ruby.git/ext/openssl/ossl_ssl.c, branch v3_0_4

openssl: import v2.2.1

2021-10-30T11:22:06+00:00

Bring the local copy of ruby/openssl in sync with the upstream gem
release v2.2.1. The commits happened in the upstream repository can be
found at:

	https://github.com/ruby/openssl/compare/v2.2.0...v2.2.1

Note that many of these have already been applied to ruby.git and don't
appear in the file changes of this commit.

Don't redefine #rb_intern over and over again

2020-10-21T03:45:18+00:00

[ruby/openssl] ssl: temporarily remove SSLContext#add_certificate_chain_file

2020-05-13T06:47:51+00:00

Let's revert the changes for now, as it cannot be included in the 2.2.0
release.

My comment on #257:

> A blocker is OpenSSL::SSL::SSLContext#add_certificate_chain_file. It
> has a pending change and I don't want to include it in an incomplete
> state.
>
> The initial implementation in commit 46e4bdba40c5 was not really
> useful. The issue is described in #305. #309 extended it
> to take the corresponding private key together. However, the new
> implementation was incompatible on Windows and was reverted by #320 to
> the initial one.
>
> (The prerequisite to implement it in) an alternative way is #288, and
> it's still cooking.

This effectively reverts the following commits:

 - dacd08937ccd ("ssl: suppress test failure with SSLContext#add_certificate_chain_file", 2020-03-09)
 - 46e4bdba40c5 ("Add support for SSL_CTX_use_certificate_chain_file. Fixes #254.", 2019-06-13)

https://github.com/ruby/openssl/commit/ea925619a9

Suppress -Wshorten-64-to-32 warnings

2020-04-08T07:28:38+00:00

openssl: sync with upstream repository

2020-03-10T08:41:01+00:00

Import current master (2c43241dc0ed) of ruby/openssl.git.

Below are the commits that were made since the last batch at commit
b99775b163ce (ruby/openssl.git commit f49e7110ca1e). Note that some of
them have been applied already.

----------------------------------------------------------------
Benoit Daloze (1):
      Remove redundant and ignored workflow file

DBL-Lee (1):
      add support for SHA512_256/SHA512_224

Hiroshi SHIBATA (2):
      Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms
      Fixed inconsistency directory structure with ruby/ruby repo

Jeremy Evans (2):
      Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock
      Remove taint support

Kazuki Yamaguchi (26):
      config: support .include directive
      random: make OpenSSL::Random.pseudo_bytes alias of .random_bytes
      extconf.rb: get rid of -Werror=deprecated-declarations
      test/openssl/test_ssl: skip test_fallback_scsv if necessary
      ts: simplify OpenSSL::Timestamp::Request#algorithm
      History.md: add missing references to GitHub issues
      config: deprecate OpenSSL::Config#add_value and #[]=
      test/openssl/test_ssl: remove sleep from test_finished_messages
      test/openssl/test_ssl: fix random failure in SSLSocket.open test
      test/openssl/test_ssl: avoid explicitly-sized private keys
      test/openssl/test_ssl: remove commented-out test case
      test/openssl/test_ssl: allow kRSA tests to fail
      ssl: avoid declarations after statements
      engine: revert OpenSSL::Engine.load changes for cloudhsm
      engine: remove really outdated static engines
      engine: do not check for ENGINE_load_builtin_engines()
      engine: fix guards for 'dynamic' and 'cryptodev' engines
      lib/openssl.rb: require openssl/version.rb
      x509: add error code and verify flags constants
      ssl: set verify error code in the case of verify_hostname failure
      .github/workflows: merge CI jobs into a single workflow
      .github/workflows: test against different OpenSSL versions
      .travis.yml: fully migrate to GitHub Actions
      ssl: suppress test failure with SSLContext#add_certificate_chain_file
      ssl: remove test case test_puts_meta from test_pair
      Revert "Use version.rb in gemspec"

MSP-Greg (2):
      .travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2
      Use version.rb in gemspec

Samuel Williams (1):
      Restore compatibility with older versions of Ruby.

Yusuke Endoh (1):
      Make OpenSSL::OSSL#test_memcmp_timing robust

Import openssl-2.2.0 (#2693)

2020-02-16T06:21:29+00:00

Import the master branch of ruby/openssl for preparing to release openssl-2.2.0

ext/openssl/ossl_ssl.c: nodoc for private methods

2019-12-29T13:09:15+00:00

[Misc #11712][ruby-core:71565]

[ruby/openssl] Remove taint support

2019-11-17T23:00:25+00:00

Ruby 2.7 deprecates taint and it no longer has an effect.
The lack of taint support should not cause a problem in
previous Ruby versions.

ext/openssl/ossl_ssl.c: Use const declaration if LibreSSL >= 2.8.0

2019-10-05T10:08:23+00:00

to suppress a warning in OpenBSD.

```
ossl_ssl.c:938:31: warning: incompatible pointer types passing 'SSL_SESSION *(SSL *, unsigned char *, int, int *)' (aka 'struct ssl_session_st *(struct ssl_st *, unsigned char *, int, int *)') to parameter of type 'SSL_SESSION *(*)(struct ssl_st *, const unsigned char *, int, int *)' (aka 'struct ssl_session_st *(*)(struct ssl_st *, const unsigned char *, int, int *)') [-Wincompatible-pointer-types]
        SSL_CTX_sess_set_get_cb(ctx, ossl_sslctx_session_get_cb);
                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/ssl.h:738:20: note: passing argument to parameter 'get_session_cb' here
    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
                   ^
1 warning generated.
```

Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock

2019-09-26T15:01:53+00:00

It's unlikely anyone would actually hit these.  The methods are
private, you only hit this code path if calling these methods
before performing the SSL connection, and there is already a
verbose warning issued.