| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Those two engines exist as builtin engines even if static engines are
disabled with OPENSSL_NO_STATIC_ENGINE. This is the default with recent
OpenSSL.
This has prevented Engine.load("dynamic") from working and required
the user to call OpenSSL::Engine.load with no arguments, which loads all
builtin engines including 'dynamic'.
Note that OpenSSL 1.1.0 and newer calls (the equivalent of)
ENGINE_load_builtin_engines() on its initialization. This includes
'dynamic' and 'cryptodev' engines (if available).
|
|
|
|
|
|
| |
Remove dead code. The function, or a macro in OpenSSL 1.1.0 and newer,
always exists unless the whole engine code is disabled with
OPENSSL_NO_ENGINE.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They no longer exists in OpenSSL 1.0.1, which is the oldest version
Ruby/OpenSSL currently compiles with.
Note that OpenSSL 1.0.2 and older is already in EOL state. The following
engines should also be removed when we completely drop support for those
versions as they were removed in OpenSSL 1.1.0.
- 4758cca
- aep
- atalla
- chil
- cswift
- nuron
- sureware
- ubsec
- gmp
- gost
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert two commits:
- ea49ccc82aa4 Add cloudhsm to extconf.rb
- 33ed3ba10424 Add cloudhsm to ossl_engine.c
OpenSSL::Engine.load is a binding for ENGINE_load_*() functions which
are provided by OpenSSL itself, so-called "static engines".
Since the AWS CloudHSM engine is a dynamic engine, which is provided as
a shared library, this change is not a correct solution for the issue.
Reference: https://github.com/ruby/openssl/issues/189
Reference: https://github.com/ruby/openssl/pull/190
|
|
|
|
|
|
| |
We cannot use C99 features yet, as we still support Ruby 2.6 and older.
Fixes: debaca25604c ("Adds support for the 'get_finished' and 'get_peer_finished' functions", 2019-06-25)
|
|\
| |
| | |
extconf.rb: get rid of -Werror=deprecated-declarations
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
No function needs -Werror=deprecated-declarations flag to check
availability any more.
This also fixes -Werror=deprecated-declarations erroneously carrying on
to the actual compilation, resulting in an compilation error on some
environment.
Fixes: https://github.com/ruby/openssl/pull/331
|
| |
| |
| |
| |
| |
| |
| |
| | |
The default implementation of RAND_pseudo_bytes() uses the same routine
as RAND_bytes().
Note that OpenSSL::Random.pseudo_bytes has been available only when it
is compiled with EOL versions of OpenSSL.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop the special treatment of invalid hashAlgorithm of the message
imprint. Those invalid values can only appear after the object is
instantiated, before the user sets an actual message digest algorithm.
OpenSSL::Timestamp::TokenInfo#algorithm already does the same.
Also, remove the test case "test_create_request" since it does not make
much sense. Those fields are to be set by the user after creation of
the object and checking the initial value is pointless.
Fixes: https://github.com/ruby/openssl/issues/335
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
private exp not set"
This reverts commit e30b9a27f00338b065e90c6172d1c4509edc2853 (#255)
except the added test code.
The 'd' value can be NULL when the RSA private key is backed by an
OpenSSL engine, such as an HSM. In that case, only 'n' and 'e' are
visible from the OpenSSL API.
The original issue has been fixed by Pull Request #258 in another way.
Reference: https://github.com/ruby/openssl/pull/255
Reference: https://github.com/ruby/openssl/pull/258
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert SSLContext#add_certificate_chain_file changes
* 0da0dfaf09f549b2b2cd984627b321b7908d1186.
* 8d12f0f6ca944212cb8000e689469d7aaa8190d7.
* 49f42ad5f82f8b61f51a16e3a6df1ab0d5307d5f.
* 5ee295ab8e37c8ffc6eb8c1b7b79ec024f3253e4.
* 8b4fa5e336c7544ea677ccee160ec6d221559e10.
* 443d13e9b2c127230fde2733959eaa4d41eb355d.
* 5d866038920edf2729865653d6dc9309589f089a.
* f18559acf97a6f6aaf3d253417eb0100b262cbc6.
|
| |
|
|
|
|
|
|
|
|
| |
Zero-size arrays not playing nicely with visual studio / mingw,
see: https://github.com/ruby/ruby/pull/2693
Also see related discussion pertaining to using NULL pointer
here: https://github.com/ruby/openssl/pull/315
|
| |
|
|
|
| |
to support the CloudHSM OpenSSL library
|
|
|
| |
to support the CloudHSM OpenSSL library
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
self
add test_add_certificate_chain_file_multiple_certs
|
|
|
|
| |
ssl.peer_cert_chain
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Addresses [issue 15882](https://bugs.ruby-lang.org/issues/15882) with [Zach Rowe's patch.](https://bugs.ruby-lang.org/attachments/7810)
The #parse_openssl method [expects a forward slash at the beginning of the argument](https://github.com/ruby/openssl/blob/master/lib/openssl/x509.rb#L302) if used as the delimiter.
|
| |
|
|
|
|
| |
`RB_PASS_KEYWORDS` is not always available.
|
|
|
|
|
|
|
|
| |
Diff was generated:
git diff --output openssl.patch 93bc10272734cbbb9197470ca629cc4ea019f6f0 ext/openssl/*.c ext/openssl/*.h ext/openssl/**/*.rb
Appled using `patch -p1 < openssl.patch`.
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL::PKey::PKey#private_to_der, #private_to_pem are added to the
generic PKey class. They serialize the private key to PKCS #8
{Encrypted,}PrivateKeyInfo format, in DER- and PEM- encoding,
respectively. For symmetry, also add #public_to_der and #public_to_pem
that serialize the public key into X.509 SubjectPublicKeyInfo format.
OpenSSL::PKey.read now reads DER-encoded PKCS #8 keys as well as the
"raw" private keys. PEM-encoded PKCS #8 keys have been already handled
by PEM_read_bio_PrivateKey().
|
|
|
|
| |
Closes #256
|
|
|
|
| |
add ca_issuer_uris and ocsp_uris description to the changelog
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
In 1ade643cbc01f3f7bd96e90bd8837df7ed491a09 the Rails-like secure_compare naming
was adopted and in original pull request introducing this functionality debate
around timing of hash functions followed. This made me realize why Rails'
default of hashing the values to protect users from making mistakes is a good
idea.
|
| |
|
|
|
|
| |
Minor improvements to formatting and documentation.
|
|
|
|
|
|
| |
Ruby 2.7 deprecates taint and it no longer has an effect.
The lack of taint support should not cause a problem in
previous Ruby versions.
|
|
|
|
| |
Fixes https://bugs.ruby-lang.org/issues/10098
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This method allowed roots and intermediates to be specified in a number of ways.
This complexity wasn't super valuable though and its better to only allow an
X509::Store with an optional Array of intermediates. This greatly simplifies
the code and fixes a few leaks.
|