diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2020-08-04 23:14:44 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-04-04 23:23:13 +0900 |
commit | c055938f4ba6da868f2e61c8935c197bae7c295f (patch) | |
tree | 22519a518563d48d1f49a3f41b0d0500e34f4bdd /ext/openssl/ossl_ts.c | |
parent | 6e457554b2712131f1944e1162f4128d7f8d468d (diff) | |
download | ruby-openssl-c055938f4ba6da868f2e61c8935c197bae7c295f.tar.gz |
require OpenSSL >= 1.0.2 and LibreSSL >= 3.1
Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.
OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:
- Ubuntu 14.04 is EOL since 2019-04-30
- RHEL 6 will reach EOL on 2020-11-30
LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.
Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.
Diffstat (limited to 'ext/openssl/ossl_ts.c')
-rw-r--r-- | ext/openssl/ossl_ts.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c index 9450e435..4654babf 100644 --- a/ext/openssl/ossl_ts.c +++ b/ext/openssl/ossl_ts.c @@ -821,12 +821,9 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self) TS_VERIFY_CTX_set_store(ctx, x509st); ok = TS_RESP_verify_response(ctx, resp); - - /* WORKAROUND: - * X509_STORE can count references, but X509_STORE_free() doesn't check - * this. To prevent our X509_STORE from being freed with our - * TS_VERIFY_CTX we set the store to NULL first. - * Fixed in OpenSSL 1.0.2; bff9ce4db38b (master), 5b4b9ce976fc (1.0.2) + /* + * TS_VERIFY_CTX_set_store() call above does not increment the reference + * counter, so it must be unset before TS_VERIFY_CTX_free() is called. */ TS_VERIFY_CTX_set_store(ctx, NULL); TS_VERIFY_CTX_free(ctx); |