diff options
| author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-08 14:13:53 +0000 |
|---|---|---|
| committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-08 14:13:53 +0000 |
| commit | a0f292bbcd6421b0cb87b84cb34887c7e020727b (patch) | |
| tree | f70e6c1c635698cc26fc89de1fb1585f48207fd1 /ext/openssl/lib | |
| parent | 4b13656e39fa5da58af9df534570965d5692e9c3 (diff) | |
| download | ruby-a0f292bbcd6421b0cb87b84cb34887c7e020727b.tar.gz | |
openssl: sync with upstream repository
Sync with the current tip of master branch, 62436385306c of
ruby/openssl.git. Changes can be found at:
https://github.com/ruby/openssl/compare/v2.1.1...62436385306c
----------------------------------------------------------------
Brian Cunnie (1):
Correctly verify abbreviated IPv6 SANs
Janko Marohnić (1):
Reduce memory allocation when writing to SSLSocket
Jeremy Evans (1):
Move rb_global_variable call to directly after assignment
Kazuki Yamaguchi (7):
pkcs7: allow recipient's certificate to be omitted for PKCS7#decrypt
pkey: resume key generation after interrupt
tool/ruby-openssl-docker: update to latest versions
test/test_ssl: fix test failure with TLS 1.3
test/test_x509name: change script encoding to ASCII-8BIT
x509name: refactor OpenSSL::X509::Name#to_s
x509name: fix handling of X509_NAME_{oneline,print_ex}() return value
ahadc (1):
Update CONTRIBUTING.md
nobu (6):
no ID cache in Init functions
search winsock libraries explicitly
openssl: search winsock
openssl_missing.h: constified
reduce LibreSSL warnings
openssl/buffering.rb: no RS when output
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/lib')
| -rw-r--r-- | ext/openssl/lib/openssl/buffering.rb | 13 | ||||
| -rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 11 |
2 files changed, 10 insertions, 14 deletions
diff --git a/ext/openssl/lib/openssl/buffering.rb b/ext/openssl/lib/openssl/buffering.rb index 1f2b2a7e44..5d1586e594 100644 --- a/ext/openssl/lib/openssl/buffering.rb +++ b/ext/openssl/lib/openssl/buffering.rb @@ -316,20 +316,15 @@ module OpenSSL::Buffering @wbuffer << s @wbuffer.force_encoding(Encoding::BINARY) @sync ||= false - if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex("\n") - remain = idx ? idx + 1 : @wbuffer.size - nwritten = 0 - while remain > 0 - str = @wbuffer[nwritten,remain] + if @sync or @wbuffer.size > BLOCK_SIZE + until @wbuffer.empty? begin - nwrote = syswrite(str) + nwrote = syswrite(@wbuffer) rescue Errno::EAGAIN retry end - remain -= nwrote - nwritten += nwrote + @wbuffer[0, nwrote] = "" end - @wbuffer[0,nwritten] = "" end end diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index 6a6f2b9431..355eb2ebbb 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -12,6 +12,7 @@ require "openssl/buffering" require "io/nonblock" +require "ipaddr" module OpenSSL module SSL @@ -272,11 +273,11 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3 return true if verify_hostname(hostname, san.value) when 7 # iPAddress in GeneralName (RFC5280) should_verify_common_name = false - # follows GENERAL_NAME_print() in x509v3/v3_alt.c - if san.value.size == 4 - return true if san.value.unpack('C*').join('.') == hostname - elsif san.value.size == 16 - return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname + if san.value.size == 4 || san.value.size == 16 + begin + return true if san.value == IPAddr.new(hostname).hton + rescue IPAddr::InvalidAddressError + end end end } |