| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
Emulate the behavior of 'gem install --conservative'. This would prevent
overwriting the existing Rake installation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Read everything from an IO object into a String first and use the
memory buffer BIO method just as we do for String inputs.
For MSVC builds, the FILE BIO method uses the "UPLINK" interface that
requires the application to provide OPENSSL_Applink() function. For us,
the "application" means ruby.exe, in which we can't do anything. As a
workaround, avoid using the FILE BIO method at all.
Usually private keys or X.509 certificates aren't that large and the
temporarily increased memory usage hopefully won't be an issue.
Fixes: https://github.com/ruby/openssl/issues/128
|
|
|
|
|
|
|
|
|
|
| |
Prevent the new object created by StringValue() from being GCed.
Luckily, as none of the callers of ossl_obj2bio() reads from the
returned BIO after possible triggering GC, this has not been a real
problem.
As a bonus, ossl_protect_obj2bio() function which is no longer used
anywhere is removed.
|
|
|
|
|
|
| |
Fedora's OpenSSL seems to enable 3DES cipher suites by DEFAULT.
Fixes: https://github.com/ruby/openssl/issues/127
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Clarify what it's doing. For non-Windows and MinGW platforms we can
just give "crypto" and "ssl" to have_library.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commits that went to master are excluded.
* ruby-trunk r56953..r58742: (3 commits)
(r58742) Search SSL libraries by testing various filename patterns
(r57592) openssl: fix broken openssl check
(r57591) openssl: fix broken openssl check
Sync-with-trunk: r58742
|
| |
| |
| |
| |
| |
| |
| |
| | |
* ext/openssl/extconf.rb (find_openssl_library): should search by more flexible
method, especially for LibreSSL on Windows.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| | |
* ext/openssl/deprecation.rb: check for broken OpenSSL only on mac
OS. [ruby-core:79475] [Bug #13200]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| | |
* ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS.
[ruby-core:79475] [Bug #13200]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: https://bugs.ruby-lang.org/issues/11033
|
| | |
|
|\ \
| | |
| | | |
Update .travis.yml and Dockerfile
|
|/ /
| |
| |
| |
| |
| | |
* Updated Rubies to latest version.
* Added ruby-head as allow_failures.
Because it's good to know new version Ruby's issue as faster before the release.
|
|\ \
| | |
| | |
| | |
| | | |
* topic/test-ssl-fix-typo:
test/test_ssl: fix typo in test_sysread_and_syswrite
|
| | |
| | |
| | |
| | |
| | | |
The test case for second argument of OpenSSL::SSL::SSLSocket#sysread is
not testing the behavior correctly because of a typo.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
X509_STORE_add_{cert,crl}() will no longer fail with 'cert already in
hash table' if they are called twice, since the (unreleased) next
version of OpenSSL. Don't test that if we are built with OpenSSL >=
1.1.0.
|
| | |
| | |
| | |
| | |
| | | |
"after after having fed the entire plaintext..." is changed to
"after having fed the entire plaintext..."
|
| | | |
|
|/ /
| |
| |
| |
| | |
SSL_set_fd() may fail with 0 return if malloc() fails. Check that and
raise an exception to avoid potential crash.
|
|\ \
| | |
| | | |
Fix typos
|
|/ / |
|
|/
|
|
|
|
|
| |
Ubuntu trusty's OpenSSL package 1.0.1f-1ubuntu2.22 has backported an
OpenSSL commit f54be179aa4c that makes EC_GROUP_set_generator() call
BN_MONT_CTX_set() which can segfault if an invalid value (== 0) is
given. Avoid it.
|
| |
|
| |
|
|
|
|
| |
Ruby 2.3.3/2.4.0, OpenSSL 1.0.2k/1.1.0d and LibreSSL 2.3.9/2.4.4.
|
|
|
|
|
|
|
|
| |
Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()",
2016-09-08) incorrectly inverted the result. Fix it, and add a test
case for this.
Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
|
|
|
|
| |
Import mu_pp method from Ruby trunk.
|
| |
|
|
|
|
|
|
|
| |
The new RubyInstaller 2.3.3 uses OpenSSL 1.0.2j. This will fix CI build
on AppVayor. Note that this is not a future-proof resolution; the future
releases of RubyInstaller that AppVayor will use may require another
incompatible version of OpenSSL.
|
|\
| |
| |
| |
| | |
* topic/windows-static-linking-without-pkg-config:
Fix build with static OpenSSL libraries on Windows
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL <= 1.0.2 requires gdi32 for RAND_screen(). OpenSSL >= 1.1.0 no
longer has RAND_screen() but it now requires crypt32. If pkg-config is
usable, they are automatically linked, but if it is not, configuring
Ruby/OpenSSL fails.
Fixes: https://bugs.ruby-lang.org/issues/13080
|
|\ \
| |/
|/| |
Fix for ASN1::Constructive 'each' implementation
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix 'unsupported key type' error if OpenSSL::SSL::SSLSocket#tmp_key is
called when X25519 is used for key exchange.
EVP_PKEY may have a key type that we don't have have a dedicated
subclass. Let's allow instantiating OpenSSL::PKey::PKey with such an
EVP_PKEY, although the resulting instance is not so useful because it
can't be exported at the moment.
|
|
|
|
|
|
|
|
| |
Restore the old behavior of OpenSSL::SSL::Session#==.
SSL_SESSION_get_protocol_version() was missing in OpenSSL master at the
time r55287 (cad3226a06a1, "openssl: adapt to OpenSSL 1.1.0 opaque
structs", 2016-06-05).
|
|
|
|
|
| |
To avoid symbol conflict that would occur if two versions of OpenSSL are
loaded at the same time.
|
|
|
|
|
|
|
| |
SSL_CTX_clear_options() first appeared in OpenSSL 0.9.8m. Add
alternative macro definition for ancient versions of OpenSSL.
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/78693
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
* ruby-trunk r56927..r56953: (3 commits)
(r56953) openssl: import fixes from upstream
(r56948) ossl.c: cast
(r56946) openssl: import v2.0.0
Sync-with-trunk: r56953
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Import the following two commits from upstream:
commit 72126d6c8b88abd69c3565fc3bbbd5ed1e401611
Author: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu Dec 1 22:27:03 2016 +0900
pkey: check existence of EVP_PKEY_get0()
EVP_PKEY_get0() did not exist in early OpenSSL 0.9.8 series. So define
ourselves if needed.
commit 94a1c4e0c5705ad1e9a4ca08cacaa6cba8b1e6f5
Author: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu Dec 1 22:13:22 2016 +0900
test/test_cipher: fix test with OpenSSL 1.0.1 before 1.0.1d
Set the authentication tag before the AAD when decrypting.
Before OpenSSL commit 96f7fafa2431 ("Don't require tag before ciphertext
in AESGCM mode", 2012-10-16, at OpenSSL_1_0_1-stable branch, included in
OpenSSL 1.0.1d), the authentication tag must be set before any calls of
EVP_CipherUpdate().
They should fix build on CentOS 5 and Ubuntu 12.04 respectively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| | |
* ext/openssl/ossl.c (ossl_pem_passwd_cb): cast to int. it's safe
because len does not exceed int max_len.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56948 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2
(imported at r56098) can be found at:
https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|\ \
| | |
| | | |
asn1: handle GENERALIZEDTIME without seconds
|
| | | |
|
| |/ |
|