diff options
| author | rhe <rhe@ruby-lang.org> | 2016-06-09 10:46:46 +0000 |
|---|---|---|
| committer | rhe <rhe@ruby-lang.org> | 2016-06-09 10:46:46 +0000 |
| commit | a6e9d827982209fd32cea7c3701df00f04bebe71 (patch) | |
| tree | 234793e8529e8f93d8ce2d7fc2b060e235eaf7a8 | |
| parent | d576ae8eaa5cebd0a4896ef65ac06147e85393ae (diff) | |
| download | ruby-openssl-history-a6e9d827982209fd32cea7c3701df00f04bebe71.tar.gz | |
openssl: fix build with OPENSSL_NO_EC
* ext/openssl/ossl_ssl.c: Add define guards for OPENSSL_NO_EC.
SSL_CTX_set_ecdh_auto() is defined even when ECDH is disabled in
OpenSSL's configuration. This fixes r55214.
* test/openssl/test_pair.rb (test_ecdh_curves): Skip if the OpenSSL does
not support ECDH.
* test/openssl/utils.rb (start_server): Ignore error in
SSLContext#ecdh_curves=.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55342 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 6 | ||||
| -rw-r--r-- | test/test_pair.rb | 7 | ||||
| -rw-r--r-- | test/utils.rb | 5 |
3 files changed, 13 insertions, 5 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 1ee0658..5876946 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -163,7 +163,7 @@ ossl_sslctx_s_alloc(VALUE klass) RTYPEDDATA_DATA(obj) = ctx; SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)obj); -#if defined(HAVE_SSL_CTX_SET_ECDH_AUTO) +#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_ECDH_AUTO) /* We use SSL_CTX_set1_curves_list() to specify the curve used in ECDH. It * allows to specify multiple curve names and OpenSSL will select * automatically from them. In OpenSSL 1.0.2, the automatic selection has to @@ -285,7 +285,7 @@ ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength) } #endif /* OPENSSL_NO_DH */ -#if !defined(OPENSSL_NO_EC) +#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) static VALUE ossl_call_tmp_ecdh_callback(VALUE args) { @@ -2300,7 +2300,7 @@ Init_ossl_ssl(void) */ rb_attr(cSSLContext, rb_intern("client_cert_cb"), 1, 1, Qfalse); -#if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) +#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) /* * A callback invoked when ECDH parameters are required. * diff --git a/test/test_pair.rb b/test/test_pair.rb index 5cb6627..b90b4de 100644 --- a/test/test_pair.rb +++ b/test/test_pair.rb @@ -433,7 +433,12 @@ module OpenSSL::TestPairM sock1, sock2 = tcp_pair ctx1 = OpenSSL::SSL::SSLContext.new - ctx1.ciphers = "ECDH" + begin + ctx1.ciphers = "ECDH" + rescue OpenSSL::SSL::SSLError + skip "ECDH is not enabled in this OpenSSL" if $!.message =~ /no cipher match/ + raise + end ctx1.ecdh_curves = "P-384:P-521" ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) diff --git a/test/utils.rb b/test/utils.rb index e4861fa..f306b5d 100644 --- a/test/utils.rb +++ b/test/utils.rb @@ -298,7 +298,10 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC ctx.cert = @svr_cert ctx.key = @svr_key ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } - ctx.ecdh_curves = "P-256" + begin + ctx.ecdh_curves = "P-256" + rescue NotImplementedError + end ctx.verify_mode = verify_mode ctx_proc.call(ctx) if ctx_proc |