On 32-bit Cygwin at least, it was failing to find that function,
presumably due to it being stdcall.
Signed-off-by: Jeremy Drake <github@jdrake.com>
bceafef74b
All the `json/add` related methods for string were
always defined unconditionally from the generators.
It's preferable to only define them if `json/add` is actually used.
Add a simple test case that creates an enveloped-data structure without
using the shorthand method, and fix two issues preventing this from
working correctly.
First, OpenSSL::PKey::PKCS7#add_recipient currently inserts an
incomplete PKCS7_RECIP_INFO object into the PKCS7 object. When
duplicating an unfinalized PKCS7_RECIP_INFO, the internal X509 reference
must also be copied, as it is later used by #add_data to fill the rest.
A similar issue with #add_signer was fixed in commit 20ca7a27a8
(pkcs7: keep private key when duplicating PKCS7_SIGNER_INFO,
2021-03-24).
Second, #add_data calls PKCS7_dataFinal(), which for enveloped-data
appears to require the BIO to be flushed explicitly with BIO_flush().
Without this, the last block of the encrypted data would be missing.
9595ecf643
Raise an exception right after an OpenSSL function returns an error.
Checking ERR_peek_error() is not reliable way to see if an error has
occurred or not, as OpenSSL functions do not always populate the error
queue.
cc3f1af73e
Only call PKCS7_get_detached() if the PKCS7 object is a signed-data.
This is only useful for the content type, and leaves an error entry if
called on a PKCS7 object with a different content type.
8997f6d5e6
`RSHAPE_PARENT` is error prone because it returns a raw untagged
shape_id.
To check if a shape is a direct parent of another, tags should be
discarded. So providing a comparison function is better than exposing
untagged ids.
Set the error_string attribute to nil if PKCS7_verify() succeeds, since
the error queue should be empty in that case.
With AWS-LC, OpenSSL::PKCS#verify currently sets error_string to
"invalid library (0)" when the verification succeeds, whereas with
OpenSSL and LibreSSL, it becomes nil. ERR_reason_error_string() appears
to behave differently when an invalid error code is passed.
The branch to raise OpenSSL::PKCS7::PKCS7Error is removed because it
does not appear to be reachable.
c11c6631fa
This reverts commit ec01cd9bbb.
This should no longer break the tests, now that the following changes
have been applied:
- RubyGems change: 32977f3869
- ruby/openssl change: e8261963c7
Commit ef277083ba overlooked a caller of ossl_x509_new() with NULL
argument. OpenSSL::X509::StoreContext#current_cert may not have a
certificate to return if StoreContext#verify has not been called.
4149b43890
This reverts commit 4e8bbb07dd.
It broke RubyGems tests:
20250727T123003Z.fail.html.gz
OpenSSL::X509::StoreContext#current_cert incorrectly calls
ossl_x509_new() with NULL to create a bogus Certificate object, and a
test case in RubyGems relies on it. This will be reapplied when both
are fixed.
Among functions named ossl_*_new(), ossl_pkey_new() is now the only one
that takes ownership of the passed OpenSSL object instead of making a
copy or incrementing its reference counter. Rename it to make this
behavior easier to understand.
54c1c26eb5
Likewise, let it take a const pointer and not the ownership of the
OpenSSL object.
This fixes potential memory leak in OpenSSL::OCSP::BasicResponse#status.
7e0288ebbd
Similar to most of the other ossl_*_new() functions, let it take a const
pointer and make a copy of the object.
This also fixes a potential memory leak when the wrapper object
allocation fails.
eaabf6d8a3
Currently, calling ossl_bn_new() with a NULL argument allocates a new
OpenSSL::BN instance representing 0. This behavior is confusing. Raise
an exception if this is attempted, instead.
6fa793d997
This list was originally in alphabetical order. Sort it again.
This change should be safe since the .rb sources should only depend on
the extension and not each other.
eb3998728a
If `load_uint8x16_4` has an external linkage, it is defined in
both `generator` and `parser` extension libraries. This duplicate
symbol causes a linker error when `--with-static-linked-ext` is
given, on some platforms.
020693b17a
This suppresses this warning:
../../../ext/socket/ipsocket.c: In function ‘rsock_raise_user_specified_timeout’:
../../../ext/socket/ipsocket.c:30:1: warning: function might be candidate for attribute ‘noreturn’ [-Wsuggest-attribute=noreturn]
30 | rsock_raise_user_specified_timeout()
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* [Feature #21347] Add `open_timeout` as an overall timeout option for `TCPSocket.new`
With this change, `TCPSocket.new` now accepts the `open_timeout` option.
This option raises an exception if the specified number of seconds has elapsed since the start of the method call,
even if the operation is still in the middle of name resolution or connection attempts.
The addition of this option follows the same intent as the previously merged change to `Socket.tcp`.
[Feature #21347](https://bugs.ruby-lang.org/issues/21347)
https://github.com/ruby/ruby/pull/13368
* Tidy up: Extract rsock_raise_user_specified_timeout()
* Added a note to the documentation of `Socket.tcp`
* Fix `rsock_init_inetsock` for `FAST_FALLBACK_INIT_INETSOCK_IMPL`
Socket.tcp_with_fast_fallback: Pass proper addr family to getaddrinfo
Addrinfo.getaddrinfo expects Socket::AF_INET or Socket::AF_INET6 as its
third argument (family). However Socket.tcp_with_fast_fallback was
incorrectly passing :ipv4 or :ipv6.
Repro:
require 'socket'
Socket.tcp_with_fast_fallback('example.com', 80, '127.0.0.1')
Expected behavior: Returns a Socket object
Actual: Raises unknown socket domain: ipv4 (SocketError)