ruby.git/ext/openssl, branch v2_1_7 The Ruby Programming Language merge revision(s) 51409,51453: [Backport #10910] 2015-08-17T08:30:08+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-08-17T08:30:08+00:00 d3cd7b4813dcaf4022d8d70b8dd9f2bd17812d56 * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): raise a more helpful exception when verifying the peer connection and an anonymous cipher has been selected. [ruby-core:68330] [Bug #10910] Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch. * test/openssl/test_ssl.rb (class OpenSSL): test for change * .travis.yml: update libssl before running tests. Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for figuring out the travis settings! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@51608 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): raise a more
	  helpful exception when verifying the peer connection and an
	  anonymous cipher has been selected. [ruby-core:68330] [Bug #10910]
	  Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch.

	* test/openssl/test_ssl.rb (class OpenSSL): test for change

	* .travis.yml: update libssl before running tests. 
	  Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for figuring out the
	  travis settings!


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@51608 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 50646: [Backport #11185] 2015-06-09T07:28:56+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-06-09T07:28:56+00:00 7d7ed2c23116b8f2c0bfcd902eaf8a2a15301bb3 * ext/openssl/ossl_asn1.c (ossl_asn1_traverse, ossl_asn1_decode, ossl_asn1_decode_all): use RB_GC_GUARD instead of volatile [ruby-core:69371] [Bug #11185] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@50808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_asn1.c (ossl_asn1_traverse, ossl_asn1_decode,
	  ossl_asn1_decode_all): use RB_GC_GUARD instead of volatile
	  [ruby-core:69371] [Bug #11185]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@50808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 50292: [Backport #9644] 2015-04-13T13:20:40+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-04-13T13:20:40+00:00 e3252606afe73a7085ce8b92bd0c0a5eccd918d4 * ext/openssl/lib/openssl/ssl.rb: stricter hostname verification following RFC 6125. with the patch provided by Tony Arcieri and Hiroshi Nakamura [ruby-core:61545] [Bug #9644] * test/openssl/test_ssl.rb: add tests for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@50296 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/lib/openssl/ssl.rb: stricter hostname verification
	  following RFC 6125. with the patch provided by Tony Arcieri and
	  Hiroshi Nakamura [ruby-core:61545] [Bug #9644]

	* test/openssl/test_ssl.rb: add tests for above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@50296 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) r48923: [Backport #10633] 2015-01-22T11:51:16+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-01-22T11:51:16+00:00 2558571db146e6463501db9b006436d8e22ba6f3 * ext/openssl/ossl_cipher.c (ossl_cipher_update_long): update huge data gradually not to exceed INT_MAX. workaround of OpenSSL API limitation. [ruby-core:67043] [Bug #10633] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@49383 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_cipher.c (ossl_cipher_update_long): update huge
	  data gradually not to exceed INT_MAX.  workaround of OpenSSL API
	  limitation.  [ruby-core:67043] [Bug #10633]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@49383 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) r45274,r45278,r45280,r48097: [Backport #9424] [Backport #9640] 2014-10-22T14:14:52+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-10-22T14:14:52+00:00 c8137d676a79c7ac36079f3ea36dc3ae9df69a6e * lib/openssl/ssl.rb: Explicitly whitelist the default SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable compression by default. Reported by Jeff Hodges. [ruby-core:59829] [Bug #9424] * test/openssl/test_ssl.rb: Reuse TLS default options from OpenSSL::SSL::SSLContext::DEFAULT_PARAMS. * ext/openssl/lib/openssl/ssl.rb (DEFAULT_PARAMS): override options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined. this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@48098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* lib/openssl/ssl.rb: Explicitly whitelist the default
	  SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable
	  compression by default.
	  Reported by Jeff Hodges.
	  [ruby-core:59829] [Bug #9424]

	* test/openssl/test_ssl.rb: Reuse TLS default options from
	  OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.

	* ext/openssl/lib/openssl/ssl.rb (DEFAULT_PARAMS): override
	  options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined.
	  this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@48098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) r45863,r45871: [Backport #9750] 2014-06-29T17:26:54+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-06-29T17:26:54+00:00 4c5d8bebe80e90236bfe919efe67130e97824868 * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLServer#accept): Consider Socket#accept as well as TCPServer#accept. Reported by Sam Stelfox. [ruby-core:62064] [Bug #9750] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@46613 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLServer#accept):
	  Consider Socket#accept as well as TCPServer#accept.
	  Reported by Sam Stelfox.  [ruby-core:62064] [Bug #9750]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@46613 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) r45540: [Backport #9911] 2014-06-23T16:03:42+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-06-23T16:03:42+00:00 85a3ceafec987a55946358aa0a135f2860f4dc22 ossl.c: OPENSSL_LIBRARY_VERSION * ext/openssl/ossl.c (Init_openssl): add constant OPENSSL_LIBRARY_VERSION which tells the version running OpenSSL. [EXPERIMENTAL] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@46525 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	ossl.c: OPENSSL_LIBRARY_VERSION

	* ext/openssl/ossl.c (Init_openssl): add constant OPENSSL_LIBRARY_VERSION
  which tells the version running OpenSSL.  [EXPERIMENTAL]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@46525 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) r45701: [Backport #9771] 2014-05-28T14:44:07+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-05-28T14:44:07+00:00 b6fe6d591c53fc4b31eeafa4edae76cff5940d3e * ext/openssl/ossl_asn1.c (ossl_asn1_initialize): SYMID on a value other than Symbol is an undefined behavior. fix up r31699. [ruby-core:62142] [Bug #9771] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@46214 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_asn1.c (ossl_asn1_initialize): SYMID on a value
	  other than Symbol is an undefined behavior.  fix up r31699.
	  [ruby-core:62142] [Bug #9771]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@46214 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) r45595: [Backport #9743] [Backport #9745] 2014-05-04T17:44:00+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-05-04T17:44:00+00:00 01cf2127bd3b3ec3be64a10991d6b3287d60a162 * ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal() finalizes only a copy of the digest context, the context must be cleaned up after initialization by EVP_MD_CTX_cleanup() or a memory leak will occur. [ruby-core:62038] [Bug #9743] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@45821 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
	  finalizes only a copy of the digest context, the context must be
	  cleaned up after initialization by EVP_MD_CTX_cleanup() or a
	  memory leak will occur.  [ruby-core:62038] [Bug #9743]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@45821 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) r45271: [Backport #9592] [Backport #9671] 2014-05-01T15:23:08+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-05-01T15:23:08+00:00 49fed34108ed181fa43f6396d9ff19c7243d2bf6 * ext/openssl/ossl.c (ossl_make_error): check NULL for unknown error reasons with old OpenSSL, and insert a colon iff formatted message is not empty. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@45778 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
	  error reasons with old OpenSSL, and insert a colon iff formatted
	  message is not empty.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@45778 b2dd03c8-39d4-4d8f-98ff-823fe69b080e