| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |\
| | |
| | | |
config: support .include directive
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSL 1.1.1 introduces a new '.include' directive. Update our config
parser to support that.
As mentioned in the referenced GitHub issue, we should use the OpenSSL
API instead of implementing the parsing logic ourselves, but it will
need backwards-incompatible changes which we can't backport to stable
versions. So continue to use the Ruby implementation for now.
Squashed in additional changes by Vít Ondruch to support '.include = '
syntax.
Reference: https://github.com/ruby/openssl/issues/208
|
| | | |
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | | |
* maint-2.0:
Ruby/OpenSSL 2.0.9
needs openssl/opensslv.h
x509name: fix OpenSSL::X509::Name#{cmp,<=>}
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/extconf.rb: LIBRESSL_VERSION_NUMBER is defined in
openssl/opensslv.h. fix up r64101.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64236 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r64236
|
| |\ \
| | |/
| |/|
| | |
| | | |
* ky/x509name-cmp-bugfix:
x509name: fix OpenSSL::X509::Name#{cmp,<=>}
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix wrong use of X509_NAME_cmp() return value. OpenSSL::X509::Name#<=>
could return 0 when the two objects aren't identical.
Reported by Tyler Eckstein. CVE-2018-16395.
Reference: https://hackerone.com/reports/387250
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | | |
* maint-2.0:
x509name: fix handling of X509_NAME_{oneline,print_ex}() return value
x509name: refactor OpenSSL::X509::Name#to_s
test/test_x509name: change script encoding to ASCII-8BIT
|
| |\ \
| | | |
| | | | |
x509name: fix handling of X509_NAME_{oneline,print_ex}() return value
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
X509_NAME_print_ex() behaves differently depending on the passed flags.
When XN_FLAG_COMPAT is specified, it returns either 1 on success or 0
on error. Otherwise, it returns the byte size written or -1 on error.
This means 0 return is not necessarily an error.
Also, X509_NAME_oneline() return value needs to be checked as it may
fail with a NULL return.
Fixes: https://github.com/ruby/openssl/issues/200
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Extract the body into a function in preparation for adding #to_utf8.
Also a potential memory leak is fixed: the GetX509Name() macro can
raise TypeError.
(cherry picked from commit 58964733f7d1f9646ecc344d127150aa7115760e)
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Allow string literals containing UTF-8 characters.
(cherry picked from commit 98945c7ce8706309a6d358007f1fdb2a73711662)
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The fix made in 6fcc6c0efc42 ("test/test_ssl: fix test failure with
TLS 1.3", 2018-08-06) is applied to the new test cases.
* maint-2.0:
reduce LibreSSL warnings
openssl_missing.h: constified
openssl: search winsock
search winsock libraries explicitly
no ID cache in Init functions
test/test_ssl: fix test failure with TLS 1.3
tool/ruby-openssl-docker: update to latest versions
pkey: resume key generation after interrupt
|
| |\ \
| | | |
| | | | |
pkey: resume key generation after interrupt [Bug #14882]
|
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Key/parameter generation (OpenSSL::PKey::*.{new,generate}) immediately
aborts when it is done with GVL released (in other words, no block is
given) and the thread is interrupted (e.g., by a signal) during the
operation.
Have ossl_generate_cb_2() acquire GVL and call rb_thread_check_ints()
if needed to process the pending interrupt rather than abort the
operation completely by returning 0.
Reference: https://bugs.ruby-lang.org/issues/14882
|
| |\ \
| | | |
| | | | |
Test matrix update and additional test fixes for OpenSSL 1.1.1
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
SSL_connect() on the client side may return before SSL_accept() on
server side returns. This will fix test failures with OpenSSL's current
master.
|
| | |/ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/extconf.rb: LibreSSL headers emit "overriding WinCrypt
defines" warnings if wincrypt.h has been included (except for
x509.h) on Windows. get rid of including the header by defining
NOCRYPT macro.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64101 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r64101
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/openssl_missing.h (IMPL_KEY_ACCESSOR{2,3}):
constified obj argument getters.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63684 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r63684
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/extconf.rb: on Windows search winsock library
always, regardless pkg-config. direct use of winsock is not
region of OpenSSL. [ruby-core:85895] [Bug #14568]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62637 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r62637
|
| | |
| | |
| | |
| | |
| | | |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62628 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r62628
|
| |/
| |
| |
| |
| |
| |
| | |
Init functions are called only once, cache is useless.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62429 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r62429
|
| | |
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint-2.0:
Ruby/OpenSSL 2.0.8
test/test_ssl_session: set client protocol version explicitly
test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1
extconf.rb: fix build with LibreSSL 2.7.0
cipher: validate iterations argument for Cipher#pkcs5_keyivgen
test/utils: disable Thread's report_on_exception in start_server
|
| | |
|
| |\
| | |
| | | |
Test fixes for OpenSSL 1.1.1
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Clients that implement TLS 1.3's Middlebox Compatibility Mode will
always provide a non-empty session ID in the ClientHello. This means
the "get" callback for the server-side session caching may be called
for the initial connection.
|
| | |
| | |
| | |
| | | |
OpenSSL 1.1.1 raised the minimum size for RSA keys to 512 bits.
|
| |\ \
| | |/
| |/| |
extconf.rb: fix build with LibreSSL 2.7.0
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Our compat implementation of accessor functions that were introduced in
OpenSSL 1.1.0 conflicts with those from LibreSSL 2.7.0. Use the
HAVE_OPAQUE_OPENSSL code path when LibreSSL 2.7 or newer is detected.
Fix suggested by Joel Sing.
Fixes: https://github.com/ruby/openssl/issues/192
|
| |\
| | |
| | | |
cipher: validate iterations argument for Cipher#pkcs5_keyivgen
|
| |/
| |
| |
| |
| |
| |
| | |
EVP_BytesToKey() internally converts the iteration count given as an
"int" into an "unsigned int". Calling that with a negative integer will
result in a hang. This is surprising, so let's validate the value by
ourselves and raise ArgumentError as necessary.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Those threads can purposefully raise exceptions when they call 'pend'.
The report_on_exception feature can be safely disabled in this case
since we use assert_join_threads that captures all exceptions raised.
This is necessary to suppress warnings on Ruby 2.5, which enables the
report_on_exception feature by default.
|
| | |
|
|\|
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.7
asn1: fix docs
ssl: remove unreachable code
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
The value of 'value' attribute of OpenSSL::ASN1::{Integer,Enumerated}
should be an instance of OpenSSL::BN.
Reference: https://github.com/ruby/openssl/issues/176
|
| |
| |
| |
| | |
GetSSLCTX() never returns NULL.
|
|\ \
| | |
| | | |
pkey/ec: add support for octet string encoding of EC point
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a new method named PKey::EC#to_octet_string that returns the octet
string representation of the curve point. PKey::EC::Point#to_bn, which
have already existed and is similar except that an instance of
OpenSSL::BN is returned, is rewritten in Ruby.
PKey::EC::Point#initialize now takes String as the second argument in
the PKey::EC::Point.new(group, encoded_point) form.
Also, update the tests to use #to_octet_string instead of #to_bn for
better readability.
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
* ky/fix-ssl-test-internal-encoding:
Fix test-all tests to avoid creating report_on_exception warnings
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* The warnings are shown by Thread.report_on_exception defaulting to
true. [Feature #14143] [ruby-core:83979]
* Improves tests by narrowing down the scope where an exception
is expected.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61188 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
[ky: this effectively reverts commit 01445af367ec ("test/test_ssl:
prevent changing default internal encoding", 2017-11-26). This is OK
since EnvUtil.with_default_internal has been made thread-safe.]
Sync-with-trunk: r61188
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The function ossl_sslctx_session_get_cb(), which is passed to
SSL_CTX_sess_set_get_cb(), will never be called on the client-side since
it is for the server-side session caching.
Reference: https://github.com/ruby/openssl/issues/170
|
|\| | |
| | | |
| | | |
| | | |
| | | | |
* ky/fix-ssl-test-internal-encoding:
test/test_ssl: prevent changing default internal encoding
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In Ruby tree (not in this tree), assert_raise_with_message uses
EnvUtil.with_default_internal which cannot be called simultaneously.
The patch was suggested by Yusuke Endoh (mame).
|
| | | | |
|
|\ \ \ \
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* maint:
History.md: fix a typo
x509cert, x509crl, x509req, ns_spki: check sanity of public key
pkey: make pkey_check_public_key() non-static
test/test_cipher: fix test_non_aead_cipher_set_auth_data failure
cipher: disallow setting AAD for non-AEAD ciphers
test/test_ssl_session: skip tests for session_remove_cb
appveyor.yml: remove 'openssl version' line
|