| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.6
test/test_engine: check if RC4 is supported
test/test_engine: suppress stderr
ossl.c: make legacy locking callbacks reentrant
ossl.c: use struct CRYPTO_dynlock_value for non-dynamic locks
ssl: prevent SSLSocket#sysread* from leaking uninitialized data
test/test_pair: replace sleep with IO.select
tool/ruby-openssl-docker: update
test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1
test/test_ssl: skip tmp_ecdh_callback test for LibreSSL >= 2.6.1
test/test_pair: disable compression
test/test_ssl: suppress warning in test_alpn_protocol_selection_cancel
ruby.h: unnormalized Fixnum value
test/test_pair: fix test_write_nonblock{,_no_exceptions}
|
| | | |
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.5
ssl: fix compile error with OpenSSL 1.0.0
ssl: remove unsupported TLS versions from SSLContext::METHODS
Add msys2 library dependency tag in gem metadata
ossl_pem_passwd_cb: handle nil from the block explicitly
ossl_pem_passwd_cb: do not check for taintedness
ossl_pem_passwd_cb: relax passphrase length constraint
appveyor.yml: test against Ruby 2.4
Rakefile: install_dependencies: install only when needed
bio: do not use the FILE BIO method in ossl_obj2bio()
bio: prevent possible GC issue in ossl_obj2bio()
test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.4
History.md: add entries for 2.0.1-2.0.3
History.md: wrap at 80 characters
extconf.rb: simplify searching libraries logic
Search SSL libraries by testing various filename patterns
openssl: fix broken openssl check
openssl: fix broken openssl check
x509store: clear error queue after calling X509_LOOKUP_load_file()
tool/sync-with-trunk: 'LASY' -> 'LAST'
Update .travis.yml and Dockerfile
test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
Fix documentation for OpenSSL::Cipher#final
Fix typos
ssl: check return value of SSL_set_fd()
test/test_ssl: fix typo in test_sysread_and_syswrite
Fix typos
test/test_pkey_ec: do not use dummy 0 order
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
They are no longer receiving security updates from the OpenSSL
development team since 2015-12.
We have kept basic compatibility until now because RHEL 5 still uses an
(heavily modified) OpenSSL 0.9.8e. The RHEL 5 will reach EOL on 2017-03,
thus it is now safe to assume nobody is still using such old versions of
OpenSSL.
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have changed the support policy for LibreSSL: we now support only
maintained stable branches.
Quoting from libressl.org[1]:
> LibreSSL transitions to a new stable release branch every 6 months in
> coordination with the OpenBSD development schedule. LibreSSL stable
> branches are updated for 1 year after their corresponding OpenBSD
> branch is tagged for release.
So, LibreSSL 2.2, which was shipped by OpenBSD 5.8 released on 2015-08,
is no longer supported officially by the OpenBSD team.
[1] http://www.libressl.org/releases.html
|
| |\
| |
| |
| |
| | |
* topic/pkey-ec-conversion-form:
pkey: allow specifying conversion form in EC::Point#to_bn
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, when we want to convert a point data into an octet string
with non-default conversion form, we have to set the desirable form to
the associated EC::Group beforehand. This is inconvenient and
counterintuitive because the conversion form is not actually related to
the EC group.
point = ...
point.group.point_conversion_form = :compressed
point.to_bn
So, allow specifying the form as an optional parameter, like this:
point = ...
point.to_bn(:compressed)
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As done for EC::Point, remove ossl_ec_group struct. This contains a
breaking change. Modifications to an EC::Group returned by EC#group
no longer affects the EC object unless set to the key explicitly using
EC#group=. This is the common behavior in Ruby/OpenSSL, including other
getter methods of EC such as EC#public_key.
EC#group currently returns a EC::Group linked with the key, i.e. the
EC::Group object holds a reference to an EC_GROUP that the EC_KEY owns.
We use some ugly workaround - the ossl_ec_group struct has a flag
'dont_free' that indicates we must not free the EC_GROUP. But it is
still not possible to control OpenSSL of free'ing the EC_GROUP, so,
for example, the following code behaves strangely:
ec = OpenSSL::PKey::EC.generate("prime256v1")
group = ec.group
p group.curve_name #=> "prime256v1"
ec.group = OpenSSL::PKey::EC::Group.new("prime256v1")
p group.curve_name #=> nil
|
| |
|
|
| |
This reverts commit 59b22d480400e77109fe5c380f5e057ab857b4fb.
|
| |
|
|
| |
/cc #61
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* topic/cipher-auth-tag-len:
cipher: add Cipher#auth_tag_len=
|
|
|
It's written in rather Markdown.
|
