aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl
Commit message (Collapse)AuthorAgeFilesLines
* ocsp: add OpenSSL::OCSP::Request#signed?topic/ocsp-request-is-signedKazuki Yamaguchi2017-06-191-0/+20
| | | | | | Add a method to check whether the OpenSSL::OCSP::Request is signed or not. Currently there is no way to distinguish them except inspecting DER encoding or parsing verification error message.
* Merge branch 'maint'bpointKazuki Yamaguchi2017-06-148-21/+71
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.4 History.md: add entries for 2.0.1-2.0.3 History.md: wrap at 80 characters extconf.rb: simplify searching libraries logic Search SSL libraries by testing various filename patterns openssl: fix broken openssl check openssl: fix broken openssl check x509store: clear error queue after calling X509_LOOKUP_load_file() tool/sync-with-trunk: 'LASY' -> 'LAST' Update .travis.yml and Dockerfile test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors Fix documentation for OpenSSL::Cipher#final Fix typos ssl: check return value of SSL_set_fd() test/test_ssl: fix typo in test_sysread_and_syswrite Fix typos test/test_pkey_ec: do not use dummy 0 order
| * Ruby/OpenSSL 2.0.4v2.0.4Kazuki Yamaguchi2017-06-141-1/+1
| |
| * extconf.rb: simplify searching libraries logicKazuki Yamaguchi2017-06-141-31/+33
| | | | | | | | | | Clarify what it's doing. For non-Windows and MinGW platforms we can just give "crypto" and "ssl" to have_library.
| * Merge changes from Ruby trunk r56953..r58742Kazuki Yamaguchi2017-06-142-7/+47
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commits that went to master are excluded. * ruby-trunk r56953..r58742: (3 commits) (r58742) Search SSL libraries by testing various filename patterns (r57592) openssl: fix broken openssl check (r57591) openssl: fix broken openssl check Sync-with-trunk: r58742
| | * Search SSL libraries by testing various filename patternsusa2017-06-141-5/+45
| | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb (find_openssl_library): should search by more flexible method, especially for LibreSSL on Windows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| | * openssl: fix broken openssl checknobu2017-06-141-1/+1
| | | | | | | | | | | | | | | | | | | | | * ext/openssl/deprecation.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| | * openssl: fix broken openssl checknobu2017-06-141-1/+1
| | | | | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * | x509store: clear error queue after calling X509_LOOKUP_load_file()Kazuki Yamaguchi2017-06-141-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file() internally, may leave error entries in the queue even when it returns non-zero value (which indicates success). This will be fixed by OpenSSL 1.1.1, but can be worked around by clearing the error queue ourselves. Fixes: https://bugs.ruby-lang.org/issues/11033
| * | Fix documentation for OpenSSL::Cipher#finalVladimir Rybas2017-04-211-1/+1
| | | | | | | | | | | | | | | "after after having fed the entire plaintext..." is changed to "after having fed the entire plaintext..."
| * | Fix typosKazuki Yamaguchi2017-04-205-7/+7
| | |
| * | ssl: check return value of SSL_set_fd()Kazuki Yamaguchi2017-03-311-1/+2
| | | | | | | | | | | | | | | SSL_set_fd() may fail with 0 return if malloc() fails. Check that and raise an exception to avoid potential crash.
| * | Fix typosSHIBATA Hiroshi2017-02-142-3/+3
| |/
* | Add fips_mode_get to return fips_modeColton Jenkins2017-06-091-1/+19
| |
* | Remove unused functions and macrosKazuki Yamaguchi2017-05-229-144/+1
| |
* | bio: simplify ossl_membio2str() using ossl_str_new()Kazuki Yamaguchi2017-05-222-22/+5
| | | | | | | | | | ossl_membio2str0() and ossl_protect_membio2str() are removed as they aren't used anywhere.
* | Add ossl_str_new(), an exception-safe rb_str_new()Kazuki Yamaguchi2017-05-222-7/+26
| | | | | | | | | | | | | | Add a new function ossl_str_new() as an exception-safe wrapper of rb_str_new(). This is useful for the openssl library because we can't always raise NoMemoryError immediately due to the independent memory management of OpenSSL.
* | digest: rename GetDigestPtr() to ossl_evp_get_digestbyname()Kazuki Yamaguchi2017-05-0212-21/+22
| | | | | | | | | | Similar to the previous one for GetCipherPtr(), GetDigest() and GetDigestPtr() have been completely different. Let's disambiguate them.
* | cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()Kazuki Yamaguchi2017-05-026-7/+7
| | | | | | | | | | | | | | | | While GetCipherPtr() function gets a const EVP_CIPHER * from algorithm name, GetCipher() macro that is locally defined in ext/openssl/ossl_cipher.c gets the EVP_CIPHER_CTX from an OpenSSL::Cipher object. They are completely different things. Rename GetCipherPtr() for disambiguation.
* | Remove SafeGet*() macrosKazuki Yamaguchi2017-05-0222-186/+71
| | | | | | | | | | | | They are no longer useful since we use the TypedData_Get_Struct() which also performs type checking (based on the rb_data_type_t) for the non-safe Get*() macros. Just use them instead.
* | Merge branch 'topic/expand-ruby-missing-h'Kazuki Yamaguchi2017-04-2822-39/+34
|\ \ | | | | | | | | | | | | | | | * topic/expand-ruby-missing-h: Expand FPTR_TO_FD() macro Expand rb_define_copy_func() macro
| * | Expand FPTR_TO_FD() macrotopic/expand-ruby-missing-hKazuki Yamaguchi2017-04-283-11/+9
| | | | | | | | | | | | | | | It was introduced for compatibility with Ruby 1.8. Ruby 1.8 has gone long ago and we will never support it.
| * | Expand rb_define_copy_func() macroKazuki Yamaguchi2017-04-2820-28/+25
| | | | | | | | | | | | | | | It's not really "missing". Let's expand that, as it does not improve the readability so much.
* | | Merge branch 'topic/kdf-module'Kazuki Yamaguchi2017-03-237-180/+243
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | scrypt support is added. * topic/kdf-module: kdf: add scrypt ossl.h: add NUM2UINT64T() macro kdf: introduce OpenSSL::KDF module
| * | | kdf: add scrypttopic/kdf-moduleKazuki Yamaguchi2017-03-232-0/+79
| | | | | | | | | | | | | | | | | | | | Add OpenSSL::KDF.scrypt as a wrapper around EVP_PBE_scrypt(). This is added by OpenSSL 1.1.0.
| * | | ossl.h: add NUM2UINT64T() macroKazuki Yamaguchi2017-03-231-0/+13
| | | | | | | | | | | | | | | | | | | | As a wrapper of NUM2ULONG() or NUM2ULL(). Converts a Ruby object to uint64_t, raising an exception if the conversion fails.
| * | | kdf: introduce OpenSSL::KDF moduleKazuki Yamaguchi2017-03-236-180/+151
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a new OpenSSL::KDF module as a namespace for to-be-added KDFs. This makes it easier to add new KDFs in future. We already have a stand-alone KDF, OpenSSL::PKCS5.pbkdf2_hmac. This is migrated to the new namespace. The backwards compatibility is retained by the method defined in the newly added lib/openssl/pkcs5.rb.
* | | | extconf.rb: print informative message if OpenSSL can't be foundKazuki Yamaguchi2017-03-131-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Describe --with-openssl-dir option that specifies the directory the OpenSSL installed if the libraries could not found, and suggest installing "development package" if just the headers are missing. Also, let it raise an exception instead of writing to Logging and terminating the process. This improves the look of the error message on 'gem install openssl' or 'make' (on the Ruby tree) failure.
* | | | ext/openssl/deprecation.rb: remove broken-apple-opensslKazuki Yamaguchi2017-03-031-3/+0
| | | | | | | | | | | | | | | | | | | | The version bundled with macOS is anyway too old to compile the extension.
* | | | ssl: suppress compiler warningKazuki Yamaguchi2017-03-031-1/+0
| | | | | | | | | | | | | | | | Remove an unused variable declaration.
* | | | Fix RDoc markuptopic/fix-rdoc-markupKazuki Yamaguchi2017-02-2422-381/+390
| | | | | | | | | | | | | | | | | | | | Ruby core uses _str_ for emphasizing argument names and +str+ for codes. Match with the rule for better rendering.
* | | | Revert r57690 except for read_nonblocknobu2017-02-241-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | https://github.com/ruby/ruby/pull/1527#issuecomment-281867551 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57694 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | | | [DOC] mark up literalsnobu2017-02-241-4/+6
| | | | | | | | | | | | | | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | | | [DOC] keyword argument _exception_nobu2017-02-241-2/+2
| | | | | | | | | | | | | | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | | | [DOC] {read,write}_nonblock with exception: falsenobu2017-02-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update docs to reflect EOF behavior change of read_nonblock and write_nonblock when using `exception: false`. [Fix GH-1527] Author: Russell Davis <russell-stripe@users.noreply.github.com> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57690 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | | | Merge branch 'topic/ssl-fixup-ex_data-handling'Kazuki Yamaguchi2017-02-191-27/+26
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | * topic/ssl-fixup-ex_data-handling: ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object ssl: do not confuse different ex_data index registries
| * | | | ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby objecttopic/ssl-fixup-ex_data-handlingKazuki Yamaguchi2017-02-191-20/+5
| | | | | | | | | | | | | | | | | | | | It is impossible that they don't.
| * | | | ssl: do not confuse different ex_data index registriesKazuki Yamaguchi2017-02-191-8/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Register necessary indices for these two independently. Similar to r55074 (76e933a5a517, "openssl: register ex_data index for X509_STORE{_CTX,} respectively", 2016-05-19), we can't blindly use the same ex_data index number for SSL and SSL_CTX.
* | | | | ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384topic/ssl-remove-TLS_DH_anon_WITH_AES_256_GCM_SHA384Kazuki Yamaguchi2017-02-191-6/+0
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The constant was initially introduced just to skip test cases that do not work with old versions without AES-GCM cipher suites support (< 1.0.1). However, the value of the constant has been always `false' because the macro TLS_DH_anon_WITH_AES_256_GCM_SHA384 does not exist in any version of OpenSSL. We no longer use it as of commit c9d1659f4027 ("test/utils: remove use_anon_cipher option from SSLTestCase#start_server", 2016-09-06). Let's just remove the constant.
* | | | Merge branch 'maint'Kazuki Yamaguchi2017-01-311-1/+1
|\ \ \ \ | |/ / / |/| | / | | |/ | |/| | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.3 .travis.yml: test with Ruby 2.4 ruby-openssl-docker: update versions of Ruby and OpenSSL x509: fix OpenSSL::X509::Name#eql? test/envutil: fix assert_raise_with_message buffering: fix typo in doc
| * | Ruby/OpenSSL 2.0.3v2.0.3Kazuki Yamaguchi2017-01-311-1/+1
| | |
| * | x509: fix OpenSSL::X509::Name#eql?Kazuki Yamaguchi2017-01-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()", 2016-09-08) incorrectly inverted the result. Fix it, and add a test case for this. Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
* | | Merge branch 'topic/ssl-certificate-verify-error-desc'Kazuki Yamaguchi2017-01-262-8/+25
|\ \ \ | | | | | | | | | | | | | | | | | | | | * topic/ssl-certificate-verify-error-desc: ssl: show reason of 'certificate verify error' in exception message Make exceptions with the same format regardless of OpenSSL.debug
| * | | ssl: show reason of 'certificate verify error' in exception messagetopic/ssl-certificate-verify-error-descKazuki Yamaguchi2017-01-241-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'certificate verify error' is one of the most common errors that can be raised by OpenSSL::SSL::SSLSocket#connect. The certificate verification may fail due to many different issues such as misconfigured trusted certificate store or inaccurate system clock. Unfortunately, since the detail is not put to the queue and is only accessible through OpenSSL::SSL::SSLSocket#verify_result, it is sometimes hard to figure out the real reason. Let's include a human readable reason message in the exception message. Like this: require "socket" require "openssl" ctx = OpenSSL::SSL::SSLContext.new ctx.set_params(cert_store: OpenSSL::X509::Store.new) ssl = OpenSSL::SSL::SSLSocket.new(Socket.tcp("www.ruby-lang.org", 443), ctx) ssl.connect #=> -:7:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError) from -:7:in `<main>'
| * | | Make exceptions with the same format regardless of OpenSSL.debugKazuki Yamaguchi2017-01-241-8/+5
| | |/ | |/| | | | | | | | | | As the current behavior is useless. If OpenSSL.debug is set to true, errors put to the error queue will be printed to stderr anyway.
* | | Merge branch 'topic/test-memory-leak'Kazuki Yamaguchi2017-01-171-9/+100
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * topic/test-memory-leak: Enable OSSL_MDEBUG on CI builds Add OpenSSL.print_mem_leaks test: prepare test PKey instances on demand test: let OpenSSL::TestCase include OpenSSL::TestUtils Don't define main() when built with --enable-debug
| * | | Add OpenSSL.print_mem_leaksKazuki Yamaguchi2017-01-171-0/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a wrapper method for CRYPTO_mem_leaks_fp(stderr). Calling the method at the end of programs helps debugging memory leak bugs in Ruby/OpenSSL. This is defined only when --enable-debug option is given when building Ruby/OpenSSL, and the OpenSSL version is capable. The test suite recognizes 'OSSL_MDEBUG' environment variable. Set to '1' to enable the memory leak checker. This would prevent creating another memory leak problem at least on the success paths. Note that this may print some false-positives with OpenSSL <= 1.0.2. It was once introduced by f0754f0b2f33 ("test: add test/mdebug extension", 2016-08-06) as a separate native extension, but reverted by 4c1ca7669180 ("Remove test/mdebug", 2016-08-26) because it didn't work on Windows. Let's re-introduce as part of openssl.so.
| * | | Don't define main() when built with --enable-debugKazuki Yamaguchi2017-01-161-11/+0
| | | | | | | | | | | | | | | | It is unnecessary as we have a test suite that does the job.
* | | | Merge branch 'maint'Kazuki Yamaguchi2017-01-172-1/+7
|\ \ \ \ | | |_|/ | |/| | | | | | | | | | | | | | | | | | * maint: appveyor.yml: update OpenSSL version to 1.0.2j Fix build with static OpenSSL libraries on Windows Fix for ASN1::Constructive 'each' implementation
| * | | Merge branch 'topic/windows-static-linking-without-pkg-config' into maintKazuki Yamaguchi2017-01-051-0/+6
| |\ \ \ | | | | | | | | | | | | | | | | | | | | * topic/windows-static-linking-without-pkg-config: Fix build with static OpenSSL libraries on Windows
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-25 16:14:30 +0000