ruby.git/ext/openssl/ossl_ssl.c, branch v3_2_11 The Ruby Programming Language [ruby/openssl] Undefine `OpenSSL::SSL` for no socket platforms 2022-12-23T00:39:15+00:00 Yuta Saito kateinoigakukun@gmail.com 2022-10-31T11:07:57+00:00 782777a803f990f688579db50c938d1a80a5f24a This fixes a linkage error about `ossl_ssl_type` on platforms which do not have socket, like WASI. Even before this patch, some items are disabled under `OPENSSL_NO_SOCK` since https://github.com/ruby/ruby/commit/ee22fad45d394818690c4a7586d7bb576ba67c56 However, due to some new use of OpenSSL::SSL::Socket over the past few years, the build under `OPENSSL_NO_SOCK` had been broken. This patch guards whole `OpenSSL::SSL` items by `OPENSSL_NO_SOCK`. [ky: adjusted to apply on top of my previous commit that removed the OpenSSL::ExtConfig, and added a guard to lib/openssl/ssl.rb.] https://github.com/ruby/openssl/commit/b0cfac6a96 
This fixes a linkage error about `ossl_ssl_type` on platforms which do
not have socket, like WASI.

Even before this patch, some items are disabled under `OPENSSL_NO_SOCK` since
https://github.com/ruby/ruby/commit/ee22fad45d394818690c4a7586d7bb576ba67c56
However, due to some new use of OpenSSL::SSL::Socket over the past few years,
the build under `OPENSSL_NO_SOCK` had been broken.

This patch guards whole `OpenSSL::SSL` items by `OPENSSL_NO_SOCK`.

[ky: adjusted to apply on top of my previous commit that removed the
OpenSSL::ExtConfig, and added a guard to lib/openssl/ssl.rb.]

https://github.com/ruby/openssl/commit/b0cfac6a96
[ruby/openssl] ssl: remove OpenSSL::ExtConfig 2022-12-23T00:39:15+00:00 Kazuki Yamaguchi k@rhe.jp 2022-12-22T19:34:43+00:00 e6ca6443299b48f906662b438e5267d876d21a1e This module was introduced in 2015 for internal use within this library. Neither of the two constants in it is used anymore. I don't think we will be adding a new constant in the foreseeable future, either. OPENSSL_NO_SOCK is unused since commit https://github.com/ruby/openssl/commit/998d66712a78 (r55191). HAVE_TLSEXT_HOST_NAME is unused since commit https://github.com/ruby/openssl/commit/4eb4b3297a92. https://github.com/ruby/openssl/commit/eed3894bda 
This module was introduced in 2015 for internal use within this library.
Neither of the two constants in it is used anymore. I don't think we
will be adding a new constant in the foreseeable future, either.

OPENSSL_NO_SOCK is unused since commit https://github.com/ruby/openssl/commit/998d66712a78 (r55191).
HAVE_TLSEXT_HOST_NAME is unused since commit https://github.com/ruby/openssl/commit/4eb4b3297a92.

https://github.com/ruby/openssl/commit/eed3894bda
[ruby/openssl] ssl: disable NPN support on LibreSSL 2022-12-23T00:39:15+00:00 Kazuki Yamaguchi k@rhe.jp 2022-10-17T08:33:37+00:00 dd6f3276e07f8f731a3bbcbdd58525ee6dd6581e As noted in commit https://github.com/ruby/openssl/commit/a2ed156cc9f1 ("test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1", 2017-08-13), NPN is known not to work properly on LibreSSL. Disable NPN support on LibreSSL, whether OPENSSL_NO_NEXTPROTONEG is defined or not. NPN is less relevant today anyway. Let's also silence test suite when it's not available. https://github.com/ruby/openssl/commit/289f6e0e1f 
As noted in commit https://github.com/ruby/openssl/commit/a2ed156cc9f1 ("test/test_ssl: do not run NPN tests
for LibreSSL >= 2.6.1", 2017-08-13), NPN is known not to work properly
on LibreSSL.

Disable NPN support on LibreSSL, whether OPENSSL_NO_NEXTPROTONEG is
defined or not.

NPN is less relevant today anyway. Let's also silence test suite when
it's not available.

https://github.com/ruby/openssl/commit/289f6e0e1f
[ruby/openssl] ssl: update TLS1_3_VERSION workaround for older LibreSSL versions 2022-12-23T00:39:15+00:00 Kazuki Yamaguchi k@rhe.jp 2022-10-17T07:52:46+00:00 d6c16dd3e67ea5aa58a2f17dc8aa8aa977ded99a The macro is now defined by default in LibreSSL 3.4+. Let's document it for future readers. https://github.com/ruby/openssl/commit/935698e9f9 
The macro is now defined by default in LibreSSL 3.4+. Let's document it
for future readers.

https://github.com/ruby/openssl/commit/935698e9f9
[ruby/openssl] Constify when building with OpenSSL 3 2022-12-23T00:39:15+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2022-07-08T15:17:25+00:00 d7d1bb3e871108b787d67da1f0d11d317bdfacf7 https://github.com/ruby/openssl/commit/c0023822fe 
https://github.com/ruby/openssl/commit/c0023822fe
[ruby/openssl] Use default `IO#timeout` if possible. 2022-10-17T07:35:35+00:00 Samuel Williams samuel.williams@oriontransfer.co.nz 2022-10-07T10:05:17+00:00 aecc470a3354bbf61e5cd2e65f4aeb4f3825a9be https://github.com/ruby/openssl/commit/471340f612 
https://github.com/ruby/openssl/commit/471340f612
[ruby/openssl] Add support to SSL_CTX_set_keylog_callback 2022-10-17T07:35:35+00:00 Christophe De La Fuente christophe_delafuente@rapid7.com 2022-08-29T18:15:54+00:00 17998ad3bb5864db38ba9e709ed7209da6189f0f - This callback is invoked when TLS key material is generated or received, in order to allow applications to store this keying material for debugging purposes. - It is invoked with an `SSLSocket` and a string containing the key material in the format used by NSS for its SSLKEYLOGFILE debugging output. - This commit adds the Ruby binding `keylog_cb` and the related tests - It is only compatible with OpenSSL >= 1.1.1. Even if LibreSSL implements `SSL_CTX_set_keylog_callback()` from v3.4.2, it does nothing (see https://github.com/libressl-portable/openbsd/commit/648d39f0f035835d0653342d139883b9661e9cb6) https://github.com/ruby/openssl/commit/3b63232cf1 
- This callback is invoked when TLS key material is generated or
  received, in order to allow applications to store this keying material
  for debugging purposes.
- It is invoked with an `SSLSocket` and a string containing the key
  material in the format used by NSS for its SSLKEYLOGFILE debugging
  output.
- This commit adds the Ruby binding `keylog_cb` and the related tests
- It is only compatible with OpenSSL >= 1.1.1. Even if LibreSSL implements
  `SSL_CTX_set_keylog_callback()` from v3.4.2, it does nothing (see
  https://github.com/libressl-portable/openbsd/commit/648d39f0f035835d0653342d139883b9661e9cb6)

https://github.com/ruby/openssl/commit/3b63232cf1
[ruby/openssl] ssl: fix "warning: ‘ctx’ may be used uninitialized" 2022-10-17T07:35:35+00:00 Kazuki Yamaguchi k@rhe.jp 2022-09-09T07:03:42+00:00 e4b1627983ca27afcae9a2c502915a747a9e1656 The code was introduced by https://github.com/ruby/openssl/commit/65530b887e54 ("ssl: enable generating keying material from SSL sessions", 2022-08-03). This is harmless, but we should avoid it. https://github.com/ruby/openssl/commit/f5b82e814b 
The code was introduced by https://github.com/ruby/openssl/commit/65530b887e54 ("ssl: enable generating keying
material from SSL sessions", 2022-08-03).

This is harmless, but we should avoid it.

https://github.com/ruby/openssl/commit/f5b82e814b
[ruby/openssl] ssl: enable generating keying material from SSL sessions 2022-10-17T07:35:35+00:00 madblobfish - 2022-08-03T21:24:28+00:00 79543b9a530d85f0487583d96ad412f5e7683ffa Add OpenSSL::SSL::SSLSocket#export_keying_material to support RFC 5705 https://github.com/ruby/openssl/commit/65530b887e 
Add OpenSSL::SSL::SSLSocket#export_keying_material to support RFC 5705

https://github.com/ruby/openssl/commit/65530b887e
Simplify default argument specification. (#6507) 2022-10-07T09:51:27+00:00 Samuel Williams samuel.williams@oriontransfer.co.nz 2022-10-07T09:51:27+00:00 a081fe76de5de0307651d99324a0e454fd8b8a8b