ruby.git/ext/openssl/lib, branch v2_4_0_preview2 The Ruby Programming Language openssl: import v2.0.0.beta.2 2016-09-08T01:09:19+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-09-08T01:09:19+00:00 a128c0d33f1d7a66c2c8c5d57fde40acd97becae * {ext,test}/openssl: Import Ruby/OpenSSL 2.0.0.beta.2. The full commit history since v2.0.0.beta.1 can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.1...v2.0.0.beta.2 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* {ext,test}/openssl: Import Ruby/OpenSSL 2.0.0.beta.2. The full commit
  history since v2.0.0.beta.1 can be found at:
  https://github.com/ruby/openssl/compare/v2.0.0.beta.1...v2.0.0.beta.2

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
import Ruby/OpenSSL 2.0.0.beta.1 2016-08-29T05:47:09+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-08-29T05:47:09+00:00 c9dc0164b8ad1cb23faf6120749bcc349a7bfd45 * NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1.
  ext/openssl is now converted into a default gem. The full commit
  history since r55538 can be found at:
  https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1
  [Feature #9612]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
openssl: adjust tests for OpenSSL 1.1.0 2016-06-07T12:20:46+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-06-07T12:20:46+00:00 b257af88595a9fc9b834a43fe726029f25019c16 This fixes `make test-all TESTS=openssl` with OpenSSL master. * test/openssl/test_x509name.rb: Don't register OID for 'emailAddress' and 'serialNumber'. A recent change in OpenSSL made OBJ_create() reject an already existing OID. They were needed to run tests with OpenSSL 0.9.6 which is now unsupported. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25 [ruby-core:75225] [Feature #12324] * test/openssl/test_ssl_session.rb (test_server_session): Duplicate SSL::Session before re-adding to the session store. OpenSSL 1.1.0 starts rejecting SSL_SESSION once removed by SSL_CTX_remove_session(). https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75 * test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519 is new in OpenSSL 1.1.0 but this is for key agreement and not for signing. * test/openssl/test_pair.rb, test/openssl/test_ssl.rb, test/openssl/utils.rb: Set security level to 0 when using aNULL cipher suites. * test/openssl/utils.rb: Use 1024 bits DSA key for client certificates. * test/openssl/test_engine.rb: Run each test in separate process. We can no longer cleanup engines explicitly as ENGINE_cleanup() was removed. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6d4fb1d59e61aacefa25edc4fe5acfe1ac93f743 * ext/openssl/ossl_engine.c (ossl_engine_s_cleanup): Add a note to the RDoc for Engine.cleanup. * ext/openssl/lib/openssl/digest.rb: Don't define constants for DSS, DSS1 and SHA(-0) when using with OpenSSL 1.1.0. They are removed. * test/openssl/test_digest.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_ssl.rb, test/openssl/test_x509cert.rb, test/openssl/test_x509req.rb: Don't test unsupported hash functions. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55314 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
This fixes `make test-all TESTS=openssl` with OpenSSL master.

* test/openssl/test_x509name.rb: Don't register OID for 'emailAddress'
  and 'serialNumber'. A recent change in OpenSSL made OBJ_create()
  reject an already existing OID. They were needed to run tests with
  OpenSSL 0.9.6 which is now unsupported.
  https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25
  [ruby-core:75225] [Feature #12324]

* test/openssl/test_ssl_session.rb (test_server_session): Duplicate
  SSL::Session before re-adding to the session store. OpenSSL 1.1.0
  starts rejecting SSL_SESSION once removed by SSL_CTX_remove_session().
  https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75

* test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519
  is new in OpenSSL 1.1.0 but this is for key agreement and not for
  signing.

* test/openssl/test_pair.rb, test/openssl/test_ssl.rb,
  test/openssl/utils.rb: Set security level to 0 when using aNULL cipher
  suites.

* test/openssl/utils.rb: Use 1024 bits DSA key for client certificates.

* test/openssl/test_engine.rb: Run each test in separate process.
  We can no longer cleanup engines explicitly as ENGINE_cleanup() was
  removed.
  https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6d4fb1d59e61aacefa25edc4fe5acfe1ac93f743

* ext/openssl/ossl_engine.c (ossl_engine_s_cleanup): Add a note to the
  RDoc for Engine.cleanup.

* ext/openssl/lib/openssl/digest.rb: Don't define constants for DSS,
  DSS1 and SHA(-0) when using with OpenSSL 1.1.0. They are removed.

* test/openssl/test_digest.rb, test/openssl/test_pkey_dsa.rb,
  test/openssl/test_pkey_dsa.rb, test/openssl/test_ssl.rb,
  test/openssl/test_x509cert.rb, test/openssl/test_x509req.rb: Don't
  test unsupported hash functions.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55314 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
openssl: move SSLSocket#initialize to C extension 2016-05-28T05:00:36+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-05-28T05:00:36+00:00 61a3fff66141ffc0b6e384729456c6ca87f61776 * ext/openssl/lib/openssl/ssl.rb (SSLSocket): Move the implementation of SSLSocket#initialize to C. Initialize the SSL (OpenSSL object) in it. Currently this is delayed until ossl_ssl_setup(), which is called from SSLSocket#accept or #connect. Say we call SSLSocket#hostname= with an illegal value. We expect an exception to be raised in #hostname= but actually we get it in the later SSLSocket#connect. Because the SSL is not ready at #hostname=, the actual call of SSL_set_tlsext_host_name() is also delayed. This also fixes: [ruby-dev:49376] [Bug #11724] * ext/openssl/ossl_ssl.c (ossl_ssl_initialize): Added. Almost the same as the Ruby version but this instantiate the SSL object at the same time. (ossl_ssl_setup): Adjust to the changes. Just set the underlying IO to the SSL. (ssl_started): Added. Make use of SSL_get_fd(). This returns -1 if not yet set by SSL_set_fd(). (ossl_ssl_data_get_struct): Removed. Now GetSSL() checks that the SSL exists. (ossl_ssl_set_session): Don't call ossl_ssl_setup() here as now the SSL is already instantiated in #initialize. (ossl_ssl_shutdown, ossl_start_ssl, ossl_ssl_read_internal, ossl_ssl_write_internal, ossl_ssl_stop, ossl_ssl_get_cert, ossl_ssl_get_peer_cert, ossl_ssl_get_peer_cert_chain, ossl_ssl_get_version, ossl_ssl_get_cipher, ossl_ssl_get_state, ossl_ssl_pending, ossl_ssl_session_reused, ossl_ssl_get_verify_result, ossl_ssl_get_client_ca_list, ossl_ssl_npn_protocol, ossl_ssl_alpn_protocol, ossl_ssl_tmp_key): Use GetSSL() instead of ossl_ssl_data_get_struct(). Use ssl_started(). (Init_ossl_ssl): Add method declarations of SSLSocket#{initialize, hostname=}. * ext/openssl/ossl_ssl.h (GetSSL): Check that the SSL is not NULL. It should not be NULL because we now set it in #initialize. * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_initialize): No need to check if the SSL is NULL. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55191 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* ext/openssl/lib/openssl/ssl.rb (SSLSocket): Move the implementation of
  SSLSocket#initialize to C. Initialize the SSL (OpenSSL object) in it.
  Currently this is delayed until ossl_ssl_setup(), which is called from
  SSLSocket#accept or #connect. Say we call SSLSocket#hostname= with an
  illegal value. We expect an exception to be raised in #hostname= but
  actually we get it in the later SSLSocket#connect. Because the SSL is
  not ready at #hostname=, the actual call of SSL_set_tlsext_host_name()
  is also delayed.
  This also fixes: [ruby-dev:49376] [Bug #11724]

* ext/openssl/ossl_ssl.c (ossl_ssl_initialize): Added. Almost the same
  as the Ruby version but this instantiate the SSL object at the same
  time.

  (ossl_ssl_setup): Adjust to the changes. Just set the underlying IO to
  the SSL.

  (ssl_started): Added. Make use of SSL_get_fd(). This returns -1 if not
  yet set by SSL_set_fd().

  (ossl_ssl_data_get_struct): Removed. Now GetSSL() checks that the SSL
  exists.

  (ossl_ssl_set_session): Don't call ossl_ssl_setup() here as now the
  SSL is already instantiated in #initialize.

  (ossl_ssl_shutdown, ossl_start_ssl, ossl_ssl_read_internal,
   ossl_ssl_write_internal, ossl_ssl_stop, ossl_ssl_get_cert,
   ossl_ssl_get_peer_cert, ossl_ssl_get_peer_cert_chain,
   ossl_ssl_get_version, ossl_ssl_get_cipher, ossl_ssl_get_state,
   ossl_ssl_pending, ossl_ssl_session_reused,
   ossl_ssl_get_verify_result, ossl_ssl_get_client_ca_list,
   ossl_ssl_npn_protocol, ossl_ssl_alpn_protocol, ossl_ssl_tmp_key): Use
  GetSSL() instead of ossl_ssl_data_get_struct(). Use ssl_started().

  (Init_ossl_ssl): Add method declarations of SSLSocket#{initialize,
  hostname=}.

* ext/openssl/ossl_ssl.h (GetSSL): Check that the SSL is not NULL. It
  should not be NULL because we now set it in #initialize.

* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_initialize): No need
  to check if the SSL is NULL.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55191 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
openssl: drop OpenSSL 0.9.6/0.9.7 support 2016-05-25T08:50:03+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-05-25T08:50:03+00:00 cf2792d59191424ee7875b5cc96fe31facce2471 * ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
openssl: fix possible SEGV on race between SSLSocket#stop and #connect 2016-05-21T07:25:00+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-05-21T07:25:00+00:00 118ee2a734152c35ebb6e963d4052d7152ab3ba0 * ext/openssl/ossl_ssl.c (ossl_ssl_stop): Don't free the SSL struct here. Since some methods such as SSLSocket#connect releases GVL, there is a chance of use after free if we free the SSL from another thread. SSLSocket#stop was documented as "prepares it for another connection" so this is a slightly incompatible change. However when this sentence was added (r30090, Add toplevel documentation for OpenSSL, 2010-12-06), it didn't actually. The current behavior is from r40304 (Correct shutdown behavior w.r.t GC., 2013-04-15). [ruby-core:74978] [Bug #12292] * ext/openssl/lib/openssl/ssl.rb (sysclose): Update doc. * test/openssl/test_ssl.rb: Test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55100 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* ext/openssl/ossl_ssl.c (ossl_ssl_stop): Don't free the SSL struct
  here. Since some methods such as SSLSocket#connect releases GVL,
  there is a chance of use after free if we free the SSL from another
  thread. SSLSocket#stop was documented as "prepares it for another
  connection" so this is a slightly incompatible change. However when
  this sentence was added (r30090, Add toplevel documentation for
  OpenSSL, 2010-12-06), it didn't actually. The current behavior is
  from r40304 (Correct shutdown behavior w.r.t GC., 2013-04-15).
  [ruby-core:74978] [Bug #12292]

* ext/openssl/lib/openssl/ssl.rb (sysclose): Update doc.

* test/openssl/test_ssl.rb: Test this.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55100 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
openssl: remove impossible EOFError raise in OpenSSL::Buffering 2016-05-21T03:44:10+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-05-21T03:44:10+00:00 9239916f5c8884cb9ade150160b48d360fddf49a * ext/openssl/lib/openssl/buffering.rb (read_nonblock, readpartial): Remove impossible EOFError raise. Patch by Zach Anker <zanker@squareup.com>. [GH ruby/openssl#23] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55097 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* ext/openssl/lib/openssl/buffering.rb (read_nonblock, readpartial):
  Remove impossible EOFError raise. Patch by Zach Anker
  <zanker@squareup.com>.  [GH ruby/openssl#23]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55097 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/lib/openssl/pkey.rb: Added 2048 bit DH parameter. 2016-01-16T07:51:24+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-01-16T07:51:24+00:00 d2076446ede4113260d94b29b8bd9334c6dd91ec * test/openssl/test_pkey_dh.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53553 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* test/openssl/test_pkey_dh.rb: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53553 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Remove 512-bit DH group. It's affected by LogJam Attack. 2016-01-14T06:09:19+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-01-14T06:09:19+00:00 55cb1b5e7084f651961f00bfaf181ba8dcc7d852 https://weakdh.org/ [fix GH-1196][Bug #11968][ruby-core:72766] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  https://weakdh.org/
  [fix GH-1196][Bug #11968][ruby-core:72766]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
NotImplementedError typo 2015-12-21T00:33:20+00:00 nobu nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-12-21T00:33:20+00:00 c17e9e077c2f6c018dc51e5b39617992adc63755 * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLSocket): fix NotImplementedError typo. [Fix GH-1165] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLSocket): fix
  NotImplementedError typo.  [Fix GH-1165]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e