| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
self
add test_add_certificate_chain_file_multiple_certs
|
| | | |
| | | |
| | | |
| | | | |
ssl.peer_cert_chain
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL::PKey::PKey#private_to_der, #private_to_pem are added to the
generic PKey class. They serialize the private key to PKCS #8
{Encrypted,}PrivateKeyInfo format, in DER- and PEM- encoding,
respectively. For symmetry, also add #public_to_der and #public_to_pem
that serialize the public key into X.509 SubjectPublicKeyInfo format.
OpenSSL::PKey.read now reads DER-encoded PKCS #8 keys as well as the
"raw" private keys. PEM-encoded PKCS #8 keys have been already handled
by PEM_read_bio_PrivateKey().
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
add helper to access information and services for the issuer of the Certificate
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This allows for example to use Rails' cache to store these objects. Without this patch you'd get errors like "TypeError (no _dump_data is defined for class OpenSSL::X509::Certificate)"
Note that the X509::Revoked class doesn't need the newly introduced modules as the DER output of X509::CRL already includes these.
|
| | | |
| | | |
| | | |
| | | | |
secure_compare is for user input, fixed_length_secure_compare for already processed data that is known to have the same length
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In 1ade643cbc01f3f7bd96e90bd8837df7ed491a09 the Rails-like secure_compare naming
was adopted and in original pull request introducing this functionality debate
around timing of hash functions followed. This made me realize why Rails'
default of hashing the values to protect users from making mistakes is a good
idea.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
clean `start_server` method `block` argument
|
| | | |
| | | |
| | | |
| | | | |
Minor improvements to formatting and documentation.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The 2nd and 3rd arguments to write_smime are not really testable
without exposing additional OpenSSL constants to Ruby. Still, test
that write_smime works when passed 3 arguments.
Fixes Ruby Bug 8274.
|
| | | |
| | | |
| | | |
| | | | |
Co-authored-by: arrtchiu <arrtchiu@gmail.com>
|
| | | |
| | | |
| | | |
| | | | |
Fixes https://bugs.ruby-lang.org/issues/10098
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Callback will be invoked with new ssl connection upon acceptance
by server. Default is empty proc.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This method allowed roots and intermediates to be specified in a number of ways.
This complexity wasn't super valuable though and its better to only allow an
X509::Store with an optional Array of intermediates. This greatly simplifies
the code and fixes a few leaks.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- make some global variables static instead of extern
- get rid of GetTsReqPtr/GetTsRespPtr functions
- don't use c99 comments
- fix some leaks
- clarify what numeric type is returned (Integer or BN, never Fixnum)
- typos
- add missing checks, remove unecessary checks
- use OPENSSL_NO_TS instead of our own macros checking for ts support
- use EVP_{digest-name} instead of looking up algos by NID
- don't differentiate between failure reasons when verifying
- rename Response#pkcs7 to #token
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- clean up whitespace
- be consistent with not returning after ossl_raise
- use accessor functions when working with openssl TS_* structs
- backport accessors for TS_STATUS_INFO, TS_VERIFY_CTX, and TS_RESP_CTX as macros
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A number of conventions seem to have changed, causing a fair bit of breakage:
- `Data_*` was deprecated in favor of `TypedData_*`
- `ossl_obj2bio` takes a `VALUE*` instead of `VALUE` now
- `time_to_time_t()` was removed
|
| | | |
| | | |
| | | |
| | | | |
This commit applies the third patches (tsr3.tar.gz) from https://bugs.ruby-lang.org/issues/4183
|
| | | |
| | | |
| | | |
| | | | |
This commit applies the second patches (ts2.tar.gz) from https://bugs.ruby-lang.org/issues/4183
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit applies the initial patches (ts.tar.gz) from https://bugs.ruby-lang.org/issues/4183
This compiles with several warnings. Tests don't run yet.
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
/src/test/test_x509name.rb:416: warning: ambiguous first argument; put parentheses or a space even after `-' operator
/src/test/test_x509name.rb:418: warning: ambiguous first argument; put parentheses or a space even after `-' operator
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, OpenSSL::X509::Name#{cmp,<=>} would raise a TypeError if you
attempted to compare a Name object with another object of a different
type. Most Ruby classes instead return nil in this situation.
The old behavior resulted in some strange outcomes:
>> n1 = OpenSSL::X509::Name.new
>> 'abc' == n1
=> false
>> n1 == 'abc'
TypeError: wrong argument type String (expected OpenSSL/X509/NAME)
With the new behavior, cmp/<=> will return nil if the other object is
not an X509::Name instead of raising an error. This allows `==` to also
return false instead of raising an error for type mismatches.
New behavior:
>> n1 = OpenSSL::X509::Name.new
>> n1 == 'abc'
=> false
>> n1 <=> 'abc'
=> nil
|