| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Add a method to check whether the OpenSSL::OCSP::Request is signed or
not. Currently there is no way to distinguish them except inspecting
DER encoding or parsing verification error message.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.4
History.md: add entries for 2.0.1-2.0.3
History.md: wrap at 80 characters
extconf.rb: simplify searching libraries logic
Search SSL libraries by testing various filename patterns
openssl: fix broken openssl check
openssl: fix broken openssl check
x509store: clear error queue after calling X509_LOOKUP_load_file()
tool/sync-with-trunk: 'LASY' -> 'LAST'
Update .travis.yml and Dockerfile
test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
Fix documentation for OpenSSL::Cipher#final
Fix typos
ssl: check return value of SSL_set_fd()
test/test_ssl: fix typo in test_sysread_and_syswrite
Fix typos
test/test_pkey_ec: do not use dummy 0 order
|
| | |
|
| |
| |
| |
| |
| | |
Clarify what it's doing. For non-Windows and MinGW platforms we can
just give "crypto" and "ssl" to have_library.
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commits that went to master are excluded.
* ruby-trunk r56953..r58742: (3 commits)
(r58742) Search SSL libraries by testing various filename patterns
(r57592) openssl: fix broken openssl check
(r57591) openssl: fix broken openssl check
Sync-with-trunk: r58742
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/extconf.rb (find_openssl_library): should search by more flexible
method, especially for LibreSSL on Windows.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/deprecation.rb: check for broken OpenSSL only on mac
OS. [ruby-core:79475] [Bug #13200]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS.
[ruby-core:79475] [Bug #13200]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: https://bugs.ruby-lang.org/issues/11033
|
| | |
| | |
| | |
| | |
| | | |
"after after having fed the entire plaintext..." is changed to
"after having fed the entire plaintext..."
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
SSL_set_fd() may fail with 0 return if malloc() fails. Check that and
raise an exception to avoid potential crash.
|
| |/ |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
ossl_membio2str0() and ossl_protect_membio2str() are removed as they
aren't used anywhere.
|
| |
| |
| |
| |
| |
| |
| | |
Add a new function ossl_str_new() as an exception-safe wrapper of
rb_str_new(). This is useful for the openssl library because we can't
always raise NoMemoryError immediately due to the independent memory
management of OpenSSL.
|
| |
| |
| |
| |
| | |
Similar to the previous one for GetCipherPtr(), GetDigest() and
GetDigestPtr() have been completely different. Let's disambiguate them.
|
| |
| |
| |
| |
| |
| |
| |
| | |
While GetCipherPtr() function gets a const EVP_CIPHER * from algorithm
name, GetCipher() macro that is locally defined in
ext/openssl/ossl_cipher.c gets the EVP_CIPHER_CTX from an
OpenSSL::Cipher object. They are completely different things. Rename
GetCipherPtr() for disambiguation.
|
| |
| |
| |
| |
| |
| | |
They are no longer useful since we use the TypedData_Get_Struct() which
also performs type checking (based on the rb_data_type_t) for the
non-safe Get*() macros. Just use them instead.
|
|\ \
| | |
| | |
| | |
| | |
| | | |
* topic/expand-ruby-missing-h:
Expand FPTR_TO_FD() macro
Expand rb_define_copy_func() macro
|
| | |
| | |
| | |
| | |
| | | |
It was introduced for compatibility with Ruby 1.8. Ruby 1.8 has gone
long ago and we will never support it.
|
| | |
| | |
| | |
| | |
| | | |
It's not really "missing". Let's expand that, as it does not improve the
readability so much.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
scrypt support is added.
* topic/kdf-module:
kdf: add scrypt
ossl.h: add NUM2UINT64T() macro
kdf: introduce OpenSSL::KDF module
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Add OpenSSL::KDF.scrypt as a wrapper around EVP_PBE_scrypt(). This is
added by OpenSSL 1.1.0.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
As a wrapper of NUM2ULONG() or NUM2ULL(). Converts a Ruby object to
uint64_t, raising an exception if the conversion fails.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Introduce a new OpenSSL::KDF module as a namespace for to-be-added
KDFs. This makes it easier to add new KDFs in future.
We already have a stand-alone KDF, OpenSSL::PKCS5.pbkdf2_hmac. This is
migrated to the new namespace. The backwards compatibility is retained
by the method defined in the newly added lib/openssl/pkcs5.rb.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Describe --with-openssl-dir option that specifies the directory the
OpenSSL installed if the libraries could not found, and suggest
installing "development package" if just the headers are missing.
Also, let it raise an exception instead of writing to Logging and
terminating the process. This improves the look of the error message on
'gem install openssl' or 'make' (on the Ruby tree) failure.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
The version bundled with macOS is anyway too old to compile the
extension.
|
| | | |
| | | |
| | | |
| | | | |
Remove an unused variable declaration.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Ruby core uses _str_ for emphasizing argument names and +str+ for codes.
Match with the rule for better rendering.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
https://github.com/ruby/ruby/pull/1527#issuecomment-281867551
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57694 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | | |
| | | |
| | | |
| | | | |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | | |
| | | |
| | | |
| | | | |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update docs to reflect EOF behavior change of read_nonblock and
write_nonblock when using `exception: false`.
[Fix GH-1527]
Author: Russell Davis <russell-stripe@users.noreply.github.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57690 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* topic/ssl-fixup-ex_data-handling:
ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
ssl: do not confuse different ex_data index registries
|
| | | | |
| | | | |
| | | | |
| | | | | |
It is impossible that they don't.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Register necessary indices for these two independently. Similar to
r55074 (76e933a5a517, "openssl: register ex_data index for
X509_STORE{_CTX,} respectively", 2016-05-19), we can't blindly use the
same ex_data index number for SSL and SSL_CTX.
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The constant was initially introduced just to skip test cases that do
not work with old versions without AES-GCM cipher suites support
(< 1.0.1).
However, the value of the constant has been always `false' because the
macro TLS_DH_anon_WITH_AES_256_GCM_SHA384 does not exist in any version
of OpenSSL.
We no longer use it as of commit c9d1659f4027 ("test/utils: remove
use_anon_cipher option from SSLTestCase#start_server", 2016-09-06).
Let's just remove the constant.
|
|\ \ \ \
| |/ / /
|/| | /
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
* maint:
Ruby/OpenSSL 2.0.3
.travis.yml: test with Ruby 2.4
ruby-openssl-docker: update versions of Ruby and OpenSSL
x509: fix OpenSSL::X509::Name#eql?
test/envutil: fix assert_raise_with_message
buffering: fix typo in doc
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()",
2016-09-08) incorrectly inverted the result. Fix it, and add a test
case for this.
Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
* topic/ssl-certificate-verify-error-desc:
ssl: show reason of 'certificate verify error' in exception message
Make exceptions with the same format regardless of OpenSSL.debug
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The 'certificate verify error' is one of the most common errors that can
be raised by OpenSSL::SSL::SSLSocket#connect. The certificate
verification may fail due to many different issues such as misconfigured
trusted certificate store or inaccurate system clock.
Unfortunately, since the detail is not put to the queue and is only
accessible through OpenSSL::SSL::SSLSocket#verify_result, it is
sometimes hard to figure out the real reason. Let's include a human
readable reason message in the exception message. Like this:
require "socket"
require "openssl"
ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params(cert_store: OpenSSL::X509::Store.new)
ssl = OpenSSL::SSL::SSLSocket.new(Socket.tcp("www.ruby-lang.org", 443), ctx)
ssl.connect
#=>
-:7:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)
from -:7:in `<main>'
|
| | |/
| |/|
| | |
| | |
| | | |
As the current behavior is useless. If OpenSSL.debug is set to true,
errors put to the error queue will be printed to stderr anyway.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* topic/test-memory-leak:
Enable OSSL_MDEBUG on CI builds
Add OpenSSL.print_mem_leaks
test: prepare test PKey instances on demand
test: let OpenSSL::TestCase include OpenSSL::TestUtils
Don't define main() when built with --enable-debug
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a wrapper method for CRYPTO_mem_leaks_fp(stderr). Calling the method
at the end of programs helps debugging memory leak bugs in Ruby/OpenSSL.
This is defined only when --enable-debug option is given when building
Ruby/OpenSSL, and the OpenSSL version is capable.
The test suite recognizes 'OSSL_MDEBUG' environment variable. Set to '1'
to enable the memory leak checker. This would prevent creating another
memory leak problem at least on the success paths. Note that this may
print some false-positives with OpenSSL <= 1.0.2.
It was once introduced by f0754f0b2f33 ("test: add test/mdebug
extension", 2016-08-06) as a separate native extension, but reverted by
4c1ca7669180 ("Remove test/mdebug", 2016-08-26) because it didn't work
on Windows. Let's re-introduce as part of openssl.so.
|
| | | |
| | | |
| | | |
| | | | |
It is unnecessary as we have a test suite that does the job.
|
|\ \ \ \
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
* maint:
appveyor.yml: update OpenSSL version to 1.0.2j
Fix build with static OpenSSL libraries on Windows
Fix for ASN1::Constructive 'each' implementation
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
* topic/windows-static-linking-without-pkg-config:
Fix build with static OpenSSL libraries on Windows
|