ruby.git/ext/openssl/lib, branch ruby_2_0_0 The Ruby Programming Language merge revision(s) 50292: [Backport #9644] 2015-04-13T13:16:27+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-04-13T13:16:27+00:00 329ab042ee76bec0d2319eb177932fe13d20669b * ext/openssl/lib/openssl/ssl.rb: stricter hostname verification following RFC 6125. with the patch provided by Tony Arcieri and Hiroshi Nakamura [ruby-core:61545] [Bug #9644] * test/openssl/test_ssl.rb: add tests for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@50294 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/lib/openssl/ssl.rb: stricter hostname verification
	  following RFC 6125. with the patch provided by Tony Arcieri and
	  Hiroshi Nakamura [ruby-core:61545] [Bug #9644]

	* test/openssl/test_ssl.rb: add tests for above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@50294 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 45274,45278,45280,48097: [Backport #9424] 2014-10-23T09:59:40+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-10-23T09:59:40+00:00 4a5d839ceb4f08aff4843abc6b369b12a97e02e7 * lib/openssl/ssl.rb: Explicitly whitelist the default SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable compression by default. Reported by Jeff Hodges. [ruby-core:59829] [Bug #9424] * test/openssl/test_ssl.rb: Reuse TLS default options from OpenSSL::SSL::SSLContext::DEFAULT_PARAMS. * ext/openssl/lib/openssl/ssl.rb (DEFAULT_PARAMS): override options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined. this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@48110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* lib/openssl/ssl.rb: Explicitly whitelist the default
	  SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable
	  compression by default.
	  Reported by Jeff Hodges.
	  [ruby-core:59829] [Bug #9424]

	* test/openssl/test_ssl.rb: Reuse TLS default options from
	  OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.

	* ext/openssl/lib/openssl/ssl.rb (DEFAULT_PARAMS): override
	  options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined.
	  this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@48110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 45863,45871: [Backport #9750] 2014-06-27T08:17:35+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-06-27T08:17:35+00:00 674b2526650f317a5a836130631651dbdb019913 * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLServer#accept): Consider Socket#accept as well as TCPServer#accept. Reported by Sam Stelfox. [ruby-core:62064] [Bug #9750] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@46579 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLServer#accept):
	  Consider Socket#accept as well as TCPServer#accept.
	  Reported by Sam Stelfox.  [ruby-core:62064] [Bug #9750]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@46579 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) r43750,r43940: 2014-02-19T17:14:45+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-02-19T17:14:45+00:00 b903bbe4bfd8c3b75cbfa231a6ee3d15ef1370d2 * ext/openssl/lib/openssl/buffering.rb: [DOC] Fix HEREDOC comment for OpenSSL::Buffering which breaks overview because of RDoc bug * ext/openssl/lib/openssl/buffering.rb: Fix warning in copyright git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@45053 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/lib/openssl/buffering.rb: [DOC] Fix HEREDOC comment for
	  OpenSSL::Buffering which breaks overview because of RDoc bug

	* ext/openssl/lib/openssl/buffering.rb: Fix warning in copyright


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@45053 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 41805: [Backport #8575] [Backport #8582] 2013-07-06T17:05:08+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-07-06T17:05:08+00:00 239d52c825f7b98d3aa4ae42cbc7034cbf8198cd * lib/openssl/ssl.rb: Fix SSL client connection crash for SAN marked critical. The patch for CVE-2013-4073 caused SSL crash when a SSL server returns the certificate that has critical SAN value. X509 extension could include 2 or 3 elements in it: [id, criticality, octet_string] if critical, [id, octet_string] if not. Making sure to pick the last element of X509 extension and use it as SAN value. [ruby-core:55685] [Bug #8575] Thank you @nahi for providing the patch! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@41812 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* lib/openssl/ssl.rb: Fix SSL client connection crash for SAN marked
	  critical.
	  The patch for CVE-2013-4073 caused SSL crash when a SSL server returns
	  the certificate that has critical SAN value.  X509 extension could
	  include 2 or 3 elements in it:
	  [id, criticality, octet_string] if critical,
	  [id, octet_string] if not.
	  Making sure to pick the last element of X509 extension and use it as
	  SAN value.
	  [ruby-core:55685] [Bug #8575]
	  Thank you @nahi for providing the patch!


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@41812 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 41785: 2013-07-06T16:52:56+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-07-06T16:52:56+00:00 b4359a3a43389be5ebb0d7f6bdd3624c353e624f Fix comment typo by @parroty [fix GH-350] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@41809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	Fix comment typo by @parroty [fix GH-350]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@41809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 41671: 2013-06-27T11:11:11+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-06-27T11:11:11+00:00 8bbcbef83e1afe71fb49a098cbf7b9be62b1c47a * ext/openssl/lib/openssl/ssl.rb (verify_certificate_identity): fix hostname verification. Patched by nahi. * test/openssl/test_ssl.rb (test_verify_certificate_identity): test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@41672 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/lib/openssl/ssl.rb (verify_certificate_identity): fix
	  hostname verification. Patched by nahi.

	* test/openssl/test_ssl.rb (test_verify_certificate_identity): test for
	  above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@41672 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/lib/ssl.rb: Enable insertion of empty fragments as a 2012-12-18T02:02:43+00:00 emboss emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2012-12-18T02:02:43+00:00 84f1dae9d637a2038d1b395bcc2f22404770d2d7 countermeasure for the BEAST attack by default. The default options of OpenSSL::SSL:SSLContext are now: OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS [Bug #5353] [ruby-core:39673] * test/openssl/test_ssl.rb: Adapt tests to new SSLContext default. * NEWS: Announce the new default. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  countermeasure for the BEAST attack by default. The default options
  of OpenSSL::SSL:SSLContext are now:
  OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
  [Bug #5353] [ruby-core:39673]

* test/openssl/test_ssl.rb: Adapt tests to new SSLContext default.

* NEWS: Announce the new default.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
remove trailing spaces. 2012-09-04T00:57:31+00:00 nobu nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2012-09-04T00:57:31+00:00 af6c038b23c056fed1a8f5cbb8827b3a5061e893 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36895 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36895 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/lib/openssl/digest.rb 2012-08-02T01:58:49+00:00 emboss emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2012-08-02T01:58:49+00:00 df05bd2c82386e5897c4125576199e18a13712a1 test/openssl/test_digest.rb: Add Digest module function to OpenSSL module and test it. Patch provided by Eric Hodel. [ruby-core:46908][Feature #6819] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  test/openssl/test_digest.rb: Add Digest module function to OpenSSL
  module and test it. Patch provided by Eric Hodel.
  [ruby-core:46908][Feature #6819]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e