| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
That there is no immediately readable data in the SSL instance does not
imply it has to read more bytes from the underlying socket. Just call
SSL_read() and check the return value.
|
|
|
|
|
|
|
| |
The authentication tag can be set after starting the decryption, if
only it is before Cipher#final is called.
Fixes: https://github.com/ruby/openssl/issues/74
|
|
|
|
|
|
|
| |
As noted in the SSL_CTX_sess_set_remove_cb(3) manpage, SSL_CTX_free()
will call the callback function for each session in the internal session
store. We can't call the callback Proc since it may do a new object
allocation which is prohibited during GC.
|
| |
|
|
|
|
|
|
|
| |
OpenSSL <= 1.0.0 did not support TLS 1.1/1.2, and thus we must still
check the existence of the symbols. This fixes the previous commit,
3e5a009966bd ("ssl: remove unsupported TLS versions from
SSLContext::METHODS", 2017-08-08).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check for all version-specific SSL methods. We do check for existence of
TLSv1_1_method() and TLSv1_2_method(), but not for TLSv1_method(). This
fixes compile error when OpenSSL is configured with no-tls1-method.
Also check the OPENSSL_NO_TLS{1,1_1,1_2} macros for whether OpenSSL
supports the corresponding versions or not. This prevents :TLSv1 from
being in SSLContext::METHODS when OpenSSL is compiled with no-tls1.
In particular, Debian sid has disabled TLS 1.0/1.1 support recently.
The changes in ext/openssl are partial backport of 4eb4b3297a92 ("Remove
support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
|
|\
| |
| | |
Add msys2 library dependency tag in gem metadata
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
RubyInstaller2 supports metadata tags for installation of dependent
MSYS2/MINGW libraries. The openssl gem requires the mingw-openssl
package to be installed on the system, which the gem installer takes
care about, when this tag is set.
The feature is documented here:
https://github.com/oneclick/rubyinstaller2/wiki/For-gem-developers#msys2-library-dependency
This fixes issues like
https://github.com/oneclick/rubyinstaller2/issues/54 and
https://github.com/oneclick/rubyinstaller2/issues/53 .
|
|\
| |
| |
| |
| |
| |
| | |
* ky/pem-passwd-cb-get-rid-of-minlen:
ossl_pem_passwd_cb: handle nil from the block explicitly
ossl_pem_passwd_cb: do not check for taintedness
ossl_pem_passwd_cb: relax passphrase length constraint
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is code that returns nil in the passphrase block on purpose (to
prevent OpenSSL from prompting on stdin):
OpenSSL::PKey.read(File.read("file.pem")) { nil }
This is working just by chance because the TypeError from StringValue()
is silently ignored. Let's short circuit in that case and save raising
a needless exception, as this pattern has become too common.
|
| |
| |
| |
| | |
It is perfectly permissible to take passwords from an untrusted source.
|
|/
|
|
|
|
| |
The minimum passphrase length of 4 bytes is only a limitation of
PEM_def_callback() which isn't relevant here. Commit f38501249f33
introduced this bug.
|
| |
|
|
|
|
|
| |
Emulate the behavior of 'gem install --conservative'. This would prevent
overwriting the existing Rake installation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Read everything from an IO object into a String first and use the
memory buffer BIO method just as we do for String inputs.
For MSVC builds, the FILE BIO method uses the "UPLINK" interface that
requires the application to provide OPENSSL_Applink() function. For us,
the "application" means ruby.exe, in which we can't do anything. As a
workaround, avoid using the FILE BIO method at all.
Usually private keys or X.509 certificates aren't that large and the
temporarily increased memory usage hopefully won't be an issue.
Fixes: https://github.com/ruby/openssl/issues/128
|
|
|
|
|
|
|
|
|
|
| |
Prevent the new object created by StringValue() from being GCed.
Luckily, as none of the callers of ossl_obj2bio() reads from the
returned BIO after possible triggering GC, this has not been a real
problem.
As a bonus, ossl_protect_obj2bio() function which is no longer used
anywhere is removed.
|
|
|
|
|
|
| |
Fedora's OpenSSL seems to enable 3DES cipher suites by DEFAULT.
Fixes: https://github.com/ruby/openssl/issues/127
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Clarify what it's doing. For non-Windows and MinGW platforms we can
just give "crypto" and "ssl" to have_library.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commits that went to master are excluded.
* ruby-trunk r56953..r58742: (3 commits)
(r58742) Search SSL libraries by testing various filename patterns
(r57592) openssl: fix broken openssl check
(r57591) openssl: fix broken openssl check
Sync-with-trunk: r58742
|
| |
| |
| |
| |
| |
| |
| |
| | |
* ext/openssl/extconf.rb (find_openssl_library): should search by more flexible
method, especially for LibreSSL on Windows.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| | |
* ext/openssl/deprecation.rb: check for broken OpenSSL only on mac
OS. [ruby-core:79475] [Bug #13200]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| | |
* ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS.
[ruby-core:79475] [Bug #13200]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: https://bugs.ruby-lang.org/issues/11033
|
| | |
|
|\ \
| | |
| | | |
Update .travis.yml and Dockerfile
|
|/ /
| |
| |
| |
| |
| | |
* Updated Rubies to latest version.
* Added ruby-head as allow_failures.
Because it's good to know new version Ruby's issue as faster before the release.
|
|\ \
| | |
| | |
| | |
| | | |
* topic/test-ssl-fix-typo:
test/test_ssl: fix typo in test_sysread_and_syswrite
|
| | |
| | |
| | |
| | |
| | | |
The test case for second argument of OpenSSL::SSL::SSLSocket#sysread is
not testing the behavior correctly because of a typo.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
X509_STORE_add_{cert,crl}() will no longer fail with 'cert already in
hash table' if they are called twice, since the (unreleased) next
version of OpenSSL. Don't test that if we are built with OpenSSL >=
1.1.0.
|
| | |
| | |
| | |
| | |
| | | |
"after after having fed the entire plaintext..." is changed to
"after having fed the entire plaintext..."
|
| | | |
|
|/ /
| |
| |
| |
| | |
SSL_set_fd() may fail with 0 return if malloc() fails. Check that and
raise an exception to avoid potential crash.
|
|\ \
| | |
| | | |
Fix typos
|
|/ / |
|
|/
|
|
|
|
|
| |
Ubuntu trusty's OpenSSL package 1.0.1f-1ubuntu2.22 has backported an
OpenSSL commit f54be179aa4c that makes EC_GROUP_set_generator() call
BN_MONT_CTX_set() which can segfault if an invalid value (== 0) is
given. Avoid it.
|
| |
|
| |
|
|
|
|
| |
Ruby 2.3.3/2.4.0, OpenSSL 1.0.2k/1.1.0d and LibreSSL 2.3.9/2.4.4.
|
|
|
|
|
|
|
|
| |
Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()",
2016-09-08) incorrectly inverted the result. Fix it, and add a test
case for this.
Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
|
|
|
|
| |
Import mu_pp method from Ruby trunk.
|
| |
|
|
|
|
|
|
|
| |
The new RubyInstaller 2.3.3 uses OpenSSL 1.0.2j. This will fix CI build
on AppVayor. Note that this is not a future-proof resolution; the future
releases of RubyInstaller that AppVayor will use may require another
incompatible version of OpenSSL.
|
|\
| |
| |
| |
| | |
* topic/windows-static-linking-without-pkg-config:
Fix build with static OpenSSL libraries on Windows
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL <= 1.0.2 requires gdi32 for RAND_screen(). OpenSSL >= 1.1.0 no
longer has RAND_screen() but it now requires crypt32. If pkg-config is
usable, they are automatically linked, but if it is not, configuring
Ruby/OpenSSL fails.
Fixes: https://bugs.ruby-lang.org/issues/13080
|
|\ \
| |/
|/| |
Fix for ASN1::Constructive 'each' implementation
|
|/ |
|
| |
|