diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 18 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 15 |
3 files changed, 25 insertions, 18 deletions
@@ -1,3 +1,13 @@ +Sat Aug 1 03:14:07 2015 Aaron Patterson <tenderlove@ruby-lang.org> + + * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert + `tmp_dh_callback` to Ruby, and call it when setting up an SSL + connection. This allows us to move the "default" behavior to the + reader method. + + * ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of + accessing the SSLContext's internals. + Fri Jul 31 23:34:27 2015 Aaron Patterson <tenderlove@ruby-lang.org> * .travis.yml: update libssl before running tests. diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index ed33f27f1d..07f693181a 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -77,12 +77,23 @@ module OpenSSL INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "renegotiation_cb", "verify_callback", "options", "cert_store", "extra_chain_cert", - "client_cert_cb", "session_id_context", + "client_cert_cb", "session_id_context", "tmp_dh_callback", "session_get_cb", "session_new_cb", "session_remove_cb", "tmp_ecdh_callback", "servername_cb", "npn_protocols", "alpn_protocols", "alpn_select_cb", "npn_select_cb"].map { |x| "@#{x}" } + # A callback invoked when DH parameters are required. + # + # The callback is invoked with the Session for the key exchange, an + # flag indicating the use of an export cipher and the keylength + # required. + # + # The callback must return an OpenSSL::PKey::DH instance of the correct + # key length. + + attr_writer :tmp_dh_callback + # call-seq: # SSLContext.new => ctx # SSLContext.new(:TLSv1) => ctx @@ -91,7 +102,6 @@ module OpenSSL # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS def initialize(version = nil) INIT_VARS.each { |v| instance_variable_set v, nil } - @tmp_dh_callback = OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK return unless version self.ssl_version = version end @@ -115,8 +125,8 @@ module OpenSSL return params end - def tmp_dh_callback=(value) - @tmp_dh_callback = value || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK + def tmp_dh_callback + @tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK end end diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 9fe33773db..08d137590c 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -49,7 +49,6 @@ static VALUE eSSLErrorWaitWritable; #define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v)) #define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v)) #define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v)) -#define ossl_sslctx_set_tmp_dh_cb(o,v) rb_iv_set((o),"@tmp_dh_callback",(v)) #define ossl_sslctx_set_sess_id_ctx(o, v) rb_iv_set((o),"@session_id_context",(v)) #define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert") @@ -66,7 +65,7 @@ static VALUE eSSLErrorWaitWritable; #define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert") #define ossl_sslctx_get_client_cert_cb(o) rb_iv_get((o),"@client_cert_cb") #define ossl_sslctx_get_tmp_ecdh_cb(o) rb_iv_get((o),"@tmp_ecdh_callback") -#define ossl_sslctx_get_tmp_dh_cb(o) rb_iv_get((o),"@tmp_dh_callback") +#define ossl_sslctx_get_tmp_dh_cb(o) rb_funcall((o),rb_intern("tmp_dh_callback"),0) #define ossl_sslctx_get_sess_id_ctx(o) rb_iv_get((o),"@session_id_context") #define ossl_ssl_get_io(o) rb_iv_get((o),"@io") @@ -2115,18 +2114,6 @@ Init_ossl_ssl(void) */ rb_attr(cSSLContext, rb_intern("tmp_ecdh_callback"), 1, 1, Qfalse); - /* - * A callback invoked when DH parameters are required. - * - * The callback is invoked with the Session for the key exchange, an - * flag indicating the use of an export cipher and the keylength - * required. - * - * The callback must return an OpenSSL::PKey::DH instance of the correct - * key length. - */ - rb_attr(cSSLContext, rb_intern("tmp_dh_callback"), 1, 0, Qfalse); - /* * Sets the context in which a session can be reused. This allows * sessions for multiple applications to be distinguished, for example, by |