ruby.git/ext/openssl/openssl_missing.h, branch v3_2_11 The Ruby Programming Language [ruby/openssl] pkey, ssl: use EVP_PKEY_eq() instead of EVP_PKEY_cmp() 2021-10-24T15:40:47+00:00 Kazuki Yamaguchi k@rhe.jp 2021-05-17T07:18:45+00:00 1b5ccc8a0c27273d2f944f9914bcbdda3ad803f7 OpenSSL 3.0 renamed EVP_PKEY_cmp() to EVP_PKEY_eq() because that was a confusing name. https://github.com/ruby/openssl/commit/d42bd7fcdb 
OpenSSL 3.0 renamed EVP_PKEY_cmp() to EVP_PKEY_eq() because that was a
confusing name.

https://github.com/ruby/openssl/commit/d42bd7fcdb
[ruby/openssl] hmac: use EVP_MD_CTX_get_pkey_ctx() instead of EVP_MD_CTX_pkey_ctx() 2021-10-24T15:40:46+00:00 Kazuki Yamaguchi k@rhe.jp 2021-06-22T09:50:17+00:00 16272d9ae98dfa8296d477a8e255d35f4a3d29e9 OpenSSL 3.0 renamed EVP_MD_CTX_pkey_ctx() to include "get" in the function name. Adjust compatibility macro so that we can use the new function name for all OpenSSL 1.0.2-3.0. https://github.com/ruby/openssl/commit/c106d888c6 
OpenSSL 3.0 renamed EVP_MD_CTX_pkey_ctx() to include "get" in the
function name. Adjust compatibility macro so that we can use the new
function name for all OpenSSL 1.0.2-3.0.

https://github.com/ruby/openssl/commit/c106d888c6
[ruby/openssl] digest: use EVP_MD_CTX_get0_md() instead of EVP_MD_CTX_md() if exists 2021-10-24T15:40:45+00:00 Kazuki Yamaguchi k@rhe.jp 2021-04-22T04:57:47+00:00 040387d265e405c769867dbedd47c723185bc944 The function was renamed in OpenSSL 3.0 due to the change of the lifetime of EVP_MD objects. They are no longer necessarily statically allocated and can be reference-counted -- when an EVP_MD_CTX is free'd, the associated EVP_MD can also become inaccessible. Currently Ruby/OpenSSL only handles builtin algorithms, so no special handling is needed except for adapting to the rename. https://github.com/ruby/openssl/commit/0a253027e6 
The function was renamed in OpenSSL 3.0 due to the change of the
lifetime of EVP_MD objects. They are no longer necessarily statically
allocated and can be reference-counted -- when an EVP_MD_CTX is free'd,
the associated EVP_MD can also become inaccessible.

Currently Ruby/OpenSSL only handles builtin algorithms, so no special
handling is needed except for adapting to the rename.

https://github.com/ruby/openssl/commit/0a253027e6
[ruby/openssl] ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs 2021-10-24T15:40:43+00:00 Kazuki Yamaguchi k@rhe.jp 2020-02-21T20:37:01+00:00 19ef7082baa5097e3d4cddb68c98ea1ec8e34a88 OpenSSL 3.0 fixed the typo in the function name and replaced the current 'CTS' version with a macro. https://github.com/ruby/openssl/commit/2be6779b08 
OpenSSL 3.0 fixed the typo in the function name and replaced the
current 'CTS' version with a macro.

https://github.com/ruby/openssl/commit/2be6779b08
[ruby/openssl] pkey: remove unused ossl_generate_cb_2() helper function 2021-07-18T08:44:50+00:00 Kazuki Yamaguchi k@rhe.jp 2021-04-04T15:39:04+00:00 436aecb520e63f318ed515d0ca6c0b2cc6cc8115 The previous series of commits re-implemented key generation with the low level API with the EVP API. The BN_GENCB-based callback function is no longer used. https://github.com/ruby/openssl/commit/81027b7463 
The previous series of commits re-implemented key generation with the
low level API with the EVP API. The BN_GENCB-based callback function is
no longer used.

https://github.com/ruby/openssl/commit/81027b7463
[ruby/openssl] require OpenSSL >= 1.0.2 and LibreSSL >= 3.1 2021-07-18T08:44:41+00:00 Kazuki Yamaguchi k@rhe.jp 2020-08-04T14:14:44+00:00 cd002305f0db447b47b54b93e1ecb3c666d37c06 Clean up old version guards in preparation for the upcoming OpenSSL 3.0 support. OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided to keep 1.0.1 support because many major Linux distributions were still shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions are reaching their EOL and it should be safe to assume nobody uses them anymore. Major ones that were using 1.0.1: - Ubuntu 14.04 is EOL since 2019-04-30 - RHEL 6 will reach EOL on 2020-11-30 LibreSSL 3.0 and older versions are no longer supported by the LibreSSL team as of October 2020. Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also did on 2018-08-31. https://github.com/ruby/openssl/commit/c055938f4b 
Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.

OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:

 - Ubuntu 14.04 is EOL since 2019-04-30
 - RHEL 6 will reach EOL on 2020-11-30

LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.

Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.

https://github.com/ruby/openssl/commit/c055938f4b
[ruby/openssl] hmac: migrate from the low-level HMAC API to the EVP API 2021-03-16T10:16:11+00:00 Kazuki Yamaguchi k@rhe.jp 2020-05-18T07:15:07+00:00 b91f62f3840582bb3e4fbece15654e1d852c829b Use the EVP API instead of the low-level HMAC API. Use of the HMAC API has been discouraged and is being marked as deprecated starting from OpenSSL 3.0.0. The two singleton methods OpenSSL::HMAC, HMAC.digest and HMAC.hexdigest are now in lib/openssl/hmac.rb. https://github.com/ruby/openssl/commit/0317e2fc02 
Use the EVP API instead of the low-level HMAC API. Use of the HMAC API
has been discouraged and is being marked as deprecated starting from
OpenSSL 3.0.0.

The two singleton methods OpenSSL::HMAC, HMAC.digest and HMAC.hexdigest
are now in lib/openssl/hmac.rb.

https://github.com/ruby/openssl/commit/0317e2fc02
Import openssl-2.2.0 (#2693) 2020-02-16T06:21:29+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2020-02-16T06:21:29+00:00 b99775b163ce44079c1f8727ce9b4ed8bb03489d Import the master branch of ruby/openssl for preparing to release openssl-2.2.0 
Import the master branch of ruby/openssl for preparing to release openssl-2.2.0
Suppress more -Wparentheses warnings 2018-09-21T10:31:11+00:00 nobu nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-09-21T10:31:11+00:00 0d95805c2ee6d6bbd42a71e7b82da1618b289b5c [Fix GH-1958] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
[Fix GH-1958]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
openssl: sync with upstream repository 2018-08-08T14:13:53+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-08-08T14:13:53+00:00 a0f292bbcd6421b0cb87b84cb34887c7e020727b Sync with the current tip of master branch, 62436385306c of ruby/openssl.git. Changes can be found at: https://github.com/ruby/openssl/compare/v2.1.1...62436385306c ---------------------------------------------------------------- Brian Cunnie (1): Correctly verify abbreviated IPv6 SANs Janko Marohnić (1): Reduce memory allocation when writing to SSLSocket Jeremy Evans (1): Move rb_global_variable call to directly after assignment Kazuki Yamaguchi (7): pkcs7: allow recipient's certificate to be omitted for PKCS7#decrypt pkey: resume key generation after interrupt tool/ruby-openssl-docker: update to latest versions test/test_ssl: fix test failure with TLS 1.3 test/test_x509name: change script encoding to ASCII-8BIT x509name: refactor OpenSSL::X509::Name#to_s x509name: fix handling of X509_NAME_{oneline,print_ex}() return value ahadc (1): Update CONTRIBUTING.md nobu (6): no ID cache in Init functions search winsock libraries explicitly openssl: search winsock openssl_missing.h: constified reduce LibreSSL warnings openssl/buffering.rb: no RS when output git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Sync with the current tip of master branch, 62436385306c of
ruby/openssl.git. Changes can be found at:

	https://github.com/ruby/openssl/compare/v2.1.1...62436385306c

----------------------------------------------------------------
Brian Cunnie (1):
      Correctly verify abbreviated IPv6 SANs

Janko Marohnić (1):
      Reduce memory allocation when writing to SSLSocket

Jeremy Evans (1):
      Move rb_global_variable call to directly after assignment

Kazuki Yamaguchi (7):
      pkcs7: allow recipient's certificate to be omitted for PKCS7#decrypt
      pkey: resume key generation after interrupt
      tool/ruby-openssl-docker: update to latest versions
      test/test_ssl: fix test failure with TLS 1.3
      test/test_x509name: change script encoding to ASCII-8BIT
      x509name: refactor OpenSSL::X509::Name#to_s
      x509name: fix handling of X509_NAME_{oneline,print_ex}() return value

ahadc (1):
      Update CONTRIBUTING.md

nobu (6):
      no ID cache in Init functions
      search winsock libraries explicitly
      openssl: search winsock
      openssl_missing.h: constified
      reduce LibreSSL warnings
      openssl/buffering.rb: no RS when output

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e