| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
| |
Drop support for Ruby 2.3, 2.4, and 2.5.
As of 2021-10, Ruby 2.6 is the oldest version that still receives
security fixes from the Ruby core team, so it doesn't make much sense
to keep code for those ancient versions.
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint-2.2: (43 commits)
Ruby/OpenSSL 2.2.1
openssl is ractor-safe
Fixed the results of OpenSSL::Timestamp::Response#failure_info
Don't redefine #rb_intern over and over again
Use rb_intern_const instead of rb_intern in Init functions
Remove trailing spaces [ci skip]
test/openssl/test_ssl: use TLS 1.2 for finished_messages on LibreSSL
Ruby/OpenSSL 2.1.3
ssl: avoid directly storing String object in NPN callback
x509store: explicitly call rb_gc_mark() against Store/StoreContext
ssl: explicitly call rb_gc_mark() against SSLContext/SSLSocket objects
digest: load digest library using Kernel#require
pkey: use RSTRING_LENINT() instead of casting to int
fix segv in Timestamp::{Request,Response,TokenInfo}.new
ts: libressl build fix warning
ext/openssl/extconf.rb: require OpenSSL version >= 1.0.1, < 3
.github/workflows: update OpenSSL/LibreSSL versions
test: adjust test cases for LibreSSL 3.2.4
ssl: temporary lock string buffer while reading
ssl: create a temporary frozen string buffer when writing
...
|
| | |
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* maint-2.1: (22 commits)
test/openssl/test_ssl: skip test_fallback_scsv if necessary
test/openssl/test_ssl.rb: ignore SSLError when the connection is closed
Fixed misspellings
ext/openssl/extconf.rb: do not use -Werror=deprecated-declarations
Guard static variable first
ext/openssl/ossl_ssl.c: Use const declaration if LibreSSL >= 2.8.0
drop-in type check for rb_define_module_function
rb_iterate now takes rb_block_call_func_t
Add a /* fall through */ comment
test/openssl/utils.rb: Extend the timeout
test/test_ssl.rb: Use TLS1.2
test/test_ssl.rb: Use larger keys
test: use larger keys for SSL tests
test/test_pair: fix deadlock in test_connect_accept_nonblock
Ignore warnings about ambiguous first argument with the negative integer.
ext/openssl/ossl_bn.c (ossl_bn_initialize): get rid of SEGV
errno.h must be included after config.h because config.h might define _REENTRANT, _THREAD_SAFE, etc., which affect how errno is defined on some architectures
Fix call-seq of OpenSSL.fips_mode and WIN32OLE_METHOD#name [ci skip]
Remove -Wno-parentheses flag.
Correctly verify abbreviated IPv6 SANs
...
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 2.1 branch. ]
IPv6 SAN-verification accommodates
["zero-compression"](https://tools.ietf.org/html/rfc5952#section-2.2).
It also accommodates non-compressed addresses.
Previously the verification of IPv6 addresses would fail unless the
address syntax matched a specific format (no zero-compression, no
leading zeroes).
As an example, the IPv6 loopback address, if represented as `::1`, would
not verify. Nor would it verify if represented as
`0000:0000:0000:0000:0000:0000:0000:0001`; however, both representations
are valid, RFC-compliant representations. The library would only accept
a very specific representation (i.e. `0:0:0:0:0:0:0:1`).
This commit addresses that shortcoming, and ensures that any valid IPv6
representation will correctly verify.
(cherry picked from commit 9322a104d16b02c7a79f9ab589859c9d63fabf52)
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Back in 2016, we chose not to use Bundler in Ruby/OpenSSL development
because Bundler depended on openssl and could not be used for testing
openssl itself - "bundle exec rake test" would end up with loading two
different versions of openssl at the same time.
This has been resolved long time ago. We can now safely use it for
development dependency management and for Rake tasks.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 55cfee6edbc5c663cbe73323852b93292cf94a3f.
Unfortunately, this doesn't work well in some places because RubyGems
depends on openssl in some code paths. This ends up with defining
OpenSSL::VERSION twice and producing warning:
/work/ruby/ext/openssl/lib/openssl/version.rb:4: warning: already initialized constant OpenSSL::VERSION
/work/ruby/.x86_64-linux/.ext/common/openssl/version.rb:5: warning: previous definition of VERSION was here
|
| |
| |
| |
| | |
Use version.rb in gemspec so version string exists in one location
|
| |
| |
| |
| | |
core repository
|
| | |
|
| | |
|
| |
| |
| | |
ipaddr is a builtin class for ruby, that is occasionally merged. If the version isn't specified by the runtime dependency, then it will default to needing the latest gem rather than the version that ships with that version of ruby. That will lead to all kinds of potential dependency fails that are most likely unneeded since this gem already requires ruby > 2.3.0
|
|\|
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.1.2
Ruby/OpenSSL 2.0.9
needs openssl/opensslv.h
x509name: fix OpenSSL::X509::Name#{cmp,<=>}
|
| | |
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.1.1
Ruby/OpenSSL 2.0.8
test/test_ssl_session: set client protocol version explicitly
test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1
extconf.rb: fix build with LibreSSL 2.7.0
cipher: validate iterations argument for Cipher#pkcs5_keyivgen
test/utils: disable Thread's report_on_exception in start_server
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPv6 SAN-verification accommodates
["zero-compression"](https://tools.ietf.org/html/rfc5952#section-2.2).
It also accommodates non-compressed addresses.
Previously the verification of IPv6 addresses would fail unless the
address syntax matched a specific format (no zero-compression, no
leading zeroes).
As an example, the IPv6 loopback address, if represented as `::1`, would
not verify. Nor would it verify if represented as
`0000:0000:0000:0000:0000:0000:0000:0001`; however, both representations
are valid, RFC-compliant representations. The library would only accept
a very specific representation (i.e. `0:0:0:0:0:0:0:1`).
This commit addresses that shortcoming, and ensures that any valid IPv6
representation will correctly verify.
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.5
ssl: fix compile error with OpenSSL 1.0.0
ssl: remove unsupported TLS versions from SSLContext::METHODS
Add msys2 library dependency tag in gem metadata
ossl_pem_passwd_cb: handle nil from the block explicitly
ossl_pem_passwd_cb: do not check for taintedness
ossl_pem_passwd_cb: relax passphrase length constraint
appveyor.yml: test against Ruby 2.4
Rakefile: install_dependencies: install only when needed
bio: do not use the FILE BIO method in ossl_obj2bio()
bio: prevent possible GC issue in ossl_obj2bio()
test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
RubyInstaller2 supports metadata tags for installation of dependent
MSYS2/MINGW libraries. The openssl gem requires the mingw-openssl
package to be installed on the system, which the gem installer takes
care about, when this tag is set.
The feature is documented here:
https://github.com/oneclick/rubyinstaller2/wiki/For-gem-developers#msys2-library-dependency
This fixes issues like
https://github.com/oneclick/rubyinstaller2/issues/54 and
https://github.com/oneclick/rubyinstaller2/issues/53 .
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Add me to authors and cleanup files.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This takes advantage of zzak/ruby-openssl-docker@e26d90172
Since the build container has Ruby without stdlib openssl,
when building the gem to install locally we can't require openssl.
This means that the gemspec has to use static version constant.
We also removed bundler from development.
|
| |
|
| |
|
|
|
|
| |
Fixes #3
|
| |
|
|
|
|
| |
use ruby-lang.org.
|
| |
|
| |
|
| |
|
|
|