aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ssl: remove useless call to rb_thread_wait_fd()ky/ssl-sysread-dont-check-ssl-pendingKazuki Yamaguchi2017-08-251-2/+0
| | | | | | That there is no immediately readable data in the SSL instance does not imply it has to read more bytes from the underlying socket. Just call SSL_read() and check the return value.
* cipher: update the documentation for Cipher#auth_tag=ky/cipher-aead-set-aead-tag-documentation-fixKazuki Yamaguchi2017-08-241-7/+5
| | | | | | | The authentication tag can be set after starting the decryption, if only it is before Cipher#final is called. Fixes: https://github.com/ruby/openssl/issues/74
* ssl: do not call session_remove_cb during GCKazuki Yamaguchi2017-08-231-0/+7
| | | | | | | As noted in the SSL_CTX_sess_set_remove_cb(3) manpage, SSL_CTX_free() will call the callback function for each session in the internal session store. We can't call the callback Proc since it may do a new object allocation which is prohibited during GC.
* Ruby/OpenSSL 2.0.5v2.0.5Kazuki Yamaguchi2017-08-083-2/+15
|
* ssl: fix compile error with OpenSSL 1.0.0Kazuki Yamaguchi2017-08-082-2/+4
| | | | | | | OpenSSL <= 1.0.0 did not support TLS 1.1/1.2, and thus we must still check the existence of the symbols. This fixes the previous commit, 3e5a009966bd ("ssl: remove unsupported TLS versions from SSLContext::METHODS", 2017-08-08).
* ssl: remove unsupported TLS versions from SSLContext::METHODSKazuki Yamaguchi2017-08-084-20/+14
| | | | | | | | | | | | | | | Check for all version-specific SSL methods. We do check for existence of TLSv1_1_method() and TLSv1_2_method(), but not for TLSv1_method(). This fixes compile error when OpenSSL is configured with no-tls1-method. Also check the OPENSSL_NO_TLS{1,1_1,1_2} macros for whether OpenSSL supports the corresponding versions or not. This prevents :TLSv1 from being in SSLContext::METHODS when OpenSSL is compiled with no-tls1. In particular, Debian sid has disabled TLS 1.0/1.1 support recently. The changes in ext/openssl are partial backport of 4eb4b3297a92 ("Remove support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
* Merge pull request #134 from larskanis/patch-1Kazuki Yamaguchi2017-07-271-0/+2
|\ | | | | Add msys2 library dependency tag in gem metadata
| * Add msys2 library dependency tag in gem metadataLars Kanis2017-07-271-0/+2
|/ | | | | | | | | | | | | | RubyInstaller2 supports metadata tags for installation of dependent MSYS2/MINGW libraries. The openssl gem requires the mingw-openssl package to be installed on the system, which the gem installer takes care about, when this tag is set. The feature is documented here: https://github.com/oneclick/rubyinstaller2/wiki/For-gem-developers#msys2-library-dependency This fixes issues like https://github.com/oneclick/rubyinstaller2/issues/54 and https://github.com/oneclick/rubyinstaller2/issues/53 .
* Merge branch 'ky/pem-passwd-cb-get-rid-of-minlen' into maintKazuki Yamaguchi2017-07-222-19/+18
|\ | | | | | | | | | | | | * ky/pem-passwd-cb-get-rid-of-minlen: ossl_pem_passwd_cb: handle nil from the block explicitly ossl_pem_passwd_cb: do not check for taintedness ossl_pem_passwd_cb: relax passphrase length constraint
| * ossl_pem_passwd_cb: handle nil from the block explicitlyky/pem-passwd-cb-get-rid-of-minlenKazuki Yamaguchi2017-07-222-4/+8
| | | | | | | | | | | | | | | | | | | | | | There is code that returns nil in the passphrase block on purpose (to prevent OpenSSL from prompting on stdin): OpenSSL::PKey.read(File.read("file.pem")) { nil } This is working just by chance because the TypeError from StringValue() is silently ignored. Let's short circuit in that case and save raising a needless exception, as this pattern has become too common.
| * ossl_pem_passwd_cb: do not check for taintednessKazuki Yamaguchi2017-07-221-1/+1
| | | | | | | | It is perfectly permissible to take passwords from an untrusted source.
| * ossl_pem_passwd_cb: relax passphrase length constraintKazuki Yamaguchi2017-07-222-14/+9
|/ | | | | | The minimum passphrase length of 4 bytes is only a limitation of PEM_def_callback() which isn't relevant here. Commit f38501249f33 introduced this bug.
* appveyor.yml: test against Ruby 2.4ky/appveyor-update-201707Kazuki Yamaguchi2017-07-111-7/+18
|
* Rakefile: install_dependencies: install only when neededKazuki Yamaguchi2017-07-111-2/+7
| | | | | Emulate the behavior of 'gem install --conservative'. This would prevent overwriting the existing Rake installation.
* bio: do not use the FILE BIO method in ossl_obj2bio()Kazuki Yamaguchi2017-07-112-26/+15
| | | | | | | | | | | | | | | Read everything from an IO object into a String first and use the memory buffer BIO method just as we do for String inputs. For MSVC builds, the FILE BIO method uses the "UPLINK" interface that requires the application to provide OPENSSL_Applink() function. For us, the "application" means ruby.exe, in which we can't do anything. As a workaround, avoid using the FILE BIO method at all. Usually private keys or X.509 certificates aren't that large and the temporarily increased memory usage hopefully won't be an issue. Fixes: https://github.com/ruby/openssl/issues/128
* bio: prevent possible GC issue in ossl_obj2bio()Kazuki Yamaguchi2017-07-1114-32/+24
| | | | | | | | | | Prevent the new object created by StringValue() from being GCed. Luckily, as none of the callers of ossl_obj2bio() reads from the returned BIO after possible triggering GC, this has not been a real problem. As a bonus, ossl_protect_obj2bio() function which is no longer used anywhere is removed.
* test/test_ssl: allow 3DES cipher suites in test_sslctx_set_paramsKazuki Yamaguchi2017-06-271-1/+1
| | | | | | Fedora's OpenSSL seems to enable 3DES cipher suites by DEFAULT. Fixes: https://github.com/ruby/openssl/issues/127
* Ruby/OpenSSL 2.0.4v2.0.4Kazuki Yamaguchi2017-06-143-2/+14
|
* History.md: add entries for 2.0.1-2.0.3Kazuki Yamaguchi2017-06-141-0/+35
|
* History.md: wrap at 80 charactersKazuki Yamaguchi2017-06-141-1/+2
|
* extconf.rb: simplify searching libraries logicKazuki Yamaguchi2017-06-141-31/+33
| | | | | Clarify what it's doing. For non-Windows and MinGW platforms we can just give "crypto" and "ssl" to have_library.
* Merge changes from Ruby trunk r56953..r58742Kazuki Yamaguchi2017-06-142-7/+47
|\ | | | | | | | | | | | | | | | | | | | | Commits that went to master are excluded. * ruby-trunk r56953..r58742: (3 commits) (r58742) Search SSL libraries by testing various filename patterns (r57592) openssl: fix broken openssl check (r57591) openssl: fix broken openssl check Sync-with-trunk: r58742
| * Search SSL libraries by testing various filename patternsusa2017-06-141-5/+45
| | | | | | | | | | | | | | | | * ext/openssl/extconf.rb (find_openssl_library): should search by more flexible method, especially for LibreSSL on Windows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * openssl: fix broken openssl checknobu2017-06-141-1/+1
| | | | | | | | | | | | | | * ext/openssl/deprecation.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * openssl: fix broken openssl checknobu2017-06-141-1/+1
| | | | | | | | | | | | | | * ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | x509store: clear error queue after calling X509_LOOKUP_load_file()Kazuki Yamaguchi2017-06-142-0/+32
| | | | | | | | | | | | | | | | | | | | | | X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file() internally, may leave error entries in the queue even when it returns non-zero value (which indicates success). This will be fixed by OpenSSL 1.1.1, but can be worked around by clearing the error queue ourselves. Fixes: https://bugs.ruby-lang.org/issues/11033
* | tool/sync-with-trunk: 'LASY' -> 'LAST'Kazuki Yamaguchi2017-05-291-4/+4
| |
* | Merge pull request #122 from junaruga/feature/update-rubiesKazuki Yamaguchi2017-05-172-12/+21
|\ \ | | | | | | Update .travis.yml and Dockerfile
| * | Update .travis.yml and DockerfileJun Aruga2017-05-172-12/+21
|/ / | | | | | | | | | | * Updated Rubies to latest version. * Added ruby-head as allow_failures. Because it's good to know new version Ruby's issue as faster before the release.
* | Merge branch 'topic/test-ssl-fix-typo' into maintKazuki Yamaguchi2017-05-041-1/+1
|\ \ | | | | | | | | | | | | * topic/test-ssl-fix-typo: test/test_ssl: fix typo in test_sysread_and_syswrite
| * | test/test_ssl: fix typo in test_sysread_and_syswritetopic/test-ssl-fix-typoKazuki Yamaguchi2017-03-231-1/+1
| | | | | | | | | | | | | | | The test case for second argument of OpenSSL::SSL::SSLSocket#sysread is not testing the behavior correctly because of a typo.
* | | test/test_x509store: skip OpenSSL::TestX509Store#test_set_errorsKazuki Yamaguchi2017-04-281-0/+1
| | | | | | | | | | | | | | | | | | | | | X509_STORE_add_{cert,crl}() will no longer fail with 'cert already in hash table' if they are called twice, since the (unreleased) next version of OpenSSL. Don't test that if we are built with OpenSSL >= 1.1.0.
* | | Fix documentation for OpenSSL::Cipher#finalVladimir Rybas2017-04-211-1/+1
| | | | | | | | | | | | | | | "after after having fed the entire plaintext..." is changed to "after having fed the entire plaintext..."
* | | Fix typosKazuki Yamaguchi2017-04-205-7/+7
| | |
* | | ssl: check return value of SSL_set_fd()Kazuki Yamaguchi2017-03-311-1/+2
|/ / | | | | | | | | SSL_set_fd() may fail with 0 return if malloc() fails. Check that and raise an exception to avoid potential crash.
* | Merge pull request #108 from ruby/typofixKazuki Yamaguchi2017-02-143-4/+4
|\ \ | | | | | | Fix typos
| * | Fix typosSHIBATA Hiroshi2017-02-143-4/+4
|/ /
* / test/test_pkey_ec: do not use dummy 0 orderKazuki Yamaguchi2017-02-031-1/+1
|/ | | | | | | Ubuntu trusty's OpenSSL package 1.0.1f-1ubuntu2.22 has backported an OpenSSL commit f54be179aa4c that makes EC_GROUP_set_generator() call BN_MONT_CTX_set() which can segfault if an invalid value (== 0) is given. Avoid it.
* Ruby/OpenSSL 2.0.3v2.0.3Kazuki Yamaguchi2017-01-312-2/+2
|
* .travis.yml: test with Ruby 2.4topic/testing-with-ruby24Kazuki Yamaguchi2017-01-311-7/+8
|
* ruby-openssl-docker: update versions of Ruby and OpenSSLKazuki Yamaguchi2017-01-312-19/+27
| | | | Ruby 2.3.3/2.4.0, OpenSSL 1.0.2k/1.1.0d and LibreSSL 2.3.9/2.4.4.
* x509: fix OpenSSL::X509::Name#eql?Kazuki Yamaguchi2017-01-282-1/+11
| | | | | | | | Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()", 2016-09-08) incorrectly inverted the result. Fix it, and add a test case for this. Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
* test/envutil: fix assert_raise_with_messageKazuki Yamaguchi2017-01-241-0/+5
| | | | Import mu_pp method from Ruby trunk.
* buffering: fix typo in docKazuki Yamaguchi2017-01-231-2/+2
|
* appveyor.yml: update OpenSSL version to 1.0.2jKazuki Yamaguchi2017-01-171-3/+3
| | | | | | | The new RubyInstaller 2.3.3 uses OpenSSL 1.0.2j. This will fix CI build on AppVayor. Note that this is not a future-proof resolution; the future releases of RubyInstaller that AppVayor will use may require another incompatible version of OpenSSL.
* Merge branch 'topic/windows-static-linking-without-pkg-config' into maintKazuki Yamaguchi2017-01-051-0/+6
|\ | | | | | | | | * topic/windows-static-linking-without-pkg-config: Fix build with static OpenSSL libraries on Windows
| * Fix build with static OpenSSL libraries on Windowstopic/windows-static-linking-without-pkg-configKazuki Yamaguchi2016-12-301-0/+6
| | | | | | | | | | | | | | | | | | OpenSSL <= 1.0.2 requires gdi32 for RAND_screen(). OpenSSL >= 1.1.0 no longer has RAND_screen() but it now requires crypt32. If pkg-config is usable, they are automatically linked, but if it is not, configuring Ruby/OpenSSL fails. Fixes: https://bugs.ruby-lang.org/issues/13080
* | Merge pull request #96 from CBonnell/masterKazuki Yamaguchi2016-12-302-1/+8
|\ \ | |/ |/| Fix for ASN1::Constructive 'each' implementation
| * Fix for ASN1::Constructive 'each' implementationCorey Bonnell2016-12-292-1/+8
|/
* Ruby/OpenSSL 2.0.2v2.0.2Kazuki Yamaguchi2016-12-212-2/+2
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 16:14:47 +0000