| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
The current CA certificate is created with basicConstraints=CA:FALSE but
it is no longer allowed in OpenSSL 1.1.0. So recreate the CA (and server
certificate).
|
| |
|
|
|
|
|
| |
Add note to the documentation, and fix tests which rely on
Engine.cleanup. Test cases are now run in separate process.
|
| |
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1.0 introduced "security level" and these methods deal with
it.
This patch includes many test changes: setting the level to 0.
The default security level is 1 and this prohibits aNULL ciphers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test/openssl/test_x509name.rb: Don't register OID for 'emailAddress'
and 'serialNumber'. A recent change in OpenSSL made OBJ_create()
reject an already existing OID. They were necessary to run tests with
OpenSSL 0.9.6 which is now unsupported.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25
[ruby-core:75225] [Feature #12324]
* test/openssl/test_ssl_session.rb (test_server_session): Duplicate
SSL::Session before re-adding to the SSL context's session store with
SSL::SSLContext#session_add.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75
* test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519
is for key agreement and not suitable for signing.
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: Check for SSL_CTX_set_min_proto_version()
macro added in OpenSSL 1.1.0.
Version specific methods, like TLSv1_method(), are now deprecated in
OpenSSL 1.1.0. We need to use TLS_method() (is the new name of
SSLv23_method()) and disable other protocol versions as necessary.
* ext/openssl/ossl_ssl.c: Use SSL_CTX_set_{min,max}_proto_version(). By
the way, it may be good to expose them to Ruby.
|
|
|
|
|
|
|
| |
* ext/openssl/openssl_missing.h: Include ruby/config.h. r55285 added
some inline functions but VC does not recognize 'inline' keyword.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55291 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* thread.c (thread_start_func_2): report raised exception if
report_on_exception flag is set. [Feature #6647]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55290 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: Check existence of SSL_is_server(). This
function was introduced in OpenSSL 1.0.2.
[ruby-core:75225] [Feature #12324]
* ext/openssl/openssl_missing.h: Implement SSL_is_server() if missing.
* ext/openssl/ossl_ssl.c (ssl_info_cb): Use SSL_is_server() to see if
the SSL is server. The state machine in OpenSSL was rewritten and
SSL_get_state() no longer returns SSL_ST_ACCEPT.
(ossl_ssl_cipher_to_ary, ossl_sslctx_session_get_cb): Add some
`const`s to suppress warning.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55289 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_asn1.c (decode_bool): Do the same thing as
d2i_ASN1_BOOLEAN() does by ourselves. This function is removed in
OpenSSL 1.1.0.
[ruby-core:75225] [Feature #12324]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55288 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: Check existence of accessor functions that
don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its
structures opaque and requires use of these accessor functions.
[ruby-core:75225] [Feature #12324]
* ext/openssl/openssl_missing.[ch]: Implement them if missing.
* ext/openssl/ossl*.c: Use these accessor functions.
* test/openssl/test_hmac.rb: Add missing test for HMAC#reset.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55287 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55286 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55284 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: Check absence of CRYPTO_lock() to see if the
OpenSSL has the new threading API. In OpenSSL <= 1.0.2, an application
had to set locking callbacks to use OpenSSL in a multi-threaded
environment. OpenSSL 1.1.0 now finds pthreads or Windows threads so we
don't need to do something special.
[ruby-core:75225] [Feature #12324]
Also check existence of *_up_ref(). Some structures in OpenSSL have
a reference counter. We used to increment it with CRYPTO_add() which
is a part of the old API.
* ext/openssl/openssl_missing.h: Implement *_up_ref() if missing.
* ext/openssl/ossl.c: Don't set locking callbacks if unneeded.
* ext/openssl/ossl_pkey.c, ext/openssl/ossl_ssl.c,
ext/openssl/ossl_x509cert.c, ext/openssl/ossl_x509crl.c,
ext/openssl/ossl_x509store.c: Use *_up_ref() instead of CRYPTO_add().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55283 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: Check if RAND_pseudo_bytes() is usable. It is
marked as deprecated in OpenSSL 1.1.0.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_rand.c: Disable Random.pseudo_bytes if
RAND_pseudo_bytes() is unavailable.
* test/openssl/test_random.rb: Don't test Random.pseudo_bytes if not
defined.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55282 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
String/Symbol#upcase/downcase/swapcase/capitalize(!).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55281 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
* lib/optparse.rb (getopts): [DOC] fix missing quote.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55280 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
Remove :lithuanian guard for Unicode case mapping.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55279 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55278 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* defs/gmake.mk (missing/des_tables.c): always update the
timestamp unless make_des_table failed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55276 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* defs/gmake.mk (missing/des_tables.c): fix cross compiling
condition.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55275 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
| |
* defs/gmake.mk (missing/des_tables.c): move the recipe from
common.mk. this is less common.
* missing/crypt.c (init_des): if des_tables.c is empty, initialize
DES tables at runtime.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_bn.c (ossl_bn_s_generate_prime, ossl_bn_is_prime,
ossl_bn_is_prime_fasttest): Avoid deprecated BN_generate_prime(),
BN_is_prime{,_fasttest}(). They are deprecated because they expect an
old style callback function (we don't use it here). They can be simply
replaced by _ex suffixed functions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55273 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
| |
* missing/crypt.h (struct crypt_data): remove unnecessary member
"initialized".
* missing/crypt.c (des_setkey_r): nothing to be initialized in
crypt_data.
* configure.in (struct crypt_data): check for "initialized" in
struct crypt_data, which may be only in glibc, and isn't on AIX
at least.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55272 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55271 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* win32/win32.c: unify MAX_PATH, _MAX_PATH, and MAXPATHLEN to
PATH_MAX, except for MAX_PATH in get_special_folder for an API
limit.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55270 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* win32/win32.c (get_special_folder): fail before getting
ITEMIDLIST if the buffer is less than 260 word which
SHGetPathFromIDListW requires.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55269 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
| |
* ruby.c (process_options): rb_str_conv_enc() never set encoding
of the source string, but returns the string itself if the
conversion failed. then the instance variable does not need to
be set again.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55268 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
rb_str_conv_enc() because the function might call rb_enc_associate()
internally. this fixes test failures on Windows introduced at r55260.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55266 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lib/mkmf.rb (create_makefile): sort lists of source and object
files in generated Makefile, unless given by extconf.rb.
[Fix GH-1367]
Without sorting the list of object files explicitely, its order is
indeterministic, because readdir() is also not deterministic.
When the list of object files varies between builds, they are
linked in a different order, which results in an unreproducible
build.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55265 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55264 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55263 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* ext/etc/etc.c (etc_systmpdir): retry with allocated string
buffer if static buffer size is not enough.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55262 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* win32/win32.c (get_special_folder): use SHGetPathFromIDListEx if
available instead of old SHGetPathFromIDListW, to check the
buffer size.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55261 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* ruby.c (ruby_init_loadpath_safe): remove MAXPATHLEN restriction
for Windows 10.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* misc/ruby-mode.el (ruby-here-doc-beg-re),
(ruby-here-doc-beg-match, ruby-parse-partial): Support for
`squiggly heredoc' syntax in ruby-mode. [Fix GH-1372]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55259 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
* common.mk (missing-srcs): add rule for missing/des_tables.c.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55258 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* missing/crypt.c (SPE): make unsigned so that literal integers do
not exceed 32bit signed integer limit.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55257 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* missing/crypt.c (constdatablock): fix error on mswin. Visual C
does not accept an empty initializer.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55256 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55255 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
| |
* include/ruby/ruby.h (rb_scan_args_{hash,block}_idx): reduce
repeated index calcuations.
* include/ruby/ruby.h (rb_scan_args_end_idx): unused right now.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
| |
case mapping methods.
* enc/unicode.c: Check for invalid string and signal with negative
length value.
* test/ruby/enc/test_case_mapping.rb: Add tests for above.
* test/ruby/test_m17n_comb.rb: Add a message to clarify test failure.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55253 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_asn1.c (ossl_time_split): check overflow and
reorder for optimization.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55252 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* missing/crypt.c: suppress unused non-reentrant functions, by
macro USE_NONREENTRANT_CRYPT.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55251 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
* string.c: prefer crypt_r to crypt iff system crypt nor crypt_r
are not provided.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55250 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r55219 didn't fix the entire issue. It only fixed the issue on
environment with sizeof(time_t) == 8 && sizeof(long) == 4.
* ext/openssl/extconf.rb: Check existence of ASN1_TIME_adj(). The old
ASN1_TIME_set() is not Year 2038 ready on sizeof(time_t) == 4
environment. This function was added in OpenSSL 1.0.0.
[ruby-core:45552] [Bug #6571]
* ext/openssl/ossl_asn1.c (ossl_time_split): Added. Split the argument
(Time) into the number of days elapsed since the epoch and the
remainder seconds to conform to ASN1_TIME_adj().
(obj_to_asn1utime, obj_to_asn1gtime): Use ossl_time_split() and
ASN1_*TIME_adj().
* ext/openssl/ossl_asn1.h: Add the function prototype for
ossl_time_split().
* ext/openssl/ossl_x509.[ch]: Add ossl_x509_time_adjust(). Similarly to
obj_to_asn1*time(), use X509_time_adj_ex() instead of X509_time_adj().
* ext/openssl/ossl_x509cert.c, ext/openssl/ossl_x509crl.c,
ext/openssl/ossl_x509revoked.c: Use ossl_x509_time_adjust().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55249 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|