The behavior of EVP_PKEY_public_check changed between OpenSSL 1.1.1
and 3.0 so that it no longer validates the private key. Instead, private
keys can be validated through EVP_PKEY_private_check and
EVP_PKEY_pairwise_check.
[ky: simplified condition to use either EVP_PKEY_check() or
EVP_PKEY_public_check().]
e38a63ab3d
This fixes a linkage error about `ossl_ssl_type` on platforms which do
not have socket, like WASI.
Even before this patch, some items are disabled under `OPENSSL_NO_SOCK` since
ee22fad45d
However, due to some new use of OpenSSL::SSL::Socket over the past few years,
the build under `OPENSSL_NO_SOCK` had been broken.
This patch guards whole `OpenSSL::SSL` items by `OPENSSL_NO_SOCK`.
[ky: adjusted to apply on top of my previous commit that removed the
OpenSSL::ExtConfig, and added a guard to lib/openssl/ssl.rb.]
b0cfac6a96
This module was introduced in 2015 for internal use within this library.
Neither of the two constants in it is used anymore. I don't think we
will be adding a new constant in the foreseeable future, either.
OPENSSL_NO_SOCK is unused since commit 998d66712a (r55191).
HAVE_TLSEXT_HOST_NAME is unused since commit 4eb4b3297a.
eed3894bda
As noted in commit a2ed156cc9 ("test/test_ssl: do not run NPN tests
for LibreSSL >= 2.6.1", 2017-08-13), NPN is known not to work properly
on LibreSSL.
Disable NPN support on LibreSSL, whether OPENSSL_NO_NEXTPROTONEG is
defined or not.
NPN is less relevant today anyway. Let's also silence test suite when
it's not available.
289f6e0e1f
Commit af895bc559 ("asn1: avoid truncating OID in
OpenSSL::ASN1::ObjectId#oid", 2016-12-15) added this test case.
The OBJ_obj2txt() issue was fixed by LibreSSL 2.5.1 (released in 2017)
and is no longer relevant today.
6a188f1a29
LibreSSL 3.6.0 expects the seconds part in UTCTime and GeneralizedTime
to be always present. LibreSSL 3.6.0 release note [1] says:
> - The ASN.1 time parser has been refactored and rewritten using CBS.
> It has been made stricter in that it now enforces the rules from
> RFC 5280.
[1] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txtbbc540fe83
Even if the first sub! modifies `news`, when `added` is empty, it always
ended up skipping `File.write("NEWS.md", news)` because of the `next`.
This commit fixes the problem.
RubyVM::Shape is usually not available (you need SHAPE_DEBUG macro,
which is not defined by default). So it seems confusing to leave
RubyVM::Shape in the document.
This hides only method definitions because, well, I can't find a way to
hide things defined by rb_define_const or rb_struct_define_under. I gave
up making the C-based documentation right. You should define things in
Ruby instead.
Previously, only certain values of the 3rd argument triggered a
deprecation warning.
First step for fix for bug #18797. Support for the 3rd argument
will be removed after the release of Ruby 3.2.
Fix minor fallout discovered by the tests.
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
It's for CRuby developers. Not meant to be a documentation for users.
Creating a directory seems like the easiest way to exclude this from
doc/.document.
When `maxlen` is `nil`, it uses the data mode of the stream.
For example in the following:
```ruby
File.binwrite("a.txt", "\r\n\r")
p File.open("a.txt", "rt").read # "\n\n"
p File.open("a.txt", "rt").read(3) # "\r\n\r"
```
Note, this newline translation is _not_ specific to Windows.
