| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Those two engines exist as builtin engines even if static engines are
disabled with OPENSSL_NO_STATIC_ENGINE. This is the default with recent
OpenSSL.
This has prevented Engine.load("dynamic") from working and required
the user to call OpenSSL::Engine.load with no arguments, which loads all
builtin engines including 'dynamic'.
Note that OpenSSL 1.1.0 and newer calls (the equivalent of)
ENGINE_load_builtin_engines() on its initialization. This includes
'dynamic' and 'cryptodev' engines (if available).
|
|
|
|
|
|
| |
Remove dead code. The function, or a macro in OpenSSL 1.1.0 and newer,
always exists unless the whole engine code is disabled with
OPENSSL_NO_ENGINE.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They no longer exists in OpenSSL 1.0.1, which is the oldest version
Ruby/OpenSSL currently compiles with.
Note that OpenSSL 1.0.2 and older is already in EOL state. The following
engines should also be removed when we completely drop support for those
versions as they were removed in OpenSSL 1.1.0.
- 4758cca
- aep
- atalla
- chil
- cswift
- nuron
- sureware
- ubsec
- gmp
- gost
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert two commits:
- ea49ccc82aa4 Add cloudhsm to extconf.rb
- 33ed3ba10424 Add cloudhsm to ossl_engine.c
OpenSSL::Engine.load is a binding for ENGINE_load_*() functions which
are provided by OpenSSL itself, so-called "static engines".
Since the AWS CloudHSM engine is a dynamic engine, which is provided as
a shared library, this change is not a correct solution for the issue.
Reference: https://github.com/ruby/openssl/issues/189
Reference: https://github.com/ruby/openssl/pull/190
|
|
|
| |
to support the CloudHSM OpenSSL library
|
|
|
|
| |
Thanks rhenium for the code review and fixes.
|
|
|
|
|
|
| |
They are no longer useful since we use the TypedData_Get_Struct() which
also performs type checking (based on the rb_data_type_t) for the
non-safe Get*() macros. Just use them instead.
|
|
|
|
|
| |
Ruby core uses _str_ for emphasizing argument names and +str+ for codes.
Match with the rule for better rendering.
|
| |
|
|
|
|
|
|
| |
This prevents users from allocating OpenSSL::Engine instance using
OpenSSL::Engine.allocate. Undef'ing alloc function also allows us to
remove explicit undef of OpenSSL::Engine.new and #initialize_copy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement initialize_copy for:
- OpenSSL::PKCS12
- OpenSSL::SSL::SSLSession
- OpenSSL::X509::Attribute
- OpenSSL::X509::Extension
- OpenSSL::X509::Name
- OpenSSL::X509::Revoked
Remove initialize_copy from:
- OpenSSL::SSL::SSLContext
- OpenSSL::SSL::SSLSocket
- OpenSSL::Engine
- OpenSSL::X509::Store
- OpenSSL::X509::StoreContext
[Bug #12381]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes `make test-all TESTS=openssl` with OpenSSL master.
* test/openssl/test_x509name.rb: Don't register OID for 'emailAddress'
and 'serialNumber'. A recent change in OpenSSL made OBJ_create()
reject an already existing OID. They were needed to run tests with
OpenSSL 0.9.6 which is now unsupported.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25
[ruby-core:75225] [Feature #12324]
* test/openssl/test_ssl_session.rb (test_server_session): Duplicate
SSL::Session before re-adding to the session store. OpenSSL 1.1.0
starts rejecting SSL_SESSION once removed by SSL_CTX_remove_session().
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75
* test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519
is new in OpenSSL 1.1.0 but this is for key agreement and not for
signing.
* test/openssl/test_pair.rb, test/openssl/test_ssl.rb,
test/openssl/utils.rb: Set security level to 0 when using aNULL cipher
suites.
* test/openssl/utils.rb: Use 1024 bits DSA key for client certificates.
* test/openssl/test_engine.rb: Run each test in separate process.
We can no longer cleanup engines explicitly as ENGINE_cleanup() was
removed.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6d4fb1d59e61aacefa25edc4fe5acfe1ac93f743
* ext/openssl/ossl_engine.c (ossl_engine_s_cleanup): Add a note to the
RDoc for Engine.cleanup.
* ext/openssl/lib/openssl/digest.rb: Don't define constants for DSS,
DSS1 and SHA(-0) when using with OpenSSL 1.1.0. They are removed.
* test/openssl/test_digest.rb, test/openssl/test_pkey_dsa.rb,
test/openssl/test_pkey_dsa.rb, test/openssl/test_ssl.rb,
test/openssl/test_x509cert.rb, test/openssl/test_x509req.rb: Don't
test unsupported hash functions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55314 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_asn1.c, ext/openssl/ossl_bn.c,
ext/openssl/ossl_cipher.c, ext/openssl/ossl_digest.c
ext/openssl/ossl_engine.c, ext/openssl/ossl_ns_spki.c
ext/openssl/ossl_pkcs12.c, ext/openssl/ossl_pkcs7.c
ext/openssl/ossl_pkey.c, ext/openssl/ossl_pkey_ec.c
ext/openssl/ossl_rand.c, ext/openssl/ossl_ssl.c
ext/openssl/ossl_x509attr.c, ext/openssl/ossl_x509cert.c
ext/openssl/ossl_x509ext.c, ext/openssl/ossl_x509store.c: Use
StringValueCStr() where NUL-terminated string is expected.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl.c (ossl_clear_error): Extracted from
ossl_make_error(). This prints errors in the OpenSSL error queue if
OpenSSL.debug is true, and clears the queue.
(ossl_make_error): use ossl_clear_error().
* ext/openssl/ossl.h: add prototype declaration of ossl_make_error().
(OSSL_BIO_reset) use ossl_clear_error() to clear the queue. Clearing
silently makes debugging difficult.
* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): ditto.
* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): ditto.
* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_verify): ditto.
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
(ossl_ec_group_initialize): ditto.
* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55050 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
| |
|
|
|
|
| |
See also r50351 from ruby/ruby#876
|
| |
|
|
|