diff options
author | tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-07-31 18:20:31 +0000 |
---|---|---|
committer | tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-07-31 18:20:31 +0000 |
commit | 5b5d79c88bef88f35b24578873bdc39ef2157f20 (patch) | |
tree | 9525d088b0bdceaac3849002bf7e3dc0ec2a3252 /ext/openssl/lib | |
parent | af13f15b50b0fa20248acd75dfae959a3b8501b9 (diff) | |
download | ruby-5b5d79c88bef88f35b24578873bdc39ef2157f20.tar.gz |
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert
`tmp_dh_callback` to Ruby, and call it when setting up an SSL
connection. This allows us to move the "default" behavior to the
reader method.
* ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of
accessing the SSLContext's internals.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/lib')
-rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index ed33f27f1d..07f693181a 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -77,12 +77,23 @@ module OpenSSL INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "renegotiation_cb", "verify_callback", "options", "cert_store", "extra_chain_cert", - "client_cert_cb", "session_id_context", + "client_cert_cb", "session_id_context", "tmp_dh_callback", "session_get_cb", "session_new_cb", "session_remove_cb", "tmp_ecdh_callback", "servername_cb", "npn_protocols", "alpn_protocols", "alpn_select_cb", "npn_select_cb"].map { |x| "@#{x}" } + # A callback invoked when DH parameters are required. + # + # The callback is invoked with the Session for the key exchange, an + # flag indicating the use of an export cipher and the keylength + # required. + # + # The callback must return an OpenSSL::PKey::DH instance of the correct + # key length. + + attr_writer :tmp_dh_callback + # call-seq: # SSLContext.new => ctx # SSLContext.new(:TLSv1) => ctx @@ -91,7 +102,6 @@ module OpenSSL # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS def initialize(version = nil) INIT_VARS.each { |v| instance_variable_set v, nil } - @tmp_dh_callback = OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK return unless version self.ssl_version = version end @@ -115,8 +125,8 @@ module OpenSSL return params end - def tmp_dh_callback=(value) - @tmp_dh_callback = value || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK + def tmp_dh_callback + @tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK end end |