From 55fece63794c94af83cae9509211e680bde32961 Mon Sep 17 00:00:00 2001 From: knu Date: Thu, 5 Jun 2008 11:36:55 +0000 Subject: * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_initialize): Add a null check for ssl; submitted by akira yamada in [ruby-dev:34950]. * ext/openssl/ossl_ssl.c (Init_ossl_ssl): Define OP_NO_TICKET if SSL_OP_NO_TICKET is present; submitted by akira yamada in [ruby-dev:34944]. * test/openssl/test_ssl.rb (OpenSSL#test_server_session): Add a workaround for the case where OpenSSL is configured with --enable-tlsext; submitted by akira yamada in [ruby-dev:34944]. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16842 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 16 +++++++++++++++- ext/openssl/ossl_ssl.c | 3 +++ ext/openssl/ossl_ssl_session.c | 2 +- test/openssl/test_ssl.rb | 7 ++++++- 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d863f3eedd..9542eb6112 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,17 @@ +Thu Jun 5 20:30:46 2008 Akinori MUSHA + + * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_initialize): + Add a null check for ssl; submitted by akira yamada + in [ruby-dev:34950]. + + * ext/openssl/ossl_ssl.c (Init_ossl_ssl): Define OP_NO_TICKET if + SSL_OP_NO_TICKET is present; submitted by akira yamada + in [ruby-dev:34944]. + + * test/openssl/test_ssl.rb (OpenSSL#test_server_session): Add a + workaround for the case where OpenSSL is configured with + --enable-tlsext; submitted by akira yamada in [ruby-dev:34944]. + Thu Jun 5 20:24:15 2008 Yusuke Endoh * thread.c (thread_set_trace_func_m): fix check for proc argument. @@ -6,7 +20,7 @@ Thu Jun 5 20:17:29 2008 Yusuke Endoh * lib/rexml/document.rb (REXML::Document:write): leaky modification trans -> transitive. [ruby-dev:32040], r13686 - + * lib/rexml/text.rb (Text.check): fix check for illigal characher. Thu Jun 5 14:03:44 2008 Nobuyoshi Nakada diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 675fe657b0..01b86fec27 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -1466,6 +1466,9 @@ Init_ossl_ssl() ossl_ssl_def_const(OP_NO_SSLv2); ossl_ssl_def_const(OP_NO_SSLv3); ossl_ssl_def_const(OP_NO_TLSv1); +#if defined(SSL_OP_NO_TICKET) + ossl_ssl_def_const(OP_NO_TICKET); +#endif ossl_ssl_def_const(OP_PKCS1_CHECK_1); ossl_ssl_def_const(OP_PKCS1_CHECK_2); ossl_ssl_def_const(OP_NETSCAPE_CA_DN_BUG); diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index 82de3efbe3..63c2bbb87a 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -47,7 +47,7 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1) Data_Get_Struct(arg1, SSL, ssl); - if ((ctx = SSL_get1_session(ssl)) == NULL) + if (!ssl || (ctx = SSL_get1_session(ssl)) == NULL) ossl_raise(eSSLSession, "no session available"); } else { BIO *in = ossl_obj2bio(arg1); diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index fe7327604f..50659f1b3b 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -511,7 +511,12 @@ class OpenSSL::TestSSL < Test::Unit::TestCase start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port| 10.times do |i| sock = TCPSocket.new("127.0.0.1", port) - ssl = OpenSSL::SSL::SSLSocket.new(sock) + ctx = OpenSSL::SSL::SSLContext.new + if defined?(OpenSSL::SSL::OP_NO_TICKET) + # disable RFC4507 support + ctx.options = OpenSSL::SSL::OP_NO_TICKET + end + ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true ssl.session = first_session if first_session ssl.connect -- cgit v1.2.3