aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* appveyor.yml: test against Ruby 2.4ky/appveyor-update-201707Kazuki Yamaguchi2017-07-111-7/+18
|
* Rakefile: install_dependencies: install only when neededKazuki Yamaguchi2017-07-111-2/+7
| | | | | Emulate the behavior of 'gem install --conservative'. This would prevent overwriting the existing Rake installation.
* bio: do not use the FILE BIO method in ossl_obj2bio()Kazuki Yamaguchi2017-07-112-26/+15
| | | | | | | | | | | | | | | Read everything from an IO object into a String first and use the memory buffer BIO method just as we do for String inputs. For MSVC builds, the FILE BIO method uses the "UPLINK" interface that requires the application to provide OPENSSL_Applink() function. For us, the "application" means ruby.exe, in which we can't do anything. As a workaround, avoid using the FILE BIO method at all. Usually private keys or X.509 certificates aren't that large and the temporarily increased memory usage hopefully won't be an issue. Fixes: https://github.com/ruby/openssl/issues/128
* bio: prevent possible GC issue in ossl_obj2bio()Kazuki Yamaguchi2017-07-1114-32/+24
| | | | | | | | | | Prevent the new object created by StringValue() from being GCed. Luckily, as none of the callers of ossl_obj2bio() reads from the returned BIO after possible triggering GC, this has not been a real problem. As a bonus, ossl_protect_obj2bio() function which is no longer used anywhere is removed.
* test/test_ssl: allow 3DES cipher suites in test_sslctx_set_paramsKazuki Yamaguchi2017-06-271-1/+1
| | | | | | Fedora's OpenSSL seems to enable 3DES cipher suites by DEFAULT. Fixes: https://github.com/ruby/openssl/issues/127
* Ruby/OpenSSL 2.0.4v2.0.4Kazuki Yamaguchi2017-06-143-2/+14
|
* History.md: add entries for 2.0.1-2.0.3Kazuki Yamaguchi2017-06-141-0/+35
|
* History.md: wrap at 80 charactersKazuki Yamaguchi2017-06-141-1/+2
|
* extconf.rb: simplify searching libraries logicKazuki Yamaguchi2017-06-141-31/+33
| | | | | Clarify what it's doing. For non-Windows and MinGW platforms we can just give "crypto" and "ssl" to have_library.
* Merge changes from Ruby trunk r56953..r58742Kazuki Yamaguchi2017-06-142-7/+47
|\ | | | | | | | | | | | | | | | | | | | | Commits that went to master are excluded. * ruby-trunk r56953..r58742: (3 commits) (r58742) Search SSL libraries by testing various filename patterns (r57592) openssl: fix broken openssl check (r57591) openssl: fix broken openssl check Sync-with-trunk: r58742
| * Search SSL libraries by testing various filename patternsusa2017-06-141-5/+45
| | | | | | | | | | | | | | | | * ext/openssl/extconf.rb (find_openssl_library): should search by more flexible method, especially for LibreSSL on Windows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * openssl: fix broken openssl checknobu2017-06-141-1/+1
| | | | | | | | | | | | | | * ext/openssl/deprecation.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * openssl: fix broken openssl checknobu2017-06-141-1/+1
| | | | | | | | | | | | | | * ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | x509store: clear error queue after calling X509_LOOKUP_load_file()Kazuki Yamaguchi2017-06-142-0/+32
| | | | | | | | | | | | | | | | | | | | | | X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file() internally, may leave error entries in the queue even when it returns non-zero value (which indicates success). This will be fixed by OpenSSL 1.1.1, but can be worked around by clearing the error queue ourselves. Fixes: https://bugs.ruby-lang.org/issues/11033
* | tool/sync-with-trunk: 'LASY' -> 'LAST'Kazuki Yamaguchi2017-05-291-4/+4
| |
* | Merge pull request #122 from junaruga/feature/update-rubiesKazuki Yamaguchi2017-05-172-12/+21
|\ \ | | | | | | Update .travis.yml and Dockerfile
| * | Update .travis.yml and DockerfileJun Aruga2017-05-172-12/+21
|/ / | | | | | | | | | | * Updated Rubies to latest version. * Added ruby-head as allow_failures. Because it's good to know new version Ruby's issue as faster before the release.
* | Merge branch 'topic/test-ssl-fix-typo' into maintKazuki Yamaguchi2017-05-041-1/+1
|\ \ | | | | | | | | | | | | * topic/test-ssl-fix-typo: test/test_ssl: fix typo in test_sysread_and_syswrite
| * | test/test_ssl: fix typo in test_sysread_and_syswritetopic/test-ssl-fix-typoKazuki Yamaguchi2017-03-231-1/+1
| | | | | | | | | | | | | | | The test case for second argument of OpenSSL::SSL::SSLSocket#sysread is not testing the behavior correctly because of a typo.
* | | test/test_x509store: skip OpenSSL::TestX509Store#test_set_errorsKazuki Yamaguchi2017-04-281-0/+1
| | | | | | | | | | | | | | | | | | | | | X509_STORE_add_{cert,crl}() will no longer fail with 'cert already in hash table' if they are called twice, since the (unreleased) next version of OpenSSL. Don't test that if we are built with OpenSSL >= 1.1.0.
* | | Fix documentation for OpenSSL::Cipher#finalVladimir Rybas2017-04-211-1/+1
| | | | | | | | | | | | | | | "after after having fed the entire plaintext..." is changed to "after having fed the entire plaintext..."
* | | Fix typosKazuki Yamaguchi2017-04-205-7/+7
| | |
* | | ssl: check return value of SSL_set_fd()Kazuki Yamaguchi2017-03-311-1/+2
|/ / | | | | | | | | SSL_set_fd() may fail with 0 return if malloc() fails. Check that and raise an exception to avoid potential crash.
* | Merge pull request #108 from ruby/typofixKazuki Yamaguchi2017-02-143-4/+4
|\ \ | | | | | | Fix typos
| * | Fix typosSHIBATA Hiroshi2017-02-143-4/+4
|/ /
* / test/test_pkey_ec: do not use dummy 0 orderKazuki Yamaguchi2017-02-031-1/+1
|/ | | | | | | Ubuntu trusty's OpenSSL package 1.0.1f-1ubuntu2.22 has backported an OpenSSL commit f54be179aa4c that makes EC_GROUP_set_generator() call BN_MONT_CTX_set() which can segfault if an invalid value (== 0) is given. Avoid it.
* Ruby/OpenSSL 2.0.3v2.0.3Kazuki Yamaguchi2017-01-312-2/+2
|
* .travis.yml: test with Ruby 2.4topic/testing-with-ruby24Kazuki Yamaguchi2017-01-311-7/+8
|
* ruby-openssl-docker: update versions of Ruby and OpenSSLKazuki Yamaguchi2017-01-312-19/+27
| | | | Ruby 2.3.3/2.4.0, OpenSSL 1.0.2k/1.1.0d and LibreSSL 2.3.9/2.4.4.
* x509: fix OpenSSL::X509::Name#eql?Kazuki Yamaguchi2017-01-282-1/+11
| | | | | | | | Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()", 2016-09-08) incorrectly inverted the result. Fix it, and add a test case for this. Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
* test/envutil: fix assert_raise_with_messageKazuki Yamaguchi2017-01-241-0/+5
| | | | Import mu_pp method from Ruby trunk.
* buffering: fix typo in docKazuki Yamaguchi2017-01-231-2/+2
|
* appveyor.yml: update OpenSSL version to 1.0.2jKazuki Yamaguchi2017-01-171-3/+3
| | | | | | | The new RubyInstaller 2.3.3 uses OpenSSL 1.0.2j. This will fix CI build on AppVayor. Note that this is not a future-proof resolution; the future releases of RubyInstaller that AppVayor will use may require another incompatible version of OpenSSL.
* Merge branch 'topic/windows-static-linking-without-pkg-config' into maintKazuki Yamaguchi2017-01-051-0/+6
|\ | | | | | | | | * topic/windows-static-linking-without-pkg-config: Fix build with static OpenSSL libraries on Windows
| * Fix build with static OpenSSL libraries on Windowstopic/windows-static-linking-without-pkg-configKazuki Yamaguchi2016-12-301-0/+6
| | | | | | | | | | | | | | | | | | OpenSSL <= 1.0.2 requires gdi32 for RAND_screen(). OpenSSL >= 1.1.0 no longer has RAND_screen() but it now requires crypt32. If pkg-config is usable, they are automatically linked, but if it is not, configuring Ruby/OpenSSL fails. Fixes: https://bugs.ruby-lang.org/issues/13080
* | Merge pull request #96 from CBonnell/masterKazuki Yamaguchi2016-12-302-1/+8
|\ \ | |/ |/| Fix for ASN1::Constructive 'each' implementation
| * Fix for ASN1::Constructive 'each' implementationCorey Bonnell2016-12-292-1/+8
|/
* Ruby/OpenSSL 2.0.2v2.0.2Kazuki Yamaguchi2016-12-212-2/+2
|
* pkey: allow instantiating OpenSSL::PKey::PKey with unsupported key typeKazuki Yamaguchi2016-12-211-5/+10
| | | | | | | | | | Fix 'unsupported key type' error if OpenSSL::SSL::SSLSocket#tmp_key is called when X25519 is used for key exchange. EVP_PKEY may have a key type that we don't have have a dedicated subclass. Let's allow instantiating OpenSSL::PKey::PKey with such an EVP_PKEY, although the resulting instance is not so useful because it can't be exported at the moment.
* ssl: use SSL_SESSION_get_protocol_version()Kazuki Yamaguchi2016-12-213-5/+9
| | | | | | | | Restore the old behavior of OpenSSL::SSL::Session#==. SSL_SESSION_get_protocol_version() was missing in OpenSSL master at the time r55287 (cad3226a06a1, "openssl: adapt to OpenSSL 1.1.0 opaque structs", 2016-06-05).
* Rename functions in openssl_missing.cKazuki Yamaguchi2016-12-212-20/+29
| | | | | To avoid symbol conflict that would occur if two versions of OpenSSL are loaded at the same time.
* ssl: check for SSL_CTX_clear_options()Kazuki Yamaguchi2016-12-182-0/+5
| | | | | | | SSL_CTX_clear_options() first appeared in OpenSSL 0.9.8m. Add alternative macro definition for ancient versions of OpenSSL. http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/78693
* Ruby/OpenSSL 2.0.1v2.0.1Kazuki Yamaguchi2016-12-102-2/+2
|
* Merge changes from Ruby trunk r56927..r56953Kazuki Yamaguchi2016-12-101-1/+1
|\ | | | | | | | | | | | | | | | | * ruby-trunk r56927..r56953: (3 commits) (r56953) openssl: import fixes from upstream (r56948) ossl.c: cast (r56946) openssl: import v2.0.0 Sync-with-trunk: r56953
| * openssl: import fixes from upstreamrhe2016-12-103-8/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Import the following two commits from upstream: commit 72126d6c8b88abd69c3565fc3bbbd5ed1e401611 Author: Kazuki Yamaguchi <k@rhe.jp> Date: Thu Dec 1 22:27:03 2016 +0900 pkey: check existence of EVP_PKEY_get0() EVP_PKEY_get0() did not exist in early OpenSSL 0.9.8 series. So define ourselves if needed. commit 94a1c4e0c5705ad1e9a4ca08cacaa6cba8b1e6f5 Author: Kazuki Yamaguchi <k@rhe.jp> Date: Thu Dec 1 22:13:22 2016 +0900 test/test_cipher: fix test with OpenSSL 1.0.1 before 1.0.1d Set the authentication tag before the AAD when decrypting. Before OpenSSL commit 96f7fafa2431 ("Don't require tag before ciphertext in AESGCM mode", 2012-10-16, at OpenSSL_1_0_1-stable branch, included in OpenSSL 1.0.1d), the authentication tag must be set before any calls of EVP_CipherUpdate(). They should fix build on CentOS 5 and Ubuntu 12.04 respectively. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * ossl.c: castnobu2016-12-101-1/+1
| | | | | | | | | | | | | | * ext/openssl/ossl.c (ossl_pem_passwd_cb): cast to int. it's safe because len does not exceed int max_len. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56948 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * openssl: import v2.0.0rhe2016-12-100-0/+0
| | | | | | | | | | | | | | | | | | Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2 (imported at r56098) can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | Merge pull request #88 from yogo1212/generalizedtime_formatKazuki Yamaguchi2016-12-102-3/+17
|\ \ | | | | | | asn1: handle GENERALIZEDTIME without seconds
| * | asn1: more output on error 'bad GENERALIZEDTIME'Leon M. George2016-12-091-1/+2
| | |
| * | asn1: handle GENERALIZEDTIME without secondsLeon M. George2016-12-092-2/+15
| |/
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 01:47:13 +0000