diff options
Diffstat (limited to 'ext/openssl/lib')
| -rw-r--r-- | ext/openssl/lib/openssl.rb | 1 | ||||
| -rw-r--r-- | ext/openssl/lib/openssl/pkey.rb | 36 | ||||
| -rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 18 |
3 files changed, 39 insertions, 16 deletions
diff --git a/ext/openssl/lib/openssl.rb b/ext/openssl/lib/openssl.rb index 1c8feb5cdd..c2a17aae4f 100644 --- a/ext/openssl/lib/openssl.rb +++ b/ext/openssl/lib/openssl.rb @@ -17,6 +17,7 @@ require 'openssl.so' require 'openssl/bn' +require 'openssl/pkey' require 'openssl/cipher' require 'openssl/config' require 'openssl/digest' diff --git a/ext/openssl/lib/openssl/pkey.rb b/ext/openssl/lib/openssl/pkey.rb new file mode 100644 index 0000000000..007934f81e --- /dev/null +++ b/ext/openssl/lib/openssl/pkey.rb @@ -0,0 +1,36 @@ +module OpenSSL + module PKey + if defined?(OpenSSL::PKey::DH) + + class DH + DEFAULT_512 = new <<-_end_of_pem_ +-----BEGIN DH PARAMETERS----- +MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2 +zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC +-----END DH PARAMETERS----- + _end_of_pem_ + + DEFAULT_1024 = new <<-_end_of_pem_ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ +AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR +T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC +-----END DH PARAMETERS----- + _end_of_pem_ + end + + DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| + warn "using default DH parameters." if $VERBOSE + case keylen + when 512 then OpenSSL::PKey::DH::DEFAULT_512 + when 1024 then OpenSSL::PKey::DH::DEFAULT_1024 + else + nil + end + } + + else + DEFAULT_TMP_DH_CALLBACK = nil + end + end +end diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index 1c0cc2fd00..e1b557cd68 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -74,20 +74,6 @@ module OpenSSL DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL end - if defined?(OpenSSL::PKey::DH) - DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| - warn "using default DH parameters." if $VERBOSE - case keylen - when 512 then OpenSSL::PKey::DH::DEFAULT_512 - when 1024 then OpenSSL::PKey::DH::DEFAULT_1024 - else - nil - end - } - else - DEFAULT_TMP_DH_CALLBACK = nil - end - INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "renegotiation_cb", "verify_callback", "options", "cert_store", "extra_chain_cert", @@ -105,7 +91,7 @@ module OpenSSL # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS def initialize(version = nil) INIT_VARS.each { |v| instance_variable_set v, nil } - @tmp_dh_callback = DEFAULT_TMP_DH_CALLBACK + @tmp_dh_callback = OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK return unless version self.ssl_version = version end @@ -130,7 +116,7 @@ module OpenSSL end def tmp_dh_callback=(value) - @tmp_dh_callback = value || DEFAULT_TMP_DH_CALLBACK + @tmp_dh_callback = value || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK end end |