aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* test/rubygems: regenerate certificatesfeature/openssl-110-v3Kazuki Yamaguchi2016-05-1420-194/+222
| | | | Merge https://github.com/rubygems/rubygems/pull/1611
* test/open-uri: regenerate test certificatesKazuki Yamaguchi2016-05-141-80/+76
| | | | | | The current CA certificate is created with basicConstraints=CA:FALSE but it is no longer allowed in OpenSSL 1.1.0. So recreate the CA (and server certificate).
* test/openssl: don't test default session timeoutKazuki Yamaguchi2016-05-141-1/+0
| | | | | | | | | | | The default session timeout for TLSv1 is 7200 and shouldn't be 300. And this should not be checked because the value is decided by just "the 24 hours mentioned in the TLSv1 spec is way too long for http, the cache would over fill" (from OpenSSL's source comment). Old OpenSSL (<= 1.0.2) set ssl_ctx->session_timeout on SSL_CTX_new(), which we call always with SSLv23_method(), and it isn't updated with SSL_set_ssl_method().
* test/openssl: fix test_server_session to dup the sessionKazuki Yamaguchi2016-05-141-4/+4
| | | | | SSL_CTX_remove_session() sets not_resumable to the deleted session and OpenSSL 1.1.0 denies to resume a SSL_SESSION with not_resumable != 0.
* test/openssl: X25519 doesn't support signingKazuki Yamaguchi2016-05-141-1/+3
|
* test/openssl: DSA256 is prohibited with security_level=1Kazuki Yamaguchi2016-05-141-1/+16
|
* ext/openssl: avoid SEGV on Cipher.new("ChaCha20-Poly1305")Kazuki Yamaguchi2016-05-141-9/+13
| | | | | | | | A temporary workaround. EVP_CipherInit_ex() allows to specify NULL to key and/or iv, however when we use ChaCha20-Poly1305 and set only key (this case), it does memcpy(x, NULL, y) and this causes a segmentation fault.
* ext/openssl: ENGINE.cleanup is no-op in OpenSSL 1.1.0Kazuki Yamaguchi2016-05-142-47/+68
| | | | | Add note to the documentation, and fix tests which rely on Engine.cleanup. Test cases are now run in separate process.
* ext/openssl: remove SHA, DSS, DSS1 if using OpenSSL 1.1.0Kazuki Yamaguchi2016-05-147-9/+14
|
* ext/openssl: add SSLContext#set_ecdh_curvesKazuki Yamaguchi2016-05-146-27/+163
| | | | | | | | | | And deprecate #tmp_ecdh_callback. Since SSL_CTX_set_tmp_ecdh_callback() was removed in OpenSSL 1.1.0, we can't provide SSLContext#tmp_ecdh_callback anymore. Instead, we should use SSL_CTX_set1_curves_list() to set the curves and SSL_CTX_set_ecdh_auto() to make OpenSSL select automatically from the list.
* ext/openssl: add SSLContext#security_level, #security_level=Kazuki Yamaguchi2016-05-145-0/+85
| | | | | | | | OpenSSL 1.1.0 introduced "security level" and these methods deal with it. This patch includes many test changes: setting the level to 0. The default security level is 1 and this prohibits aNULL ciphers.
* ext/openssl: EVP_PKEY, DH, DSA, RSA, EC_KEY are made opaqueKazuki Yamaguchi2016-05-1413-168/+424
| | | | | | | | | | | | | | | | | | | | Use EVP_PKEY_get0_* instead of pkey->pkey.* Use EVP_PKEY_base_id(pkey) instead of EVP_PKEY_type(pkey->type) Because of this, we can no longer set the parameters/keys directly, and the newly added functions as alternative require setting all relevant values at the same time. So this patch contains incompatibility: the following code no longer works (if using 1.1.0): dh = OpenSSL::PKey::DH.new(...) dh.priv_key = OpenSSL::BN.new(...) ...and we have to write like: dh = OpenSSL::PKey::DH.new(...) priv = OpenSSL::BN.new(...) pub = <calculate (dh.g ** priv) % dh.p> dh.set_key(pub, priv)
* ext/openssl: use SSL_CTX_get_ciphers()Kazuki Yamaguchi2016-05-143-1/+6
|
* ext/openssl: X509* are made opaqueKazuki Yamaguchi2016-05-1411-78/+184
| | | | | | Replace direct struct access with getter functions. squash! ext/openssl: X509* are made opaque
* ext/openssl: use *_up_ref() functionsKazuki Yamaguchi2016-05-147-10/+45
|
* ext/openssl: SSL_SESSION is made opaqueKazuki Yamaguchi2016-05-142-4/+14
|
* ext/openssl: BIGNUM and BN_GENCB is made opaqueKazuki Yamaguchi2016-05-147-23/+47
|
* ext/openssl: OCSP_SINGLERESP and OCSP_CERTID are also made opaqueKazuki Yamaguchi2016-05-143-4/+11
|
* ext/openssl: use EVP_MD_CTX_new() to allocate EVP_MD_CTXKazuki Yamaguchi2016-05-143-12/+25
|
* ext/openssl: use HMAC_CTX_{new,free,reset} to allocate HMAC_CTXKazuki Yamaguchi2016-05-144-22/+75
| | | | HMAC_CTX is made opaque in OpenSSL 1.1.0
* ext/openssl: use EVP_CIPHER_CTX_{new,free} to allocate EVP_CIPHER_CTXKazuki Yamaguchi2016-05-144-17/+42
| | | | EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0
* ext/openssl: setting locking callbacks is no longer neededKazuki Yamaguchi2016-05-142-0/+5
| | | | These functions are made no-op.
* ext/openssl: SSL_state() is removedKazuki Yamaguchi2016-05-143-7/+14
| | | | | | | | SSL_state() is removed, and the replacement, SSL_get_state(), never returns SSL_ST_ACCEPT. I think it is used to distinguish if the SSL is a server or not, so replacing it with SSL_is_server(). And add some `const`s.
* ext/openssl: avoid using deprecated protocol version specific methodsKazuki Yamaguchi2016-05-142-35/+43
| | | | | They emit warnings with OpenSSL 1.1.0. Instead use SSL_CTX_set_{min,max}_proto_version().
* ext/openssl: d2i_ASN1_BOOLEAN is removedKazuki Yamaguchi2016-05-141-6/+7
|
* ext/openssl: disable OpenSSL::Random.pseudo_bytes if deprecatedKazuki Yamaguchi2016-05-142-0/+5
|
* ext/openssl: avoid deprecated BN primes functionsKazuki Yamaguchi2016-05-141-3/+3
| | | | | BN_generate_prime(), BN_is_prime(), BN_is_prime_fasttest() is deprecated and the replacements are available on all versions of OpenSSL >= 0.9.8.
* ext/openssl: include openssl/asn1.h instead of openssl/asn1_mac.hKazuki Yamaguchi2016-05-142-3/+3
| | | | asn1_mac.h is removed in OpenSSL 1.1.0
* ext/openssl: drop support for OPENSSL_NO_HMACKazuki Yamaguchi2016-05-142-16/+1
| | | | | | It has not been actually supported: since ossl.h includes openssl/hmac.h without any guards, it wouldn't compile if OPENSSL_NO_HMAC is enabled.
* ext/openssl: drop support for OpenSSL 0.9.6/0.9.7Kazuki Yamaguchi2016-05-1426-849/+169
| | | | | | | | | The last release of OpenSSL 0.9.7 series was over 9 years ago (!) and even 0.9.8/1.0.0 are no longer supported (EOL was 2015-12-31). It actually doesn't compile since r40461 (ext/openssl/ossl_bn.c (ossl_bn_initialize): allow Fixnum and Bignum. [ruby-core:53986] [Feature #8217], 2013-04-25, 2.1.0) and it looks like nobody noticed it.
* ext/openssl: remove 'extern "C" { }' blocksKazuki Yamaguchi2016-05-142-17/+0
| | | | | | They have existed since ext/openssl was imported to Ruby, but since openssl_missing.h and ossl.h are not library code, we can remove these extern "C"s.
* ext/openssl: no need to check OPENSSL_FIPS in extconf.rbKazuki Yamaguchi2016-05-142-3/+2
| | | | | Since openssl/opensslconf.h is always included, we can check OPENSSL_FIPS macro directly.
* ext/openssl: always use our implementation of SSL_SESSION_cmp()Kazuki Yamaguchi2016-05-144-5/+26
| | | | | Rename our SSL_SESSION_cmp() to ossl_SSL_SESSION_cmp(). Implement CRYPTO_memcmp() in openssl_missing.c if it is not provided.
* ext/openssl: check argument type in OpenSSL::X509::Attribute#value=Kazuki Yamaguchi2016-05-142-0/+48
| | | | | | | | | | | The following code causes SEGV: OpenSSL::X509::Attribute.new("challengePassword", nil) * ext/openssl/ossl_x509attr.c (ossl_x509attr_set_value): check that the argument is an instance of OpenSSL::ASN1::Data, before ossl_asn1_get_asn1type(). * test/openssl/test_x509attr.rb: add tests
* ext/openssl: register new ex_data index also for X509_STOREKazuki Yamaguchi2016-05-146-26/+20
| | | | | X509_STORE_get_ex_new_index() is required in addition to X509_STORE_CTX_get_ex_new_index() because they are independent.
* ext/openssl: check if SSL_CTX_clear_options() is availableKazuki Yamaguchi2016-05-142-0/+6
| | | | | | | | | | Fix build with early versions of OpenSSL 0.9.8. SSL_CTX_clear_options() was introduced in OpenSSL 0.9.8m, but unfortunately some Linux distributions still use 0.9.8e. * ext/openssl/extconf.rb: check existence of SSL_CTX_clear_options(). * ext/openssl/openssl_missing.h: implement the macro.
* ChangeLog: GitHub referencenobu2016-05-141-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55000 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/mkmf.rb: use xsystem to pkg-config --existsnobu2016-05-142-1/+7
| | | | | | | | * lib/mkmf.rb (pkg_config): use xsystem consistently to set up library path environment variable as well as latter pkg-config calls. [ruby-dev:49619] [Bug #12379] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54999 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_rand.rb: tests for seedsnobu2016-05-131-0/+14
| | | | | | | * test/ruby/test_rand.rb: tests for Random.raw_seed and Random.new_seed. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54998 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c: no local copy of the seednobu2016-05-132-15/+12
| | | | | | | * random.c (make_seed_value): append leading-zero-guard and get rid of making a local copy of the seed. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54997 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * 2016-05-14svn2016-05-131-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54996 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c: fill_random_seed sizenobu2016-05-131-6/+7
| | | | | | * random.c (fill_random_seed): move the seed size to an argument. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54995 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c: clear bufnobu2016-05-131-1/+4
| | | | | | * random.c (random_seed): clear temporary buffer explicitly. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* fix typos [ci skip]kazu2016-05-131-2/+2
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54993 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* drop FreeBSD < 4 supportnobu2016-05-123-8/+11
| | | | | | | | | | * NEWS: drop FreeBSD < 4 support. The most recent version affected by this is 3.5 and was released in 2000. https://www.freebsd.org/releases/3.5R/announce.html https://en.wikipedia.org/wiki/History_of_FreeBSD#Version_history git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54992 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* extmk.rb: failures formatnobu2016-05-121-2/+11
| | | | | | | * ext/extmk.rb: show extension failures in compilation-mode friendly format. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54991 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* defines.h: avoid redefinitionnobu2016-05-121-0/+2
| | | | | | | * include/ruby/defines.h (GCC_VERSION_SINCE): get rid of re-definition. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54990 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* fix typo in r54988naruse2016-05-121-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54989 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* include/ruby/defines.h (GCC_VERSION_SINCE): moved from internal.hnaruse2016-05-125-23/+27
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54988 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * 2016-05-13svn2016-05-121-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54987 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-18 22:38:14 +0000