aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl/extconf.rb
Commit message (Collapse)AuthorAgeFilesLines
* Deprecate and rework old (fd) centric functionsSamuel Williams2021-07-181-0/+2
| | | | | | [ky: fixed compatibility with older versions of Ruby] (cherry picked from commit ruby/ruby@45e65f302b663b2c6ab69df06d3b6f219c1797b2)
* pkey/dh, pkey/ec: use EVP_PKEY_check() familyky/pkey-generic-evp-moreKazuki Yamaguchi2021-04-151-0/+3
| | | | | | | | | Use EVP_PKEY_param_check() instead of DH_check() if available. Also, use EVP_PKEY_public_check() instead of EC_KEY_check_key(). EVP_PKEY_*check() is part of the EVP API and is meant to replace those low-level functions. They were added by OpenSSL 1.1.1. It is currently not provided by LibreSSL.
* pkey: remove unused ossl_generate_cb_2() helper functionky/pkey-refactor-generateKazuki Yamaguchi2021-04-051-3/+0
| | | | | | The previous series of commits re-implemented key generation with the low level API with the EVP API. The BN_GENCB-based callback function is no longer used.
* ossl.c: do not set locking callbacks on LibreSSLky/drop-openssl-1.0.1Kazuki Yamaguchi2021-04-041-1/+0
| | | | | | Similarly to OpenSSL >= 1.1.0, LibreSSL 2.9.0 ensures thread safety without requiring applications to set locking callbacks and made related functions no-op.
* require OpenSSL >= 1.0.2 and LibreSSL >= 3.1Kazuki Yamaguchi2021-04-041-30/+25
| | | | | | | | | | | | | | | | | | | | Clean up old version guards in preparation for the upcoming OpenSSL 3.0 support. OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided to keep 1.0.1 support because many major Linux distributions were still shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions are reaching their EOL and it should be safe to assume nobody uses them anymore. Major ones that were using 1.0.1: - Ubuntu 14.04 is EOL since 2019-04-30 - RHEL 6 will reach EOL on 2020-11-30 LibreSSL 3.0 and older versions are no longer supported by the LibreSSL team as of October 2020. Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also did on 2018-08-31.
* ssl: remove SSL::SSLContext#tmp_ecdh_callbackky/ssl-remove-tmp-ecdh-callbackKazuki Yamaguchi2020-08-131-1/+0
| | | | | | | | | | The underlying API SSL_CTX_set_tmp_ecdh_callback() was removed by LibreSSL >= 2.6.1 and OpenSSL >= 1.1.0, in other words, it is not supported by any non-EOL versions of OpenSSL. The wrapper was initially implemented in Ruby 2.3 and has been deprecated since Ruby/OpenSSL 2.0 (bundled with Ruby 2.4) with explicit warning with rb_warn().
* hmac: migrate from the low-level HMAC API to the EVP APIky/hmac-evpKazuki Yamaguchi2020-06-301-2/+1
| | | | | | | | | Use the EVP API instead of the low-level HMAC API. Use of the HMAC API has been discouraged and is being marked as deprecated starting from OpenSSL 3.0.0. The two singleton methods OpenSSL::HMAC, HMAC.digest and HMAC.hexdigest are now in lib/openssl/hmac.rb.
* engine: do not check for ENGINE_load_builtin_engines()Kazuki Yamaguchi2020-02-211-1/+1
| | | | | | Remove dead code. The function, or a macro in OpenSSL 1.1.0 and newer, always exists unless the whole engine code is disabled with OPENSSL_NO_ENGINE.
* engine: remove really outdated static enginesKazuki Yamaguchi2020-02-211-2/+2
| | | | | | | | | | | | | | | | | | | | They no longer exists in OpenSSL 1.0.1, which is the oldest version Ruby/OpenSSL currently compiles with. Note that OpenSSL 1.0.2 and older is already in EOL state. The following engines should also be removed when we completely drop support for those versions as they were removed in OpenSSL 1.1.0. - 4758cca - aep - atalla - chil - cswift - nuron - sureware - ubsec - gmp - gost
* engine: revert OpenSSL::Engine.load changes for cloudhsmky/engine-load-revert-cloudhsmKazuki Yamaguchi2020-02-201-2/+1
| | | | | | | | | | | | | | | | Revert two commits: - ea49ccc82aa4 Add cloudhsm to extconf.rb - 33ed3ba10424 Add cloudhsm to ossl_engine.c OpenSSL::Engine.load is a binding for ENGINE_load_*() functions which are provided by OpenSSL itself, so-called "static engines". Since the AWS CloudHSM engine is a dynamic engine, which is provided as a shared library, this change is not a correct solution for the issue. Reference: https://github.com/ruby/openssl/issues/189 Reference: https://github.com/ruby/openssl/pull/190
* extconf.rb: get rid of -Werror=deprecated-declarationsky/remove-wdeprecated-declarationsKazuki Yamaguchi2020-02-161-10/+6
| | | | | | | | | | | No function needs -Werror=deprecated-declarations flag to check availability any more. This also fixes -Werror=deprecated-declarations erroneously carrying on to the actual compilation, resulting in an compilation error on some environment. Fixes: https://github.com/ruby/openssl/pull/331
* random: make OpenSSL::Random.pseudo_bytes alias of .random_bytesKazuki Yamaguchi2020-02-161-1/+0
| | | | | | | | The default implementation of RAND_pseudo_bytes() uses the same routine as RAND_bytes(). Note that OpenSSL::Random.pseudo_bytes has been available only when it is compiled with EOL versions of OpenSSL.
* Prefer `frozen_string_literal: true`.Samuel Williams2020-02-061-1/+1
|
* Add cloudhsm to extconf.rbKyle Oliveira2020-01-251-1/+2
| | | to support the CloudHSM OpenSSL library
* extconf.rb - update for new MSYS2, libsspMSP-Greg2019-10-271-0/+6
|
* ts: address minor feedback from rhenium (more changes coming)Ben Toews2019-10-011-1/+0
| | | | | | | | | | | | | | - make some global variables static instead of extern - get rid of GetTsReqPtr/GetTsRespPtr functions - don't use c99 comments - fix some leaks - clarify what numeric type is returned (Integer or BN, never Fixnum) - typos - add missing checks, remove unecessary checks - use OPENSSL_NO_TS instead of our own macros checking for ts support - use EVP_{digest-name} instead of looking up algos by NID - don't differentiate between failure reasons when verifying - rename Response#pkcs7 to #token
* ts: fix for libresslBen Toews2019-10-011-0/+1
| | | | | - define missing TS_RESP_CTX_set_time_cb - handle alternate case for nil oid
* ts: update to work with openssl 1.1.xBen Toews2019-10-011-0/+6
| | | | | | | - clean up whitespace - be consistent with not returning after ossl_raise - use accessor functions when working with openssl TS_* structs - backport accessors for TS_STATUS_INFO, TS_VERIFY_CTX, and TS_RESP_CTX as macros
* ts: Timestamp support (2/3)Martin Bosslet2019-10-011-0/+1
| | | | This commit applies the second patches (ts2.tar.gz) from https://bugs.ruby-lang.org/issues/4183
* Merge pull request #239 from mkauf/post_handshake_authSamuel Williams2019-06-151-0/+1
|\ | | | | Support client certificates with TLS 1.3
| * Support client certificates with TLS 1.3Michael Kaufmann2019-01-211-0/+1
| | | | | | | | | | | | Enable post-handshake authentication with OpenSSL 1.1.1 Fixes #237
* | Check for X509_STORE_get_ex_new_index function separatelyJeremy Evans2019-05-301-0/+1
|/ | | | | | | Don't assume that just because X509_STORE_set_ex_data is defined that the second one is defined. Some versions of LibreSSL need this. See https://github.com/openbsd/ports/commit/23f03b0df4af7e0606fd73c551a39430234b7449
* Merge branch 'maint-2.0' into maintKazuki Yamaguchi2018-10-171-1/+1
|\ | | | | | | | | | | | | * maint-2.0: Ruby/OpenSSL 2.0.9 needs openssl/opensslv.h x509name: fix OpenSSL::X509::Name#{cmp,<=>}
| * needs openssl/opensslv.hnobu2018-10-171-1/+1
| | | | | | | | | | | | | | | | * ext/openssl/extconf.rb: LIBRESSL_VERSION_NUMBER is defined in openssl/opensslv.h. fix up r64101. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64236 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r64236
* | Merge branch 'maint-2.0' into maintKazuki Yamaguchi2018-08-081-0/+7
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fix made in 6fcc6c0efc42 ("test/test_ssl: fix test failure with TLS 1.3", 2018-08-06) is applied to the new test cases. * maint-2.0: reduce LibreSSL warnings openssl_missing.h: constified openssl: search winsock search winsock libraries explicitly no ID cache in Init functions test/test_ssl: fix test failure with TLS 1.3 tool/ruby-openssl-docker: update to latest versions pkey: resume key generation after interrupt
| * reduce LibreSSL warningsnobu2018-08-081-0/+4
| | | | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb: LibreSSL headers emit "overriding WinCrypt defines" warnings if wincrypt.h has been included (except for x509.h) on Windows. get rid of including the header by defining NOCRYPT macro. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64101 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r64101
| * openssl: search winsocknobu2018-08-081-1/+3
| | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb: on Windows search winsock library always, regardless pkg-config. direct use of winsock is not region of OpenSSL. [ruby-core:85895] [Bug #14568] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62637 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r62637
| * search winsock libraries explicitlynobu2018-08-081-0/+1
| | | | | | | | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62628 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r62628
* | Merge branch 'maint-2.0' into maintKazuki Yamaguchi2018-05-121-1/+4
|\| | | | | | | | | | | | | | | | | | | * maint-2.0: Ruby/OpenSSL 2.0.8 test/test_ssl_session: set client protocol version explicitly test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1 extconf.rb: fix build with LibreSSL 2.7.0 cipher: validate iterations argument for Cipher#pkcs5_keyivgen test/utils: disable Thread's report_on_exception in start_server
| * extconf.rb: fix build with LibreSSL 2.7.0ky/libressl-2.7Kazuki Yamaguchi2018-03-241-1/+4
| | | | | | | | | | | | | | | | | | | | Our compat implementation of accessor functions that were introduced in OpenSSL 1.1.0 conflicts with those from LibreSSL 2.7.0. Use the HAVE_OPAQUE_OPENSSL code path when LibreSSL 2.7 or newer is detected. Fix suggested by Joel Sing. Fixes: https://github.com/ruby/openssl/issues/192
| * ssl: fix compile error with OpenSSL 1.0.0Kazuki Yamaguchi2017-08-081-0/+2
| | | | | | | | | | | | | | OpenSSL <= 1.0.0 did not support TLS 1.1/1.2, and thus we must still check the existence of the symbols. This fixes the previous commit, 3e5a009966bd ("ssl: remove unsupported TLS versions from SSLContext::METHODS", 2017-08-08).
| * ssl: remove unsupported TLS versions from SSLContext::METHODSKazuki Yamaguchi2017-08-081-10/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Check for all version-specific SSL methods. We do check for existence of TLSv1_1_method() and TLSv1_2_method(), but not for TLSv1_method(). This fixes compile error when OpenSSL is configured with no-tls1-method. Also check the OPENSSL_NO_TLS{1,1_1,1_2} macros for whether OpenSSL supports the corresponding versions or not. This prevents :TLSv1 from being in SSLContext::METHODS when OpenSSL is compiled with no-tls1. In particular, Debian sid has disabled TLS 1.0/1.1 support recently. The changes in ext/openssl are partial backport of 4eb4b3297a92 ("Remove support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
* | ssl: rework SSLContext#ssl_version=Kazuki Yamaguchi2017-09-031-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reimplement SSLContext#ssl_version= as a wrapper around SSLContext#min_version= and #max_version=. SSLContext#ssl_version= used to call SSL_CTX_set_ssl_version() which replaces the SSL method used for the connections created from the SSL context. This is mainly used for forcing a specific SSL/TLS protocol version. As of OpenSSL 1.1.0, however, use of the version-specific SSL methods such as TLSv1_method() is deprecated. Follow the current recommendation -- to use the generic SSL method always and to control the supported version range by SSL_CTX_set_{min,max}_proto_version(). Actually, we have already started doing a similar thing when the extension is compiled with OpenSSL 1.1.0. OpenSSL::SSL::SSLContext::METHODS, which contained the possible names of SSL methods, is not useful anymore. It is now deprecate_constant-ed.
* | Merge branch 'maint'bpointKazuki Yamaguchi2017-06-141-9/+49
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.4 History.md: add entries for 2.0.1-2.0.3 History.md: wrap at 80 characters extconf.rb: simplify searching libraries logic Search SSL libraries by testing various filename patterns openssl: fix broken openssl check openssl: fix broken openssl check x509store: clear error queue after calling X509_LOOKUP_load_file() tool/sync-with-trunk: 'LASY' -> 'LAST' Update .travis.yml and Dockerfile test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors Fix documentation for OpenSSL::Cipher#final Fix typos ssl: check return value of SSL_set_fd() test/test_ssl: fix typo in test_sysread_and_syswrite Fix typos test/test_pkey_ec: do not use dummy 0 order
| * extconf.rb: simplify searching libraries logicKazuki Yamaguchi2017-06-141-31/+33
| | | | | | | | | | Clarify what it's doing. For non-Windows and MinGW platforms we can just give "crypto" and "ssl" to have_library.
| * Search SSL libraries by testing various filename patternsusa2017-06-141-5/+45
| | | | | | | | | | | | | | | | * ext/openssl/extconf.rb (find_openssl_library): should search by more flexible method, especially for LibreSSL on Windows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * openssl: fix broken openssl checknobu2017-06-141-1/+1
| | | | | | | | | | | | | | * ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | Merge branch 'topic/kdf-module'Kazuki Yamaguchi2017-03-231-0/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | scrypt support is added. * topic/kdf-module: kdf: add scrypt ossl.h: add NUM2UINT64T() macro kdf: introduce OpenSSL::KDF module
| * | kdf: add scrypttopic/kdf-moduleKazuki Yamaguchi2017-03-231-0/+1
| | | | | | | | | | | | | | | Add OpenSSL::KDF.scrypt as a wrapper around EVP_PBE_scrypt(). This is added by OpenSSL 1.1.0.
* | | extconf.rb: print informative message if OpenSSL can't be foundKazuki Yamaguchi2017-03-131-5/+9
|/ / | | | | | | | | | | | | | | | | | | Describe --with-openssl-dir option that specifies the directory the OpenSSL installed if the libraries could not found, and suggest installing "development package" if just the headers are missing. Also, let it raise an exception instead of writing to Logging and terminating the process. This improves the look of the error message on 'gem install openssl' or 'make' (on the Ruby tree) failure.
* | Merge branch 'maint'Kazuki Yamaguchi2017-01-171-0/+6
|\| | | | | | | | | | | | | * maint: appveyor.yml: update OpenSSL version to 1.0.2j Fix build with static OpenSSL libraries on Windows Fix for ASN1::Constructive 'each' implementation
| * Fix build with static OpenSSL libraries on Windowstopic/windows-static-linking-without-pkg-configKazuki Yamaguchi2016-12-301-0/+6
| | | | | | | | | | | | | | | | | | OpenSSL <= 1.0.2 requires gdi32 for RAND_screen(). OpenSSL >= 1.1.0 no longer has RAND_screen() but it now requires crypt32. If pkg-config is usable, they are automatically linked, but if it is not, configuring Ruby/OpenSSL fails. Fixes: https://bugs.ruby-lang.org/issues/13080
* | Remove support for OpenSSL 0.9.8 and 1.0.0topic/drop-openssl-098-and-100Kazuki Yamaguchi2016-12-221-43/+7
|/ | | | | | | | | | They are no longer receiving security updates from the OpenSSL development team since 2015-12. We have kept basic compatibility until now because RHEL 5 still uses an (heavily modified) OpenSSL 0.9.8e. The RHEL 5 will reach EOL on 2017-03, thus it is now safe to assume nobody is still using such old versions of OpenSSL.
* ssl: use SSL_SESSION_get_protocol_version()Kazuki Yamaguchi2016-12-211-0/+1
| | | | | | | | Restore the old behavior of OpenSSL::SSL::Session#==. SSL_SESSION_get_protocol_version() was missing in OpenSSL master at the time r55287 (cad3226a06a1, "openssl: adapt to OpenSSL 1.1.0 opaque structs", 2016-06-05).
* ssl: check for SSL_CTX_clear_options()Kazuki Yamaguchi2016-12-181-0/+1
| | | | | | | SSL_CTX_clear_options() first appeared in OpenSSL 0.9.8m. Add alternative macro definition for ancient versions of OpenSSL. http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/78693
* pkey: check existence of EVP_PKEY_get0()Kazuki Yamaguchi2016-12-011-0/+1
| | | | | EVP_PKEY_get0() did not exist in early OpenSSL 0.9.8 series. So define ourselves if needed.
* Don't check for assert.hKazuki Yamaguchi2016-10-281-1/+0
| | | | | The Ruby core code uses assert.h without a guard. So, we can assume it is always available.
* Don't check for wsock32 and gdi32 on MinGW environmentKazuki Yamaguchi2016-10-271-5/+0
|
* Remove unneeded workaround for dependKazuki Yamaguchi2016-09-071-3/+1
| | | | | | r45944 exported the internal thread_native.h as ruby/thread_native.h. It does not depend on the thread model specific headers, so the workaround is no longer necessary.
* Adapt to OpenSSL changes after the 1.1.0-pre6Kazuki Yamaguchi2016-08-261-0/+1
| | | | | | | Fix compiler errors and warnings. The order of parameters of X509_{CRL,REQ}_get0_signature() has been changed, and certificate and CRL time accessors have been reorganized: *_get_* functions are deprecated and replaced by *_get0_* that return a const pointer.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-29 23:31:19 +0000