| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- make some global variables static instead of extern
- get rid of GetTsReqPtr/GetTsRespPtr functions
- don't use c99 comments
- fix some leaks
- clarify what numeric type is returned (Integer or BN, never Fixnum)
- typos
- add missing checks, remove unecessary checks
- use OPENSSL_NO_TS instead of our own macros checking for ts support
- use EVP_{digest-name} instead of looking up algos by NID
- don't differentiate between failure reasons when verifying
- rename Response#pkcs7 to #token
|
| |
|
|
|
|
|
| |
- define missing TS_RESP_CTX_set_time_cb
- handle alternate case for nil oid
|
| |
|
| |
|
|
|
|
|
|
|
| |
- clean up whitespace
- be consistent with not returning after ossl_raise
- use accessor functions when working with openssl TS_* structs
- backport accessors for TS_STATUS_INFO, TS_VERIFY_CTX, and TS_RESP_CTX as macros
|
|
|
|
|
|
|
| |
A number of conventions seem to have changed, causing a fair bit of breakage:
- `Data_*` was deprecated in favor of `TypedData_*`
- `ossl_obj2bio` takes a `VALUE*` instead of `VALUE` now
- `time_to_time_t()` was removed
|
|
|
|
| |
This commit applies the third patches (tsr3.tar.gz) from https://bugs.ruby-lang.org/issues/4183
|
|
|
|
| |
This commit applies the second patches (ts2.tar.gz) from https://bugs.ruby-lang.org/issues/4183
|
|
|
|
|
|
| |
This commit applies the initial patches (ts.tar.gz) from https://bugs.ruby-lang.org/issues/4183
This compiles with several warnings. Tests don't run yet.
|
|
|
|
|
|
|
|
|
|
| |
This method name is misleading, because it returns the name of the
signer's issuer, not the name of the signing certificate. It is
just an alias of issuer, which is more accurate. The "name" method
is historical, it was replaced by the "issuer" method in 2005, and
since then has been alias for backwards compatibility.
Fixes Ruby Bug 8178.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, OpenSSL::X509::Name#{cmp,<=>} would raise a TypeError if you
attempted to compare a Name object with another object of a different
type. Most Ruby classes instead return nil in this situation.
The old behavior resulted in some strange outcomes:
>> n1 = OpenSSL::X509::Name.new
>> 'abc' == n1
=> false
>> n1 == 'abc'
TypeError: wrong argument type String (expected OpenSSL/X509/NAME)
With the new behavior, cmp/<=> will return nil if the other object is
not an X509::Name instead of raising an error. This allows `==` to also
return false instead of raising an error for type mismatches.
New behavior:
>> n1 = OpenSSL::X509::Name.new
>> n1 == 'abc'
=> false
>> n1 <=> 'abc'
=> nil
|
|
|
|
|
|
|
|
|
|
| |
This makes it obvious you have made a mistake if you call key= and
then encrypt or decrypt. Calling encrypt or decrypt without an
argument automatically sets the key to NULL, in which case the
key_set ivar should be changed from false to true given if had
been set before calling encrypt or decrypt.
Fixes Ruby Bug 8720.
|
|
|
|
|
|
|
|
|
| |
Althrough `OpenSSL::Cipher::Cipher` do exist, it's
deprecated:
cipher = OpenSSL::Cipher::Cipher.new 'AES-256-CBC'
# warning: constant OpenSSL::Cipher::Cipher is deprecated
=> #<OpenSSL::Cipher::Cipher:0x000056481ba57f58>
|
|\
| |
| | |
Add EC_POINT_add support
|
| | |
|
|/
|
|
|
|
|
|
| |
not set
The public exp not set would trigger this for #public_{en,de}crypt,
but OpenSSL::PKey::RSA#set_key does not allow setting a NULL public
exp.
|
|
|
|
| |
add testcase for `OpenSSL::BN.new` call without arguments
|
| |
|
| |
|
| |
|
|\
| |
| | |
Add OpenSSL::X509::Extension#value_der method
|
| |
| |
| |
| | |
The #value method provides a weird stringification of the extension value that can't be parsed and isn't very useful. The new #value_der method provides the raw value, allowing users to decode the value and use it as needed.
|
|\ \
| | |
| | | |
Support client certificates with TLS 1.3
|
| |/
| |
| |
| |
| |
| | |
Enable post-handshake authentication with OpenSSL 1.1.1
Fixes #237
|
|\ \
| | |
| | | |
Define equality method for ASN1::ObjectId
|
| | | |
|
| |/ |
|
| |
| |
| |
| |
| | |
This will help users pick stronger ciphers if they aren't educated about
encryption gotchas.
|
|\ \
| | |
| | | |
Minor changes for better LibreSSL support
|
| | |
| | |
| | |
| | | |
Looks like at least some versions of OpenSSL define this as a macro.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
LibreSSL does not define HAVE_OPAQUE_OPENSSL, but operates
similarly.
See:
https://github.com/openbsd/ports/commit/24f62d13dcefff26ade5088b7cdd9238a805450d
https://github.com/openbsd/ports/commit/c8307509d3638d5e5e6c1b7be411f4cdeba0e113
|
| |/
| |
| |
| |
| |
| |
| | |
Don't assume that just because X509_STORE_set_ex_data is defined
that the second one is defined. Some versions of LibreSSL need
this. See
https://github.com/openbsd/ports/commit/23f03b0df4af7e0606fd73c551a39430234b7449
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[Fix GH-1958]
From: Jun Aruga <jaruga@redhat.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64806 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* expand tabs.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Suppress more -Wparentheses warnings
[Fix GH-1958]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
[ky: this is a combined patch of r64806-r64808.]
Sync-with-trunk: r64808
|
|\
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.1.2
Ruby/OpenSSL 2.0.9
needs openssl/opensslv.h
x509name: fix OpenSSL::X509::Name#{cmp,<=>}
|
| | |
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
* maint-2.0:
Ruby/OpenSSL 2.0.9
needs openssl/opensslv.h
x509name: fix OpenSSL::X509::Name#{cmp,<=>}
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/extconf.rb: LIBRESSL_VERSION_NUMBER is defined in
openssl/opensslv.h. fix up r64101.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64236 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r64236
|
| | |\
| | | |
| | | |
| | | |
| | | | |
* ky/x509name-cmp-bugfix:
x509name: fix OpenSSL::X509::Name#{cmp,<=>}
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix wrong use of X509_NAME_cmp() return value. OpenSSL::X509::Name#<=>
could return 0 when the two objects aren't identical.
Reported by Tyler Eckstein. CVE-2018-16395.
Reference: https://hackerone.com/reports/387250
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* maint:
x509name: fix handling of X509_NAME_{oneline,print_ex}() return value
x509name: refactor OpenSSL::X509::Name#to_s
test/test_x509name: change script encoding to ASCII-8BIT
reduce LibreSSL warnings
openssl_missing.h: constified
openssl: search winsock
search winsock libraries explicitly
no ID cache in Init functions
test/test_ssl: fix test failure with TLS 1.3
tool/ruby-openssl-docker: update to latest versions
pkey: resume key generation after interrupt
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* maint-2.0:
x509name: fix handling of X509_NAME_{oneline,print_ex}() return value
x509name: refactor OpenSSL::X509::Name#to_s
test/test_x509name: change script encoding to ASCII-8BIT
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
X509_NAME_print_ex() behaves differently depending on the passed flags.
When XN_FLAG_COMPAT is specified, it returns either 1 on success or 0
on error. Otherwise, it returns the byte size written or -1 on error.
This means 0 return is not necessarily an error.
Also, X509_NAME_oneline() return value needs to be checked as it may
fail with a NULL return.
Fixes: https://github.com/ruby/openssl/issues/200
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Extract the body into a function in preparation for adding #to_utf8.
Also a potential memory leak is fixed: the GetX509Name() macro can
raise TypeError.
(cherry picked from commit 58964733f7d1f9646ecc344d127150aa7115760e)
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The fix made in 6fcc6c0efc42 ("test/test_ssl: fix test failure with
TLS 1.3", 2018-08-06) is applied to the new test cases.
* maint-2.0:
reduce LibreSSL warnings
openssl_missing.h: constified
openssl: search winsock
search winsock libraries explicitly
no ID cache in Init functions
test/test_ssl: fix test failure with TLS 1.3
tool/ruby-openssl-docker: update to latest versions
pkey: resume key generation after interrupt
|
| | |\ \
| | | | |
| | | | | |
pkey: resume key generation after interrupt [Bug #14882]
|