diff options
| author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-11-18 11:34:19 +0000 |
|---|---|---|
| committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-11-18 11:34:19 +0000 |
| commit | 936a27758f02aad434aee2f40e216c96091bd671 (patch) | |
| tree | 58b6d2337715abcce93f4e90b3fea97691c4317e | |
| parent | 3233891d3670562bfa5aac2483e46f6c45851cad (diff) | |
merge revision(s) 51722,51724: [Backport #11376]
* ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 support
if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be>
[Bug #11376]
* ext/openssl/extconf.rb: check for SSLv3 support in the SSL
implementation.
* test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
if there is no support.
* ext/openssl/ossl_ssl.c (ossl_ssl_method_tab): Only add SSLv3 support
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@52642 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | ext/openssl/extconf.rb | 3 | ||||
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 3 | ||||
| -rw-r--r-- | test/openssl/test_ssl.rb | 2 | ||||
| -rw-r--r-- | version.h | 2 |
5 files changed, 20 insertions, 2 deletions
@@ -1,3 +1,15 @@ +Wed Nov 18 20:31:56 2015 Aaron Patterson <tenderlove@ruby-lang.org> + + * ext/openssl/ossl_ssl.c (ossl_ssl_method_tab): Only add SSLv3 support + if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be> + [Bug #11376] + + * ext/openssl/extconf.rb: check for SSLv3 support in the SSL + implementation. + + * test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3 + if there is no support. + Wed Nov 18 20:26:08 2015 Koichi Sasada <ko1@atdot.net> * vm_trace.c (rb_threadptr_exec_event_hooks_orig): diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index e272cba092..fad562bf87 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -103,6 +103,9 @@ have_func("OPENSSL_cleanse") have_func("SSLv2_method") have_func("SSLv2_server_method") have_func("SSLv2_client_method") +have_func("SSLv3_method") +have_func("SSLv3_server_method") +have_func("SSLv3_client_method") have_func("TLSv1_1_method") have_func("TLSv1_1_server_method") have_func("TLSv1_1_client_method") diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 19b81e35a6..8cac552101 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -134,9 +134,12 @@ struct { OSSL_SSL_METHOD_ENTRY(SSLv2_server), OSSL_SSL_METHOD_ENTRY(SSLv2_client), #endif +#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \ + defined(HAVE_SSLV3_CLIENT_METHOD) OSSL_SSL_METHOD_ENTRY(SSLv3), OSSL_SSL_METHOD_ENTRY(SSLv3_server), OSSL_SSL_METHOD_ENTRY(SSLv3_client), +#endif OSSL_SSL_METHOD_ENTRY(SSLv23), OSSL_SSL_METHOD_ENTRY(SSLv23_server), OSSL_SSL_METHOD_ENTRY(SSLv23_client), diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index aa61e385d5..5589a0f173 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -623,7 +623,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase # that has been marked as forbidden, therefore either of these may be raised HANDSHAKE_ERRORS = [OpenSSL::SSL::SSLError, Errno::ECONNRESET] -if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1 +if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) && OpenSSL::SSL::SSLContext::METHODS.include?(:SSLv3) def test_forbid_ssl_v3_for_client ctx_proc = Proc.new { |ctx| ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv3 } @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.1.8" #define RUBY_RELEASE_DATE "2015-11-18" -#define RUBY_PATCHLEVEL 417 +#define RUBY_PATCHLEVEL 418 #define RUBY_RELEASE_YEAR 2015 #define RUBY_RELEASE_MONTH 11 |