aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl/lib/openssl
Commit message (Collapse)AuthorAgeFilesLines
* ext/openssl: add OpenSSL::BN#inspect and OpenSSL::X509::Name#inspecttopic/openssl-inspectKazuki Yamaguchi2016-05-152-0/+8
| | | | | | | | | In Ruby >= 2.0.0, Kernel#inspect no longer calls #to_s even if #inspect is missing. [ruby-dev:48217] [Bug #9833] * ext/openssl/lib/openssl/bn.rb (inspect): Added. * ext/openssl/lib/openssl/x509.rb (X509::Name#inspect): Added.
* * ext/openssl/lib/openssl/pkey.rb: Added 2048 bit DH parameter.hsbt2016-01-161-0/+12
| | | | | | * test/openssl/test_pkey_dh.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53553 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * Remove 512-bit DH group. It's affected by LogJam Attack.hsbt2016-01-141-8/+0
| | | | | | | https://weakdh.org/ [fix GH-1196][Bug #11968][ruby-core:72766] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* NotImplementedError typonobu2015-12-211-1/+1
| | | | | | | * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLSocket): fix NotImplementedError typo. [Fix GH-1165] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* handle ext/ as r53141naruse2015-12-168-0/+8
| | | | | | | | g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&# frozen_string_literal: false\n");f.rewind;f.write s}}' git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it wassorah2015-10-091-5/+4
| | | | | | | | | | | | | | dropping TLS v1.1 support too. Supporting only TLS v1.2 is too early, because many popular websites still don't support it. For instance, Servers where aws-sdk connects to still don't support TLS v1.2 and it became broken. We should consider more carefully about this. [Fix GH-873] [Feature #11524] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb: Default to TLSv1.2 and drop TLS v1zzak2015-10-081-4/+5
| | | | | | | | Patch provided by @claudijd [Fixes GH-873] [Feature #11524]: https://github.com/ruby/ruby/pull/873 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52082 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/*: Remove svn commit id macros to make sync easierzzak2015-09-226-39/+0
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): add OP_ALL totenderlove2015-08-191-1/+1
| | | | | | | | | | | | existing options rather than just setting it. Some vendors apply custom patches to their versions of OpenSSL that set default values for options. This commit respects the custom patches they've applied. * test/openssl/test_ssl.rb (class OpenSSL): check that OP_ALL has been added to the options. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51642 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): movetenderlove2015-08-051-0/+10
| | | | | | | | SSLSocket#sysclose to Ruby. * ext/openssl/ossl_ssl.c (ossl_ssl_close): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): move nonblocktenderlove2015-08-051-8/+1
| | | | | | enable to SSLSocket#initialize and remove Nonblock module. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): movetenderlove2015-08-051-0/+45
| | | | | | | | OpenSSL::SSL::SSLSocket#initialize to Ruby. * ext/openssl/ossl_ssl.c: ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): extract callbacktenderlove2015-08-041-5/+21
| | | | | | | | | | | | lookup to private Ruby methods. This means we can keep the default DH callback logic hidden from consumers. Also, since the SSLSocket always has a context, we can remove conditionals about that instance. * ext/openssl/ossl_ssl.c: move callback lookup methods to private Ruby methods. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl/buffering: fix gets on EOF with limitnormal2015-08-011-1/+1
| | | | | | | | | | | * ext/openssl/lib/openssl/buffering.rb (gets): avoid comparing fixnum with nil * test/openssl/test_pair.rb: test gets with limit when EOF is hit Thanks to Bar Hofesh <bar.hofesh@safe-t.com> for the bug report and testing. [ruby-core:70149] [Bug #11400] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51466 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implementtenderlove2015-08-011-1/+2
| | | | | | | | | | | SSLContext#options and options= using SSL_CTX_set_options and SSL_CTX_get_options. This reduces the number of ivars we need and simplifies `ossl_sslctx_setup`. * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options` to SSL_OP_ALL git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): converttenderlove2015-07-311-4/+14
| | | | | | | | | | | `tmp_dh_callback` to Ruby, and call it when setting up an SSL connection. This allows us to move the "default" behavior to the reader method. * ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of accessing the SSLContext's internals. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): raise a moretenderlove2015-07-271-0/+16
| | | | | | | | | | helpful exception when verifying the peer connection and an anonymous cipher has been selected. [ruby-core:68330] [Bug #10910] Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch. * test/openssl/test_ssl.rb (class OpenSSL): test for change git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/pkey.rb: implement DEFAULT_512 andtenderlove2015-07-252-16/+38
| | | | | | | | | | | | | | | | | | DEFAULT_1024 constants in Ruby. * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Ask PKey for the default DH callback since it aleady must check whether openssl has been compiled with DH support. * ext/openssl/ossl_pkey_dh.c (OSSL_PKEY_BN): Remove C definitions of DEFAULT_512 and DEFAULT_1024 * ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto * test/openssl/test_pkey_dh.rb (class OpenSSL): add test to ensure the Ruby definitions are the same as the C definitions were. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): supporttenderlove2015-07-251-0/+4
| | | | | | | | | | specifically setting the tmp_dh_callback to nil. * ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto * test/openssl/test_pair.rb (module OpenSSL): add a test git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): move the defaulttenderlove2015-07-251-1/+16
| | | | | | | | | | | | | | | | | | | tmp_dh_callback Ruby code and set it as a default in `initialize`. * ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_512_GEN): move this constant to Ruby. * ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_1024_GEN): ditto * ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto * ext/openssl/ossl_ssl.c (ossl_tmp_dh_callback): ditto * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): tmp_dh_callback should always be set, so we can remove this conditional git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51380 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): add missingtenderlove2015-07-251-0/+1
| | | | | | instance variables to squash warnings with alpn. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51378 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): movetenderlove2015-07-251-0/+20
| | | | | | | | | | OpenSSL::SSL::SSLContext#initialize implementation to pure Ruby. * ext/openssl/ossl_ssl.c (ossl_sslctx_initialize): ditto * ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51375 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/lib/openssl/ssl.rb: use io/nonblock instead of fcntlnormal2015-06-041-4/+2
| | | | | | | | | [ruby-core:69382] [Feature #11190] IO#nonblock= is easier-to-read, potentially more portable, and avoids redundantly setting flags. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50762 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/*: use license instead of licence.hsbt2015-04-207-7/+7
| | | | | | | [fix GH-876][ci skip] Patch by @davydovanton * lib/net/https.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb: stricter hostname verificationnagachika2015-04-131-4/+58
| | | | | | | | following RFC 6125. with the patch provided by Tony Arcieri and Hiroshi Nakamura [ruby-core:61545] [Bug #9644] * test/openssl/test_ssl.rb: add tests for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50292 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/x509.rbusa2014-11-201-1/+1
| | | | | | | | (OpenSSL::X509::Name::RFC2253DN::StringChar): get rid of a false positive assertion in ripper's test. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48521 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (DEFAULT_PARAMS): overridenagachika2014-10-221-0/+1
| | | | | | | options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined. this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48097 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/x509.rb (OpenSSL::X509::Name#pretty_print):akr2014-09-202-0/+27
| | | | | | | | | | New method. (OpenSSL::X509::Certificate#pretty_print): Ditto. * ext/openssl/lib/openssl/bn.rb (OpenSSL::BN#pretty_print): Ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47647 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (SSLServer#accept): Close a socketakr2014-05-291-2/+6
| | | | | | | | if any exception occur. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLServer#accept):akr2014-05-071-1/+4
| | | | | | | | | Consider Socket#accept as well as TCPServer#accept. Reported by Sam Stelfox. [ruby-core:62064] [Bug #9750] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45863 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * lib/openssl/ssl.rb: Explicitly whitelist the defaultemboss2014-03-061-4/+42
| | | | | | | | | | SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable compression by default. Reported by Jeff Hodges. [ruby-core:59829] [Bug #9424] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl/digest.rb: check by lambdanobu2013-12-101-8/+2
| | | | | | | * ext/openssl/lib/openssl/digest.rb (initialize): check argument size by lambda. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44116 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl/digest.rb: get rid of deprecated classnobu2013-12-101-3/+3
| | | | | | | | * ext/openssl/lib/openssl/digest.rb (digest, hexdigest): create new instance and call on it directly, to get rid of deprecated class OpenSSL::Digest::Digest. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44115 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/digest.rb: Deprecate OpenSSL::Digest::Digestzzak2013-12-091-3/+3
| | | | | | | [Fixes GH-446] https://github.com/ruby/ruby/pull/446 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44101 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/buffering.rb: Return ASCII-8BIT strings fromdrbrain2013-12-031-1/+1
| | | | | | | | SSLSocket methods. [ruby-trunk - Bug #9028] * test/openssl/test_ssl.rb: Test for the above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/buffering.rb: Fix warning in copyrightzzak2013-12-011-15/+16
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43940 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl/buffering.rb: call supernobu2013-11-221-1/+2
| | | | | | | * ext/openssl/lib/openssl/buffering.rb (OpenSSL::Buffering#initialize): initialize of a module should pass arguments to super. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43774 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/buffering.rb: [DOC] Fix HEREDOC comment forzzak2013-11-211-2/+2
| | | | | | | OpenSSL::Buffering which breaks overview because of RDoc bug git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/buffering.rb: Remove unused arguments fromzzak2013-11-211-1/+1
| | | | | | | OpenSSL::Buffering.new [Fixes GH-445] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43740 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/config.rb: In #parse use +string+ for +str+zzak2013-11-131-3/+3
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43665 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/*.rb: [DOC] Document the following:zzak2013-11-134-5/+178
| | | | | | | | | | | | | - Integer#to_bn - OpenSSL::Buffering module - Document deprecated OpenSSL::Digest::Digest compatibility class - OpenSSL::Config These changes were based on a patch by @vbatts via GH-436 https://github.com/ruby/ruby/pull/436 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43663 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb: [DOC] Document OpenSSL::SSLServerzzak2013-09-201-0/+11
| | | | | | | Based on a patch by Rafal Lisowski [Bug #7348] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42995 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * io.c (io_read_nonblock): support non-blocking reads without raisingtenderlove2013-08-261-4/+4
| | | | | | | | | | | | | | | | exceptions. As in: `io.read_nonblock(size, exception: false)` [ruby-core:38666] [Feature #5138] * ext/openssl/ossl_ssl.c (ossl_ssl_read_internal): ditto * ext/stringio/stringio.c (strio_sysread): ditto * io.c (rb_io_write_nonblock): support non-blocking writes without raising an exception. * ext/openssl/ossl_ssl.c (ossl_ssl_write_internal): ditto * test/openssl/test_pair.rb (class OpenSSL): tests * test/ruby/test_io.rb (class TestIO): ditto * test/socket/test_nonblock.rb (class TestSocketNonblock): ditto * test/stringio/test_stringio.rb (class TestStringIO): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42695 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * lib/openssl/ssl.rb: Fix SSL client connection crash for SAN markedemboss2013-07-051-1/+1
| | | | | | | | | | | | | | | | | | | critical. The patch for CVE-2013-4073 caused SSL crash when a SSL server returns the certificate that has critical SAN value. X509 extension could include 2 or 3 elements in it: [id, criticality, octet_string] if critical, [id, octet_string] if not. Making sure to pick the last element of X509 extension and use it as SAN value. [ruby-core:55685] [Bug #8575] Thank you @nahi for providing the patch! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Fix comment typo by @parroty [fix GH-350]hsbt2013-07-051-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41785 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/ssl.rb (verify_certificate_identity): fixnagachika2013-06-271-5/+13
| | | | | | | | | hostname verification. Patched by nahi. * test/openssl/test_ssl.rb (test_verify_certificate_identity): test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41671 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_bn.c (ossl_bn_initialize): allow Fixnum and Bignum.naruse2013-04-251-1/+1
| | | | | | [ruby-core:53986] [Feature #8217] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40461 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/ssl.rb: Enable insertion of empty fragments as aemboss2012-12-181-1/+3
| | | | | | | | | | | | | | | countermeasure for the BEAST attack by default. The default options of OpenSSL::SSL:SSLContext are now: OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS [Bug #5353] [ruby-core:39673] * test/openssl/test_ssl.rb: Adapt tests to new SSLContext default. * NEWS: Announce the new default. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* remove trailing spaces.nobu2012-09-044-12/+12
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36895 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/digest.rbemboss2012-08-021-0/+17
| | | | | | | | | test/openssl/test_digest.rb: Add Digest module function to OpenSSL module and test it. Patch provided by Eric Hodel. [ruby-core:46908][Feature #6819] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 10:15:26 +0000