ruby-openssl.git - rhe's working repository

	Commit message (Collapse)	Author	Age	Files	Lines
*	test/utils: have start_server yield only the port number	Kazuki Yamaguchi	2017-08-24	1	-6/+6
\| \| \| \| \| \| \|	The block passed to start_server is invoked with two arguments, the running thread object for the server and the automatically-selected port number. The first argument is completely useless and actually is not used anywhere.
*	ssl: remove unsupported TLS versions from SSLContext::METHODS	Kazuki Yamaguchi	2017-08-08	1	-4/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Check for all version-specific SSL methods. We do check for existence of TLSv1_1_method() and TLSv1_2_method(), but not for TLSv1_method(). This fixes compile error when OpenSSL is configured with no-tls1-method. Also check the OPENSSL_NO_TLS{1,1_1,1_2} macros for whether OpenSSL supports the corresponding versions or not. This prevents :TLSv1 from being in SSLContext::METHODS when OpenSSL is compiled with no-tls1. In particular, Debian sid has disabled TLS 1.0/1.1 support recently. The changes in ext/openssl are partial backport of 4eb4b3297a92 ("Remove support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
*	test/utils: make SSLTestCase#start_server take keyword arguments	Kazuki Yamaguchi	2016-09-07	1	-6/+6
\| \| \| \| \| \| \| \| \|	Convert the two mandatory parameters, verify_mode and start_immediately, into keyword arguments with a default value. The verify_mode parameter is only useful for client certificate authentication. So most test cases sets to OpenSSL::SSL::VERIFY_NONE. Also the start_immediately option is usually set to true.
*	Implement missing initialize_copytopic/fix-initialize-copy	Kazuki Yamaguchi	2016-08-04	1	-0/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Implement initialize_copy for: - OpenSSL::PKCS12 - OpenSSL::SSL::SSLSession - OpenSSL::X509::Attribute - OpenSSL::X509::Extension - OpenSSL::X509::Name - OpenSSL::X509::Revoked Remove initialize_copy from: - OpenSSL::SSL::SSLContext - OpenSSL::SSL::SSLSocket - OpenSSL::Engine - OpenSSL::X509::Store - OpenSSL::X509::StoreContext [Bug #12381]
*	openssl: adjust tests for OpenSSL 1.1.0	rhe	2016-06-09	1	-4/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This fixes `make test-all TESTS=openssl` with OpenSSL master. * test/openssl/test_x509name.rb: Don't register OID for 'emailAddress' and 'serialNumber'. A recent change in OpenSSL made OBJ_create() reject an already existing OID. They were needed to run tests with OpenSSL 0.9.6 which is now unsupported. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25 [ruby-core:75225] [Feature #12324] * test/openssl/test_ssl_session.rb (test_server_session): Duplicate SSL::Session before re-adding to the session store. OpenSSL 1.1.0 starts rejecting SSL_SESSION once removed by SSL_CTX_remove_session(). https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75 * test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519 is new in OpenSSL 1.1.0 but this is for key agreement and not for signing. * test/openssl/test_pair.rb, test/openssl/test_ssl.rb, test/openssl/utils.rb: Set security level to 0 when using aNULL cipher suites. * test/openssl/utils.rb: Use 1024 bits DSA key for client certificates. * test/openssl/test_engine.rb: Run each test in separate process. We can no longer cleanup engines explicitly as ENGINE_cleanup() was removed. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6d4fb1d59e61aacefa25edc4fe5acfe1ac93f743 * ext/openssl/ossl_engine.c (ossl_engine_s_cleanup): Add a note to the RDoc for Engine.cleanup. * ext/openssl/lib/openssl/digest.rb: Don't define constants for DSS, DSS1 and SHA(-0) when using with OpenSSL 1.1.0. They are removed. * test/openssl/test_digest.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_ssl.rb, test/openssl/test_x509cert.rb, test/openssl/test_x509req.rb: Don't test unsupported hash functions. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55314 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
*	openssl: drop OpenSSL 0.9.6/0.9.7 support	rhe	2016-05-31	1	-11/+4
\| \| \| \| \| \|	* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
*	openssl: don't test default session lifetime value	rhe	2016-05-31	1	-1/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	OpenSSL's default session timeout for TLS v1.0 method is not 300 seconds but 7200. The TLS v1.0 specification[1] mentions about it as just "An upper limit of 24 hours is suggested for session ID lifetimes,". And according to OpenSSL 1.0.2h source comment[2], the value 7200 is decided just because "the 24 hours mentioned in the TLSv1 spec is way too long for http, the cache would over fill". The reason why the default lifetime is set to 300 is maybe an OpenSSL bug. We always call SSL_CTX_new() with SSLv23_method(), and this set ssl_ctx->session to 300, the default value for SSLv23_method(). But the following SSL_set_ssl_method() call does not update it. By the way this will be fixed in OpenSSL 1.1.0. [1] https://tools.ietf.org/html/rfc2246#appendix-F.1.4 [2] https://git.openssl.org/?p=openssl.git;a=blob;f=ssl/t1_lib.c;h=dd5bd0050d89f5585c1b06a227eb8221ebf984f1;hb=5dd94f1847c744929a3bd24819f1c99644bb18c7#l193 * test/openssl/test_ssl_session.rb (test_session): remove assertion of the default session timeout. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55078 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
*	Sync trunk	Zachary Scott	2016-02-02	1	-0/+1
\|
*	Sync with ruby trunk	Zachary Scott	2015-09-23	1	-3/+4
\|
*	Sync tests with trunk	Zachary Scott	2015-01-06	1	-33/+44
\|
*	import ruby trunk	SHIBATA Hiroshi	2014-10-27	1	-0/+369