| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| |
| | |
scrypt support is added.
* topic/kdf-module:
kdf: add scrypt
ossl.h: add NUM2UINT64T() macro
kdf: introduce OpenSSL::KDF module
|
| |
| |
| |
| |
| | |
Add OpenSSL::KDF.scrypt as a wrapper around EVP_PBE_scrypt(). This is
added by OpenSSL 1.1.0.
|
| |
| |
| |
| |
| | |
As a wrapper of NUM2ULONG() or NUM2ULL(). Converts a Ruby object to
uint64_t, raising an exception if the conversion fails.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce a new OpenSSL::KDF module as a namespace for to-be-added
KDFs. This makes it easier to add new KDFs in future.
We already have a stand-alone KDF, OpenSSL::PKCS5.pbkdf2_hmac. This is
migrated to the new namespace. The backwards compatibility is retained
by the method defined in the newly added lib/openssl/pkcs5.rb.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Describe --with-openssl-dir option that specifies the directory the
OpenSSL installed if the libraries could not found, and suggest
installing "development package" if just the headers are missing.
Also, let it raise an exception instead of writing to Logging and
terminating the process. This improves the look of the error message on
'gem install openssl' or 'make' (on the Ruby tree) failure.
|
| |
| |
| |
| |
| | |
The version bundled with macOS is anyway too old to compile the
extension.
|
| |
| |
| |
| | |
Remove an unused variable declaration.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* topic/fix-rdoc-markup:
Fix RDoc markup
Revert r57690 except for read_nonblock
[DOC] mark up literals
[DOC] keyword argument _exception_
[DOC] {read,write}_nonblock with exception: false
|
| | |
| | |
| | |
| | |
| | | |
Ruby core uses _str_ for emphasizing argument names and +str+ for codes.
Match with the rule for better rendering.
|
| | |
| | |
| | |
| | |
| | |
| | | |
https://github.com/ruby/ruby/pull/1527#issuecomment-281867551
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57694 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
| | |
| | |
| | | |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
| | |
| | |
| | | |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update docs to reflect EOF behavior change of read_nonblock and
write_nonblock when using `exception: false`.
[Fix GH-1527]
Author: Russell Davis <russell-stripe@users.noreply.github.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57690 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|\ \
| | |
| | |
| | |
| | |
| | | |
* topic/ssl-fixup-ex_data-handling:
ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
ssl: do not confuse different ex_data index registries
|
| | |
| | |
| | |
| | | |
It is impossible that they don't.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Register necessary indices for these two independently. Similar to
r55074 (76e933a5a517, "openssl: register ex_data index for
X509_STORE{_CTX,} respectively", 2016-05-19), we can't blindly use the
same ex_data index number for SSL and SSL_CTX.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
* topic/ssl-remove-TLS_DH_anon_WITH_AES_256_GCM_SHA384:
ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The constant was initially introduced just to skip test cases that do
not work with old versions without AES-GCM cipher suites support
(< 1.0.1).
However, the value of the constant has been always `false' because the
macro TLS_DH_anon_WITH_AES_256_GCM_SHA384 does not exist in any version
of OpenSSL.
We no longer use it as of commit c9d1659f4027 ("test/utils: remove
use_anon_cipher option from SSLTestCase#start_server", 2016-09-06).
Let's just remove the constant.
|
|\ \ \
| | | |
| | | | |
Fix rdoc for core Integer class
|
|/ / /
| | |
| | |
| | |
| | | |
Prevent a comment in bn.rb from showing up in
the documentation for the core Integer class.
|
|\ \ \
| |/ /
|/| | |
Document using secure protocol to fetch git master
|
|/ / |
|
|\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.3
.travis.yml: test with Ruby 2.4
ruby-openssl-docker: update versions of Ruby and OpenSSL
x509: fix OpenSSL::X509::Name#eql?
test/envutil: fix assert_raise_with_message
buffering: fix typo in doc
|
| | |
|
| | |
|
| |
| |
| |
| | |
Ruby 2.3.3/2.4.0, OpenSSL 1.0.2k/1.1.0d and LibreSSL 2.3.9/2.4.4.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()",
2016-09-08) incorrectly inverted the result. Fix it, and add a test
case for this.
Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
|
| |
| |
| |
| | |
Import mu_pp method from Ruby trunk.
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | | |
* topic/ssl-certificate-verify-error-desc:
ssl: show reason of 'certificate verify error' in exception message
Make exceptions with the same format regardless of OpenSSL.debug
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The 'certificate verify error' is one of the most common errors that can
be raised by OpenSSL::SSL::SSLSocket#connect. The certificate
verification may fail due to many different issues such as misconfigured
trusted certificate store or inaccurate system clock.
Unfortunately, since the detail is not put to the queue and is only
accessible through OpenSSL::SSL::SSLSocket#verify_result, it is
sometimes hard to figure out the real reason. Let's include a human
readable reason message in the exception message. Like this:
require "socket"
require "openssl"
ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params(cert_store: OpenSSL::X509::Store.new)
ssl = OpenSSL::SSL::SSLSocket.new(Socket.tcp("www.ruby-lang.org", 443), ctx)
ssl.connect
#=>
-:7:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)
from -:7:in `<main>'
|
| | |
| | |
| | |
| | |
| | | |
As the current behavior is useless. If OpenSSL.debug is set to true,
errors put to the error queue will be printed to stderr anyway.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
* topic/ssl-move-default-dh-params:
ssl: move default DH parameters from OpenSSL::PKey::DH
|
| |/ /
| | |
| | |
| | | |
They should belong to OpenSSL::SSL rather than OpenSSL::PKey::DH.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* topic/test-memory-leak:
Enable OSSL_MDEBUG on CI builds
Add OpenSSL.print_mem_leaks
test: prepare test PKey instances on demand
test: let OpenSSL::TestCase include OpenSSL::TestUtils
Don't define main() when built with --enable-debug
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a wrapper method for CRYPTO_mem_leaks_fp(stderr). Calling the method
at the end of programs helps debugging memory leak bugs in Ruby/OpenSSL.
This is defined only when --enable-debug option is given when building
Ruby/OpenSSL, and the OpenSSL version is capable.
The test suite recognizes 'OSSL_MDEBUG' environment variable. Set to '1'
to enable the memory leak checker. This would prevent creating another
memory leak problem at least on the success paths. Note that this may
print some false-positives with OpenSSL <= 1.0.2.
It was once introduced by f0754f0b2f33 ("test: add test/mdebug
extension", 2016-08-06) as a separate native extension, but reverted by
4c1ca7669180 ("Remove test/mdebug", 2016-08-26) because it didn't work
on Windows. Let's re-introduce as part of openssl.so.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Preparing for the introduction of the memory leak checker. Do not leave
OpenSSL objects in constants that wouldn't be GCed in order to avoid
false positives.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL::TestPKCS12 is already doing this - let's apply to all test
files. This allows removing redundant 'issue_cert' declarations.
|
| | | |
| | | |
| | | |
| | | | |
It is unnecessary as we have a test suite that does the job.
|
|\ \ \ \
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
* maint:
appveyor.yml: update OpenSSL version to 1.0.2j
Fix build with static OpenSSL libraries on Windows
Fix for ASN1::Constructive 'each' implementation
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The new RubyInstaller 2.3.3 uses OpenSSL 1.0.2j. This will fix CI build
on AppVayor. Note that this is not a future-proof resolution; the future
releases of RubyInstaller that AppVayor will use may require another
incompatible version of OpenSSL.
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
* topic/windows-static-linking-without-pkg-config:
Fix build with static OpenSSL libraries on Windows
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
OpenSSL <= 1.0.2 requires gdi32 for RAND_screen(). OpenSSL >= 1.1.0 no
longer has RAND_screen() but it now requires crypt32. If pkg-config is
usable, they are automatically linked, but if it is not, configuring
Ruby/OpenSSL fails.
Fixes: https://bugs.ruby-lang.org/issues/13080
|
| |\ \ \ \
| | |/ / /
| |/| | | |
Fix for ASN1::Constructive 'each' implementation
|
| |/ / / |
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Tests for OpenSSL::BN are re-written. OpenSSL::BN now implements unary+
operator, unary- operator and negative? method.
* topic/bn-updates:
bn: implement OpenSSL::BN#negative?
bn: implement unary {plus,minus} operators for OpenSSL::BN
bn: refine tests
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Numeric class implemented #negative? and #positive? in Ruby 2.3. Let's
follow that.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
For consistency with Numeric. Not sure why they aren't currently; maybe
they were simply forgotten.
|