ruby.git/test/openssl/test_ssl.rb, branch v3_2_11 The Ruby Programming Language [ruby/openssl] Relax error message check for OpenSSL 3.1 2023-06-13T05:01:57+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2023-03-15T11:34:21+00:00 f89101fa3610a7b977801d60b85bcc1ea2f6dee4 A tentative measures fo https://github.com/ruby/openssl/issues/606. With OpenSSL 3.1.0, the error message at connection using "self-signed certificate" seems to return `SSL_R_TLSV1_ALERT_UNKNOWN_CA` instead of `SSL_R_CERTIFICATE_VERIFY_FAILED`. https://github.com/ruby/openssl/commit/fc4629d246 
A tentative measures fo https://github.com/ruby/openssl/issues/606.

With OpenSSL 3.1.0, the error message at connection using "self-signed
certificate" seems to return `SSL_R_TLSV1_ALERT_UNKNOWN_CA` instead of
`SSL_R_CERTIFICATE_VERIFY_FAILED`.

https://github.com/ruby/openssl/commit/fc4629d246
[ruby/openssl] test/openssl/test_ssl.rb: do not run SSL tests if not available 2022-12-23T00:39:15+00:00 Kazuki Yamaguchi k@rhe.jp 2022-12-22T19:06:12+00:00 a4b4997c69437e9d2ba09629d72284a4fb9defc5 https://github.com/ruby/openssl/commit/a3d230d4e0 
https://github.com/ruby/openssl/commit/a3d230d4e0
[ruby/openssl] ssl: disable NPN support on LibreSSL 2022-12-23T00:39:15+00:00 Kazuki Yamaguchi k@rhe.jp 2022-10-17T08:33:37+00:00 dd6f3276e07f8f731a3bbcbdd58525ee6dd6581e As noted in commit https://github.com/ruby/openssl/commit/a2ed156cc9f1 ("test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1", 2017-08-13), NPN is known not to work properly on LibreSSL. Disable NPN support on LibreSSL, whether OPENSSL_NO_NEXTPROTONEG is defined or not. NPN is less relevant today anyway. Let's also silence test suite when it's not available. https://github.com/ruby/openssl/commit/289f6e0e1f 
As noted in commit https://github.com/ruby/openssl/commit/a2ed156cc9f1 ("test/test_ssl: do not run NPN tests
for LibreSSL >= 2.6.1", 2017-08-13), NPN is known not to work properly
on LibreSSL.

Disable NPN support on LibreSSL, whether OPENSSL_NO_NEXTPROTONEG is
defined or not.

NPN is less relevant today anyway. Let's also silence test suite when
it's not available.

https://github.com/ruby/openssl/commit/289f6e0e1f
[ruby/openssl] Add support to SSL_CTX_set_keylog_callback 2022-10-17T07:35:35+00:00 Christophe De La Fuente christophe_delafuente@rapid7.com 2022-08-29T18:15:54+00:00 17998ad3bb5864db38ba9e709ed7209da6189f0f - This callback is invoked when TLS key material is generated or received, in order to allow applications to store this keying material for debugging purposes. - It is invoked with an `SSLSocket` and a string containing the key material in the format used by NSS for its SSLKEYLOGFILE debugging output. - This commit adds the Ruby binding `keylog_cb` and the related tests - It is only compatible with OpenSSL >= 1.1.1. Even if LibreSSL implements `SSL_CTX_set_keylog_callback()` from v3.4.2, it does nothing (see https://github.com/libressl-portable/openbsd/commit/648d39f0f035835d0653342d139883b9661e9cb6) https://github.com/ruby/openssl/commit/3b63232cf1 
- This callback is invoked when TLS key material is generated or
  received, in order to allow applications to store this keying material
  for debugging purposes.
- It is invoked with an `SSLSocket` and a string containing the key
  material in the format used by NSS for its SSLKEYLOGFILE debugging
  output.
- This commit adds the Ruby binding `keylog_cb` and the related tests
- It is only compatible with OpenSSL >= 1.1.1. Even if LibreSSL implements
  `SSL_CTX_set_keylog_callback()` from v3.4.2, it does nothing (see
  https://github.com/libressl-portable/openbsd/commit/648d39f0f035835d0653342d139883b9661e9cb6)

https://github.com/ruby/openssl/commit/3b63232cf1
[ruby/openssl] ssl: enable generating keying material from SSL sessions 2022-10-17T07:35:35+00:00 madblobfish - 2022-08-03T21:24:28+00:00 79543b9a530d85f0487583d96ad412f5e7683ffa Add OpenSSL::SSL::SSLSocket#export_keying_material to support RFC 5705 https://github.com/ruby/openssl/commit/65530b887e 
Add OpenSSL::SSL::SSLSocket#export_keying_material to support RFC 5705

https://github.com/ruby/openssl/commit/65530b887e
[ruby/openssl] Skip a new test when old OpenSSL 2022-07-09T06:26:32+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2022-07-09T05:29:35+00:00 949c3afb48d2afd02c2bfa569e29f6a3a48c1607 It does not raise an error when setting an invalid value to SSLContext ciphers on Ubuntu 18.04. https://github.com/ruby/openssl/commit/8c96a69b0d 
It does not raise an error when setting an invalid value to SSLContext
ciphers on Ubuntu 18.04.

https://github.com/ruby/openssl/commit/8c96a69b0d
[ruby/openssl] Strip trailing spaces [ci skip] 2022-07-08T15:39:18+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2022-07-08T14:20:52+00:00 d77ebe8eeaad5d6e31a48eb1ecac2008fe0548f6 https://github.com/ruby/openssl/commit/862d92de93 
https://github.com/ruby/openssl/commit/862d92de93
[ruby/openssl] Fix test of cipher name to pass in LibreSSL 3.4 2022-07-08T14:18:18+00:00 Jeremy Evans code@jeremyevans.net 2022-03-25T20:50:10+00:00 def445303a93c69dd16a9b849b9171d4e89c6dc5 LibreSSL 3.5 switched the cipher naming to match OpenSSL. https://github.com/ruby/openssl/commit/bf198278bd 
LibreSSL 3.5 switched the cipher naming to match OpenSSL.

https://github.com/ruby/openssl/commit/bf198278bd
[ruby/openssl] Add 'ciphersuites=' method to allow setting of TLSv1.3 cipher suites along with some unit tests (https://github.com/ruby/openssl/pull/493) 2022-07-08T14:18:11+00:00 twkmd12 95775763+twkmd12@users.noreply.github.com 2022-02-01T09:12:23+00:00 09daf78fb59a8b280887ad1120a57776b5d82e17 Add OpenSSL::SSL::SSLContext#ciphersuites= method along with unit tests. https://github.com/ruby/openssl/commit/12250c7cef 
Add OpenSSL::SSL::SSLContext#ciphersuites= method along with unit tests.

https://github.com/ruby/openssl/commit/12250c7cef
[ruby/openssl] Skip optional wildcard SAN tests on LibreSSL 3.5.0+ 2022-07-08T14:18:07+00:00 Jeremy Evans code@jeremyevans.net 2022-01-04T19:32:11+00:00 01025a0055bb5fe1a9a161e86cbd58c8fa2350ae RFC 6066 states how some wildcard SAN entries MAY be handled, but it does not say they MUST be handled. LibreSSL 3.5.0 only handles suffix wildcard SANs, not prefix wildcard SANs, or interior wildcard SANs, so return early from the wildcard SAN tests on LibreSSL 3.5.0. Fixes #471 https://github.com/ruby/openssl/commit/717d7009d6 
RFC 6066 states how some wildcard SAN entries MAY be handled, but
it does not say they MUST be handled.  LibreSSL 3.5.0 only handles
suffix wildcard SANs, not prefix wildcard SANs, or interior
wildcard SANs, so return early from the wildcard SAN tests on
LibreSSL 3.5.0.

Fixes #471

https://github.com/ruby/openssl/commit/717d7009d6