return a pointer to the string object and not set an instance variable on the already frozen object.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/openssl/test_pair.rb: test for ECDH callback support
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51348 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/extconf.rb: detect ALPN support in OpenSSL
* test/openssl/test_ssl.rb: test for ALPN
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Delay hash lookups until we are about to hit an exception. This
gives a minor speedup ratio of 2-3% in the new bm_io_nonblock_noex
benchmark as well as reducing code.
* benchmark/bm_io_nonblock_noex.rb: new benchmark
* ext/openssl/ossl_ssl.c (no_exception_p): new function
(ossl_start_ssl): adjust for no_exception_p
(ossl_ssl_connect): adjust ossl_start_ssl call
(ossl_ssl_connect_nonblock): ditto
(ossl_ssl_accept): ditto
(ossl_ssl_accept_nonblock): ditto
(ossl_ssl_read_internal): adjust for no_exception_p
(ossl_ssl_write_internal): ditto
(ossl_ssl_write): adjust ossl_write_internal call
(ossl_ssl_write_nonblock): ditto
* ext/stringio/stringio.c (strio_read_nonblock):
delay exception check
* io.c (no_exception_p): new function
(io_getpartial): call no_exception_p
(io_readpartial): adjust for io_getpartial
(get_kwargs_exception): remove
(io_read_nonblock): adjust for io_getpartial,
check no_exception_p on EOF
(io_write_nonblock): call no_exception_p
(rb_io_write_nonblock): do not check `exception: false'
(argf_getpartial): adjust for io_getpartial
[ruby-core:69778] [Feature #11318]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51113 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::SSL::SSLSocket#sysread does not accept kwargs in blocking
mode, inform users if they make an error.
* ext/openssl/ossl_ssl.c (ossl_ssl_read_internal):
do not process kwargs in blocking mode
* test/openssl/test_ssl.rb: test sysread
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51016 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl: make wrapper objects before allocating structs to
get rid of potential memory leaks.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50673 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/{etc,openssl,tk}: Adding parens and comparisons around
assignments to get rid of Wparentheses warnings. [Fix GH-875]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This is for consistency with accept_nonblock arguments and gives a
minor speedup from avoiding exceptions.
[ruby-core:68838] [Feature #11024]
* ext/openssl/ossl_ssl.c (ossl_ssl_connect_nonblock):
support `exception: false'
* (get_no_exception): move function location
* ext/socket/socket.c (sock_connect_nonblock):
support `exception: false'
* test/openssl/test_pair.rb (test_connect_accept_nonblock_no_exception):
test `exception: false' on connect,
rename from `test_accept_nonblock_no_exception'
* test/socket/test_nonblock.rb (test_connect_nonblock_no_exception):
new test
Benchmark results:
default 0.050000 0.100000 0.150000 ( 0.151307)
exception: false 0.030000 0.080000 0.110000 ( 0.108840)
----------------------------8<-----------------------
require 'socket'
require 'benchmark'
require 'io/wait'
require 'tmpdir'
host = '127.0.0.1'
serv = TCPServer.new(host, 0) # UNIX sockets may not hit EINPROGRESS
nr = 5000 # few iterations to avoid running out of ports
addr = serv.getsockname
pid = fork do
begin
serv.accept.close
rescue => e
warn "#$$: #{e.message} (#{e.class})"
end while true
end
at_exit { Process.kill(:TERM, pid) }
serv.close
Benchmark.bmbm do |x|
x.report("default") do
nr.times do
s = Socket.new(:INET, :STREAM)
s.setsockopt(:SOL_SOCKET, :SO_REUSEADDR, 1)
begin
s.connect_nonblock(addr)
rescue IO::WaitWritable
s.wait_writable
end
s.close
end
end
x.report("exception: false") do
nr.times do
s = Socket.new(:INET, :STREAM)
s.setsockopt(:SOL_SOCKET, :SO_REUSEADDR, 1)
case s.connect_nonblock(addr, exception: false)
when :wait_writable
s.wait_writable
end
s.close
end
end
end
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/socket/init.c (rsock_s_accept_nonblock): use rb_hash_lookup2
* ext/openssl/ossl_ssl.c (get_no_exception): new function
(ossl_ssl_accept_nonblock): use get_no_exception
(ossl_ssl_read_internal): ditto
(ossl_ssl_write_nonblock): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49955 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This leads to a size reduction in openssl.so and reduces the
chance of bugs due to typos.
text data bss dec hex
before: 333022 13164 3312 349498 5553a
after: 332790 13164 3232 349186 55402
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49954 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This is analogous to functionality found in IO#read_nonblock and
IO#wait_nonblock. Raising exceptions for common failures on
non-blocking servers is expensive and makes $DEBUG too noisy.
Benchmark results:
user system total real
default 2.790000 0.870000 3.660000 ( 3.671597)
exception: false 1.120000 0.800000 1.920000 ( 1.922032)
exception: false (cached arg) 0.820000 0.770000 1.590000 ( 1.589267)
--------------------- benchmark script ------------------------
require 'socket'
require 'benchmark'
require 'tmpdir'
nr = 1000000
Dir.mktmpdir('nb_bench') do |path|
sock_path = "#{path}/test.sock"
s = UNIXServer.new(sock_path)
Benchmark.bmbm do |x|
x.report("default") do
nr.times do
begin
s.accept_nonblock
rescue IO::WaitReadable
end
end
end
x.report("exception: false") do
nr.times do
begin
s.accept_nonblock(exception: false)
rescue IO::WaitReadable
abort "should not raise"
end
end
end
x.report("exception: false (cached arg)") do
arg = { exception: false }
nr.times do
begin
s.accept_nonblock(arg)
rescue IO::WaitReadable
abort "should not raise"
end
end
end
end
end
* ext/socket/init.c (rsock_s_accept_nonblock):
support exception: false
[ruby-core:66385] [Feature #10532]
* ext/socket/init.c (rsock_init_socket_init): define new symbols
* ext/socket/rubysocket.h: adjust prototype
* ext/socket/socket.c (sock_accept_nonblock): support exception: false
* ext/openssl/ossl_ssl.c (ossl_ssl_accept_nonblock): ditto
* ext/socket/socket.c (Init_socket): adjust accept_nonblock definition
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto
* ext/socket/tcpserver.c (rsock_init_tcpserver): ditto
* ext/socket/unixserver.c (rsock_init_unixserver): ditto
* ext/socket/tcpserver.c (tcp_accept_nonblock): adjust
rsock_s_accept_nonblock call
* ext/socket/unixserver.c (unix_accept_nonblock): ditto
* ext/openssl/ossl_ssl.c (ossl_start_ssl): support no_exception
* ext/openssl/ossl_ssl.c (ossl_ssl_connect): adjust ossl_start_ssl call
* ext/openssl/ossl_ssl.c (ossl_ssl_connect_nonblock): ditto
* ext/openssl/ossl_ssl.c (ossl_ssl_accept): ditto
* test/socket/test_nonblock.rb (test_accept_nonblock): test for
"exception :false"
* test/socket/test_tcp.rb (test_accept_nonblock): new test
* test/socket/test_unix.rb (test_accept_nonblock): ditto
* test/openssl/test_pair.rb (test_accept_nonblock_no_exception): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49948 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
when SSL is not started.
This fix the fd leak by test_https_proxy_authentication in
test/net/http/test_https_proxy.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46209 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
when SSL session has not been started.
* test/openssl/test_ssl.rb: test for change.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44732 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): Declare a constant
`OP_MSIE_SSLV2_RSA_PADDING` only if the macro is defined. The
`SSL_OP_MSIE_SSLV2_RSA_PADDING` has been removed from latest
snapshot of OpenSSL 1.0.1. [Fixes GH-488]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44402 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* include/ruby/ruby.h (RB_BLOCK_CALL_FUNC_ARGLIST): for declaration
argument list of rb_block_call_func.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43910 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
defined(OPENSSL_NO_SOCK).
This fixes a linkage error on platforms which do not have socket.
OpenSSL itself is still useful as a set of cryptographic functions
even on such platforms.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
subclasses that include WaitReadable or WaitWritable rather than
extending them into the exception object each time.
* error.c: Capture EGAIN, EWOULDBLOCK, EINPROGRESS exceptions and
export them for use in WaitReadable/Writable exceptions.
* io.c: Create versions of EAGAIN, EWOULDBLOCK, EINPROGRESS that
include WaitReadable and WaitWritable. Add rb_readwrite_sys_fail
for nonblocking failures using those exceptions. Use that
function in io_getpartial and io_write_nonblock instead of
rb_mod_sys_fail
* ext/openssl/ossl_ssl.c: Add new SSLError subclasses that include
WaitReadable and WaitWritable. Use those classes for
write_would_block and read_would_block instead of rb_mod_sys_fail.
* ext/socket/ancdata.c: Use rb_readwrite_sys_fail instead of
rb_mod_sys_fail in bsock_sendmsg_internal and
bsock_recvmsg_internal.
* ext/socket/init.c: Use rb_readwrite_sys_fail instead of
rb_mod_sys_fail in rsock_s_recvfrom_nonblock and
rsock_s_connect_nonblock.
* ext/socket/socket.c: Use rb_readwrite_sys_fail instead of
rb_mod_sys_fail in sock_connect_nonblock.
* include/ruby/ruby.h: Export rb_readwrite_sys_fail for use instead
of rb_mod_sys_fail. Introduce new constants RB_IO_WAIT_READABLE and
RB_IO_WAIT_WRITABLE for first arg to rb_readwrite_sys_fail.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40195 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be
advertised by the server can be set in the SSLContext by using
SSLContext#npn_protocols=, protocol selection on the client is
supported by providing a selection callback with
SSLContext#npn_select_cb. The protocol that was finally negotiated
is available through SSL#npn_protocol.
test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation.
NEWS: add news about NPN support.
[Feature #6503] [ruby-core:45272]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
remove SSLContext#disable_client_renegotiation and related
functionality introduced in r35797. The new callback approach
gives clients maximum flexibility to decide on their own what to
do on renegotiation attempts.
Add documentation for SSL module and SSLError.
* test/openssl/test_ssl.rb: Add a test for
SSLContext#renegotiation_cb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/openssl/test_ssl.rb: Simple tests for this.
Client-side renegotiation is still considered problematic, even
when used in the context of secure renegotiation (RI, RFC 5746).
The changes allow users to either completely disable client
renegotiation on the server, or to specify a maximum number of
handshakes allowed in total. The number of total handshakes is
counted in a callback set as SSL_set_info_callback. If the
maximum number of handshakes is exceeded an error will be raised
We do not support renegotiation in the OpenSSL extension, therefore
this feature can only be tested externally.
The feature is opt-in, the default setting will be to allow
unlimited client renegotiation, as was the case before.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid
the test failing in Ruby CI [1]
[1] 20120507T190102Z.log.html.gz#test-all
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
before ossl_raise. this cause a test failure on Linux.
20120507T190102Z.log.html.gz
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35583 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
