ruby.git/ext/openssl/extconf.rb, branch v3_2_11 The Ruby Programming Language [ruby/openssl] Suppress deprecation warnings by OpenSSL 3 2022-12-23T00:39:15+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2022-07-09T15:15:46+00:00 6df4d272c3f74d3f9d206536add39b59ee1acb57 https://github.com/ruby/openssl/commit/91657a7924 
https://github.com/ruby/openssl/commit/91657a7924
[ruby/openssl] Check for functions with arguments 2022-12-23T00:39:14+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2022-07-09T14:32:44+00:00 2bc7eac8224d3a58381505d5296652594159017c https://github.com/ruby/openssl/commit/b67aaf925d 
https://github.com/ruby/openssl/commit/b67aaf925d
We should apply https://github.com/ruby/openssl/pull/576 instead of them: 2022-12-13T09:07:41+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2022-12-13T08:47:20+00:00 3de7ff8eb9eb74e0dbd48902d1535d3c9fe14005 https://github.com/ruby/ruby/commit/6d8f396f37350b7aa9c85a097929f54a0939448b https://github.com/ruby/ruby/commit/c8b3bd45cc3cae93ae701333202416838ee6a00c 
  https://github.com/ruby/ruby/commit/6d8f396f37350b7aa9c85a097929f54a0939448b
  https://github.com/ruby/ruby/commit/c8b3bd45cc3cae93ae701333202416838ee6a00c
[ruby/openssl] hmac: use EVP_PKEY_new_raw_private_key() if available 2022-10-17T07:35:35+00:00 Kazuki Yamaguchi k@rhe.jp 2022-09-01T06:59:52+00:00 65bba0ef6fa104324d34079f107f9c72ed8d0e2f Current OpenSSL 3.0.x release has a regression with zero-length MAC keys. While this issue should be fixed in a future release of OpenSSL, we can use EVP_PKEY_new_raw_private_key() in place of the problematic EVP_PKEY_new_mac_key() to avoid the issue. OpenSSL 3.0's man page recommends using it regardless: > EVP_PKEY_new_mac_key() works in the same way as > EVP_PKEY_new_raw_private_key(). New applications should use > EVP_PKEY_new_raw_private_key() instead. Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1224912710 https://github.com/ruby/openssl/commit/4293f18b1f 
Current OpenSSL 3.0.x release has a regression with zero-length MAC
keys. While this issue should be fixed in a future release of OpenSSL,
we can use EVP_PKEY_new_raw_private_key() in place of the problematic
EVP_PKEY_new_mac_key() to avoid the issue. OpenSSL 3.0's man page
recommends using it regardless:

> EVP_PKEY_new_mac_key() works in the same way as
> EVP_PKEY_new_raw_private_key().  New applications should use
> EVP_PKEY_new_raw_private_key() instead.

Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1224912710

https://github.com/ruby/openssl/commit/4293f18b1f
[ruby/openssl] Pass arguments to check macro presence 2022-10-17T07:35:35+00:00 Alan Wu XrXr@users.noreply.github.com 2022-07-11T20:55:39+00:00 5dae78b9d36be7e2adfb5f9cad78bb10d641e40a X509_STORE_get_ex_new_index() is a macro, so passing just its name to have_func() doesn't detect it. Pass an example call instead. https://github.com/ruby/openssl/commit/8d264d3e60 Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org> 
X509_STORE_get_ex_new_index() is a macro, so passing just its name to
have_func() doesn't detect it. Pass an example call instead.

https://github.com/ruby/openssl/commit/8d264d3e60

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
[ruby/openssl] Check for OpenSSL functions in headers 2022-10-17T07:35:33+00:00 Alan Wu XrXr@users.noreply.github.com 2022-06-27T01:34:42+00:00 a211b32180b1ab0532f6978c32e907fe1c0c218a While building with a custom build of OpenSSL, I noticed in mkmf.log that all the feature detection checks are done using a program lacking an OpenSSL header include. `mkmf` retries using a fallback program when this fails, but that means all the `have_func` calls compile twice when compiling once should suffice. Example log without this commit: have_func: checking for X509_STORE_CTX_get0_cert()... -------------------- yes DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ... conftest.c:14:57: error: use of undeclared identifier 'X509_STORE_CTX_get0_cert' int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; } ^ 1 error generated. checked program was: /* begin */ 1: #include "ruby.h" 2: 3: /*top*/ 4: extern int t(void); 5: int main(int argc, char **argv) 6: { 7: if (argc > 1000000) { 8: int (* volatile tp)(void)=(int (*)(void))&t; 9: printf("%d", (*tp)()); 10: } 11: 12: return !!argv[argc]; 13: } 14: int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; } /* end */ DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ... checked program was: /* begin */ 1: #include "ruby.h" 2: 3: /*top*/ 4: extern int t(void); 5: int main(int argc, char **argv) 6: { 7: if (argc > 1000000) { 8: int (* volatile tp)(void)=(int (*)(void))&t; 9: printf("%d", (*tp)()); 10: } 11: 12: return !!argv[argc]; 13: } 14: extern void X509_STORE_CTX_get0_cert(); 15: int t(void) { X509_STORE_CTX_get0_cert(); return 0; } /* end */ The second compilation succeeds. Specify the header for each checked function. https://github.com/ruby/openssl/commit/34ae7d92d0 
While building with a custom build of OpenSSL, I noticed in mkmf.log
that all the feature detection checks are done using a program lacking
an OpenSSL header include. `mkmf` retries using a fallback program when
this fails, but that means all the `have_func` calls compile twice when
compiling once should suffice. Example log without this commit:

    have_func: checking for X509_STORE_CTX_get0_cert()... -------------------- yes

    DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ...
    conftest.c:14:57: error: use of undeclared identifier 'X509_STORE_CTX_get0_cert'
    int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; }
                                                            ^
    1 error generated.
    checked program was:
    /* begin */
     1: #include "ruby.h"
     2:
     3: /*top*/
     4: extern int t(void);
     5: int main(int argc, char **argv)
     6: {
     7:   if (argc > 1000000) {
     8:     int (* volatile tp)(void)=(int (*)(void))&t;
     9:     printf("%d", (*tp)());
    10:   }
    11:
    12:   return !!argv[argc];
    13: }
    14: int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; }
    /* end */

    DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ...
    checked program was:
    /* begin */
     1: #include "ruby.h"
     2:
     3: /*top*/
     4: extern int t(void);
     5: int main(int argc, char **argv)
     6: {
     7:   if (argc > 1000000) {
     8:     int (* volatile tp)(void)=(int (*)(void))&t;
     9:     printf("%d", (*tp)());
    10:   }
    11:
    12:   return !!argv[argc];
    13: }
    14: extern void X509_STORE_CTX_get0_cert();
    15: int t(void) { X509_STORE_CTX_get0_cert(); return 0; }
    /* end */

The second compilation succeeds.

Specify the header for each checked function.

https://github.com/ruby/openssl/commit/34ae7d92d0
Simplify default argument specification. (#6507) 2022-10-07T09:51:27+00:00 Samuel Williams samuel.williams@oriontransfer.co.nz 2022-10-07T09:51:27+00:00 a081fe76de5de0307651d99324a0e454fd8b8a8b 






Add IO#timeout attribute and use it for blocking IO operations. (#5653)
2022-10-07T08:48:38+00:00

Samuel Williams
samuel.williams@oriontransfer.co.nz

2022-10-07T08:48:38+00:00

e4f91bbdbaa6ab3125f24967414ac5300bb244f5












[ruby/openssl] Add 'ciphersuites=' method to allow setting of TLSv1.3 cipher suites along with some unit tests (https://github.com/ruby/openssl/pull/493)
2022-07-08T14:18:11+00:00

twkmd12
95775763+twkmd12@users.noreply.github.com

2022-02-01T09:12:23+00:00

09daf78fb59a8b280887ad1120a57776b5d82e17

Add OpenSSL::SSL::SSLContext#ciphersuites= method along with unit tests.

https://github.com/ruby/openssl/commit/12250c7cef





Add OpenSSL::SSL::SSLContext#ciphersuites= method along with unit tests.

https://github.com/ruby/openssl/commit/12250c7cef







[ruby/openssl] ignore pkgconfig when any openssl option is specified
2022-07-08T14:18:09+00:00

Stefan Kaes
stefan.kaes@xing.com

2022-01-04T12:28:26+00:00

0bf2dfa6ac52b8c98116b2dba1225f9da12eb42f

https://github.com/ruby/openssl/commit/b23fa75aa3





https://github.com/ruby/openssl/commit/b23fa75aa3