aboutsummaryrefslogtreecommitdiffstats
path: root/ext
Commit message (Collapse)AuthorAgeFilesLines
...
* | | ts: get tests running/passingBen Toews2019-10-013-24/+31
| | | | | | | | | | | | | | | | | | | | | A number of conventions seem to have changed, causing a fair bit of breakage: - `Data_*` was deprecated in favor of `TypedData_*` - `ossl_obj2bio` takes a `VALUE*` instead of `VALUE` now - `time_to_time_t()` was removed
* | | ts: Timestamp support (3/3)Martin Bosslet2019-10-011-3/+3
| | | | | | | | | | | | This commit applies the third patches (tsr3.tar.gz) from https://bugs.ruby-lang.org/issues/4183
* | | ts: Timestamp support (2/3)Martin Bosslet2019-10-015-45/+24
| | | | | | | | | | | | This commit applies the second patches (ts2.tar.gz) from https://bugs.ruby-lang.org/issues/4183
* | | ts: Timestamp support (1/3)Martin Bosslet2019-10-014-0/+1580
| | | | | | | | | | | | | | | | | | This commit applies the initial patches (ts.tar.gz) from https://bugs.ruby-lang.org/issues/4183 This compiles with several warnings. Tests don't run yet.
* | | Remove OpenSSL::PKCS7::SignerInfo#nameJeremy Evans2019-08-101-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This method name is misleading, because it returns the name of the signer's issuer, not the name of the signing certificate. It is just an alias of issuer, which is more accurate. The "name" method is historical, it was replaced by the "issuer" method in 2005, and since then has been alias for backwards compatibility. Fixes Ruby Bug 8178.
* | | x509name: return nil for wrong type in Name#<=>Andy Brody2019-07-271-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, OpenSSL::X509::Name#{cmp,<=>} would raise a TypeError if you attempted to compare a Name object with another object of a different type. Most Ruby classes instead return nil in this situation. The old behavior resulted in some strange outcomes: >> n1 = OpenSSL::X509::Name.new >> 'abc' == n1 => false >> n1 == 'abc' TypeError: wrong argument type String (expected OpenSSL/X509/NAME) With the new behavior, cmp/<=> will return nil if the other object is not an X509::Name instead of raising an error. This allows `==` to also return false instead of raising an error for type mismatches. New behavior: >> n1 = OpenSSL::X509::Name.new >> n1 == 'abc' => false >> n1 <=> 'abc' => nil
* | | Set key_set ivar to false if encrypt/decrypt called without keyJeremy Evans2019-07-181-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes it obvious you have made a mistake if you call key= and then encrypt or decrypt. Calling encrypt or decrypt without an argument automatically sets the key to NULL, in which case the key_set ivar should be changed from false to true given if had been set before calling encrypt or decrypt. Fixes Ruby Bug 8720.
* | | Fix minimal typo on documentationEspartaco Palma2019-07-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Althrough `OpenSSL::Cipher::Cipher` do exist, it's deprecated: cipher = OpenSSL::Cipher::Cipher.new 'AES-256-CBC' # warning: constant OpenSSL::Cipher::Cipher is deprecated => #<OpenSSL::Cipher::Cipher:0x000056481ba57f58>
* | | Merge pull request #261 from jdhollis/add-EC_POINT_add-supportSamuel Williams2019-07-041-0/+29
|\ \ \ | | | | | | | | Add EC_POINT_add support
| * | | Add EC_POINT_add supportJ.D. Hollis2019-07-031-0/+29
| | | |
* | | | Fix segfaults in OpenSSL::PKey::RSA#private_{en,de}crypt when private exp ↵Jeremy Evans2019-07-031-6/+6
|/ / / | | | | | | | | | | | | | | | | | | | | | not set The public exp not set would trigger this for #public_{en,de}crypt, but OpenSSL::PKey::RSA#set_key does not allow setting a NULL public exp.
* | | fix doc about `OpenSSL::BN.new`thekuwayama2019-06-211-1/+0
| | | | | | | | | | | | add testcase for `OpenSSL::BN.new` call without arguments
* | | add nil guard `OpenSSL::BN.new`thekuwayama2019-06-211-0/+4
| | |
* | | fix RSA#export and RSA#to_der to check key, factors and crt_paramsthekuwayama2019-06-201-6/+14
| | |
* | | fix RSA_HAS_PRIVATE to check that both `e` and `d` are not NULLthekuwayama2019-06-201-3/+3
| | |
* | | Merge pull request #234 from mastahyeti/ext-value-derSamuel Williams2019-06-151-0/+14
|\ \ \ | | | | | | | | Add OpenSSL::X509::Extension#value_der method
| * | | Add OpenSSL::X509::Extension#value_der methodBen Toews2018-12-101-0/+14
| | | | | | | | | | | | | | | | The #value method provides a weird stringification of the extension value that can't be parsed and isn't very useful. The new #value_der method provides the raw value, allowing users to decode the value and use it as needed.
* | | | Merge pull request #239 from mkauf/post_handshake_authSamuel Williams2019-06-152-0/+5
|\ \ \ \ | | | | | | | | | | Support client certificates with TLS 1.3
| * | | | Support client certificates with TLS 1.3Michael Kaufmann2019-01-212-0/+5
| |/ / / | | | | | | | | | | | | | | | | | | | | Enable post-handshake authentication with OpenSSL 1.1.1 Fixes #237
* | | | Merge pull request #235 from mastahyeti/oid-equalSamuel Williams2019-06-141-0/+25
|\ \ \ \ | | | | | | | | | | Define equality method for ASN1::ObjectId
| * | | | don't define triple equal method for ASN1::ObjectIDBen Toews2019-06-131-1/+0
| | | | |
| * | | | define equality method for ASN1::ObjectIdBen Toews2018-12-111-0/+26
| |/ / /
* | | | Use stronger ciphers in documentationSamuel Williams2019-06-132-7/+7
| | | | | | | | | | | | | | | | | | | | This will help users pick stronger ciphers if they aren't educated about encryption gotchas.
* | | | Merge pull request #253 from jeremyevans/libressl-extconfSamuel Williams2019-06-132-1/+6
|\ \ \ \ | | | | | | | | | | Minor changes for better LibreSSL support
| * | | | Handle case where X509_STORE_get_ex_new_index is a macroJeremy Evans2019-05-301-1/+1
| | | | | | | | | | | | | | | | | | | | Looks like at least some versions of OpenSSL define this as a macro.
| * | | | Fix opaque check to work correctly on OpenSSL <1.1Jeremy Evans2019-05-301-3/+2
| | | | |
| * | | | Treat LibreSSL 2.7+ like OpenSSL 1.1 in terms of opaquenessJeremy Evans2019-05-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LibreSSL does not define HAVE_OPAQUE_OPENSSL, but operates similarly. See: https://github.com/openbsd/ports/commit/24f62d13dcefff26ade5088b7cdd9238a805450d https://github.com/openbsd/ports/commit/c8307509d3638d5e5e6c1b7be411f4cdeba0e113
| * | | | Check for X509_STORE_get_ex_new_index function separatelyJeremy Evans2019-05-302-0/+4
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | Don't assume that just because X509_STORE_set_ex_data is defined that the second one is defined. Some versions of LibreSSL need this. See https://github.com/openbsd/ports/commit/23f03b0df4af7e0606fd73c551a39430234b7449
* / / / Add support for SSL_CTX_use_certificate_chain_file. Fixes #254.Samuel Williams2019-06-131-0/+12
|/ / /
* | | Fix typo in docsJanko Marohnić2018-11-101-1/+1
| | |
* | | Remove -Wno-parentheses flag.nobu2018-10-185-9/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [Fix GH-1958] From: Jun Aruga <jaruga@redhat.com> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64806 b2dd03c8-39d4-4d8f-98ff-823fe69b080e * expand tabs. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Suppress more -Wparentheses warnings [Fix GH-1958] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e [ky: this is a combined patch of r64806-r64808.] Sync-with-trunk: r64808
* | | Merge branch 'maint'Kazuki Yamaguchi2018-10-183-3/+3
|\| | | | | | | | | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.1.2 Ruby/OpenSSL 2.0.9 needs openssl/opensslv.h x509name: fix OpenSSL::X509::Name#{cmp,<=>}
| * | Ruby/OpenSSL 2.1.2v2.1.2Kazuki Yamaguchi2018-10-171-1/+1
| | |
| * | Merge branch 'maint-2.0' into maintKazuki Yamaguchi2018-10-172-2/+2
| |\| | | | | | | | | | | | | | | | | | | * maint-2.0: Ruby/OpenSSL 2.0.9 needs openssl/opensslv.h x509name: fix OpenSSL::X509::Name#{cmp,<=>}
| | * Ruby/OpenSSL 2.0.9v2.0.9Kazuki Yamaguchi2018-10-171-1/+1
| | |
| | * needs openssl/opensslv.hnobu2018-10-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb: LIBRESSL_VERSION_NUMBER is defined in openssl/opensslv.h. fix up r64101. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64236 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r64236
| | * Merge branch 'ky/x509name-cmp-bugfix' into maint-2.0Kazuki Yamaguchi2018-10-171-1/+1
| | |\ | | | | | | | | | | | | | | | | * ky/x509name-cmp-bugfix: x509name: fix OpenSSL::X509::Name#{cmp,<=>}
| | | * x509name: fix OpenSSL::X509::Name#{cmp,<=>}ky/x509name-cmp-bugfixKazuki Yamaguchi2018-10-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix wrong use of X509_NAME_cmp() return value. OpenSSL::X509::Name#<=> could return 0 when the two objects aren't identical. Reported by Tyler Eckstein. CVE-2018-16395. Reference: https://hackerone.com/reports/387250
* | | | Merge branch 'maint'Kazuki Yamaguchi2018-08-0812-12/+50
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint: x509name: fix handling of X509_NAME_{oneline,print_ex}() return value x509name: refactor OpenSSL::X509::Name#to_s test/test_x509name: change script encoding to ASCII-8BIT reduce LibreSSL warnings openssl_missing.h: constified openssl: search winsock search winsock libraries explicitly no ID cache in Init functions test/test_ssl: fix test failure with TLS 1.3 tool/ruby-openssl-docker: update to latest versions pkey: resume key generation after interrupt
| * | | Merge branch 'maint-2.0' into maintKazuki Yamaguchi2018-08-081-6/+6
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | * maint-2.0: x509name: fix handling of X509_NAME_{oneline,print_ex}() return value x509name: refactor OpenSSL::X509::Name#to_s test/test_x509name: change script encoding to ASCII-8BIT
| | * | x509name: fix handling of X509_NAME_{oneline,print_ex}() return valueky/x509name-to-s-emptyKazuki Yamaguchi2018-08-081-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_NAME_print_ex() behaves differently depending on the passed flags. When XN_FLAG_COMPAT is specified, it returns either 1 on success or 0 on error. Otherwise, it returns the byte size written or -1 on error. This means 0 return is not necessarily an error. Also, X509_NAME_oneline() return value needs to be checked as it may fail with a NULL return. Fixes: https://github.com/ruby/openssl/issues/200
| | * | x509name: refactor OpenSSL::X509::Name#to_sKazuki Yamaguchi2018-08-081-18/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Extract the body into a function in preparation for adding #to_utf8. Also a potential memory leak is fixed: the GetX509Name() macro can raise TypeError. (cherry picked from commit 58964733f7d1f9646ecc344d127150aa7115760e)
| * | | Merge branch 'maint-2.0' into maintKazuki Yamaguchi2018-08-0812-6/+44
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fix made in 6fcc6c0efc42 ("test/test_ssl: fix test failure with TLS 1.3", 2018-08-06) is applied to the new test cases. * maint-2.0: reduce LibreSSL warnings openssl_missing.h: constified openssl: search winsock search winsock libraries explicitly no ID cache in Init functions test/test_ssl: fix test failure with TLS 1.3 tool/ruby-openssl-docker: update to latest versions pkey: resume key generation after interrupt
| | * | Merge pull request #205 from rhenium/ky/pkey-generate-interrupt-resumeKazuki Yamaguchi2018-08-082-4/+26
| | |\ \ | | | | | | | | | | pkey: resume key generation after interrupt [Bug #14882]
| | | * | pkey: resume key generation after interruptky/pkey-generate-interrupt-resumeKazuki Yamaguchi2018-07-272-4/+26
| | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Key/parameter generation (OpenSSL::PKey::*.{new,generate}) immediately aborts when it is done with GVL released (in other words, no block is given) and the thread is interrupted (e.g., by a signal) during the operation. Have ossl_generate_cb_2() acquire GVL and call rb_thread_check_ints() if needed to process the pending interrupt rather than abort the operation completely by returning 0. Reference: https://bugs.ruby-lang.org/issues/14882
| | * | reduce LibreSSL warningsnobu2018-08-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb: LibreSSL headers emit "overriding WinCrypt defines" warnings if wincrypt.h has been included (except for x509.h) on Windows. get rid of including the header by defining NOCRYPT macro. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64101 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r64101
| | * | openssl_missing.h: constifiednobu2018-08-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/openssl_missing.h (IMPL_KEY_ACCESSOR{2,3}): constified obj argument getters. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63684 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r63684
| | * | openssl: search winsocknobu2018-08-081-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb: on Windows search winsock library always, regardless pkg-config. direct use of winsock is not region of OpenSSL. [ruby-core:85895] [Bug #14568] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62637 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r62637
| | * | search winsock libraries explicitlynobu2018-08-081-0/+1
| | | | | | | | | | | | | | | | | | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62628 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r62628
| | * | no ID cache in Init functionsnobu2018-08-089-0/+9
| | |/ | | | | | | | | | | | | | | | | | | Init functions are called only once, cache is useless. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62429 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Sync-with-trunk: r62429
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-25 17:06:32 +0000