ruby.git/test/openssl, branch ruby_1_9_3 The Ruby Programming Language merge revision(s) 45274,45278,45280,48097: [Backport #9424] 2014-10-24T03:06:36+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-10-24T03:06:36+00:00 26c0acf5a77e122fb3f4a25b924bc3982dfb1408 * ext/openssl/lib/openssl/ssl-internal.rb (DEFAULT_PARAMS): override options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined. this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424] * test/openssl/test_ssl.rb: Reuse TLS default options from OpenSSL::SSL::SSLContext::DEFAULT_PARAMS. * lib/openssl/ssl-internal.rb: Explicitly whitelist the default SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable compression by default. Reported by Jeff Hodges. [ruby-core:59829] [Bug #9424] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@48121 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/lib/openssl/ssl-internal.rb (DEFAULT_PARAMS): override
	  options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined.
	  this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424]

	* test/openssl/test_ssl.rb: Reuse TLS default options from
	  OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.

	* lib/openssl/ssl-internal.rb: Explicitly whitelist the default
	  SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable
	  compression by default.
	  Reported by Jeff Hodges.
	  [ruby-core:59829] [Bug #9424]



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@48121 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 41829: [Backport #8384] 2013-10-31T15:09:12+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-10-31T15:09:12+00:00 b8a95c0f4a42afea2948e76d1ad23acea42be5bd * test/openssl/test_pkey_ec.rb: Skip tests for "Oakley" curves as they are not suitable for ECDSA. [ruby-core:54881] [Bug #8384] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@43494 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* test/openssl/test_pkey_ec.rb: Skip tests for "Oakley" curves as
	  they are not suitable for ECDSA.
	  [ruby-core:54881] [Bug #8384]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@43494 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 41808: [Backport #9066] 2013-10-31T14:31:52+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-10-31T14:31:52+00:00 55b9300745e8fadc316f244e5be3504a9d47bfcd * ext/openssl/ossl_pkey_ec.c: Ensure compatibility to builds of OpenSSL with OPENSSL_NO_EC2M defined, but OPENSSL_NO_EC not defined. * test/openssl/test_pkey_ec.rb: Iterate over built-in curves (and assert their non-emptiness!) instead of hard-coding them, as this may cause problems with respect to the different availability of individual curves in individual OpenSSL builds. [ruby-core:54881] [Bug #8384] Thanks to Vit Ondruch for providing the patch! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@43486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_pkey_ec.c: Ensure compatibility to builds of
	  OpenSSL with OPENSSL_NO_EC2M defined, but OPENSSL_NO_EC not
	  defined.

	* test/openssl/test_pkey_ec.rb: Iterate over built-in curves
	  (and assert their non-emptiness!) instead of hard-coding them, as
	  this may cause problems with respect to the different availability
	  of individual curves in individual OpenSSL builds.
	  [ruby-core:54881] [Bug #8384]
	  Thanks to Vit Ondruch for providing the patch!


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@43486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 42429: [Backport #8750] 2013-08-19T09:35:15+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-08-19T09:35:15+00:00 66ecb1a9a4c96b82bd90767097cc3898340997b8 * test/openssl/test_ssl.rb: Fix test for CVE-2013-4073. Patch by Antonio Terceiro. [Bug #8750] [ruby-core:56437] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@42622 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* test/openssl/test_ssl.rb: Fix test for CVE-2013-4073.
	  Patch by Antonio Terceiro. [Bug #8750] [ruby-core:56437]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@42622 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 42126: [Backport #8664] 2013-08-02T11:49:29+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-08-02T11:49:29+00:00 e1e4ed4abefbf8cda44c056bed1b57bcac2d3f65 * ext/openssl/ossl_asn1.c (asn1time_to_time): Implement YYMMDDhhmmZ format for ASN.1 UTCTime. [ruby-trunk - Bug #8664] * test/openssl/test_asn1.rb: Test for the above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@42328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_asn1.c (asn1time_to_time):  Implement YYMMDDhhmmZ
	  format for ASN.1 UTCTime.  [ruby-trunk - Bug #8664]

	* test/openssl/test_asn1.rb:  Test for the above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@42328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 41805: [Backport #8575] 2013-07-17T01:19:39+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-07-17T01:19:39+00:00 ce8c46b48dc37fdcef0e5d677e7d6b52257a377b * lib/openssl/ssl.rb: Fix SSL client connection crash for SAN marked critical. The patch for CVE-2013-4073 caused SSL crash when a SSL server returns the certificate that has critical SAN value. X509 extension could include 2 or 3 elements in it: [id, criticality, octet_string] if critical, [id, octet_string] if not. Making sure to pick the last element of X509 extension and use it as SAN value. [ruby-core:55685] [Bug #8575] Thank you @nahi for providing the patch! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@42016 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* lib/openssl/ssl.rb: Fix SSL client connection crash for SAN marked
	  critical.
	  The patch for CVE-2013-4073 caused SSL crash when a SSL server returns
	  the certificate that has critical SAN value.  X509 extension could
	  include 2 or 3 elements in it:
	  [id, criticality, octet_string] if critical,
	  [id, octet_string] if not.
	  Making sure to pick the last element of X509 extension and use it as
	  SAN value.
	  [ruby-core:55685] [Bug #8575]
	  Thank you @nahi for providing the patch!


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@42016 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 41671: 2013-06-27T11:13:08+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-06-27T11:13:08+00:00 2669b84d407ab431e965145c827db66c91158f89 * ext/openssl/lib/openssl/ssl-inernal.rb (verify_certificate_identity): fix hostname verification. Patched by nahi. * test/openssl/test_ssl.rb (test_verify_certificate_identity): test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@41673 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* ext/openssl/lib/openssl/ssl-inernal.rb (verify_certificate_identity):
  fix hostname verification. Patched by nahi.

* test/openssl/test_ssl.rb (test_verify_certificate_identity): test for
  above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@41673 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Commit miss, revert previous commit. 2013-06-25T12:53:05+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-06-25T12:53:05+00:00 3d0eecd108f339e1c4152af06744403c1749e7bf git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@41626 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@41626 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 41325: [Backport #8554] 2013-06-25T12:40:50+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-06-25T12:40:50+00:00 6e7ecacc1169f634e028f523da3e660f9ee6a7b6 * gc.c: Fixup around GC by MALLOC. Add allocate size to malloc_increase before GC for updating limit in after_gc_sweep. Reset malloc_increase into garbage_collect() for preventing GC again soon. this backport patch is written by nari. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@41624 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* gc.c: Fixup around GC by MALLOC.
  Add allocate size to malloc_increase before GC
  for updating limit in after_gc_sweep.
  Reset malloc_increase into garbage_collect()
  for preventing GC again soon.
  this backport patch is written by nari.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@41624 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 40304: [Backport #8267] 2013-05-14T02:35:39+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-05-14T02:35:39+00:00 5db522e5382d571a31b3849d6264e4efd1414e1c * ext/openssl/ossl_ssl.c: Correct shutdown behavior w.r.t GC. * test/openssl/test_ssl.rb: Add tests to verify correct behavior. [Bug #8240] Patch provided by Shugo Maeda. Thanks! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@40717 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_ssl.c: Correct shutdown behavior w.r.t GC.

	* test/openssl/test_ssl.rb: Add tests to verify correct behavior.
	[Bug #8240] Patch provided by Shugo Maeda. Thanks!


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@40717 b2dd03c8-39d4-4d8f-98ff-823fe69b080e