ruby.git/ext/openssl, branch v4.0.3 The Ruby Programming Language [ruby/openssl] Ruby/OpenSSL 4.0.0 2025-12-15T09:50:30+00:00 Kazuki Yamaguchi k@rhe.jp 2025-12-14T10:10:04+00:00 f0793731853c0e130f798e9dc5c736b2fa1b72b7 https://github.com/ruby/openssl/commit/5af1edab18 
https://github.com/ruby/openssl/commit/5af1edab18
[ruby/openssl] ossl.c: improve docs for constants and methods under ::OpenSSL 2025-12-15T09:09:49+00:00 Kazuki Yamaguchi k@rhe.jp 2025-04-08T19:01:58+00:00 f06eb75646e7a8d17d9c41988207a2a29a3b006c https://github.com/ruby/openssl/commit/b0de8ba9bd 
https://github.com/ruby/openssl/commit/b0de8ba9bd
[ruby/openssl] Freeze more constants for Ractor compatibility 2025-12-15T09:09:49+00:00 Kazuki Yamaguchi k@rhe.jp 2025-12-14T10:55:28+00:00 ee6ba41bfdc82110468598467cd10ce850b44f0c https://github.com/ruby/openssl/commit/695126f582 
https://github.com/ruby/openssl/commit/695126f582
[ruby/openssl] pkcs7: raise OpenSSL::PKCS7::PKCS7Error in #initialize 2025-12-14T10:46:27+00:00 Kazuki Yamaguchi k@rhe.jp 2025-12-14T10:33:16+00:00 674c3d73e0f92d730bd2e544be344585a638ab37 When d2i_PKCS7_bio() and PEM_read_bio_PKCS7() fail to decode the input, OpenSSL::PKCS7.new currently raises ArgumentError. The usual practice in ruby/openssl where an error originates from the underlying OpenSSL library is to raise OpenSSL::OpenSSLError. Raise OpenSSL::PKCS7::PKCS7Error instead for consistency with OpenSSL::PKCS7.read_smime and all other existing #initialize methods that handle DER/PEM-encoded inputs. https://github.com/ruby/openssl/commit/67a608ce53 
When d2i_PKCS7_bio() and PEM_read_bio_PKCS7() fail to decode the input,
OpenSSL::PKCS7.new currently raises ArgumentError. The usual practice
in ruby/openssl where an error originates from the underlying OpenSSL
library is to raise OpenSSL::OpenSSLError.

Raise OpenSSL::PKCS7::PKCS7Error instead for consistency with
OpenSSL::PKCS7.read_smime and all other existing #initialize methods
that handle DER/PEM-encoded inputs.

https://github.com/ruby/openssl/commit/67a608ce53
[ruby/openssl] x509cert: update doc for OpenSSL::X509::Certificate#== 2025-12-14T10:46:13+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-29T17:47:18+00:00 7969b654181af13f547afb88834f017694881353 Mention the underlying OpenSSL function. Add a note about the unreliable comparison when called on an incomplete object. Fixes https://github.com/ruby/openssl/issues/844 https://github.com/ruby/openssl/commit/736af5b3c7 
Mention the underlying OpenSSL function. Add a note about the unreliable
comparison when called on an incomplete object.

Fixes https://github.com/ruby/openssl/issues/844

https://github.com/ruby/openssl/commit/736af5b3c7
[ruby/openssl] ossl.c: implement OpenSSL::OpenSSLError#detailed_message 2025-12-13T16:57:53+00:00 Kazuki Yamaguchi k@rhe.jp 2025-12-04T14:15:57+00:00 e8d32dddc04b34e2454b1c37b271bc242dddb06e An OpenSSL function sometimes puts more than one error entry into the thread-local OpenSSL error queue. Currently, we use the highest-level entry for generating the exception message and discard the rest. Let ossl_make_error() capture all current OpenSSL error queue contents into OpenSSL::OpenSSLError#errors and extend OpenSSL::OpenSSLError#detailed_message to include the information. An example: $ ruby -Ilib -ropenssl -e'OpenSSL::X509::ExtensionFactory.new.create_ext("a", "b")' -e:1:in 'OpenSSL::X509::ExtensionFactory#create_ext': a = b: error in extension (name=a, value=b) (OpenSSL::X509::ExtensionError) OpenSSL error queue reported 2 errors: error:11000082:X509 V3 routines:do_ext_nconf:unknown extension name error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension (name=a, value=b) from -e:1:in '<main>' https://github.com/ruby/openssl/commit/d28f7a9a13 
An OpenSSL function sometimes puts more than one error entry into the
thread-local OpenSSL error queue. Currently, we use the highest-level
entry for generating the exception message and discard the rest.

Let ossl_make_error() capture all current OpenSSL error queue contents
into OpenSSL::OpenSSLError#errors and extend
OpenSSL::OpenSSLError#detailed_message to include the information.

An example:

    $ ruby -Ilib -ropenssl -e'OpenSSL::X509::ExtensionFactory.new.create_ext("a", "b")'
    -e:1:in 'OpenSSL::X509::ExtensionFactory#create_ext': a = b: error in extension (name=a, value=b) (OpenSSL::X509::ExtensionError)
    OpenSSL error queue reported 2 errors:
    error:11000082:X509 V3 routines:do_ext_nconf:unknown extension name
    error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension (name=a, value=b)
            from -e:1:in '<main>'

https://github.com/ruby/openssl/commit/d28f7a9a13
[ruby/openssl] asn1integer_to_num: don't cast away const 2025-12-06T17:26:32+00:00 Theo Buehler tb@openbsd.org 2025-12-06T16:58:56+00:00 47c0dae188162798c50fdb2580d852ceec89f2ec ASN1_ENUMERATED_to_BN() has been const-correct for a long time in all supported libcrytos, so we can remove this workaround. https://github.com/ruby/openssl/commit/d0f36a7c65 
ASN1_ENUMERATED_to_BN() has been const-correct for a long time in all
supported libcrytos, so we can remove this workaround.

https://github.com/ruby/openssl/commit/d0f36a7c65
[ruby/openssl] Convert ossl_x509ext.c to opaque ASN1_STRING 2025-12-06T16:50:17+00:00 Theo Buehler tb@openbsd.org 2025-12-05T13:15:08+00:00 8d3da814c03e06ce331e7022b87500943b57fa4e https://github.com/ruby/openssl/commit/a41cf28bab 
https://github.com/ruby/openssl/commit/a41cf28bab
[ruby/openssl] Convert ossl_ts.c to opaque ASN1_STRING 2025-12-06T16:50:17+00:00 Theo Buehler tb@openbsd.org 2025-12-05T12:54:49+00:00 38ad0806d7270926ff6fc5c23092aa3e822f386b https://github.com/ruby/openssl/commit/8945f379b3 
https://github.com/ruby/openssl/commit/8945f379b3
[ruby/openssl] Convert ossl_ns_spki.c to opaque ASN1_STRING 2025-12-06T16:50:17+00:00 Theo Buehler tb@openbsd.org 2025-12-05T12:52:04+00:00 a07997bf8124b8aac516f8f70388e86fd24f4a2b https://github.com/ruby/openssl/commit/0941ebbda5 
https://github.com/ruby/openssl/commit/0941ebbda5