diff options
| author | tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-08-01 00:12:46 +0000 |
|---|---|---|
| committer | tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-08-01 00:12:46 +0000 |
| commit | d8225d9f048e0df232cde5f17941b8e06d621d0b (patch) | |
| tree | 64e86fc95675cf4a9ca5c9bdf09c67b047ab2486 /ext/openssl | |
| parent | bcc2641ed853d69b7717b9ef1a2c5e13f3d56e43 (diff) | |
| download | ruby-d8225d9f048e0df232cde5f17941b8e06d621d0b.tar.gz | |
* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implement
SSLContext#options and options= using SSL_CTX_set_options and
SSL_CTX_get_options. This reduces the number of ivars we need and
simplifies `ossl_sslctx_setup`.
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options`
to SSL_OP_ALL
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl')
| -rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 3 | ||||
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 49 |
2 files changed, 37 insertions, 15 deletions
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index 07f693181a..d50f05851d 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -76,7 +76,7 @@ module OpenSSL INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "renegotiation_cb", - "verify_callback", "options", "cert_store", "extra_chain_cert", + "verify_callback", "cert_store", "extra_chain_cert", "client_cert_cb", "session_id_context", "tmp_dh_callback", "session_get_cb", "session_new_cb", "session_remove_cb", "tmp_ecdh_callback", "servername_cb", "npn_protocols", @@ -102,6 +102,7 @@ module OpenSSL # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS def initialize(version = nil) INIT_VARS.each { |v| instance_variable_set v, nil } + self.options = OpenSSL::SSL::OP_ALL return unless version self.ssl_version = version end diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index a579836085..7c88453fe4 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -45,7 +45,6 @@ static VALUE eSSLErrorWaitWritable; #define ossl_sslctx_set_verify_mode(o,v) rb_iv_set((o),"@verify_mode",(v)) #define ossl_sslctx_set_verify_dep(o,v) rb_iv_set((o),"@verify_depth",(v)) #define ossl_sslctx_set_verify_cb(o,v) rb_iv_set((o),"@verify_callback",(v)) -#define ossl_sslctx_set_options(o,v) rb_iv_set((o),"@options",(v)) #define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v)) #define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v)) #define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v)) @@ -60,7 +59,6 @@ static VALUE eSSLErrorWaitWritable; #define ossl_sslctx_get_verify_mode(o) rb_iv_get((o),"@verify_mode") #define ossl_sslctx_get_verify_dep(o) rb_iv_get((o),"@verify_depth") #define ossl_sslctx_get_verify_cb(o) rb_iv_get((o),"@verify_callback") -#define ossl_sslctx_get_options(o) rb_iv_get((o),"@options") #define ossl_sslctx_get_cert_store(o) rb_iv_get((o),"@cert_store") #define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert") #define ossl_sslctx_get_client_cert_cb(o) rb_iv_get((o),"@client_cert_cb") @@ -666,6 +664,39 @@ ssl_info_cb(const SSL *ssl, int where, int val) } /* + * Gets various OpenSSL options. + */ +static VALUE +ossl_sslctx_get_options(VALUE self) +{ + SSL_CTX *ctx; + GetSSLCTX(self, ctx); + return LONG2NUM(SSL_CTX_get_options(ctx)); +} + +/* + * Sets various OpenSSL options. + */ +static VALUE +ossl_sslctx_set_options(VALUE self, VALUE options) +{ + SSL_CTX *ctx; + + rb_check_frozen(self); + GetSSLCTX(self, ctx); + + SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx)); + + if (NIL_P(options)) { + SSL_CTX_set_options(ctx, SSL_OP_ALL); + } else { + SSL_CTX_set_options(ctx, NUM2LONG(options)); + } + + return self; +} + +/* * call-seq: * ctx.setup => Qtrue # first time * ctx.setup => nil # thereafter @@ -778,13 +809,6 @@ ossl_sslctx_setup(VALUE self) val = ossl_sslctx_get_verify_dep(self); if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2INT(val)); - val = ossl_sslctx_get_options(self); - if(!NIL_P(val)) { - SSL_CTX_set_options(ctx, NUM2LONG(val)); - } else { - SSL_CTX_set_options(ctx, SSL_OP_ALL); - } - #ifdef HAVE_OPENSSL_NPN_NEGOTIATED val = rb_iv_get(self, "@npn_protocols"); if (!NIL_P(val)) { @@ -2064,11 +2088,6 @@ Init_ossl_ssl(void) rb_attr(cSSLContext, rb_intern("verify_callback"), 1, 1, Qfalse); /* - * Sets various OpenSSL options. - */ - rb_attr(cSSLContext, rb_intern("options"), 1, 1, Qfalse); - - /* * An OpenSSL::X509::Store used for certificate verification */ rb_attr(cSSLContext, rb_intern("cert_store"), 1, 1, Qfalse); @@ -2291,6 +2310,8 @@ Init_ossl_ssl(void) rb_define_method(cSSLContext, "session_cache_size=", ossl_sslctx_set_session_cache_size, 1); rb_define_method(cSSLContext, "session_cache_stats", ossl_sslctx_get_session_cache_stats, 0); rb_define_method(cSSLContext, "flush_sessions", ossl_sslctx_flush_sessions, -1); + rb_define_method(cSSLContext, "options", ossl_sslctx_get_options, 0); + rb_define_method(cSSLContext, "options=", ossl_sslctx_set_options, 1); ary = rb_ary_new2(numberof(ossl_ssl_method_tab)); for (i = 0; i < numberof(ossl_ssl_method_tab); i++) { |