| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
X509_STORE_get_ex_new_index() is required in addition to
X509_STORE_CTX_get_ex_new_index() because they are independent.
|
|
|
|
|
| |
Since openssl/opensslconf.h is always included, we can check
OPENSSL_FIPS macro directly.
|
|
|
|
|
| |
The state returned by SSL_get_state() doesn't become SSL_ST_ACCEPT
anymore in OpenSSL 1.1.0.
|
|
|
|
|
|
|
|
|
|
| |
And deprecate #tmp_ecdh_callback.
Since SSL_CTX_set_tmp_ecdh_callback() was removed in OpenSSL 1.1.0, we
can't provide SSLContext#tmp_ecdh_callback anymore. Instead, we should
use SSL_CTX_set1_curves_list() to set the curves and
SSL_CTX_set_ecdh_auto() to make OpenSSL select automatically from the
list.
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1.0 introduced "security level" and these methods deal with
it.
This patch includes many test changes: setting the level to 0.
The default security level is 1 and this prohibits aNULL ciphers.
|
| |
|
| |
|
|
|
|
|
| |
They emit warnings with OpenSSL 1.1.0. Instead use
SSL_CTX_set_{min,max}_proto_version().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use EVP_PKEY_get0_* instead of pkey->pkey.*
Use EVP_PKEY_base_id(pkey) instead of EVP_PKEY_type(pkey->type)
Because of this, we can no longer set the parameters/keys directly, and
the newly added functions as alternative require setting all relevant
values at the same time. So this patch contains incompatibility: the
following code no longer works (if using 1.1.0):
dh = OpenSSL::PKey::DH.new(...)
dh.priv_key = OpenSSL::BN.new(...)
...and we have to write like:
dh = OpenSSL::PKey::DH.new(...)
priv = OpenSSL::BN.new(...)
pub = <calculate (dh.g ** priv) % dh.p>
dh.set_key(pub, priv)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix following files:
- ossl_x509attr.c
- ossl_x509cert.c
- ossl_x509store.c
- ossl_x509name.c
- ossl_x509req.c
- ossl_x509crl.c
- ossl_x509revoked.c
- ossl_x509ext.c
|
| |
|
|
|
|
| |
Setting locking callbacks is no longer needed.
|
| |
|
| |
|
| |
|
|
|
|
| |
HMAC_CTX is made opaque in OpenSSL 1.1.0
|
|
|
|
| |
EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The last release of OpenSSL 0.9.7 series was over 9 years ago (!) and
even 0.9.8/1.0.0 are no longer supported (EOL was 2015-12-31).
It actually doesn't compile since r40461 (ext/openssl/ossl_bn.c
(ossl_bn_initialize): allow Fixnum and Bignum. [ruby-core:53986]
[Feature #8217], 2013-04-25, 2.1.0) and it looks like nobody noticed it.
|
|
|
|
|
|
|
|
|
| |
Implement CRYPTO_memcmp() if it is not available.
Always use our SSL_SESSION_cmp() (renamed to ossl_SSL_SESSION_cmp()).
SSL_SESSION_cmp() was removed in OpenSSL 1.0.0 and we have used a
reimplemented one. However our implementation is better than the
original (it uses CRYPTO_memcmp() instead of plain memcmp).
|
|
|
|
|
|
|
| |
Fix build with very very old versions of OpenSSL.
SSL_CTX_clear_options() is new in OpenSSL 0.9.8m but some Linux
distributions still uses 0.9.8e.
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_ssl.c (ossl_ssl_tmp_key): Access to ephemeral
TLS session key in case of forward secrecy cipher. Only
available since OpenSSL 1.0.2. [Fix GH-1318]
* ext/openssl/extconf.rb: Check for SSL_get_server_tmp_key.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: check SSL_CTX_set_next_proto_select_cb
function rather than OPENSSL_NPN_NEGOTIATED macro. it exists
even if it is disabled by OpenSSL configuration.
[ruby-core:74384] [Bug #12182]
* ext/openssl/ossl_ssl.c: update #ifdef(s) as above.
* test/openssl/test_ssl.rb: skip NPN tests if NPN is disabled.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54258 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts
fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&#
frozen_string_literal: false\n");f.rewind;f.write s}}'
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be>
[Bug #11376]
* ext/openssl/extconf.rb: check for SSLv3 support in the SSL
implementation.
* test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
if there is no support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51722 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: detect ALPN support in OpenSSL
* test/openssl/test_ssl.rb: test for ALPN
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
[fix GH-876][ci skip] Patch by @davydovanton
* lib/net/https.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: check RAND_edg to support libressl.
* ext/openssl/ossl_rand.c (ossl_rand_egd): define only if RAND_edg
is available. [Fix GH-829]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49576 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/depend (ossl.o): work around of dependency of
thread_native.h, which depends on headers by THREAD_MODEL.
[ruby-dev:47777]
* ext/openssl/extconf.rb: need THREAD_MODEL.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43451 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl.c (ossl_thread_id): use rb_nativethread_self()
implemented at r42137 to allow threads which doesn't associated with
Ruby thread to use openssl functions.
* ext/openssl/ossl.c (Init_ossl_locks): If CRYPTO_THREADID is defined
(OpenSSL 1.0.0 or later has it) use CRYPTO_THREADID_set_callback()
instead of CRYPTO_set_id_callback() because its argument is
unsigned long; it may cause id collision on mswin64
whose sizeof(unsigned long) < sizeof(void*).
http://www.openssl.org/docs/crypto/threads.html
* ext/openssl/ossl.c (ossl_threadid_func): defined for above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
| |
feature Authenticated Encryption.
* ext/openssl/extconf.rb: detect presence of EVP_CTRL_GCM_GET_TAG to
determine whether Authenticated Encryption can be used.
[Feature #6980] [ruby-core:47426]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
| |
* ext/digest/*/extconf.rb, ext/openssl/extconf.rb: get git rid of
post-1.8 feature require_relative for cross compilation.
[ruby-core:50160] [Bug #7439]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to
indicate whether OpenSSL runs in FIPS mode.
test/openssl/test_pkey_dh.rb: Generate 256 bit keys for
non-FIPS installations to improve test performance (e.g. for
rubyci).
test/openssl/utils.rb: Replace DSS1 as certificate signature
digest with SHA1 for FIPS installations when using DSA by
introducing TestUtils::DSA_SIGNATURE_DIGEST.
test/openssl/test_x509cert.rb:
test/openssl/test_x509crl.rb:
test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST
NEWS: Introduce OpenSSL::OPENSSL_FIPS
These changes allow running the OpenSSL tests in FIPS mode
while keeping a high performance for non-FIPS installations.
Introduction of OpenSSL::OPENSSL_FIPS allows for applications
to react to special requirements when using OpenSSL in FIPS mode.
[Feature #6946] [ruby-core:47345]
- Diese und die folgenden Zeilen werden ignoriert --
M ext/openssl/extconf.rb
M ext/openssl/ossl.c
M NEWS
M ChangeLog
M test/openssl/utils.rb
M test/openssl/test_x509crl.rb
M test/openssl/test_x509req.rb
M test/openssl/test_x509cert.rb
M test/openssl/test_pkey_dh.rb
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be
advertised by the server can be set in the SSLContext by using
SSLContext#npn_protocols=, protocol selection on the client is
supported by providing a selection callback with
SSLContext#npn_select_cb. The protocol that was finally negotiated
is available through SSL#npn_protocol.
test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation.
NEWS: add news about NPN support.
[Feature #6503] [ruby-core:45272]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
* ext/zlib/extconf.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35705 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
OpenSSL issue.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: Use exception raising instead of message
and/or abort. We want to display error message to console _and_
logging into mkmf.log.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSLContext#version to inspect the version that was negotiated for
a given connection.
* ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support.
* test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they
are supported by the native OpenSSL being used.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
openssl. [ruby-core:44755][Bug #6379]
* ext/openssl/deprecation.rb: extract check for broken Apple OpenSSL.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35504 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: add --with-broken-apple-openssl option.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
| |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35427 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
| |
CPPFLAGS.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35426 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
from OpenSSL added by Apple.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/missing.h: ditto.
Thanks, Tim Mooney for reporting this!
[Bug #5432] [ruby-core:40088]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_engine.c: add some missing OpenSSL engines.
Thanks, Yui Naruse, for providing the patch!
[Bug #5548] [ruby-core:40670]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
| |
GCC.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33529 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|