diff options
author | Zachary Scott <e@zzak.io> | 2015-09-23 09:26:00 -0400 |
---|---|---|
committer | Zachary Scott <e@zzak.io> | 2015-09-23 09:26:00 -0400 |
commit | 03c088b936c1bea55687c6345799b28b98c24ee9 (patch) | |
tree | 8b2e7b7ecc54576ecf321717240429c5f168fb40 /ext | |
parent | 4df76773f42ddedf8e0907615a43b144f63f3a83 (diff) | |
download | ruby-openssl-03c088b936c1bea55687c6345799b28b98c24ee9.tar.gz |
Sync with ruby trunk
Diffstat (limited to 'ext')
51 files changed, 146 insertions, 425 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 8c04cb56..41dd9bed 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -1,7 +1,5 @@ # -*- coding: us-ascii -*- =begin -= $RCSfile$ -- Generator for Makefile - = Info 'OpenSSL for Ruby 2' project Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> @@ -10,9 +8,6 @@ = Licence This program is licensed under the same licence as Ruby. (See the file 'LICENCE'.) - -= Version - $Id$ =end require "mkmf" @@ -104,6 +99,9 @@ have_func("OPENSSL_cleanse") have_func("SSLv2_method") have_func("SSLv2_server_method") have_func("SSLv2_client_method") +have_func("SSLv3_method") +have_func("SSLv3_server_method") +have_func("SSLv3_client_method") have_func("TLSv1_1_method") have_func("TLSv1_1_server_method") have_func("TLSv1_1_client_method") diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index 7f879561..bd8eef5e 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -353,4 +352,3 @@ ASN1_put_eoc(unsigned char **pp) return 2; } #endif - diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 9c06fb7d..2dc49d3f 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -195,4 +194,3 @@ int ASN1_put_eoc(unsigned char **pp); #endif /* _OSSL_OPENSSL_MISSING_H_ */ - diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 1f127ec7..5c14664c 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -1179,4 +1178,3 @@ main(int argc, char *argv[]) return 0; } #endif /* OSSL_DEBUG */ - diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index f69a9d68..eca0ef94 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -247,4 +246,3 @@ void Init_openssl(void); #endif #endif /* _OSSL_H_ */ - diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 069a024b..89da5949 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' team members * Copyright (C) 2003 * All rights reserved. diff --git a/ext/openssl/ossl_asn1.h b/ext/openssl/ossl_asn1.h index c854984e..8250746c 100644 --- a/ext/openssl/ossl_asn1.h +++ b/ext/openssl/ossl_asn1.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' team members * Copyright (C) 2003 * All rights reserved. diff --git a/ext/openssl/ossl_bio.c b/ext/openssl/ossl_bio.c index 2301c604..7e3b3070 100644 --- a/ext/openssl/ossl_bio.c +++ b/ext/openssl/ossl_bio.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' team members * Copyright (C) 2003 * All rights reserved. diff --git a/ext/openssl/ossl_bio.h b/ext/openssl/ossl_bio.h index b1b2dbbb..1705d0ac 100644 --- a/ext/openssl/ossl_bio.h +++ b/ext/openssl/ossl_bio.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' team members * Copyright (C) 2003 * All rights reserved. @@ -18,4 +17,3 @@ VALUE ossl_membio2str(BIO*); VALUE ossl_protect_membio2str(BIO*,int*); #endif - diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c index 190dbb1a..fba86cdd 100644 --- a/ext/openssl/ossl_bn.c +++ b/ext/openssl/ossl_bn.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Technorama team <oss-ruby@technorama.net> * All rights reserved. @@ -1051,4 +1050,3 @@ Init_ossl_bn(void) */ rb_define_method(cBN, "prime_fasttest?", ossl_bn_is_prime_fasttest, -1); } - diff --git a/ext/openssl/ossl_bn.h b/ext/openssl/ossl_bn.h index 5749ecd4..4cd9d060 100644 --- a/ext/openssl/ossl_bn.h +++ b/ext/openssl/ossl_bn.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -22,4 +21,3 @@ void Init_ossl_bn(void); #endif /* _OSS_BN_H_ */ - diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 3e92d656..1318378c 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -1010,4 +1009,3 @@ Init_ossl_cipher(void) rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0); rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1); } - diff --git a/ext/openssl/ossl_cipher.h b/ext/openssl/ossl_cipher.h index 47f47e60..c444089f 100644 --- a/ext/openssl/ossl_cipher.h +++ b/ext/openssl/ossl_cipher.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -19,4 +18,3 @@ VALUE ossl_cipher_new(const EVP_CIPHER *); void Init_ossl_cipher(void); #endif /* _OSSL_CIPHER_H_ */ - diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c index f3dce1ed..4e00fbe4 100644 --- a/ext/openssl/ossl_config.c +++ b/ext/openssl/ossl_config.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_config.h b/ext/openssl/ossl_config.h index dcb50aec..077e2f74 100644 --- a/ext/openssl/ossl_config.h +++ b/ext/openssl/ossl_config.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -19,4 +18,3 @@ CONF* DupConfigPtr(VALUE obj); void Init_ossl_config(void); #endif /* _OSSL_CONFIG_H_ */ - diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c index 0ed12c5a..44968dd9 100644 --- a/ext/openssl/ossl_digest.c +++ b/ext/openssl/ossl_digest.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_digest.h b/ext/openssl/ossl_digest.h index d5abd279..512f7d3a 100644 --- a/ext/openssl/ossl_digest.h +++ b/ext/openssl/ossl_digest.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -19,4 +18,3 @@ VALUE ossl_digest_new(const EVP_MD *); void Init_ossl_digest(void); #endif /* _OSSL_DIGEST_H_ */ - diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c index 0e9bc96c..890ec724 100644 --- a/ext/openssl/ossl_engine.c +++ b/ext/openssl/ossl_engine.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2003 GOTOU Yuuzou <gotoyuzo@notwork.org> * All rights reserved. diff --git a/ext/openssl/ossl_engine.h b/ext/openssl/ossl_engine.h index 10c4553d..cd548bee 100644 --- a/ext/openssl/ossl_engine.h +++ b/ext/openssl/ossl_engine.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2003 Michal Rokos <m.rokos@sh.cvut.cz> * Copyright (C) 2003 GOTOU Yuuzou <gotoyuzo@notwork.org> diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index 118af617..5513cb20 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_hmac.h b/ext/openssl/ossl_hmac.h index 078af7b7..7c51f472 100644 --- a/ext/openssl/ossl_hmac.h +++ b/ext/openssl/ossl_hmac.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_ns_spki.c b/ext/openssl/ossl_ns_spki.c index 94e0667f..35c2e3e5 100644 --- a/ext/openssl/ossl_ns_spki.c +++ b/ext/openssl/ossl_ns_spki.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -404,4 +403,3 @@ Init_ossl_ns_spki(void) rb_define_method(cSPKI, "challenge", ossl_spki_get_challenge, 0); rb_define_method(cSPKI, "challenge=", ossl_spki_set_challenge, 1); } - diff --git a/ext/openssl/ossl_ns_spki.h b/ext/openssl/ossl_ns_spki.h index 2c151523..62ba8cb1 100644 --- a/ext/openssl/ossl_ns_spki.h +++ b/ext/openssl/ossl_ns_spki.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -18,4 +17,3 @@ extern VALUE eSPKIError; void Init_ossl_ns_spki(void); #endif /* _OSSL_NS_SPKI_H_ */ - diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index 108fc2f8..af32d99e 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2003 Michal Rokos <m.rokos@sh.cvut.cz> * Copyright (C) 2003 GOTOU Yuuzou <gotoyuzo@notwork.org> @@ -652,7 +651,7 @@ ossl_ocspbres_add_nonce(int argc, VALUE *argv, VALUE self) * call-seq: * basic_response.add_status(certificate_id, status, reason, revocation_time, this_update, next_update, extensions) -> basic_response * - * Adds a validation +status+ (0 for revoked, 1 for success) to this + * Adds a validation +status+ (0 for good, 1 for revoked, 2 for unknown) to this * response for +certificate_id+. +reason+ describes the reason for the * revocation, if any. * @@ -737,7 +736,7 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, * basic_response.status -> statuses * * Returns an Array of statuses for this response. Each status contains a - * CertificateId, the status (0 for success, 1 for revoked), the reason for + * CertificateId, the status (0 for good, 1 for revoked, 2 for unknown), the reason for * the status, the revocation time, the time of this update, the time for the * next update and a list of OpenSSL::X509::Extensions. */ diff --git a/ext/openssl/ossl_ocsp.h b/ext/openssl/ossl_ocsp.h index cc33de29..c5064fbc 100644 --- a/ext/openssl/ossl_ocsp.h +++ b/ext/openssl/ossl_ocsp.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2003 Michal Rokos <m.rokos@sh.cvut.cz> * Copyright (C) 2003 GOTOU Yuuzou <gotoyuzo@notwork.org> diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c index f6ea5627..e5052d47 100644 --- a/ext/openssl/ossl_pkcs12.c +++ b/ext/openssl/ossl_pkcs12.c @@ -1,7 +1,6 @@ /* * This program is licensed under the same licence as Ruby. * (See the file 'LICENCE'.) - * $Id$ */ #include "ossl.h" diff --git a/ext/openssl/ossl_pkcs12.h b/ext/openssl/ossl_pkcs12.h index 0675fc34..fe4f15ef 100644 --- a/ext/openssl/ossl_pkcs12.h +++ b/ext/openssl/ossl_pkcs12.h @@ -1,7 +1,6 @@ /* * This program is licensed under the same licence as Ruby. * (See the file 'LICENCE'.) - * $Id$ */ #if !defined(_OSSL_PKCS12_H_) #define _OSSL_PKCS12_H_ @@ -12,4 +11,3 @@ extern VALUE ePKCS12Error; void Init_ossl_pkcs12(void); #endif /* _OSSL_PKCS12_H_ */ - diff --git a/ext/openssl/ossl_pkcs5.c b/ext/openssl/ossl_pkcs5.c index 6c7738a2..73d989e1 100644 --- a/ext/openssl/ossl_pkcs5.c +++ b/ext/openssl/ossl_pkcs5.c @@ -1,5 +1,4 @@ /* - * $Id$ * Copyright (C) 2007 Technorama Ltd. <oss-ruby@technorama.net> */ #include "ossl.h" diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c index cfc2ccc6..9ca3abd7 100644 --- a/ext/openssl/ossl_pkcs7.c +++ b/ext/openssl/ossl_pkcs7.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_pkcs7.h b/ext/openssl/ossl_pkcs7.h index 0cfea17c..139e00d6 100644 --- a/ext/openssl/ossl_pkcs7.h +++ b/ext/openssl/ossl_pkcs7.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -19,4 +18,3 @@ extern VALUE ePKCS7Error; void Init_ossl_pkcs7(void); #endif /* _OSSL_PKCS7_H_ */ - diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 01dab285..0b7faf96 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -451,4 +450,3 @@ Init_ossl_pkey(void) Init_ossl_dh(); Init_ossl_ec(); } - diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h index 951b0de5..7288d5af 100644 --- a/ext/openssl/ossl_pkey.h +++ b/ext/openssl/ossl_pkey.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -84,8 +83,6 @@ void Init_ossl_dsa(void); */ extern VALUE cDH; extern VALUE eDHError; -extern DH *OSSL_DEFAULT_DH_512; -extern DH *OSSL_DEFAULT_DH_1024; VALUE ossl_dh_new(EVP_PKEY *); void Init_ossl_dh(void); diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index 234cdaa1..2f79bfb2 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -524,69 +523,6 @@ OSSL_PKEY_BN(dh, pub_key) OSSL_PKEY_BN(dh, priv_key) /* - * -----BEGIN DH PARAMETERS----- - * MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2 - * zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC - * -----END DH PARAMETERS----- - */ -static unsigned char DEFAULT_DH_512_PRIM[] = { - 0xf4, 0xcd, 0x71, 0xe5, 0x8d, 0x18, 0x3f, 0x98, - 0x9f, 0x4f, 0x60, 0xb0, 0x02, 0x2e, 0xfe, 0x7c, - 0x09, 0xdf, 0x15, 0xc4, 0x1c, 0x71, 0x63, 0xba, - 0x04, 0xb8, 0x27, 0x94, 0x44, 0xc8, 0x93, 0xa8, - 0x48, 0x4c, 0xca, 0x6d, 0x7a, 0xae, 0x18, 0x4a, - 0x81, 0x91, 0xb6, 0xce, 0x4d, 0x8e, 0xf6, 0xe5, - 0x08, 0x04, 0x8c, 0x52, 0x8f, 0xe3, 0x4a, 0x31, - 0x44, 0x47, 0x19, 0xa1, 0x4a, 0xc8, 0x8b, 0xcb, -}; -static unsigned char DEFAULT_DH_512_GEN[] = { 0x02 }; -DH *OSSL_DEFAULT_DH_512 = NULL; - -/* - * -----BEGIN DH PARAMETERS----- - * MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ - * AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR - * T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC - * -----END DH PARAMETERS----- - */ -static unsigned char DEFAULT_DH_1024_PRIM[] = { - 0x9d, 0x25, 0x39, 0x5c, 0xb4, 0x54, 0x8a, 0xff, - 0x25, 0xe6, 0xd6, 0x9f, 0x4c, 0xc3, 0xc1, 0x8d, - 0xa1, 0xfa, 0xba, 0x88, 0x4c, 0x53, 0xa9, 0x74, - 0xda, 0xfa, 0xba, 0x0b, 0x20, 0xbe, 0x40, 0xd7, - 0xba, 0xe7, 0x1d, 0x70, 0x28, 0x61, 0x60, 0x4c, - 0x49, 0x01, 0x5f, 0xd9, 0x0f, 0x60, 0x16, 0x3d, - 0xba, 0xd3, 0xa9, 0x5e, 0xfa, 0x98, 0x64, 0x60, - 0x26, 0x0e, 0x04, 0x75, 0xd8, 0x13, 0xd7, 0x31, - 0xb4, 0x8e, 0xad, 0xeb, 0x9c, 0x57, 0x4c, 0x8f, - 0x65, 0xf3, 0x90, 0x16, 0x31, 0xdc, 0x15, 0x6f, - 0x7d, 0x1d, 0x00, 0xae, 0x76, 0xf2, 0xd1, 0x11, - 0xd1, 0x4f, 0x88, 0x7b, 0x29, 0x9f, 0xf6, 0xce, - 0x68, 0xef, 0x57, 0xe7, 0x85, 0xf2, 0x40, 0x54, - 0x1c, 0x12, 0x40, 0xa2, 0x35, 0x25, 0xcf, 0x12, - 0xa3, 0xe1, 0x07, 0x8e, 0xdb, 0x1d, 0xb4, 0x14, - 0xff, 0x57, 0xe7, 0x19, 0x8d, 0x51, 0x77, 0x83 -}; -static unsigned char DEFAULT_DH_1024_GEN[] = { 0x02 }; -DH *OSSL_DEFAULT_DH_1024 = NULL; - -static DH* -ossl_create_dh(unsigned char *p, size_t plen, unsigned char *g, size_t glen) -{ - DH *dh; - - if ((dh = DH_new()) == NULL) ossl_raise(eDHError, NULL); - dh->p = BN_bin2bn(p, rb_long2int(plen), NULL); - dh->g = BN_bin2bn(g, rb_long2int(glen), NULL); - if (dh->p == NULL || dh->g == NULL){ - DH_free(dh); - ossl_raise(eDHError, NULL); - } - - return dh; -} - -/* * INIT */ void @@ -651,13 +587,6 @@ Init_ossl_dh(void) DEF_OSSL_PKEY_BN(cDH, dh, pub_key); DEF_OSSL_PKEY_BN(cDH, dh, priv_key); rb_define_method(cDH, "params", ossl_dh_get_params, 0); - - OSSL_DEFAULT_DH_512 = ossl_create_dh( - DEFAULT_DH_512_PRIM, sizeof(DEFAULT_DH_512_PRIM), - DEFAULT_DH_512_GEN, sizeof(DEFAULT_DH_512_GEN)); - OSSL_DEFAULT_DH_1024 = ossl_create_dh( - DEFAULT_DH_1024_PRIM, sizeof(DEFAULT_DH_1024_PRIM), - DEFAULT_DH_1024_GEN, sizeof(DEFAULT_DH_1024_GEN)); } #else /* defined NO_DH */ diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index b8e415df..d5d55eec 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 699383f6..20b993ab 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -700,4 +699,3 @@ Init_ossl_rsa(void) { } #endif /* NO_RSA */ - diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c index 32a4290b..018ef977 100644 --- a/ext/openssl/ossl_rand.c +++ b/ext/openssl/ossl_rand.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * @@ -227,4 +226,3 @@ Init_ossl_rand(void) #endif /* HAVE_RAND_EGD */ rb_define_module_function(mRandom, "status?", ossl_rand_status, 0); } - diff --git a/ext/openssl/ossl_rand.h b/ext/openssl/ossl_rand.h index db635f89..8f77a3b2 100644 --- a/ext/openssl/ossl_rand.h +++ b/ext/openssl/ossl_rand.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -17,4 +16,3 @@ extern VALUE eRandomError; void Init_ossl_rand(void); #endif /* _OSSL_RAND_H_ */ - diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index ed10bb14..3e6e1646 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2000-2002 GOTOU Yuuzou <gotoyuzo@notwork.org> * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> @@ -29,6 +28,7 @@ } while (0) VALUE mSSL; +VALUE mSSLExtConfig; VALUE eSSLError; VALUE cSSLContext; VALUE cSSLSocket; @@ -45,11 +45,9 @@ static VALUE eSSLErrorWaitWritable; #define ossl_sslctx_set_verify_mode(o,v) rb_iv_set((o),"@verify_mode",(v)) #define ossl_sslctx_set_verify_dep(o,v) rb_iv_set((o),"@verify_depth",(v)) #define ossl_sslctx_set_verify_cb(o,v) rb_iv_set((o),"@verify_callback",(v)) -#define ossl_sslctx_set_options(o,v) rb_iv_set((o),"@options",(v)) #define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v)) #define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v)) #define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v)) -#define ossl_sslctx_set_tmp_dh_cb(o,v) rb_iv_set((o),"@tmp_dh_callback",(v)) #define ossl_sslctx_set_sess_id_ctx(o, v) rb_iv_set((o),"@session_id_context",(v)) #define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert") @@ -61,54 +59,22 @@ static VALUE eSSLErrorWaitWritable; #define ossl_sslctx_get_verify_mode(o) rb_iv_get((o),"@verify_mode") #define ossl_sslctx_get_verify_dep(o) rb_iv_get((o),"@verify_depth") #define ossl_sslctx_get_verify_cb(o) rb_iv_get((o),"@verify_callback") -#define ossl_sslctx_get_options(o) rb_iv_get((o),"@options") #define ossl_sslctx_get_cert_store(o) rb_iv_get((o),"@cert_store") #define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert") #define ossl_sslctx_get_client_cert_cb(o) rb_iv_get((o),"@client_cert_cb") #define ossl_sslctx_get_tmp_ecdh_cb(o) rb_iv_get((o),"@tmp_ecdh_callback") -#define ossl_sslctx_get_tmp_dh_cb(o) rb_iv_get((o),"@tmp_dh_callback") #define ossl_sslctx_get_sess_id_ctx(o) rb_iv_get((o),"@session_id_context") -static const char *ossl_sslctx_attrs[] = { - "cert", "key", "client_ca", "ca_file", "ca_path", - "timeout", "verify_mode", "verify_depth", "renegotiation_cb", - "verify_callback", "options", "cert_store", "extra_chain_cert", - "client_cert_cb", "tmp_dh_callback", "session_id_context", - "session_get_cb", "session_new_cb", "session_remove_cb", - "tmp_ecdh_callback", -#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME - "servername_cb", -#endif -#ifdef HAVE_OPENSSL_NPN_NEGOTIATED - "npn_protocols", - "npn_select_cb", -#endif -}; - #define ossl_ssl_get_io(o) rb_iv_get((o),"@io") #define ossl_ssl_get_ctx(o) rb_iv_get((o),"@context") -#define ossl_ssl_get_sync_close(o) rb_iv_get((o),"@sync_close") #define ossl_ssl_get_x509(o) rb_iv_get((o),"@x509") #define ossl_ssl_get_key(o) rb_iv_get((o),"@key") -#define ossl_ssl_get_tmp_dh(o) rb_iv_get((o),"@tmp_dh") -#define ossl_ssl_get_tmp_ecdh(o) rb_iv_get((o),"@tmp_ecdh") -#define ossl_ssl_set_io(o,v) rb_iv_set((o),"@io",(v)) -#define ossl_ssl_set_ctx(o,v) rb_iv_set((o),"@context",(v)) -#define ossl_ssl_set_sync_close(o,v) rb_iv_set((o),"@sync_close",(v)) #define ossl_ssl_set_x509(o,v) rb_iv_set((o),"@x509",(v)) #define ossl_ssl_set_key(o,v) rb_iv_set((o),"@key",(v)) #define ossl_ssl_set_tmp_dh(o,v) rb_iv_set((o),"@tmp_dh",(v)) #define ossl_ssl_set_tmp_ecdh(o,v) rb_iv_set((o),"@tmp_ecdh",(v)) -static const char *ossl_ssl_attr_readers[] = { "io", "context", }; -static const char *ossl_ssl_attrs[] = { -#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME - "hostname", -#endif - "sync_close", -}; - ID ID_callback_state; static VALUE sym_exception, sym_wait_readable, sym_wait_writable; @@ -142,9 +108,12 @@ static const struct { OSSL_SSL_METHOD_ENTRY(SSLv2_server), OSSL_SSL_METHOD_ENTRY(SSLv2_client), #endif +#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \ + defined(HAVE_SSLV3_CLIENT_METHOD) OSSL_SSL_METHOD_ENTRY(SSLv3), OSSL_SSL_METHOD_ENTRY(SSLv3_server), OSSL_SSL_METHOD_ENTRY(SSLv3_client), +#endif OSSL_SSL_METHOD_ENTRY(SSLv23), OSSL_SSL_METHOD_ENTRY(SSLv23_server), OSSL_SSL_METHOD_ENTRY(SSLv23_client), @@ -154,9 +123,6 @@ static const struct { int ossl_ssl_ex_vcb_idx; int ossl_ssl_ex_store_p; int ossl_ssl_ex_ptr_idx; -int ossl_ssl_ex_client_cert_cb_idx; -int ossl_ssl_ex_tmp_dh_callback_idx; -int ossl_ssl_ex_tmp_ecdh_callback_idx; static void ossl_sslctx_free(void *ptr) @@ -193,6 +159,8 @@ ossl_sslctx_s_alloc(VALUE klass) } SSL_CTX_set_mode(ctx, mode); RTYPEDDATA_DATA(obj) = ctx; + SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)obj); + return obj; } @@ -208,13 +176,13 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method) { SSL_METHOD *method = NULL; const char *s; + VALUE m = ssl_method; int i; SSL_CTX *ctx; if (RB_TYPE_P(ssl_method, T_SYMBOL)) - s = rb_id2name(SYM2ID(ssl_method)); - else - s = StringValuePtr(ssl_method); + m = rb_sym2str(ssl_method); + s = StringValueCStr(m); for (i = 0; i < numberof(ossl_ssl_method_tab); i++) { if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) { method = ossl_ssl_method_tab[i].func(); @@ -222,7 +190,7 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method) } } if (!method) { - ossl_raise(rb_eArgError, "unknown SSL method `%s'.", s); + ossl_raise(rb_eArgError, "unknown SSL method `%"PRIsVALUE"'.", m); } GetSSLCTX(self, ctx); if (SSL_CTX_set_ssl_version(ctx, method) != 1) { @@ -232,41 +200,12 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method) return ssl_method; } -/* - * call-seq: - * SSLContext.new => ctx - * SSLContext.new(:TLSv1) => ctx - * SSLContext.new("SSLv23_client") => ctx - * - * You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS - */ -static VALUE -ossl_sslctx_initialize(int argc, VALUE *argv, VALUE self) -{ - VALUE ssl_method; - int i; - - for(i = 0; i < numberof(ossl_sslctx_attrs); i++){ - char buf[32]; - snprintf(buf, sizeof(buf), "@%s", ossl_sslctx_attrs[i]); - rb_iv_set(self, buf, Qnil); - } - if (rb_scan_args(argc, argv, "01", &ssl_method) == 0){ - return self; - } - ossl_sslctx_set_ssl_version(self, ssl_method); - - return self; -} - static VALUE ossl_call_client_cert_cb(VALUE obj) { VALUE cb, ary, cert, key; - SSL *ssl; - GetSSL(obj, ssl); - cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_client_cert_cb_idx); + cb = rb_funcall(obj, rb_intern("client_cert_cb"), 0); if (NIL_P(cb)) return Qfalse; ary = rb_funcall(cb, rb_intern("call"), 1, obj); Check_Type(ary, T_ARRAY); @@ -284,8 +223,7 @@ ossl_client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) VALUE obj, success; obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx); - success = rb_protect((VALUE(*)_((VALUE)))ossl_call_client_cert_cb, - obj, NULL); + success = rb_protect(ossl_call_client_cert_cb, obj, NULL); if (!RTEST(success)) return 0; *x509 = DupX509CertPtr(ossl_ssl_get_x509(obj)); *pkey = DupPKeyPtr(ossl_ssl_get_key(obj)); @@ -295,50 +233,35 @@ ossl_client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) #if !defined(OPENSSL_NO_DH) static VALUE -ossl_call_tmp_dh_callback(VALUE *args) +ossl_call_tmp_dh_callback(VALUE args) { - SSL *ssl; VALUE cb, dh; EVP_PKEY *pkey; - GetSSL(args[0], ssl); - cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_tmp_dh_callback_idx); + cb = rb_funcall(rb_ary_entry(args, 0), rb_intern("tmp_dh_callback"), 0); + if (NIL_P(cb)) return Qfalse; - dh = rb_funcall(cb, rb_intern("call"), 3, args[0], args[1], args[2]); + dh = rb_apply(cb, rb_intern("call"), args); pkey = GetPKeyPtr(dh); if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) return Qfalse; - ossl_ssl_set_tmp_dh(args[0], dh); - return Qtrue; + return dh; } static DH* ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength) { - VALUE args[3], success; + VALUE args, dh, rb_ssl; - args[0] = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx); - args[1] = INT2FIX(is_export); - args[2] = INT2FIX(keylength); - success = rb_protect((VALUE(*)_((VALUE)))ossl_call_tmp_dh_callback, - (VALUE)args, NULL); - if (!RTEST(success)) return NULL; + rb_ssl = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx); - return GetPKeyPtr(ossl_ssl_get_tmp_dh(args[0]))->pkey.dh; -} + args = rb_ary_new_from_args(3, rb_ssl, INT2FIX(is_export), INT2FIX(keylength)); -static DH* -ossl_default_tmp_dh_callback(SSL *ssl, int is_export, int keylength) -{ - rb_warning("using default DH parameters."); + dh = rb_protect(ossl_call_tmp_dh_callback, args, NULL); + if (!RTEST(dh)) return NULL; + ossl_ssl_set_tmp_dh(rb_ssl, dh); - switch(keylength){ - case 512: - return OSSL_DEFAULT_DH_512; - case 1024: - return OSSL_DEFAULT_DH_1024; - } - return NULL; + return GetPKeyPtr(dh)->pkey.dh; } #endif /* OPENSSL_NO_DH */ @@ -346,34 +269,33 @@ ossl_default_tmp_dh_callback(SSL *ssl, int is_export, int keylength) static VALUE ossl_call_tmp_ecdh_callback(VALUE args) { - SSL *ssl; VALUE cb, ecdh; EVP_PKEY *pkey; - GetSSL(rb_ary_entry(args, 0), ssl); - cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_tmp_ecdh_callback_idx); + cb = rb_funcall(rb_ary_entry(args, 0), rb_intern("tmp_ecdh_callback"), 0); + if (NIL_P(cb)) return Qfalse; ecdh = rb_apply(cb, rb_intern("call"), args); pkey = GetPKeyPtr(ecdh); if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) return Qfalse; - ossl_ssl_set_tmp_ecdh(rb_ary_entry(args, 0), ecdh); - return Qtrue; + return ecdh; } static EC_KEY* ossl_tmp_ecdh_callback(SSL *ssl, int is_export, int keylength) { - VALUE args, success, rb_ssl; + VALUE args, ecdh, rb_ssl; rb_ssl = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx); args = rb_ary_new_from_args(3, rb_ssl, INT2FIX(is_export), INT2FIX(keylength)); - success = rb_protect(ossl_call_tmp_ecdh_callback, args, NULL); - if (!RTEST(success)) return NULL; + ecdh = rb_protect(ossl_call_tmp_ecdh_callback, args, NULL); + if (!RTEST(ecdh)) return NULL; + ossl_ssl_set_tmp_ecdh(rb_ssl, ecdh); - return GetPKeyPtr(ossl_ssl_get_tmp_ecdh(rb_ssl))->pkey.ec; + return GetPKeyPtr(ecdh)->pkey.ec; } #endif @@ -392,14 +314,12 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) static VALUE ossl_call_session_get_cb(VALUE ary) { - VALUE ssl_obj, sslctx_obj, cb; + VALUE ssl_obj, cb; Check_Type(ary, T_ARRAY); ssl_obj = rb_ary_entry(ary, 0); - sslctx_obj = rb_iv_get(ssl_obj, "@context"); - if (NIL_P(sslctx_obj)) return Qnil; - cb = rb_iv_get(sslctx_obj, "@session_get_cb"); + cb = rb_funcall(ssl_obj, rb_intern("session_get_cb"), 0); if (NIL_P(cb)) return Qnil; return rb_funcall(cb, rb_intern("call"), 1, ary); @@ -422,7 +342,7 @@ ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy) rb_ary_push(ary, ssl_obj); rb_ary_push(ary, rb_str_new((const char *)buf, len)); - ret_obj = rb_protect((VALUE(*)_((VALUE)))ossl_call_session_get_cb, ary, &state); + ret_obj = rb_protect(ossl_call_session_get_cb, ary, &state); if (state) { rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state)); return NULL; @@ -439,14 +359,12 @@ ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy) static VALUE ossl_call_session_new_cb(VALUE ary) { - VALUE ssl_obj, sslctx_obj, cb; + VALUE ssl_obj, cb; Check_Type(ary, T_ARRAY); ssl_obj = rb_ary_entry(ary, 0); - sslctx_obj = rb_iv_get(ssl_obj, "@context"); - if (NIL_P(sslctx_obj)) return Qnil; - cb = rb_iv_get(sslctx_obj, "@session_new_cb"); + cb = rb_funcall(ssl_obj, rb_intern("session_new_cb"), 0); if (NIL_P(cb)) return Qnil; return rb_funcall(cb, rb_intern("call"), 1, ary); @@ -473,7 +391,7 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess) rb_ary_push(ary, ssl_obj); rb_ary_push(ary, sess_obj); - rb_protect((VALUE(*)_((VALUE)))ossl_call_session_new_cb, ary, &state); + rb_protect(ossl_call_session_new_cb, ary, &state); if (state) { rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state)); } @@ -572,6 +490,7 @@ ossl_call_servername_cb(VALUE ary) GetSSL(ssl_obj, ssl); GetSSLCTX(ret_obj, ctx2); SSL_set_SSL_CTX(ssl, ctx2); + rb_iv_set(ssl_obj, "@context", ret_obj); } else if (!NIL_P(ret_obj)) { ossl_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil"); } @@ -728,6 +647,39 @@ ssl_info_cb(const SSL *ssl, int where, int val) } /* + * Gets various OpenSSL options. + */ +static VALUE +ossl_sslctx_get_options(VALUE self) +{ + SSL_CTX *ctx; + GetSSLCTX(self, ctx); + return LONG2NUM(SSL_CTX_get_options(ctx)); +} + +/* + * Sets various OpenSSL options. + */ +static VALUE +ossl_sslctx_set_options(VALUE self, VALUE options) +{ + SSL_CTX *ctx; + + rb_check_frozen(self); + GetSSLCTX(self, ctx); + + SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx)); + + if (NIL_P(options)) { + SSL_CTX_set_options(ctx, SSL_OP_ALL); + } else { + SSL_CTX_set_options(ctx, NUM2LONG(options)); + } + + return self; +} + +/* * call-seq: * ctx.setup => Qtrue # first time * ctx.setup => nil # thereafter @@ -751,12 +703,7 @@ ossl_sslctx_setup(VALUE self) GetSSLCTX(self, ctx); #if !defined(OPENSSL_NO_DH) - if (RTEST(ossl_sslctx_get_tmp_dh_cb(self))){ - SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback); - } - else{ - SSL_CTX_set_tmp_dh_callback(ctx, ossl_default_tmp_dh_callback); - } + SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback); #endif #if !defined(OPENSSL_NO_EC) @@ -765,8 +712,6 @@ ossl_sslctx_setup(VALUE self) } #endif - SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)self); - val = ossl_sslctx_get_cert_store(self); if(!NIL_P(val)){ /* @@ -845,13 +790,6 @@ ossl_sslctx_setup(VALUE self) val = ossl_sslctx_get_verify_dep(self); if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2INT(val)); - val = ossl_sslctx_get_options(self); - if(!NIL_P(val)) { - SSL_CTX_set_options(ctx, NUM2LONG(val)); - } else { - SSL_CTX_set_options(ctx, SSL_OP_ALL); - } - #ifdef HAVE_OPENSSL_NPN_NEGOTIATED val = rb_iv_get(self, "@npn_protocols"); if (!NIL_P(val)) { @@ -1242,44 +1180,6 @@ ossl_ssl_s_alloc(VALUE klass) return TypedData_Wrap_Struct(klass, &ossl_ssl_type, NULL); } -/* - * call-seq: - * SSLSocket.new(io) => aSSLSocket - * SSLSocket.new(io, ctx) => aSSLSocket - * - * Creates a new SSL socket from +io+ which must be a real ruby object (not an - * IO-like object that responds to read/write). - * - * If +ctx+ is provided the SSL Sockets initial params will be taken from - * the context. - * - * The OpenSSL::Buffering module provides additional IO methods. - * - * This method will freeze the SSLContext if one is provided; - * however, session management is still allowed in the frozen SSLContext. - */ -static VALUE -ossl_ssl_initialize(int argc, VALUE *argv, VALUE self) -{ - VALUE io, ctx; - - if (rb_scan_args(argc, argv, "11", &io, &ctx) == 1) { - ctx = rb_funcall(cSSLContext, rb_intern("new"), 0); - } - OSSL_Check_Kind(ctx, cSSLContext); - Check_Type(io, T_FILE); - ossl_ssl_set_io(self, io); - ossl_ssl_set_ctx(self, ctx); - ossl_ssl_set_sync_close(self, Qfalse); - ossl_sslctx_setup(ctx); - - rb_iv_set(self, "@hostname", Qnil); - - rb_call_super(0, 0); - - return self; -} - static VALUE ossl_ssl_setup(VALUE self) { @@ -1317,12 +1217,6 @@ ossl_ssl_setup(VALUE self) SSL_set_ex_data(ssl, ossl_ssl_ex_ptr_idx, (void*)self); cb = ossl_sslctx_get_verify_cb(v_ctx); SSL_set_ex_data(ssl, ossl_ssl_ex_vcb_idx, (void*)cb); - cb = ossl_sslctx_get_client_cert_cb(v_ctx); - SSL_set_ex_data(ssl, ossl_ssl_ex_client_cert_cb_idx, (void*)cb); - cb = ossl_sslctx_get_tmp_dh_cb(v_ctx); - SSL_set_ex_data(ssl, ossl_ssl_ex_tmp_dh_callback_idx, (void*)cb); - cb = ossl_sslctx_get_tmp_ecdh_cb(v_ctx); - SSL_set_ex_data(ssl, ossl_ssl_ex_tmp_ecdh_callback_idx, (void*)cb); SSL_set_info_callback(ssl, ssl_info_cb); } @@ -1362,14 +1256,23 @@ read_would_block(int nonblock) } } +static int +no_exception_p(VALUE opts) +{ + if (RB_TYPE_P(opts, T_HASH) && + rb_hash_lookup2(opts, sym_exception, Qundef) == Qfalse) + return 1; + return 0; +} + static VALUE -ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, - int nonblock, int no_exception) +ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, VALUE opts) { SSL *ssl; rb_io_t *fptr; int ret, ret2; VALUE cb_state; + int nonblock = opts != Qfalse; rb_ivar_set(self, ID_callback_state, Qnil); @@ -1388,12 +1291,12 @@ ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, switch((ret2 = ssl_get_error(ssl, ret))){ case SSL_ERROR_WANT_WRITE: - if (no_exception) { return sym_wait_writable; } + if (no_exception_p(opts)) { return sym_wait_writable; } write_would_block(nonblock); rb_io_wait_writable(FPTR_TO_FD(fptr)); continue; case SSL_ERROR_WANT_READ: - if (no_exception) { return sym_wait_readable; } + if (no_exception_p(opts)) { return sym_wait_readable; } read_would_block(nonblock); rb_io_wait_readable(FPTR_TO_FD(fptr)); continue; @@ -1419,15 +1322,8 @@ static VALUE ossl_ssl_connect(VALUE self) { ossl_ssl_setup(self); - return ossl_start_ssl(self, SSL_connect, "SSL_connect", 0, 0); -} -static int -get_no_exception(VALUE opts) -{ - if (!NIL_P(opts) && Qfalse == rb_hash_lookup2(opts, sym_exception, Qundef)) - return 1; - return 0; + return ossl_start_ssl(self, SSL_connect, "SSL_connect", Qfalse); } /* @@ -1455,14 +1351,12 @@ get_no_exception(VALUE opts) static VALUE ossl_ssl_connect_nonblock(int argc, VALUE *argv, VALUE self) { - int no_exception; - VALUE opts = Qnil; - + VALUE opts; rb_scan_args(argc, argv, "0:", &opts); - no_exception = get_no_exception(opts); ossl_ssl_setup(self); - return ossl_start_ssl(self, SSL_connect, "SSL_connect", 1, no_exception); + + return ossl_start_ssl(self, SSL_connect, "SSL_connect", opts); } /* @@ -1476,7 +1370,8 @@ static VALUE ossl_ssl_accept(VALUE self) { ossl_ssl_setup(self); - return ossl_start_ssl(self, SSL_accept, "SSL_accept", 0, 0); + + return ossl_start_ssl(self, SSL_accept, "SSL_accept", Qfalse); } /* @@ -1504,14 +1399,12 @@ ossl_ssl_accept(VALUE self) static VALUE ossl_ssl_accept_nonblock(int argc, VALUE *argv, VALUE self) { - int no_exception; - VALUE opts = Qnil; + VALUE opts; rb_scan_args(argc, argv, "0:", &opts); - no_exception = get_no_exception(opts); - ossl_ssl_setup(self); - return ossl_start_ssl(self, SSL_accept, "SSL_accept", 1, no_exception); + + return ossl_start_ssl(self, SSL_accept, "SSL_accept", opts); } static VALUE @@ -1519,13 +1412,15 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock) { SSL *ssl; int ilen, nread = 0; - int no_exception; VALUE len, str; rb_io_t *fptr; VALUE opts = Qnil; - rb_scan_args(argc, argv, "11:", &len, &str, &opts); - no_exception = get_no_exception(opts); + if (nonblock) { + rb_scan_args(argc, argv, "11:", &len, &str, &opts); + } else { + rb_scan_args(argc, argv, "11", &len, &str); + } ilen = NUM2INT(len); if(NIL_P(str)) str = rb_str_new(0, ilen); @@ -1547,21 +1442,21 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock) case SSL_ERROR_NONE: goto end; case SSL_ERROR_ZERO_RETURN: - if (no_exception) { return Qnil; } + if (no_exception_p(opts)) { return Qnil; } rb_eof_error(); case SSL_ERROR_WANT_WRITE: - if (no_exception) { return sym_wait_writable; } + if (no_exception_p(opts)) { return sym_wait_writable; } write_would_block(nonblock); rb_io_wait_writable(FPTR_TO_FD(fptr)); continue; case SSL_ERROR_WANT_READ: - if (no_exception) { return sym_wait_readable; } + if (no_exception_p(opts)) { return sym_wait_readable; } read_would_block(nonblock); rb_io_wait_readable(FPTR_TO_FD(fptr)); continue; case SSL_ERROR_SYSCALL: if(ERR_peek_error() == 0 && nread == 0) { - if (no_exception) { return Qnil; } + if (no_exception_p(opts)) { return Qnil; } rb_eof_error(); } rb_sys_fail(0); @@ -1621,11 +1516,12 @@ ossl_ssl_read_nonblock(int argc, VALUE *argv, VALUE self) } static VALUE -ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock, int no_exception) +ossl_ssl_write_internal(VALUE self, VALUE str, VALUE opts) { SSL *ssl; int nwrite = 0; rb_io_t *fptr; + int nonblock = opts != Qfalse; StringValue(str); GetSSL(self, ssl); @@ -1638,12 +1534,12 @@ ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock, int no_exception) case SSL_ERROR_NONE: goto end; case SSL_ERROR_WANT_WRITE: - if (no_exception) { return sym_wait_writable; } + if (no_exception_p(opts)) { return sym_wait_writable; } write_would_block(nonblock); rb_io_wait_writable(FPTR_TO_FD(fptr)); continue; case SSL_ERROR_WANT_READ: - if (no_exception) { return sym_wait_readable; } + if (no_exception_p(opts)) { return sym_wait_readable; } read_would_block(nonblock); rb_io_wait_readable(FPTR_TO_FD(fptr)); continue; @@ -1673,7 +1569,7 @@ ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock, int no_exception) static VALUE ossl_ssl_write(VALUE self, VALUE str) { - return ossl_ssl_write_internal(self, str, 0, 0); + return ossl_ssl_write_internal(self, str, Qfalse); } /* @@ -1686,43 +1582,34 @@ ossl_ssl_write(VALUE self, VALUE str) static VALUE ossl_ssl_write_nonblock(int argc, VALUE *argv, VALUE self) { - VALUE str; - VALUE opts = Qnil; - int no_exception; + VALUE str, opts; rb_scan_args(argc, argv, "1:", &str, &opts); - no_exception = get_no_exception(opts); - return ossl_ssl_write_internal(self, str, 1, no_exception); + return ossl_ssl_write_internal(self, str, opts); } /* * call-seq: - * ssl.sysclose => nil + * ssl.stop => nil * - * Shuts down the SSL connection and prepares it for another connection. + * Stops the SSL connection and prepares it for another connection. */ static VALUE -ossl_ssl_close(VALUE self) +ossl_ssl_stop(VALUE self) { SSL *ssl; - VALUE io; /* ossl_ssl_data_get_struct() is not usable here because it may return * from this function; */ GetSSL(self, ssl); - io = ossl_ssl_get_io(self); - if (!RTEST(rb_funcall(io, rb_intern("closed?"), 0))) { - if (ssl) { - ossl_ssl_shutdown(ssl); - SSL_free(ssl); - } - DATA_PTR(self) = NULL; - if (RTEST(ossl_ssl_get_sync_close(self))) - rb_funcall(io, rb_intern("close"), 0); + if (ssl) { + ossl_ssl_shutdown(ssl); + SSL_free(ssl); } + DATA_PTR(self) = NULL; return Qnil; } @@ -1994,7 +1881,9 @@ ossl_ssl_npn_protocol(VALUE self) else return rb_str_new((const char *) out, outlen); } +# endif +# ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB /* * call-seq: * ssl.alpn_protocol => String @@ -2035,12 +1924,6 @@ Init_ossl_ssl(void) ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_vcb_idx",0,0,0); ossl_ssl_ex_store_p = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_store_p",0,0,0); ossl_ssl_ex_ptr_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_ptr_idx",0,0,0); - ossl_ssl_ex_client_cert_cb_idx = - SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_client_cert_cb_idx",0,0,0); - ossl_ssl_ex_tmp_dh_callback_idx = - SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_tmp_dh_callback_idx",0,0,0); - ossl_ssl_ex_tmp_ecdh_callback_idx = - SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_tmp_ecdh_callback_idx",0,0,0); /* Document-module: OpenSSL::SSL * @@ -2050,6 +1933,17 @@ Init_ossl_ssl(void) * of SSLContext to set up connections. */ mSSL = rb_define_module_under(mOSSL, "SSL"); + + /* Document-module: OpenSSL::ExtConfig + * + * This module contains configuration information about the SSL extension, + * for example if socket support is enabled, or the host name TLS extension + * is enabled. Constants in this module will always be defined, but contain + * `true` or `false` values depending on the configuration of your OpenSSL + * installation. + */ + mSSLExtConfig = rb_define_module_under(mOSSL, "ExtConfig"); + /* Document-class: OpenSSL::SSL::SSLError * * Generic error class raised by SSLSocket and SSLContext. @@ -2138,11 +2032,6 @@ Init_ossl_ssl(void) rb_attr(cSSLContext, rb_intern("verify_callback"), 1, 1, Qfalse); /* - * Sets various OpenSSL options. - */ - rb_attr(cSSLContext, rb_intern("options"), 1, 1, Qfalse); - - /* * An OpenSSL::X509::Store used for certificate verification */ rb_attr(cSSLContext, rb_intern("cert_store"), 1, 1, Qfalse); @@ -2175,18 +2064,6 @@ Init_ossl_ssl(void) */ rb_attr(cSSLContext, rb_intern("tmp_ecdh_callback"), 1, 1, Qfalse); - /* - * A callback invoked when DH parameters are required. - * - * The callback is invoked with the Session for the key exchange, an - * flag indicating the use of an export cipher and the keylength - * required. - * - * The callback must return an OpenSSL::PKey::DH instance of the correct - * key length. - */ - rb_attr(cSSLContext, rb_intern("tmp_dh_callback"), 1, 1, Qfalse); - /* * Sets the context in which a session can be reused. This allows * sessions for multiple applications to be distinguished, for example, by @@ -2219,15 +2096,11 @@ Init_ossl_ssl(void) rb_attr(cSSLContext, rb_intern("session_remove_cb"), 1, 1, Qfalse); #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME - /* - * A callback invoked at connect time to distinguish between multiple - * server names. - * - * The callback is invoked with an SSLSocket and a server name. The - * callback must return an SSLContext for the server name or nil. - */ - rb_attr(cSSLContext, rb_intern("servername_cb"), 1, 1, Qfalse); + rb_define_const(mSSLExtConfig, "HAVE_TLSEXT_HOST_NAME", Qtrue); +#else + rb_define_const(mSSLExtConfig, "HAVE_TLSEXT_HOST_NAME", Qfalse); #endif + /* * A callback invoked whenever a new handshake is initiated. May be used * to disable renegotiation entirely. @@ -2316,7 +2189,6 @@ Init_ossl_ssl(void) rb_define_alias(cSSLContext, "ssl_timeout", "timeout"); rb_define_alias(cSSLContext, "ssl_timeout=", "timeout="); - rb_define_method(cSSLContext, "initialize", ossl_sslctx_initialize, -1); rb_define_method(cSSLContext, "ssl_version=", ossl_sslctx_set_ssl_version, 1); rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0); rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1); @@ -2378,6 +2250,8 @@ Init_ossl_ssl(void) rb_define_method(cSSLContext, "session_cache_size=", ossl_sslctx_set_session_cache_size, 1); rb_define_method(cSSLContext, "session_cache_stats", ossl_sslctx_get_session_cache_stats, 0); rb_define_method(cSSLContext, "flush_sessions", ossl_sslctx_flush_sessions, -1); + rb_define_method(cSSLContext, "options", ossl_sslctx_get_options, 0); + rb_define_method(cSSLContext, "options=", ossl_sslctx_set_options, 1); ary = rb_ary_new2(numberof(ossl_ssl_method_tab)); for (i = 0; i < numberof(ossl_ssl_method_tab); i++) { @@ -2396,15 +2270,10 @@ Init_ossl_ssl(void) */ cSSLSocket = rb_define_class_under(mSSL, "SSLSocket", rb_cObject); #ifdef OPENSSL_NO_SOCK - rb_define_method(cSSLSocket, "initialize", rb_notimplement, -1); + rb_define_const(mSSLExtConfig, "OPENSSL_NO_SOCK", Qtrue); #else + rb_define_const(mSSLExtConfig, "OPENSSL_NO_SOCK", Qfalse); rb_define_alloc_func(cSSLSocket, ossl_ssl_s_alloc); - for(i = 0; i < numberof(ossl_ssl_attr_readers); i++) - rb_attr(cSSLSocket, rb_intern(ossl_ssl_attr_readers[i]), 1, 0, Qfalse); - for(i = 0; i < numberof(ossl_ssl_attrs); i++) - rb_attr(cSSLSocket, rb_intern(ossl_ssl_attrs[i]), 1, 1, Qfalse); - rb_define_alias(cSSLSocket, "to_io", "io"); - rb_define_method(cSSLSocket, "initialize", ossl_ssl_initialize, -1); rb_define_method(cSSLSocket, "connect", ossl_ssl_connect, 0); rb_define_method(cSSLSocket, "connect_nonblock", ossl_ssl_connect_nonblock, -1); rb_define_method(cSSLSocket, "accept", ossl_ssl_accept, 0); @@ -2413,7 +2282,7 @@ Init_ossl_ssl(void) rb_define_private_method(cSSLSocket, "sysread_nonblock", ossl_ssl_read_nonblock, -1); rb_define_method(cSSLSocket, "syswrite", ossl_ssl_write, 1); rb_define_private_method(cSSLSocket, "syswrite_nonblock", ossl_ssl_write_nonblock, -1); - rb_define_method(cSSLSocket, "sysclose", ossl_ssl_close, 0); + rb_define_private_method(cSSLSocket, "stop", ossl_ssl_stop, 0); rb_define_method(cSSLSocket, "cert", ossl_ssl_get_cert, 0); rb_define_method(cSSLSocket, "peer_cert", ossl_ssl_get_peer_cert, 0); rb_define_method(cSSLSocket, "peer_cert_chain", ossl_ssl_get_peer_cert_chain, 0); @@ -2434,7 +2303,7 @@ Init_ossl_ssl(void) # endif #endif -#define ossl_ssl_def_const(x) rb_define_const(mSSL, #x, INT2NUM(SSL_##x)) +#define ossl_ssl_def_const(x) rb_define_const(mSSL, #x, LONG2NUM(SSL_##x)) ossl_ssl_def_const(VERIFY_NONE); ossl_ssl_def_const(VERIFY_PEER); diff --git a/ext/openssl/ossl_ssl.h b/ext/openssl/ossl_ssl.h index aa5a550c..f92f0289 100644 --- a/ext/openssl/ossl_ssl.h +++ b/ext/openssl/ossl_ssl.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -39,4 +38,3 @@ void Init_ossl_ssl(void); void Init_ossl_ssl_session(void); #endif /* _OSSL_SSL_H_ */ - diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h index 605da19c..dcd026a1 100644 --- a/ext/openssl/ossl_version.h +++ b/ext/openssl/ossl_version.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_x509.c b/ext/openssl/ossl_x509.c index 332146a3..2fd14566 100644 --- a/ext/openssl/ossl_x509.c +++ b/ext/openssl/ossl_x509.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -101,4 +100,3 @@ Init_ossl_x509(void) DefX509Default(CERT_FILE_ENV, cert_file_env); DefX509Default(PRIVATE_DIR, private_dir); } - diff --git a/ext/openssl/ossl_x509.h b/ext/openssl/ossl_x509.h index c803a59f..8e9b2330 100644 --- a/ext/openssl/ossl_x509.h +++ b/ext/openssl/ossl_x509.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c index 10e511d2..d0f41c6b 100644 --- a/ext/openssl/ossl_x509attr.c +++ b/ext/openssl/ossl_x509attr.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 376db679..b1d57bf3 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -861,4 +860,3 @@ Init_ossl_x509cert(void) rb_define_method(cX509Cert, "add_extension", ossl_x509_add_extension, 1); rb_define_method(cX509Cert, "inspect", ossl_x509_inspect, 0); } - diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index 7133c7a9..7293fce5 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -552,4 +551,3 @@ Init_ossl_x509crl(void) rb_define_method(cX509CRL, "extensions=", ossl_x509crl_set_extensions, 1); rb_define_method(cX509CRL, "add_extension", ossl_x509crl_add_extension, 1); } - diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c index 1e65f2bc..70a117cc 100644 --- a/ext/openssl/ossl_x509ext.c +++ b/ext/openssl/ossl_x509ext.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index 565a7cd1..a0e28e29 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c index aa5c423c..05d7ef99 100644 --- a/ext/openssl/ossl_x509req.c +++ b/ext/openssl/ossl_x509req.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -483,4 +482,3 @@ Init_ossl_x509req(void) rb_define_method(cX509Req, "attributes=", ossl_x509req_set_attributes, 1); rb_define_method(cX509Req, "add_attribute", ossl_x509req_add_attribute, 1); } - diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c index 5c257f4f..0a949e76 100644 --- a/ext/openssl/ossl_x509revoked.c +++ b/ext/openssl/ossl_x509revoked.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. @@ -244,4 +243,3 @@ Init_ossl_x509revoked(void) rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1); rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1); } - diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index fbb83159..bb6fe14d 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. diff --git a/ext/openssl/ruby_missing.h b/ext/openssl/ruby_missing.h index a43f9425..d7384ec3 100644 --- a/ext/openssl/ruby_missing.h +++ b/ext/openssl/ruby_missing.h @@ -1,5 +1,4 @@ /* - * $Id$ * 'OpenSSL for Ruby' project * Copyright (C) 2001-2003 Michal Rokos <m.rokos@sh.cvut.cz> * All rights reserved. |