ruby.git/ext/openssl/openssl_missing.h, branch v4.0.3 The Ruby Programming Language [ruby/openssl] ts: use TS_VERIFY_CTX_set0_{store,certs}() on OpenSSL 3.4 2025-01-22T16:45:52+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-21T18:22:22+00:00 495b1cad042b30c40b62b5ecea5a728ea3c2f4ac In OpenSSL 3.4, TS_VERIFY_CTX_set_certs() and TS_VERIFY_CTX_set_store() are deprecated in favor of the new functions with "set0" in the names. The new functions have a slightly different behavior. They will free the previous value automatically. Increment the reference counter of X509_STORE before setting it to TS_VERIFY_CTX, and do not try to manually unset it. We avoided doing this to work around a bug that was present in older versions of OpenSSL, which has now been fixed in OpenSSL 1.0.2 by commit https://github.com/openssl/openssl/commit/bff9ce4db38b. https://github.com/ruby/openssl/commit/ce37f7d93a 
In OpenSSL 3.4, TS_VERIFY_CTX_set_certs() and TS_VERIFY_CTX_set_store()
are deprecated in favor of the new functions with "set0" in the names.

The new functions have a slightly different behavior. They will free the
previous value automatically. Increment the reference counter of
X509_STORE before setting it to TS_VERIFY_CTX, and do not try to
manually unset it.

We avoided doing this to work around a bug that was present in older
versions of OpenSSL, which has now been fixed in OpenSSL 1.0.2 by commit
https://github.com/openssl/openssl/commit/bff9ce4db38b.

https://github.com/ruby/openssl/commit/ce37f7d93a
[ruby/openssl] Require OpenSSL 1.1.0 or later 2025-01-20T17:12:57+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-14T12:49:12+00:00 441862dc9f11d83e9e35c3b965fe84e42e178a35 Drop support for OpenSSL 1.0.2. It has reached upstream EOL in 2019-12. Most distributions that shipped with OpenSSL 1.0.2 have also reached EOL, or provide a newer version in the package repository: - RHEL 7 (EOL 2024-06) - Ubuntu 16.04 LTS (EOL 2021-04) - Amazon Linux 2 (EOL 2026-06, but OpenSSL 1.1.1 can be installed via the openssl11{,-devel} package) https://github.com/ruby/openssl/commit/38ec6fd50e 
Drop support for OpenSSL 1.0.2. It has reached upstream EOL in 2019-12.

Most distributions that shipped with OpenSSL 1.0.2 have also reached
EOL, or provide a newer version in the package repository:

 - RHEL 7 (EOL 2024-06)
 - Ubuntu 16.04 LTS (EOL 2021-04)
 - Amazon Linux 2 (EOL 2026-06, but OpenSSL 1.1.1 can be installed via
   the openssl11{,-devel} package)

https://github.com/ruby/openssl/commit/38ec6fd50e
[ruby/openssl] Fix references to the license text 2024-06-08T10:59:17+00:00 Kazuki Yamaguchi k@rhe.jp 2024-05-01T08:10:44+00:00 69c0b1438a45938e79e63407035f116de4634dcb Update the references to the file "LICENCE" with "COPYING". The file LICENCE doesn't exist in ruby/ruby nor ruby/openssl. This has been always the case since OpenSSL for Ruby 2 was merged to the ruby tree as a standard library in 2003. In OpenSSL for Ruby 2's CVS repository[1], the LICENCE file contained an old version of the Ruby License, identical to the COPYING file that was in Ruby's tree at that time (r4128[2]). [1] http://cvs.savannah.gnu.org/viewvc/rubypki/ossl2/LICENCE?revision=1.1.1.1&view=markup [2] https://github.com/ruby/ruby/blob/231247c010acba191b78ed2d1310c935e63ad919/COPYING https://github.com/ruby/openssl/commit/5bccf07d04 
Update the references to the file "LICENCE" with "COPYING".

The file LICENCE doesn't exist in ruby/ruby nor ruby/openssl. This has
been always the case since OpenSSL for Ruby 2 was merged to the ruby
tree as a standard library in 2003.

In OpenSSL for Ruby 2's CVS repository[1], the LICENCE file contained
an old version of the Ruby License, identical to the COPYING file that
was in Ruby's tree at that time (r4128[2]).

[1] http://cvs.savannah.gnu.org/viewvc/rubypki/ossl2/LICENCE?revision=1.1.1.1&view=markup
[2] https://github.com/ruby/ruby/blob/231247c010acba191b78ed2d1310c935e63ad919/COPYING

https://github.com/ruby/openssl/commit/5bccf07d04
[ruby/openssl] pkey, ssl: use EVP_PKEY_eq() instead of EVP_PKEY_cmp() 2021-10-24T15:40:47+00:00 Kazuki Yamaguchi k@rhe.jp 2021-05-17T07:18:45+00:00 1b5ccc8a0c27273d2f944f9914bcbdda3ad803f7 OpenSSL 3.0 renamed EVP_PKEY_cmp() to EVP_PKEY_eq() because that was a confusing name. https://github.com/ruby/openssl/commit/d42bd7fcdb 
OpenSSL 3.0 renamed EVP_PKEY_cmp() to EVP_PKEY_eq() because that was a
confusing name.

https://github.com/ruby/openssl/commit/d42bd7fcdb
[ruby/openssl] hmac: use EVP_MD_CTX_get_pkey_ctx() instead of EVP_MD_CTX_pkey_ctx() 2021-10-24T15:40:46+00:00 Kazuki Yamaguchi k@rhe.jp 2021-06-22T09:50:17+00:00 16272d9ae98dfa8296d477a8e255d35f4a3d29e9 OpenSSL 3.0 renamed EVP_MD_CTX_pkey_ctx() to include "get" in the function name. Adjust compatibility macro so that we can use the new function name for all OpenSSL 1.0.2-3.0. https://github.com/ruby/openssl/commit/c106d888c6 
OpenSSL 3.0 renamed EVP_MD_CTX_pkey_ctx() to include "get" in the
function name. Adjust compatibility macro so that we can use the new
function name for all OpenSSL 1.0.2-3.0.

https://github.com/ruby/openssl/commit/c106d888c6
[ruby/openssl] digest: use EVP_MD_CTX_get0_md() instead of EVP_MD_CTX_md() if exists 2021-10-24T15:40:45+00:00 Kazuki Yamaguchi k@rhe.jp 2021-04-22T04:57:47+00:00 040387d265e405c769867dbedd47c723185bc944 The function was renamed in OpenSSL 3.0 due to the change of the lifetime of EVP_MD objects. They are no longer necessarily statically allocated and can be reference-counted -- when an EVP_MD_CTX is free'd, the associated EVP_MD can also become inaccessible. Currently Ruby/OpenSSL only handles builtin algorithms, so no special handling is needed except for adapting to the rename. https://github.com/ruby/openssl/commit/0a253027e6 
The function was renamed in OpenSSL 3.0 due to the change of the
lifetime of EVP_MD objects. They are no longer necessarily statically
allocated and can be reference-counted -- when an EVP_MD_CTX is free'd,
the associated EVP_MD can also become inaccessible.

Currently Ruby/OpenSSL only handles builtin algorithms, so no special
handling is needed except for adapting to the rename.

https://github.com/ruby/openssl/commit/0a253027e6
[ruby/openssl] ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs 2021-10-24T15:40:43+00:00 Kazuki Yamaguchi k@rhe.jp 2020-02-21T20:37:01+00:00 19ef7082baa5097e3d4cddb68c98ea1ec8e34a88 OpenSSL 3.0 fixed the typo in the function name and replaced the current 'CTS' version with a macro. https://github.com/ruby/openssl/commit/2be6779b08 
OpenSSL 3.0 fixed the typo in the function name and replaced the
current 'CTS' version with a macro.

https://github.com/ruby/openssl/commit/2be6779b08
[ruby/openssl] pkey: remove unused ossl_generate_cb_2() helper function 2021-07-18T08:44:50+00:00 Kazuki Yamaguchi k@rhe.jp 2021-04-04T15:39:04+00:00 436aecb520e63f318ed515d0ca6c0b2cc6cc8115 The previous series of commits re-implemented key generation with the low level API with the EVP API. The BN_GENCB-based callback function is no longer used. https://github.com/ruby/openssl/commit/81027b7463 
The previous series of commits re-implemented key generation with the
low level API with the EVP API. The BN_GENCB-based callback function is
no longer used.

https://github.com/ruby/openssl/commit/81027b7463
[ruby/openssl] require OpenSSL >= 1.0.2 and LibreSSL >= 3.1 2021-07-18T08:44:41+00:00 Kazuki Yamaguchi k@rhe.jp 2020-08-04T14:14:44+00:00 cd002305f0db447b47b54b93e1ecb3c666d37c06 Clean up old version guards in preparation for the upcoming OpenSSL 3.0 support. OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided to keep 1.0.1 support because many major Linux distributions were still shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions are reaching their EOL and it should be safe to assume nobody uses them anymore. Major ones that were using 1.0.1: - Ubuntu 14.04 is EOL since 2019-04-30 - RHEL 6 will reach EOL on 2020-11-30 LibreSSL 3.0 and older versions are no longer supported by the LibreSSL team as of October 2020. Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also did on 2018-08-31. https://github.com/ruby/openssl/commit/c055938f4b 
Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.

OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:

 - Ubuntu 14.04 is EOL since 2019-04-30
 - RHEL 6 will reach EOL on 2020-11-30

LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.

Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.

https://github.com/ruby/openssl/commit/c055938f4b
[ruby/openssl] hmac: migrate from the low-level HMAC API to the EVP API 2021-03-16T10:16:11+00:00 Kazuki Yamaguchi k@rhe.jp 2020-05-18T07:15:07+00:00 b91f62f3840582bb3e4fbece15654e1d852c829b Use the EVP API instead of the low-level HMAC API. Use of the HMAC API has been discouraged and is being marked as deprecated starting from OpenSSL 3.0.0. The two singleton methods OpenSSL::HMAC, HMAC.digest and HMAC.hexdigest are now in lib/openssl/hmac.rb. https://github.com/ruby/openssl/commit/0317e2fc02 
Use the EVP API instead of the low-level HMAC API. Use of the HMAC API
has been discouraged and is being marked as deprecated starting from
OpenSSL 3.0.0.

The two singleton methods OpenSSL::HMAC, HMAC.digest and HMAC.hexdigest
are now in lib/openssl/hmac.rb.

https://github.com/ruby/openssl/commit/0317e2fc02