From 4eb4b3297a92149d0a95c674107d091b18fe76af Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Wed, 30 Nov 2016 21:57:35 +0900
Subject: Remove support for OpenSSL 0.9.8 and 1.0.0

They are no longer receiving security updates from the OpenSSL
development team since 2015-12.

We have kept basic compatibility until now because RHEL 5 still uses an
(heavily modified) OpenSSL 0.9.8e. The RHEL 5 will reach EOL on 2017-03,
thus it is now safe to assume nobody is still using such old versions of
OpenSSL.
---
 lib/openssl/digest.rb | 5 +----
 lib/openssl/ssl.rb    | 8 +++-----
 2 files changed, 4 insertions(+), 9 deletions(-)

(limited to 'lib')

diff --git a/lib/openssl/digest.rb b/lib/openssl/digest.rb
index 97ccbc95..b5729240 100644
--- a/lib/openssl/digest.rb
+++ b/lib/openssl/digest.rb
@@ -15,13 +15,10 @@
 module OpenSSL
   class Digest
 
-    alg = %w(MD2 MD4 MD5 MDC2 RIPEMD160 SHA1)
+    alg = %w(MD2 MD4 MD5 MDC2 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512)
     if OPENSSL_VERSION_NUMBER < 0x10100000
       alg += %w(DSS DSS1 SHA)
     end
-    if OPENSSL_VERSION_NUMBER > 0x00908000
-      alg += %w(SHA224 SHA256 SHA384 SHA512)
-    end
 
     # Return the +data+ hash computed with +name+ Digest. +name+ is either the
     # long name or short name of a supported digest algorithm.
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb
index f40a4514..73f4cdde 100644
--- a/lib/openssl/ssl.rb
+++ b/lib/openssl/ssl.rb
@@ -23,7 +23,7 @@ module OpenSSL
         :options => -> {
           opts = OpenSSL::SSL::OP_ALL
           opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
-          opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+          opts |= OpenSSL::SSL::OP_NO_COMPRESSION
           opts |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
           opts
         }.call
@@ -87,7 +87,7 @@ module OpenSSL
       #
       # The callback is invoked with an SSLSocket and a server name.  The
       # callback must return an SSLContext for the server name or nil.
-      attr_accessor :servername_cb if ExtConfig::HAVE_TLSEXT_HOST_NAME
+      attr_accessor :servername_cb
 
       # call-seq:
       #    SSLContext.new => ctx
@@ -242,9 +242,7 @@ module OpenSSL
       include Buffering
       include SocketForwarder
 
-      if ExtConfig::HAVE_TLSEXT_HOST_NAME
-        attr_reader :hostname
-      end
+      attr_reader :hostname
 
       # The underlying IO object.
       attr_reader :io
-- 
cgit v1.2.3