diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-08 16:39:36 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-08 18:08:03 +0900 |
commit | 3e5a009966bd7f806f7180d82cf830a04be28986 (patch) | |
tree | aede31ead0aa817b4066ffc70211371700f27f47 /ext/openssl/extconf.rb | |
parent | 579afc4584840644b23b7ccd640d62683fd725e5 (diff) | |
download | ruby-openssl-3e5a009966bd7f806f7180d82cf830a04be28986.tar.gz |
ssl: remove unsupported TLS versions from SSLContext::METHODS
Check for all version-specific SSL methods. We do check for existence of
TLSv1_1_method() and TLSv1_2_method(), but not for TLSv1_method(). This
fixes compile error when OpenSSL is configured with no-tls1-method.
Also check the OPENSSL_NO_TLS{1,1_1,1_2} macros for whether OpenSSL
supports the corresponding versions or not. This prevents :TLSv1 from
being in SSLContext::METHODS when OpenSSL is compiled with no-tls1.
In particular, Debian sid has disabled TLS 1.0/1.1 support recently.
The changes in ext/openssl are partial backport of 4eb4b3297a92 ("Remove
support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
Diffstat (limited to 'ext/openssl/extconf.rb')
-rw-r--r-- | ext/openssl/extconf.rb | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 8f604708..6782c046 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -109,16 +109,10 @@ end Logging::message "=== Checking for OpenSSL features... ===\n" # compile options -# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols -# exist even if compiled with no-ssl2 or no-ssl3-method. -unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h") - have_func("SSLv2_method") -end -unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h") - have_func("SSLv3_method") -end -have_func("TLSv1_1_method") -have_func("TLSv1_2_method") +# SSLv2 and SSLv3 may be removed in future versions of OpenSSL, and even macros +# like OPENSSL_NO_SSL2 may not be defined. +have_func("SSLv2_method") +have_func("SSLv3_method") have_func("RAND_egd") engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni} |