ruby.git/ext/openssl/ossl_x509store.c, branch v4.0.4 The Ruby Programming Language [ruby/openssl] Expand tabs in C source files 2025-12-04T17:46:59+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-29T18:40:32+00:00 5062c0c621d887367af8a054e5e5d83d7ec57dd3 Since around 2018, we have been using spaces for indentation for newly added code[1]. The mixed use of tabs and spaces has repeatedly confused new contributors who configured their editors to use a different tab size than 8. Since git blame can now skip specific commits, ruby/ruby did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl. While at it, fix a few indentation issues, mainly in switch-case labels and in ossl_ssl_session.c, which used doubled indentation size. This patch contains white-space changes only. git diff -w output should be empty. [1] https://bugs.ruby-lang.org/issues/14246 [2] https://bugs.ruby-lang.org/issues/18891 https://github.com/ruby/openssl/commit/4d6214f507 
Since around 2018, we have been using spaces for indentation for newly
added code[1]. The mixed use of tabs and spaces has repeatedly confused
new contributors who configured their editors to use a different tab
size than 8. Since git blame can now skip specific commits, ruby/ruby
did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl.

While at it, fix a few indentation issues, mainly in switch-case labels
and in ossl_ssl_session.c, which used doubled indentation size.

This patch contains white-space changes only. git diff -w output should
be empty.

[1] https://bugs.ruby-lang.org/issues/14246
[2] https://bugs.ruby-lang.org/issues/18891

https://github.com/ruby/openssl/commit/4d6214f507
[ruby/openssl] Remove dummy declarations for mOSSL and eOSSLError 2025-11-29T17:05:19+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-29T16:47:26+00:00 bae06ce22c5ab6a4a3085300274f258d55858e90 These declarations were added to every source file because older versions of RDoc did not resolve ancestor tree across files. Since RDoc 6.9.0 supports this, this workaround is no longer needed. https://redirect.github.com/ruby/rdoc/pull/1217 https://github.com/ruby/openssl/commit/6491ce63be 
These declarations were added to every source file because older
versions of RDoc did not resolve ancestor tree across files. Since
RDoc 6.9.0 supports this, this workaround is no longer needed.

    https://redirect.github.com/ruby/rdoc/pull/1217

https://github.com/ruby/openssl/commit/6491ce63be
[ruby/openssl] Add missing write barriers in X509 2025-08-19T16:30:50+00:00 John Hawthorn john@hawthorn.email 2025-08-12T22:22:23+00:00 3ff1ca07bab3603ad2c0744983d5d7b8b9ac3a44 Both the X509 store and X509 store context were missing write barriers. To the callback object being stored in the ex data. These values were also being stored as an IV, however in Ruby HEAD we're now storing the IVs for T_DATA (generic IVs) on a separate object. So we need an additional write barrier. I believe this was always necessary, because we could have done incremental marking ahead of compaction, and without the write barrier the mark function could have been run before @verify_callback was assigned. This was detected by wbcheck https://github.com/ruby/openssl/commit/1fda3a99ef 
Both the X509 store and X509 store context were missing write barriers.
To the callback object being stored in the ex data.

These values were also being stored as an IV, however in Ruby HEAD we're
now storing the IVs for T_DATA (generic IVs) on a separate object. So we
need an additional write barrier.

I believe this was always necessary, because we could have done
incremental marking ahead of compaction, and without the write barrier
the mark function could have been run before @verify_callback was
assigned.

This was detected by wbcheck

https://github.com/ruby/openssl/commit/1fda3a99ef
[ruby/openssl] x509store: fix StoreContext#current_cert 2025-07-31T09:45:35+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-27T14:04:09+00:00 e8261963c79ba61453f7f0dae281c33a1287b351 Commit https://github.com/ruby/openssl/commit/ef277083ba76 overlooked a caller of ossl_x509_new() with NULL argument. OpenSSL::X509::StoreContext#current_cert may not have a certificate to return if StoreContext#verify has not been called. https://github.com/ruby/openssl/commit/4149b43890 
Commit https://github.com/ruby/openssl/commit/ef277083ba76 overlooked a caller of ossl_x509_new() with NULL
argument. OpenSSL::X509::StoreContext#current_cert may not have a
certificate to return if StoreContext#verify has not been called.

https://github.com/ruby/openssl/commit/4149b43890
[ruby/openssl] Require OpenSSL 1.1.1 or later 2025-01-21T18:14:14+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-20T17:08:54+00:00 43c48e3030c513c17bfcf4c37bbe533097fa1a22 Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2. Distributions that shipped with OpenSSL 1.1.0 include: - Debian 9 (EOL 2022-06) - Ubuntu 18.04 LTS (EOL 2023-04) https://github.com/ruby/openssl/commit/ba83abe920 
Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and
it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2.
Distributions that shipped with OpenSSL 1.1.0 include:

 - Debian 9 (EOL 2022-06)
 - Ubuntu 18.04 LTS (EOL 2023-04)

https://github.com/ruby/openssl/commit/ba83abe920
[ruby/openssl] Require OpenSSL 1.1.0 or later 2025-01-20T17:12:57+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-14T12:49:12+00:00 441862dc9f11d83e9e35c3b965fe84e42e178a35 Drop support for OpenSSL 1.0.2. It has reached upstream EOL in 2019-12. Most distributions that shipped with OpenSSL 1.0.2 have also reached EOL, or provide a newer version in the package repository: - RHEL 7 (EOL 2024-06) - Ubuntu 16.04 LTS (EOL 2021-04) - Amazon Linux 2 (EOL 2026-06, but OpenSSL 1.1.1 can be installed via the openssl11{,-devel} package) https://github.com/ruby/openssl/commit/38ec6fd50e 
Drop support for OpenSSL 1.0.2. It has reached upstream EOL in 2019-12.

Most distributions that shipped with OpenSSL 1.0.2 have also reached
EOL, or provide a newer version in the package repository:

 - RHEL 7 (EOL 2024-06)
 - Ubuntu 16.04 LTS (EOL 2021-04)
 - Amazon Linux 2 (EOL 2026-06, but OpenSSL 1.1.1 can be installed via
   the openssl11{,-devel} package)

https://github.com/ruby/openssl/commit/38ec6fd50e
[ruby/openssl] Require LibreSSL 3.9 or later 2025-01-14T12:38:16+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-07T16:55:56+00:00 0fb64bda9bf16c36de3c4ca5f9d3aa8da5d39ee2 Drop support for LibreSSL 3.1-3.8. LibreSSL 3.8 has reached its EOL in 2024-10. https://github.com/ruby/openssl/commit/f33d611f9f 
Drop support for LibreSSL 3.1-3.8. LibreSSL 3.8 has reached its EOL in
2024-10.

https://github.com/ruby/openssl/commit/f33d611f9f
[ruby/openssl] Mark variables and functions as static whenever possible 2024-12-07T07:55:47+00:00 Kazuki Yamaguchi k@rhe.jp 2024-10-29T19:03:05+00:00 1df63d9451459209c00f5e8db033f18d145cc741 https://github.com/ruby/openssl/commit/85d6b7f192 
https://github.com/ruby/openssl/commit/85d6b7f192
[ruby/openssl] x509store: fix exception class in OpenSSL::X509::StoreContext#verify 2024-12-07T07:55:46+00:00 Kazuki Yamaguchi k@rhe.jp 2024-10-29T18:33:54+00:00 870cce9798e7e1ad5b6c0ade7a4247b53b4f34ce Follow-up commit https://github.com/ruby/openssl/commit/0789643d7333 (openssl: clear OpenSSL error queue before return to Ruby, 2016-05-18). It should raise OpenSSL::X509::StoreError instead of OpenSSL::X509::CertificateError. https://github.com/ruby/openssl/commit/0201f23ad6 
Follow-up commit https://github.com/ruby/openssl/commit/0789643d7333 (openssl: clear OpenSSL error
queue before return to Ruby, 2016-05-18). It should raise
OpenSSL::X509::StoreError instead of OpenSSL::X509::CertificateError.

https://github.com/ruby/openssl/commit/0201f23ad6
[ruby/openssl] Set time directly on the x509 store 2024-07-24T16:51:00+00:00 Samuel Giddins segiddins@segiddins.me 2024-07-24T16:50:57+00:00 0d3ce3123491eee303a1259caa09f3da9c085d76 (https://github.com/ruby/openssl/pull/770) Instead of an ivar, so other ossl functions that take a store will use the correct time when verifying https://github.com/ruby/openssl/commit/21aadc66ae 
(https://github.com/ruby/openssl/pull/770)

Instead of an ivar, so other ossl functions that take a store will use the correct time when verifying

https://github.com/ruby/openssl/commit/21aadc66ae