diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-26 16:29:40 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-27 23:07:42 +0900 |
| commit | 0d0067f3d03ef1bedf0a1e9da66606a381c77d7c (patch) | |
| tree | c64a746061e4a064180d82395b7d987efa4cf5f8 /ext/openssl/ossl_ssl.c | |
| parent | e605469019f038a01f385ee65a886a2057fd24f8 (diff) | |
| download | ruby-0d0067f3d03ef1bedf0a1e9da66606a381c77d7c.tar.gz | |
ext/openssl: add SSLContext#security_level, #security_level=
OpenSSL 1.1.0 introduced "security level" and these methods deal with
it.
This patch includes many test changes: setting the level to 0.
The default security level is 1 and this prohibits aNULL ciphers.
Diffstat (limited to 'ext/openssl/ossl_ssl.c')
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 2af2fc0824..c4ed30591c 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -963,6 +963,59 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v) } /* + * call-seq: + * ctx.security_level => 0, .., 5 + * + * The security level for this context. This is new in OpenSSL 1.1.0 and + * always returns 0 if using older OpenSSL. + */ +static VALUE +ossl_sslctx_get_security_level(VALUE self) +{ + SSL_CTX *ctx; + int i; + + GetSSLCTX(self, ctx); + if (!ctx) { + rb_warning("SSL_CTX is not initialized."); + return Qnil; + } + +#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL) + i = SSL_CTX_get_security_level(ctx); +#else + i = 0; +#endif + return INT2FIX(i); +} + +/* + * call-seq: + * ctx.security_level = 0 + * ctx.security_level = 5 + * + * Sets the security level for this context. This is new in OpenSSL 1.1.0 and + * no-op if using older OpenSSL. + */ +static VALUE +ossl_sslctx_set_security_level(VALUE self, VALUE v) +{ + SSL_CTX *ctx; + + rb_check_frozen(self); + + GetSSLCTX(self, ctx); + if (!ctx) + ossl_raise(eSSLError, "SSL_CTX is not initialized."); + +#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL) + SSL_CTX_set_security_level(ctx, NUM2INT(v)); +#endif + + return v; +} + +/* * call-seq: * ctx.session_add(session) -> true | false * @@ -2230,6 +2283,8 @@ Init_ossl_ssl(void) rb_define_method(cSSLContext, "ssl_version=", ossl_sslctx_set_ssl_version, 1); rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0); rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1); + rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0); + rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1); rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0); |