ruby.git/ext/openssl, branch v3_3_11 The Ruby Programming Language Update openssl gem to 3.2.2 2025-10-11T07:53:43+00:00 Bo Anderson mail@boanderson.me 2025-10-09T03:24:27+00:00 ce7aa23f97273fa181be26aec33d3c6998e203c5 






[ruby/openssl] Run `have_func` with the header providing the declarations
2025-07-20T09:32:03+00:00

Nobuyoshi Nakada
nobu@ruby-lang.org

2025-07-01T08:38:25+00:00

bf08633e0f3d1b52c2ebb35d89591b6775ccb320

https://github.com/ruby/openssl/commit/b6f56c4540





https://github.com/ruby/openssl/commit/b6f56c4540







[ruby/openssl] History.md: Escape Markdown syntax Italic "*". [ci skip]
2023-11-25T10:05:24+00:00

Jun Aruga
jaruga@redhat.com

2023-11-20T12:18:55+00:00

3140886b759b3ca5602b0fc2ce85d6022133146b

https://github.com/ruby/openssl/commit/dc26433ae5





https://github.com/ruby/openssl/commit/dc26433ae5







[ruby/openssl] Ruby/OpenSSL 3.2.0
2023-09-21T20:01:23+00:00

Kazuki Yamaguchi
k@rhe.jp

2023-08-31T09:52:17+00:00

2df00640ff098a305eacee48cf2c77c9d9bdd81e

https://github.com/ruby/openssl/commit/6b3dd6a372





https://github.com/ruby/openssl/commit/6b3dd6a372







[ruby/openssl] Update README and gemspec description
2023-09-21T20:01:23+00:00

Kazuki Yamaguchi
k@rhe.jp

2023-08-31T09:46:41+00:00

a2f1195bebca468eed7e8bf650027e3d3747c141

 * Reword the description in README for more clarity.

 * Add a compatibility matrix of our stable branches and explain the
   maintenance policy.

 * Remove the obsolete paragraph for how to use the gem in Ruby 2.3,
   which is no longer supported.

https://github.com/ruby/openssl/commit/7691034fcb





 * Reword the description in README for more clarity.

 * Add a compatibility matrix of our stable branches and explain the
   maintenance policy.

 * Remove the obsolete paragraph for how to use the gem in Ruby 2.3,
   which is no longer supported.

https://github.com/ruby/openssl/commit/7691034fcb







[ruby/openssl] x509ext: let X509::ExtensionFactory#create_ext take a dotted OID string
2023-09-06T10:30:32+00:00

Michael Richardson
mcr@sandelman.ca

2017-08-27T00:09:38+00:00

91e5f51607e38138045b67f80932f7a2a56f7d72

instead of looking of NIDs and then using X509V3_EXT_nconf_nid,
instead just pass strings to X509V3_EXT_nconf, which has all the logic for
processing dealing with generic extensions
also process the oid through ln2nid() to retain compatibility.

[rhe: tweaked commit message and added a test case]

https://github.com/ruby/openssl/commit/9f15741331





instead of looking of NIDs and then using X509V3_EXT_nconf_nid,
instead just pass strings to X509V3_EXT_nconf, which has all the logic for
processing dealing with generic extensions
also process the oid through ln2nid() to retain compatibility.

[rhe: tweaked commit message and added a test case]

https://github.com/ruby/openssl/commit/9f15741331







[ruby/openssl] Fix OCSP documentation
2023-09-06T10:26:27+00:00

Petrik
petrik@deheus.net

2023-08-31T13:14:18+00:00

9b6128c541386d6e375723bb9eb4161854d72112

`port` should be called on the `ocsp_uri` URI instead of `ocsp`, which
is just a string.

https://github.com/ruby/openssl/commit/89a1c82dd0





`port` should be called on the `ocsp_uri` URI instead of `ocsp`, which
is just a string.

https://github.com/ruby/openssl/commit/89a1c82dd0







[ruby/openssl] Prefer String#unpack1
2023-09-06T10:24:53+00:00

Mau Magnaguagno
maumagnaguagno@gmail.com

2023-08-31T06:38:45+00:00

60a6de81a823cdb932d21fa5869c93853d3f2795

(https://github.com/ruby/openssl/pull/586)

String#unpack1 avoids the intermediate array created by String#unpack
for single elements, while also making a call to Array#first/[0]
unnecessary.

https://github.com/ruby/openssl/commit/8eb0715a42





(https://github.com/ruby/openssl/pull/586)

String#unpack1 avoids the intermediate array created by String#unpack
for single elements, while also making a call to Array#first/[0]
unnecessary.

https://github.com/ruby/openssl/commit/8eb0715a42







[ruby/openssl] ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
2023-09-06T10:24:43+00:00

Kazuki Yamaguchi
k@rhe.jp

2023-08-29T10:46:02+00:00

b6d7cdc2bad0eadbca73f3486917f0ec7a475814

In TLS 1.2 or before, if DH group parameters for DHE are not supplied
with SSLContext#tmp_dh= or #tmp_dh_callback=, we currently use the
self-generated parameters added in commit https://github.com/ruby/openssl/commit/bb3399a61c03 ("support 2048
bit length DH-key", 2016-01-15) as the fallback.

While there is no known weakness in the current parameters, it would be
a good idea to switch to pre-defined, more well audited parameters.

This also allows the fallback to work in the FIPS mode.

The PEM encoding was derived with:

	# RFC 7919 Appendix A.1. ffdhe2048
	print OpenSSL::PKey.read(OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer((<<-END).split.join.to_i(16)), OpenSSL::ASN1::Integer(2)]).to_der).to_pem
	    FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
	    D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
	    7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
	    2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
	    984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
	    30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
	    B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
	    0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
	    9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
	    3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
	    886B4238 61285C97 FFFFFFFF FFFFFFFF
	END

https://github.com/ruby/openssl/commit/a5527cb4f4





In TLS 1.2 or before, if DH group parameters for DHE are not supplied
with SSLContext#tmp_dh= or #tmp_dh_callback=, we currently use the
self-generated parameters added in commit https://github.com/ruby/openssl/commit/bb3399a61c03 ("support 2048
bit length DH-key", 2016-01-15) as the fallback.

While there is no known weakness in the current parameters, it would be
a good idea to switch to pre-defined, more well audited parameters.

This also allows the fallback to work in the FIPS mode.

The PEM encoding was derived with:

	# RFC 7919 Appendix A.1. ffdhe2048
	print OpenSSL::PKey.read(OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer((<<-END).split.join.to_i(16)), OpenSSL::ASN1::Integer(2)]).to_der).to_pem
	    FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
	    D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
	    7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
	    2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
	    984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
	    30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
	    B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
	    0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
	    9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
	    3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
	    886B4238 61285C97 FFFFFFFF FFFFFFFF
	END

https://github.com/ruby/openssl/commit/a5527cb4f4







[ruby/openssl] Refactor Buffering consume_rbuff and getbyte methods
2023-09-06T10:24:02+00:00

Mau Magnaguagno
maumagnaguagno@gmail.com

2022-12-26T11:35:54+00:00

4a042b2255519eb3e2826609dd8c042e164e7a26

Prefer ``slice!`` for ``Buffering#consume_rbuff`` and safe navigation with ``ord`` for ``Buffering#getbyte``, similar to ``each_byte``.

https://github.com/ruby/openssl/commit/5f6abff178





Prefer ``slice!`` for ``Buffering#consume_rbuff`` and safe navigation with ``ord`` for ``Buffering#getbyte``, similar to ``each_byte``.

https://github.com/ruby/openssl/commit/5f6abff178