aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'topic/kdf-module'Kazuki Yamaguchi2017-03-2311-278/+405
|\ | | | | | | | | | | | | | | | | scrypt support is added. * topic/kdf-module: kdf: add scrypt ossl.h: add NUM2UINT64T() macro kdf: introduce OpenSSL::KDF module
| * kdf: add scrypttopic/kdf-moduleKazuki Yamaguchi2017-03-233-0/+115
| | | | | | | | | | Add OpenSSL::KDF.scrypt as a wrapper around EVP_PBE_scrypt(). This is added by OpenSSL 1.1.0.
| * ossl.h: add NUM2UINT64T() macroKazuki Yamaguchi2017-03-231-0/+13
| | | | | | | | | | As a wrapper of NUM2ULONG() or NUM2ULL(). Converts a Ruby object to uint64_t, raising an exception if the conversion fails.
| * kdf: introduce OpenSSL::KDF moduleKazuki Yamaguchi2017-03-239-190/+189
| | | | | | | | | | | | | | | | | | Introduce a new OpenSSL::KDF module as a namespace for to-be-added KDFs. This makes it easier to add new KDFs in future. We already have a stand-alone KDF, OpenSSL::PKCS5.pbkdf2_hmac. This is migrated to the new namespace. The backwards compatibility is retained by the method defined in the newly added lib/openssl/pkcs5.rb.
* | Rakefile: compile the extension before testKazuki Yamaguchi2017-03-161-1/+3
| |
* | extconf.rb: print informative message if OpenSSL can't be foundKazuki Yamaguchi2017-03-131-5/+9
| | | | | | | | | | | | | | | | | | | | Describe --with-openssl-dir option that specifies the directory the OpenSSL installed if the libraries could not found, and suggest installing "development package" if just the headers are missing. Also, let it raise an exception instead of writing to Logging and terminating the process. This improves the look of the error message on 'gem install openssl' or 'make' (on the Ruby tree) failure.
* | ext/openssl/deprecation.rb: remove broken-apple-opensslKazuki Yamaguchi2017-03-031-3/+0
| | | | | | | | | | The version bundled with macOS is anyway too old to compile the extension.
* | ssl: suppress compiler warningKazuki Yamaguchi2017-03-031-1/+0
| | | | | | | | Remove an unused variable declaration.
* | Merge branch 'topic/fix-rdoc-markup'Kazuki Yamaguchi2017-02-2426-427/+438
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | * topic/fix-rdoc-markup: Fix RDoc markup Revert r57690 except for read_nonblock [DOC] mark up literals [DOC] keyword argument _exception_ [DOC] {read,write}_nonblock with exception: false
| * | Fix RDoc markuptopic/fix-rdoc-markupKazuki Yamaguchi2017-02-2426-417/+427
| | | | | | | | | | | | | | | Ruby core uses _str_ for emphasizing argument names and +str+ for codes. Match with the rule for better rendering.
| * | Revert r57690 except for read_nonblocknobu2017-02-242-6/+3
| | | | | | | | | | | | | | | | | | https://github.com/ruby/ruby/pull/1527#issuecomment-281867551 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57694 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * | [DOC] mark up literalsnobu2017-02-242-8/+10
| | | | | | | | | | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * | [DOC] keyword argument _exception_nobu2017-02-242-4/+4
| | | | | | | | | | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * | [DOC] {read,write}_nonblock with exception: falsenobu2017-02-242-4/+6
|/ / | | | | | | | | | | | | | | | | | | Update docs to reflect EOF behavior change of read_nonblock and write_nonblock when using `exception: false`. [Fix GH-1527] Author: Russell Davis <russell-stripe@users.noreply.github.com> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57690 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | Merge branch 'topic/ssl-fixup-ex_data-handling'Kazuki Yamaguchi2017-02-191-27/+26
|\ \ | | | | | | | | | | | | | | | * topic/ssl-fixup-ex_data-handling: ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object ssl: do not confuse different ex_data index registries
| * | ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby objecttopic/ssl-fixup-ex_data-handlingKazuki Yamaguchi2017-02-191-20/+5
| | | | | | | | | | | | It is impossible that they don't.
| * | ssl: do not confuse different ex_data index registriesKazuki Yamaguchi2017-02-191-8/+22
| | | | | | | | | | | | | | | | | | | | | Register necessary indices for these two independently. Similar to r55074 (76e933a5a517, "openssl: register ex_data index for X509_STORE{_CTX,} respectively", 2016-05-19), we can't blindly use the same ex_data index number for SSL and SSL_CTX.
* | | Merge branch 'topic/ssl-remove-TLS_DH_anon_WITH_AES_256_GCM_SHA384'Kazuki Yamaguchi2017-02-191-6/+0
|\ \ \ | | | | | | | | | | | | | | | | * topic/ssl-remove-TLS_DH_anon_WITH_AES_256_GCM_SHA384: ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
| * | | ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384topic/ssl-remove-TLS_DH_anon_WITH_AES_256_GCM_SHA384Kazuki Yamaguchi2017-02-191-6/+0
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The constant was initially introduced just to skip test cases that do not work with old versions without AES-GCM cipher suites support (< 1.0.1). However, the value of the constant has been always `false' because the macro TLS_DH_anon_WITH_AES_256_GCM_SHA384 does not exist in any version of OpenSSL. We no longer use it as of commit c9d1659f4027 ("test/utils: remove use_anon_cipher option from SSLTestCase#start_server", 2016-09-06). Let's just remove the constant.
* | | Merge pull request #111 from stomar/fix-integer-docsKazuki Yamaguchi2017-02-191-1/+2
|\ \ \ | | | | | | | | Fix rdoc for core Integer class
| * | | Fix rdoc for core Integer classMarcus Stollsteimer2017-02-181-1/+2
|/ / / | | | | | | | | | | | | Prevent a comment in bn.rb from showing up in the documentation for the core Integer class.
* | | Merge pull request #110 from colby-swandale/readme-updateKazuki Yamaguchi2017-02-171-1/+1
|\ \ \ | |/ / |/| | Document using secure protocol to fetch git master
| * | document using secure protocol to fetch git master in BundlerColby Swandale2017-02-171-1/+1
|/ /
* | Merge branch 'maint'Kazuki Yamaguchi2017-01-317-27/+51
|\ \ | |/ |/| | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.3 .travis.yml: test with Ruby 2.4 ruby-openssl-docker: update versions of Ruby and OpenSSL x509: fix OpenSSL::X509::Name#eql? test/envutil: fix assert_raise_with_message buffering: fix typo in doc
| * Ruby/OpenSSL 2.0.3v2.0.3Kazuki Yamaguchi2017-01-312-2/+2
| |
| * .travis.yml: test with Ruby 2.4topic/testing-with-ruby24Kazuki Yamaguchi2017-01-311-7/+8
| |
| * ruby-openssl-docker: update versions of Ruby and OpenSSLKazuki Yamaguchi2017-01-312-19/+27
| | | | | | | | Ruby 2.3.3/2.4.0, OpenSSL 1.0.2k/1.1.0d and LibreSSL 2.3.9/2.4.4.
| * x509: fix OpenSSL::X509::Name#eql?Kazuki Yamaguchi2017-01-282-1/+11
| | | | | | | | | | | | | | | | Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()", 2016-09-08) incorrectly inverted the result. Fix it, and add a test case for this. Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
| * test/envutil: fix assert_raise_with_messageKazuki Yamaguchi2017-01-241-0/+5
| | | | | | | | Import mu_pp method from Ruby trunk.
| * buffering: fix typo in docKazuki Yamaguchi2017-01-231-2/+2
| |
* | Merge branch 'topic/ssl-certificate-verify-error-desc'Kazuki Yamaguchi2017-01-263-8/+49
|\ \ | | | | | | | | | | | | | | | * topic/ssl-certificate-verify-error-desc: ssl: show reason of 'certificate verify error' in exception message Make exceptions with the same format regardless of OpenSSL.debug
| * | ssl: show reason of 'certificate verify error' in exception messagetopic/ssl-certificate-verify-error-descKazuki Yamaguchi2017-01-242-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'certificate verify error' is one of the most common errors that can be raised by OpenSSL::SSL::SSLSocket#connect. The certificate verification may fail due to many different issues such as misconfigured trusted certificate store or inaccurate system clock. Unfortunately, since the detail is not put to the queue and is only accessible through OpenSSL::SSL::SSLSocket#verify_result, it is sometimes hard to figure out the real reason. Let's include a human readable reason message in the exception message. Like this: require "socket" require "openssl" ctx = OpenSSL::SSL::SSLContext.new ctx.set_params(cert_store: OpenSSL::X509::Store.new) ssl = OpenSSL::SSL::SSLSocket.new(Socket.tcp("www.ruby-lang.org", 443), ctx) ssl.connect #=> -:7:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError) from -:7:in `<main>'
| * | Make exceptions with the same format regardless of OpenSSL.debugKazuki Yamaguchi2017-01-241-8/+5
| | | | | | | | | | | | | | | As the current behavior is useless. If OpenSSL.debug is set to true, errors put to the error queue will be printed to stderr anyway.
* | | Merge branch 'topic/ssl-move-default-dh-params'Kazuki Yamaguchi2017-01-263-58/+34
|\ \ \ | | | | | | | | | | | | | | | | * topic/ssl-move-default-dh-params: ssl: move default DH parameters from OpenSSL::PKey::DH
| * | | ssl: move default DH parameters from OpenSSL::PKey::DHtopic/ssl-move-default-dh-paramsKazuki Yamaguchi2017-01-243-58/+34
| |/ / | | | | | | | | | They should belong to OpenSSL::SSL rather than OpenSSL::PKey::DH.
* | | Merge branch 'topic/test-memory-leak'Kazuki Yamaguchi2017-01-1727-311/+388
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * topic/test-memory-leak: Enable OSSL_MDEBUG on CI builds Add OpenSSL.print_mem_leaks test: prepare test PKey instances on demand test: let OpenSSL::TestCase include OpenSSL::TestUtils Don't define main() when built with --enable-debug
| * | | Enable OSSL_MDEBUG on CI buildstopic/test-memory-leakKazuki Yamaguchi2017-01-173-7/+6
| | | |
| * | | Add OpenSSL.print_mem_leaksKazuki Yamaguchi2017-01-172-0/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a wrapper method for CRYPTO_mem_leaks_fp(stderr). Calling the method at the end of programs helps debugging memory leak bugs in Ruby/OpenSSL. This is defined only when --enable-debug option is given when building Ruby/OpenSSL, and the OpenSSL version is capable. The test suite recognizes 'OSSL_MDEBUG' environment variable. Set to '1' to enable the memory leak checker. This would prevent creating another memory leak problem at least on the success paths. Note that this may print some false-positives with OpenSSL <= 1.0.2. It was once introduced by f0754f0b2f33 ("test: add test/mdebug extension", 2016-08-06) as a separate native extension, but reverted by 4c1ca7669180 ("Remove test/mdebug", 2016-08-26) because it didn't work on Windows. Let's re-introduce as part of openssl.so.
| * | | test: prepare test PKey instances on demandKazuki Yamaguchi2017-01-1723-261/+259
| | | | | | | | | | | | | | | | | | | | | | | | Preparing for the introduction of the memory leak checker. Do not leave OpenSSL objects in constants that wouldn't be GCed in order to avoid false positives.
| * | | test: let OpenSSL::TestCase include OpenSSL::TestUtilsKazuki Yamaguchi2017-01-166-34/+3
| | | | | | | | | | | | | | | | | | | | OpenSSL::TestPKCS12 is already doing this - let's apply to all test files. This allows removing redundant 'issue_cert' declarations.
| * | | Don't define main() when built with --enable-debugKazuki Yamaguchi2017-01-161-11/+0
| | | | | | | | | | | | | | | | It is unnecessary as we have a test suite that does the job.
* | | | Merge branch 'maint'Kazuki Yamaguchi2017-01-174-4/+17
|\ \ \ \ | | |_|/ | |/| | | | | | | | | | | | | | | | | | * maint: appveyor.yml: update OpenSSL version to 1.0.2j Fix build with static OpenSSL libraries on Windows Fix for ASN1::Constructive 'each' implementation
| * | | appveyor.yml: update OpenSSL version to 1.0.2jKazuki Yamaguchi2017-01-171-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The new RubyInstaller 2.3.3 uses OpenSSL 1.0.2j. This will fix CI build on AppVayor. Note that this is not a future-proof resolution; the future releases of RubyInstaller that AppVayor will use may require another incompatible version of OpenSSL.
| * | | Merge branch 'topic/windows-static-linking-without-pkg-config' into maintKazuki Yamaguchi2017-01-051-0/+6
| |\ \ \ | | | | | | | | | | | | | | | | | | | | * topic/windows-static-linking-without-pkg-config: Fix build with static OpenSSL libraries on Windows
| | * | | Fix build with static OpenSSL libraries on Windowstopic/windows-static-linking-without-pkg-configKazuki Yamaguchi2016-12-301-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL <= 1.0.2 requires gdi32 for RAND_screen(). OpenSSL >= 1.1.0 no longer has RAND_screen() but it now requires crypt32. If pkg-config is usable, they are automatically linked, but if it is not, configuring Ruby/OpenSSL fails. Fixes: https://bugs.ruby-lang.org/issues/13080
| * | | | Merge pull request #96 from CBonnell/masterKazuki Yamaguchi2016-12-302-1/+8
| |\ \ \ \ | | |/ / / | |/| | | Fix for ASN1::Constructive 'each' implementation
| | * | | Fix for ASN1::Constructive 'each' implementationCorey Bonnell2016-12-292-1/+8
| |/ / /
* | | | Merge branch 'topic/bn-updates'Kazuki Yamaguchi2016-12-262-51/+316
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tests for OpenSSL::BN are re-written. OpenSSL::BN now implements unary+ operator, unary- operator and negative? method. * topic/bn-updates: bn: implement OpenSSL::BN#negative? bn: implement unary {plus,minus} operators for OpenSSL::BN bn: refine tests
| * | | bn: implement OpenSSL::BN#negative?topic/bn-updatesKazuki Yamaguchi2016-12-232-0/+22
| | | | | | | | | | | | | | | | | | | | Numeric class implemented #negative? and #positive? in Ruby 2.3. Let's follow that.
| * | | bn: implement unary {plus,minus} operators for OpenSSL::BNKazuki Yamaguchi2016-12-232-0/+41
| | | | | | | | | | | | | | | | | | | | For consistency with Numeric. Not sure why they aren't currently; maybe they were simply forgotten.
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-07 20:16:16 +0000