| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |
| | |
| | | |
to support the CloudHSM OpenSSL library
|
| | |
| | |
| | | |
to support the CloudHSM OpenSSL library
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
self
add test_add_certificate_chain_file_multiple_certs
|
| | |
| | |
| | |
| | | |
ssl.peer_cert_chain
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Addresses [issue 15882](https://bugs.ruby-lang.org/issues/15882) with [Zach Rowe's patch.](https://bugs.ruby-lang.org/attachments/7810)
The #parse_openssl method [expects a forward slash at the beginning of the argument](https://github.com/ruby/openssl/blob/master/lib/openssl/x509.rb#L302) if used as the delimiter.
|
| | | |
|
| | |
| | |
| | |
| | | |
`RB_PASS_KEYWORDS` is not always available.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Diff was generated:
git diff --output openssl.patch 93bc10272734cbbb9197470ca629cc4ea019f6f0 ext/openssl/*.c ext/openssl/*.h ext/openssl/**/*.rb
Appled using `patch -p1 < openssl.patch`.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSL::PKey::PKey#private_to_der, #private_to_pem are added to the
generic PKey class. They serialize the private key to PKCS #8
{Encrypted,}PrivateKeyInfo format, in DER- and PEM- encoding,
respectively. For symmetry, also add #public_to_der and #public_to_pem
that serialize the public key into X.509 SubjectPublicKeyInfo format.
OpenSSL::PKey.read now reads DER-encoded PKCS #8 keys as well as the
"raw" private keys. PEM-encoded PKCS #8 keys have been already handled
by PEM_read_bio_PrivateKey().
|
| | |
| | |
| | |
| | | |
Closes #256
|
| | |
| | |
| | |
| | | |
add ca_issuer_uris and ocsp_uris description to the changelog
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In 1ade643cbc01f3f7bd96e90bd8837df7ed491a09 the Rails-like secure_compare naming
was adopted and in original pull request introducing this functionality debate
around timing of hash functions followed. This made me realize why Rails'
default of hashing the values to protect users from making mistakes is a good
idea.
|
| | | |
|
| | |
| | |
| | |
| | | |
Minor improvements to formatting and documentation.
|
| | |
| | |
| | |
| | |
| | |
| | | |
Ruby 2.7 deprecates taint and it no longer has an effect.
The lack of taint support should not cause a problem in
previous Ruby versions.
|
| | |
| | |
| | |
| | | |
Fixes https://bugs.ruby-lang.org/issues/10098
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This method allowed roots and intermediates to be specified in a number of ways.
This complexity wasn't super valuable though and its better to only allow an
X509::Store with an optional Array of intermediates. This greatly simplifies
the code and fixes a few leaks.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- make some global variables static instead of extern
- get rid of GetTsReqPtr/GetTsRespPtr functions
- don't use c99 comments
- fix some leaks
- clarify what numeric type is returned (Integer or BN, never Fixnum)
- typos
- add missing checks, remove unecessary checks
- use OPENSSL_NO_TS instead of our own macros checking for ts support
- use EVP_{digest-name} instead of looking up algos by NID
- don't differentiate between failure reasons when verifying
- rename Response#pkcs7 to #token
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
- define missing TS_RESP_CTX_set_time_cb
- handle alternate case for nil oid
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- clean up whitespace
- be consistent with not returning after ossl_raise
- use accessor functions when working with openssl TS_* structs
- backport accessors for TS_STATUS_INFO, TS_VERIFY_CTX, and TS_RESP_CTX as macros
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A number of conventions seem to have changed, causing a fair bit of breakage:
- `Data_*` was deprecated in favor of `TypedData_*`
- `ossl_obj2bio` takes a `VALUE*` instead of `VALUE` now
- `time_to_time_t()` was removed
|
| | |
| | |
| | |
| | | |
This commit applies the third patches (tsr3.tar.gz) from https://bugs.ruby-lang.org/issues/4183
|
| | |
| | |
| | |
| | | |
This commit applies the second patches (ts2.tar.gz) from https://bugs.ruby-lang.org/issues/4183
|
| | |
| | |
| | |
| | |
| | |
| | | |
This commit applies the initial patches (ts.tar.gz) from https://bugs.ruby-lang.org/issues/4183
This compiles with several warnings. Tests don't run yet.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This method name is misleading, because it returns the name of the
signer's issuer, not the name of the signing certificate. It is
just an alias of issuer, which is more accurate. The "name" method
is historical, it was replaced by the "issuer" method in 2005, and
since then has been alias for backwards compatibility.
Fixes Ruby Bug 8178.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, OpenSSL::X509::Name#{cmp,<=>} would raise a TypeError if you
attempted to compare a Name object with another object of a different
type. Most Ruby classes instead return nil in this situation.
The old behavior resulted in some strange outcomes:
>> n1 = OpenSSL::X509::Name.new
>> 'abc' == n1
=> false
>> n1 == 'abc'
TypeError: wrong argument type String (expected OpenSSL/X509/NAME)
With the new behavior, cmp/<=> will return nil if the other object is
not an X509::Name instead of raising an error. This allows `==` to also
return false instead of raising an error for type mismatches.
New behavior:
>> n1 = OpenSSL::X509::Name.new
>> n1 == 'abc'
=> false
>> n1 <=> 'abc'
=> nil
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This makes it obvious you have made a mistake if you call key= and
then encrypt or decrypt. Calling encrypt or decrypt without an
argument automatically sets the key to NULL, in which case the
key_set ivar should be changed from false to true given if had
been set before calling encrypt or decrypt.
Fixes Ruby Bug 8720.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Althrough `OpenSSL::Cipher::Cipher` do exist, it's
deprecated:
cipher = OpenSSL::Cipher::Cipher.new 'AES-256-CBC'
# warning: constant OpenSSL::Cipher::Cipher is deprecated
=> #<OpenSSL::Cipher::Cipher:0x000056481ba57f58>
|