diff options
| -rw-r--r-- | ext/openssl/ossl_bn.c | 10 | ||||
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 21 | ||||
| -rw-r--r-- | lib/openssl/ssl.rb | 3 | ||||
| -rw-r--r-- | test/test_ssl.rb | 18 |
4 files changed, 36 insertions, 16 deletions
diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c index d337d509..4666ce6c 100644 --- a/ext/openssl/ossl_bn.c +++ b/ext/openssl/ossl_bn.c @@ -979,20 +979,20 @@ static VALUE ossl_bn_hash(VALUE self) { BIGNUM *bn; - VALUE hash; + VALUE tmp, hash; unsigned char *buf; int len; GetBN(self, bn); len = BN_num_bytes(bn); - buf = xmalloc(len); + buf = ALLOCV(tmp, len); if (BN_bn2bin(bn, buf) != len) { - xfree(buf); - ossl_raise(eBNError, NULL); + ALLOCV_END(tmp); + ossl_raise(eBNError, "BN_bn2bin"); } hash = ST2FIX(rb_memhash(buf, len)); - xfree(buf); + ALLOCV_END(tmp); return hash; } diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 93fc497e..59723dc6 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -32,7 +32,7 @@ VALUE cSSLSocket; static VALUE eSSLErrorWaitReadable; static VALUE eSSLErrorWaitWritable; -static ID ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback, +static ID id_call, ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback, id_npn_protocols_encoded; static VALUE sym_exception, sym_wait_readable, sym_wait_writable; @@ -205,7 +205,7 @@ ossl_call_client_cert_cb(VALUE obj) if (NIL_P(cb)) return Qnil; - ary = rb_funcall(cb, rb_intern("call"), 1, obj); + ary = rb_funcallv(cb, id_call, 1, &obj); Check_Type(ary, T_ARRAY); GetX509CertPtr(cert = rb_ary_entry(ary, 0)); GetPrivPKeyPtr(key = rb_ary_entry(ary, 1)); @@ -248,8 +248,8 @@ ossl_call_tmp_dh_callback(struct tmp_dh_callback_args *args) cb = rb_funcall(args->ssl_obj, args->id, 0); if (NIL_P(cb)) return NULL; - dh = rb_funcall(cb, rb_intern("call"), 3, - args->ssl_obj, INT2NUM(args->is_export), INT2NUM(args->keylength)); + dh = rb_funcall(cb, id_call, 3, args->ssl_obj, INT2NUM(args->is_export), + INT2NUM(args->keylength)); pkey = GetPKeyPtr(dh); if (EVP_PKEY_base_id(pkey) != args->type) return NULL; @@ -374,7 +374,7 @@ ossl_call_session_get_cb(VALUE ary) cb = rb_funcall(ssl_obj, rb_intern("session_get_cb"), 0); if (NIL_P(cb)) return Qnil; - return rb_funcall(cb, rb_intern("call"), 1, ary); + return rb_funcallv(cb, id_call, 1, &ary); } /* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */ @@ -420,7 +420,7 @@ ossl_call_session_new_cb(VALUE ary) cb = rb_funcall(ssl_obj, rb_intern("session_new_cb"), 0); if (NIL_P(cb)) return Qnil; - return rb_funcall(cb, rb_intern("call"), 1, ary); + return rb_funcallv(cb, id_call, 1, &ary); } /* return 1 normal. return 0 removes the session */ @@ -467,7 +467,7 @@ ossl_call_session_remove_cb(VALUE ary) cb = rb_attr_get(sslctx_obj, id_i_session_remove_cb); if (NIL_P(cb)) return Qnil; - return rb_funcall(cb, rb_intern("call"), 1, ary); + return rb_funcallv(cb, id_call, 1, &ary); } static void @@ -533,7 +533,7 @@ ossl_call_servername_cb(VALUE ary) cb = rb_attr_get(sslctx_obj, id_i_servername_cb); if (NIL_P(cb)) return Qnil; - ret_obj = rb_funcall(cb, rb_intern("call"), 1, ary); + ret_obj = rb_funcallv(cb, id_call, 1, &ary); if (rb_obj_is_kind_of(ret_obj, cSSLContext)) { SSL *ssl; SSL_CTX *ctx2; @@ -585,7 +585,7 @@ ssl_renegotiation_cb(const SSL *ssl) cb = rb_attr_get(sslctx_obj, id_i_renegotiation_cb); if (NIL_P(cb)) return; - (void) rb_funcall(cb, rb_intern("call"), 1, ssl_obj); + rb_funcallv(cb, id_call, 1, &ssl_obj); } #if !defined(OPENSSL_NO_NEXTPROTONEG) || \ @@ -635,7 +635,7 @@ npn_select_cb_common_i(VALUE tmp) in += l; } - selected = rb_funcall(args->cb, rb_intern("call"), 1, protocols); + selected = rb_funcallv(args->cb, id_call, 1, &protocols); StringValue(selected); len = RSTRING_LEN(selected); if (len < 1 || len >= 256) { @@ -2261,6 +2261,7 @@ Init_ossl_ssl(void) rb_mWaitWritable = rb_define_module_under(rb_cIO, "WaitWritable"); #endif + id_call = rb_intern("call"); ID_callback_state = rb_intern("callback_state"); ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0, (void *)"ossl_ssl_ex_vcb_idx", 0, 0, 0); diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb index a628648e..6a6f2b94 100644 --- a/lib/openssl/ssl.rb +++ b/lib/openssl/ssl.rb @@ -136,6 +136,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3 # used. def set_params(params={}) params = DEFAULT_PARAMS.merge(params) + self.options = params.delete(:options) # set before min_version/max_version params.each{|name, value| self.__send__("#{name}=", value) } if self.verify_mode != OpenSSL::SSL::VERIFY_NONE unless self.ca_file or self.ca_path or self.cert_store @@ -201,7 +202,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3 if /(?<type>_client|_server)\z/ =~ meth meth = $` if $VERBOSE - warn "#{caller(1)[0]}: method type #{type.inspect} is ignored" + warn "#{caller(1, 1)[0]}: method type #{type.inspect} is ignored" end end version = METHODS_MAP[meth.intern] or diff --git a/test/test_ssl.rb b/test/test_ssl.rb index ab6382d7..4f3df9dd 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -811,6 +811,24 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase supported end + def test_set_params_min_version + supported = check_supported_protocol_versions + store = OpenSSL::X509::Store.new + store.add_cert(@ca_cert) + + if supported.include?(OpenSSL::SSL::SSL3_VERSION) + # SSLContext#set_params properly disables SSL 3.0 by default + ctx_proc = proc { |ctx| + ctx.min_version = ctx.max_version = OpenSSL::SSL::SSL3_VERSION + } + start_server(ctx_proc: ctx_proc, ignore_listener_error: true) { |port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.set_params(cert_store: store, verify_hostname: false) + assert_handshake_error { server_connect(port, ctx) { } } + } + end + end + def test_minmax_version supported = check_supported_protocol_versions |