ruby.git/ext/openssl/ossl_ssl.c, branch v4.0.2 The Ruby Programming Language [ruby/openssl] Expand tabs in C source files 2025-12-04T17:46:59+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-29T18:40:32+00:00 5062c0c621d887367af8a054e5e5d83d7ec57dd3 Since around 2018, we have been using spaces for indentation for newly added code[1]. The mixed use of tabs and spaces has repeatedly confused new contributors who configured their editors to use a different tab size than 8. Since git blame can now skip specific commits, ruby/ruby did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl. While at it, fix a few indentation issues, mainly in switch-case labels and in ossl_ssl_session.c, which used doubled indentation size. This patch contains white-space changes only. git diff -w output should be empty. [1] https://bugs.ruby-lang.org/issues/14246 [2] https://bugs.ruby-lang.org/issues/18891 https://github.com/ruby/openssl/commit/4d6214f507 
Since around 2018, we have been using spaces for indentation for newly
added code[1]. The mixed use of tabs and spaces has repeatedly confused
new contributors who configured their editors to use a different tab
size than 8. Since git blame can now skip specific commits, ruby/ruby
did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl.

While at it, fix a few indentation issues, mainly in switch-case labels
and in ossl_ssl_session.c, which used doubled indentation size.

This patch contains white-space changes only. git diff -w output should
be empty.

[1] https://bugs.ruby-lang.org/issues/14246
[2] https://bugs.ruby-lang.org/issues/18891

https://github.com/ruby/openssl/commit/4d6214f507
[ruby/openssl] Remove dummy declarations for mOSSL and eOSSLError 2025-11-29T17:05:19+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-29T16:47:26+00:00 bae06ce22c5ab6a4a3085300274f258d55858e90 These declarations were added to every source file because older versions of RDoc did not resolve ancestor tree across files. Since RDoc 6.9.0 supports this, this workaround is no longer needed. https://redirect.github.com/ruby/rdoc/pull/1217 https://github.com/ruby/openssl/commit/6491ce63be 
These declarations were added to every source file because older
versions of RDoc did not resolve ancestor tree across files. Since
RDoc 6.9.0 supports this, this workaround is no longer needed.

    https://redirect.github.com/ruby/rdoc/pull/1217

https://github.com/ruby/openssl/commit/6491ce63be
[ruby/openssl] ssl: refactor tmp_dh_callback handling 2025-10-08T13:59:39+00:00 Kazuki Yamaguchi k@rhe.jp 2025-04-20T13:28:04+00:00 e4f12808318d743642e6c0a579b35df2eededd3c tmp_dh_callback no longer has a default value. It also no longer has to share code with tmp_ecdh_callback, which has been removed in v3.0.0. https://github.com/ruby/openssl/commit/b7cde6df2a 
tmp_dh_callback no longer has a default value. It also no longer has to
share code with tmp_ecdh_callback, which has been removed in v3.0.0.

https://github.com/ruby/openssl/commit/b7cde6df2a
[ruby/openssl] ssl: use SSL_CTX_set_dh_auto() by default 2025-10-08T13:59:39+00:00 Kazuki Yamaguchi k@rhe.jp 2025-04-20T11:26:00+00:00 ea79fe225cc28960595b53cf20e698ec5bbddb0e Rely on OpenSSL's builtin DH parameters for TLS 1.2 and earlier instead of providing a default SSLContext#tmp_dh_callback proc. SSL_CTX_set_dh_auto() has been available since OpenSSL 1.1.0. The parameters can still be overridden by specifying SSLContext#tmp_dh_callback or #tmp_dh, as confirmed by existing tests. SSLContext#tmp_dh_callback depends on a deprecated OpenSSL feature. We also prefer not to hard-code parameters, which is a maintenance burden. This change also improves Ractor compatibility by removing the unshareable proc. https://github.com/ruby/openssl/commit/9cfec9bf5e 
Rely on OpenSSL's builtin DH parameters for TLS 1.2 and earlier instead
of providing a default SSLContext#tmp_dh_callback proc.
SSL_CTX_set_dh_auto() has been available since OpenSSL 1.1.0.

The parameters can still be overridden by specifying
SSLContext#tmp_dh_callback or #tmp_dh, as confirmed by existing tests.

SSLContext#tmp_dh_callback depends on a deprecated OpenSSL feature. We
also prefer not to hard-code parameters, which is a maintenance burden.
This change also improves Ractor compatibility by removing the
unshareable proc.

https://github.com/ruby/openssl/commit/9cfec9bf5e
[ruby/openssl] ssl: fix extconf.rb check for SSL_CTX_set0_tmp_dh_pkey() 2025-10-08T13:59:38+00:00 Kazuki Yamaguchi k@rhe.jp 2025-04-20T10:24:27+00:00 8dfe5403415fc1bd0c6ce56e5edd8749d081e33d Check for the function we actually use. Both SSL_set0_tmp_dh_pkey() and SSL_CTX_set0_tmp_dh_pkey() were added in OpenSSL 3.0. https://github.com/ruby/openssl/commit/a9b6a64e5f 
Check for the function we actually use. Both SSL_set0_tmp_dh_pkey() and
SSL_CTX_set0_tmp_dh_pkey() were added in OpenSSL 3.0.

https://github.com/ruby/openssl/commit/a9b6a64e5f
[ruby/openssl] pkey: rename ossl_pkey_new() to ossl_pkey_wrap() 2025-07-27T12:17:25+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-21T14:52:03+00:00 1c18ab81dbf4a8006222d7f10752dde362ba05a6 Among functions named ossl_*_new(), ossl_pkey_new() is now the only one that takes ownership of the passed OpenSSL object instead of making a copy or incrementing its reference counter. Rename it to make this behavior easier to understand. https://github.com/ruby/openssl/commit/54c1c26eb5 
Among functions named ossl_*_new(), ossl_pkey_new() is now the only one
that takes ownership of the passed OpenSSL object instead of making a
copy or incrementing its reference counter. Rename it to make this
behavior easier to understand.

https://github.com/ruby/openssl/commit/54c1c26eb5
[ruby/openssl] ssl: add SSLSocket#sigalg, #peer_sigalg, #group 2025-07-22T16:51:02+00:00 Jun Aruga jaruga@redhat.com 2025-07-07T16:07:47+00:00 7bb48f87f35d4d99312c94e3982e2f483675a777 These methods are useful to test post-quantum cryptography (PQC) cases. https://github.com/ruby/openssl/commit/434ef74452 
These methods are useful to test post-quantum cryptography (PQC) cases.

https://github.com/ruby/openssl/commit/434ef74452
[ruby/openssl] ssl: rename SSLContext#ecdh_curves= to #groups= 2025-07-04T09:17:55+00:00 Kazuki Yamaguchi k@rhe.jp 2025-06-19T17:36:36+00:00 38993efb27a35b37ecb938f7791fa7c51fbf4bac TLS 1.3 renamed the "elliptic_curves" extension to "supported_groups" to reflect that it now covers more than just ECDH groups. OpenSSL 1.1.1 followed this change by renaming the corresponding API from SSL_CTX_set1_curves_list() to SSL_CTX_set1_groups_list(). Update ruby/openssl to use the new name, too. The current method name SSLContext#ecdh_curves= is retained as an alias for #group=. https://github.com/ruby/openssl/commit/59e98604e0 
TLS 1.3 renamed the "elliptic_curves" extension to "supported_groups"
to reflect that it now covers more than just ECDH groups. OpenSSL 1.1.1
followed this change by renaming the corresponding API from
SSL_CTX_set1_curves_list() to SSL_CTX_set1_groups_list().

Update ruby/openssl to use the new name, too. The current method name
SSLContext#ecdh_curves= is retained as an alias for #group=.

https://github.com/ruby/openssl/commit/59e98604e0
[ruby/openssl] ssl: add SSLContext#sigalgs= and #client_sigalgs= 2025-06-20T17:58:38+00:00 Kazuki Yamaguchi k@rhe.jp 2025-06-03T06:00:43+00:00 112ba7064718aa8e486ff1d953946ad5a5480f8c Add methods for setting supported signature algorithms, corresponding to SSL_CTX_set1_sigalgs_list() and SSL_CTX_set1_client_sigalgs_list(), respectively. https://github.com/ruby/openssl/commit/6bbe58c492 Co-authored-by: Markus Jung <markus.jung@vivavis.com> 
Add methods for setting supported signature algorithms, corresponding
to SSL_CTX_set1_sigalgs_list() and SSL_CTX_set1_client_sigalgs_list(),
respectively.

https://github.com/ruby/openssl/commit/6bbe58c492

Co-authored-by: Markus Jung <markus.jung@vivavis.com>
[ruby/openssl] ssl: update rdoc for SSLContext#ciphers= and #ciphersuites= 2025-06-20T17:58:38+00:00 Kazuki Yamaguchi k@rhe.jp 2025-06-02T17:30:28+00:00 0d75dd1f47bd93427ecd29c13ce0729d92f8a858 https://github.com/ruby/openssl/commit/54f22395e7 
https://github.com/ruby/openssl/commit/54f22395e7