aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl/extconf.rb
Commit message (Collapse)AuthorAgeFilesLines
* ext/openssl: fix ex_data handling for X509_STOREKazuki Yamaguchi2016-04-271-1/+0
| | | | | X509_STORE_get_ex_new_index() is required in addition to X509_STORE_CTX_get_ex_new_index() because they are independent.
* ext/openssl: no need to check OPENSSL_FIPS in extconf.rbKazuki Yamaguchi2016-04-271-1/+0
| | | | | Since openssl/opensslconf.h is always included, we can check OPENSSL_FIPS macro directly.
* ext/openssl: use SSL_is_server() to check if the SSL is server or notKazuki Yamaguchi2016-04-271-0/+1
| | | | | The state returned by SSL_get_state() doesn't become SSL_ST_ACCEPT anymore in OpenSSL 1.1.0.
* ext/openssl: add SSLContext#set_ecdh_curvesKazuki Yamaguchi2016-04-271-4/+13
| | | | | | | | | | And deprecate #tmp_ecdh_callback. Since SSL_CTX_set_tmp_ecdh_callback() was removed in OpenSSL 1.1.0, we can't provide SSLContext#tmp_ecdh_callback anymore. Instead, we should use SSL_CTX_set1_curves_list() to set the curves and SSL_CTX_set_ecdh_auto() to make OpenSSL select automatically from the list.
* ext/openssl: add SSLContext#security_level, #security_level=Kazuki Yamaguchi2016-04-271-0/+1
| | | | | | | | OpenSSL 1.1.0 introduced "security level" and these methods deal with it. This patch includes many test changes: setting the level to 0. The default security level is 1 and this prohibits aNULL ciphers.
* ext/openssl: make ENGINE.cleanup no-op if using OpenSSL 1.1.0Kazuki Yamaguchi2016-04-271-1/+2
|
* ext/openssl: use SSL_CTX_get_ciphers()Kazuki Yamaguchi2016-04-271-0/+1
|
* ext/openssl: avoid using deprecated protocol version specific methods.Kazuki Yamaguchi2016-04-271-0/+1
| | | | | They emit warnings with OpenSSL 1.1.0. Instead use SSL_CTX_set_{min,max}_proto_version().
* ext/openssl: EVP_PKEY, DH, DSA, RSA, EC_KEY are made opaqueKazuki Yamaguchi2016-04-271-0/+1
| | | | | | | | | | | | | | | | | | | | Use EVP_PKEY_get0_* instead of pkey->pkey.* Use EVP_PKEY_base_id(pkey) instead of EVP_PKEY_type(pkey->type) Because of this, we can no longer set the parameters/keys directly, and the newly added functions as alternative require setting all relevant values at the same time. So this patch contains incompatibility: the following code no longer works (if using 1.1.0): dh = OpenSSL::PKey::DH.new(...) dh.priv_key = OpenSSL::BN.new(...) ...and we have to write like: dh = OpenSSL::PKey::DH.new(...) priv = OpenSSL::BN.new(...) pub = <calculate (dh.g ** priv) % dh.p> dh.set_key(pub, priv)
* ext/openssl: use EVP_MD_CTX_new() to allocate EVP_MD_CTXKazuki Yamaguchi2016-04-271-0/+2
|
* ext/openssl: use X509_STORE_CTX_get0_store() instead of store_ctx->ctxKazuki Yamaguchi2016-04-271-0/+1
|
* ext/openssl: fix (mainly) opaque related compilation of ossl_x509*.cKazuki Yamaguchi2016-04-271-1/+10
| | | | | | | | | | | | | Fix following files: - ossl_x509attr.c - ossl_x509cert.c - ossl_x509store.c - ossl_x509name.c - ossl_x509req.c - ossl_x509crl.c - ossl_x509revoked.c - ossl_x509ext.c
* ext/openssl: use *_up_ref() functionsKazuki Yamaguchi2016-04-271-0/+5
|
* ext/openssl: support new threading API of OpenSSL 1.1.0Kazuki Yamaguchi2016-04-271-0/+1
| | | | Setting locking callbacks is no longer needed.
* ext/openssl: SSL_SESSION is made opaqueKazuki Yamaguchi2016-04-271-0/+1
|
* ext/openssl: BIGNUM and BN_GENCB is made opaqueKazuki Yamaguchi2016-04-271-0/+3
|
* ext/openssl: OCSP_SINGLERESP and OCSP_CERTID are also made opaqueKazuki Yamaguchi2016-04-271-0/+1
|
* ext/openssl: use HMAC_CTX_{new,free,reset} to allocate HMAC_CTXKazuki Yamaguchi2016-04-271-1/+4
| | | | HMAC_CTX is made opaque in OpenSSL 1.1.0
* ext/openssl: use EVP_CIPHER_CTX_{new,free} to allocate EVP_CIPHER_CTXKazuki Yamaguchi2016-04-271-0/+3
| | | | EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0
* ext/openssl: disable OpenSSL::Random.pseudo_bytes if deprecatedKazuki Yamaguchi2016-04-271-0/+1
|
* ext/openssl: simplify extconf.rbKazuki Yamaguchi2016-04-271-46/+30
|
* ext/openssl: drop support for OpenSSL 0.9.6/0.9.7Kazuki Yamaguchi2016-04-271-63/+24
| | | | | | | | | The last release of OpenSSL 0.9.7 series was over 9 years ago (!) and even 0.9.8/1.0.0 are no longer supported (EOL was 2015-12-31). It actually doesn't compile since r40461 (ext/openssl/ossl_bn.c (ossl_bn_initialize): allow Fixnum and Bignum. [ruby-core:53986] [Feature #8217], 2013-04-25, 2.1.0) and it looks like nobody noticed it.
* ext/openssl: always use our implementation of SSL_SESSION_cmp()Kazuki Yamaguchi2016-04-271-1/+1
| | | | | | | | | Implement CRYPTO_memcmp() if it is not available. Always use our SSL_SESSION_cmp() (renamed to ossl_SSL_SESSION_cmp()). SSL_SESSION_cmp() was removed in OpenSSL 1.0.0 and we have used a reimplemented one. However our implementation is better than the original (it uses CRYPTO_memcmp() instead of plain memcmp).
* ext/openssl: check if SSL_CTX_clear_options() is availableKazuki Yamaguchi2016-04-271-0/+1
| | | | | | | Fix build with very very old versions of OpenSSL. SSL_CTX_clear_options() is new in OpenSSL 0.9.8m but some Linux distributions still uses 0.9.8e.
* openssl: Access to ephemeral TLS session keynobu2016-04-041-0/+1
| | | | | | | | | * ext/openssl/ossl_ssl.c (ossl_ssl_tmp_key): Access to ephemeral TLS session key in case of forward secrecy cipher. Only available since OpenSSL 1.0.2. [Fix GH-1318] * ext/openssl/extconf.rb: Check for SSL_get_server_tmp_key. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: fix build when NPN is disabled by OpenSSLnobu2016-03-251-1/+1
| | | | | | | | | | | * ext/openssl/extconf.rb: check SSL_CTX_set_next_proto_select_cb function rather than OPENSSL_NPN_NEGOTIATED macro. it exists even if it is disabled by OpenSSL configuration. [ruby-core:74384] [Bug #12182] * ext/openssl/ossl_ssl.c: update #ifdef(s) as above. * test/openssl/test_ssl.rb: skip NPN tests if NPN is disabled. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54258 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* handle ext/ as r53141naruse2015-12-161-0/+1
| | | | | | | | g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&# frozen_string_literal: false\n");f.rewind;f.write s}}' git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/*: Remove svn commit id macros to make sync easierzzak2015-09-221-5/+0
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 supporttenderlove2015-08-291-0/+3
| | | | | | | | | | | | | if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be> [Bug #11376] * ext/openssl/extconf.rb: check for SSLv3 support in the SSL implementation. * test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3 if there is no support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51722 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: add ALPN support. [Feature #9390]tenderlove2015-07-221-0/+1
| | | | | | | | * ext/openssl/extconf.rb: detect ALPN support in OpenSSL * test/openssl/test_ssl.rb: test for ALPN git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/*: use license instead of licence.hsbt2015-04-201-1/+1
| | | | | | | [fix GH-876][ci skip] Patch by @davydovanton * lib/net/https.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: check RAND_edg to support libresslnobu2015-02-121-0/+1
| | | | | | | | * ext/openssl/extconf.rb: check RAND_edg to support libressl. * ext/openssl/ossl_rand.c (ossl_rand_egd): define only if RAND_edg is available. [Fix GH-829] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: work around of dependencynobu2013-10-281-1/+3
| | | | | | | | | * ext/openssl/depend (ossl.o): work around of dependency of thread_native.h, which depends on headers by THREAD_MODEL. [ruby-dev:47777] * ext/openssl/extconf.rb: need THREAD_MODEL. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43451 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb (CRYPTO_THREADID): check exist or not.naruse2013-07-231-0/+1
| | | | | | | | | | | | | | | | | * ext/openssl/ossl.c (ossl_thread_id): use rb_nativethread_self() implemented at r42137 to allow threads which doesn't associated with Ruby thread to use openssl functions. * ext/openssl/ossl.c (Init_ossl_locks): If CRYPTO_THREADID is defined (OpenSSL 1.0.0 or later has it) use CRYPTO_THREADID_set_callback() instead of CRYPTO_set_id_callback() because its argument is unsigned long; it may cause id collision on mswin64 whose sizeof(unsigned long) < sizeof(void*). http://www.openssl.org/docs/crypto/threads.html * ext/openssl/ossl.c (ossl_threadid_func): defined for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_cipher.c: fix errors for installations that do notemboss2012-12-201-0/+1
| | | | | | | | | | | feature Authenticated Encryption. * ext/openssl/extconf.rb: detect presence of EVP_CTRL_GCM_GET_TAG to determine whether Authenticated Encryption can be used. [Feature #6980] [ruby-core:47426] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* extconf.rb: git rid of post-1.8 featurenobu2012-11-271-1/+2
| | | | | | | | | * ext/digest/*/extconf.rb, ext/openssl/extconf.rb: get git rid of post-1.8 feature require_relative for cross compilation. [ruby-core:50160] [Bug #7439] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: Detect OpenSSL_FIPS macroemboss2012-09-031-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to indicate whether OpenSSL runs in FIPS mode. test/openssl/test_pkey_dh.rb: Generate 256 bit keys for non-FIPS installations to improve test performance (e.g. for rubyci). test/openssl/utils.rb: Replace DSS1 as certificate signature digest with SHA1 for FIPS installations when using DSA by introducing TestUtils::DSA_SIGNATURE_DIGEST. test/openssl/test_x509cert.rb: test/openssl/test_x509crl.rb: test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST NEWS: Introduce OpenSSL::OPENSSL_FIPS These changes allow running the OpenSSL tests in FIPS mode while keeping a high performance for non-FIPS installations. Introduction of OpenSSL::OPENSSL_FIPS allows for applications to react to special requirements when using OpenSSL in FIPS mode. [Feature #6946] [ruby-core:47345] - Diese und die folgenden Zeilen werden ignoriert -- M ext/openssl/extconf.rb M ext/openssl/ossl.c M NEWS M ChangeLog M test/openssl/utils.rb M test/openssl/test_x509crl.rb M test/openssl/test_x509req.rb M test/openssl/test_x509cert.rb M test/openssl/test_pkey_dh.rb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.emboss2012-08-311-0/+1
| | | | | | | | | | | | | | | ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be advertised by the server can be set in the SSLContext by using SSLContext#npn_protocols=, protocol selection on the client is supported by providing a selection callback with SSLContext#npn_select_cb. The protocol that was finally negotiated is available through SSL#npn_protocol. test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation. NEWS: add news about NPN support. [Feature #6503] [ruby-core:45272] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: Use Logging::message instead of message.kosaki2012-05-181-8/+8
| | | | | | * ext/zlib/extconf.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35705 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: Clarify a message when hit Applekosaki2012-05-181-1/+1
| | | | | | OpenSSL issue. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/extmk.rb: Show a message when extconf.rb raised an exception.kosaki2012-05-181-3/+2
| | | | | | | | * ext/openssl/extconf.rb: Use exception raising instead of message and/or abort. We want to display error message to console _and_ logging into mkmf.log. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: support TLSv1.1 & TLSv1.1. Add emboss2012-05-061-0/+6
| | | | | | | | | | | | SSLContext#version to inspect the version that was negotiated for a given connection. * ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support. * test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they are supported by the native OpenSSL being used. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/digest/*/extconf.rb: use pkg_config to use same library withnobu2012-04-301-6/+3
| | | | | | | | openssl. [ruby-core:44755][Bug #6379] * ext/openssl/deprecation.rb: extract check for broken Apple OpenSSL. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35504 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* --with-broken-apple-openssl optionnobu2012-04-231-1/+3
| | | | | | * ext/openssl/extconf.rb: add --with-broken-apple-openssl option. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: ignore broken version by Apple.nobu2012-04-221-3/+5
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35427 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: configure.in adds -Wall to warnflags, notnobu2012-04-221-7/+0
| | | | | | CPPFLAGS. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35426 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: suppress useless deprecation warningsnobu2012-02-271-0/+3
| | | | | | | from OpenSSL added by Apple. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: remove checks for available functions.emboss2011-11-261-2/+0
| | | | | | | | | * ext/openssl/missing.h: ditto. Thanks, Tim Mooney for reporting this! [Bug #5432] [ruby-core:40088] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb:emboss2011-11-031-0/+7
| | | | | | | | | * ext/openssl/ossl_engine.c: add some missing OpenSSL engines. Thanks, Yui Naruse, for providing the patch! [Bug #5548] [ruby-core:40670] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: add -Wall flag by default when compiler isemboss2011-10-261-4/+7
| | | | | | | GCC. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33529 b2dd03c8-39d4-4d8f-98ff-823fe69b080e