diff options
| author | tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-07-25 23:16:49 +0000 |
|---|---|---|
| committer | tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-07-25 23:16:49 +0000 |
| commit | 486e6e02c264b90c5c323fb98dfffeec1fc289ae (patch) | |
| tree | 5e677eb6f23b37788bd51acf6c06aaab9e781479 | |
| parent | d9fcc9ba5e3a8f3eac6a2e06ba8477b0a648c492 (diff) | |
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): support
specifically setting the tmp_dh_callback to nil.
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto
* test/openssl/test_pair.rb (module OpenSSL): add a test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 4 | ||||
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 2 | ||||
| -rw-r--r-- | test/openssl/test_pair.rb | 25 |
4 files changed, 39 insertions, 1 deletions
@@ -1,3 +1,12 @@ +Sun Jul 26 08:14:59 2015 Aaron Patterson <tenderlove@ruby-lang.org> + + * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): support + specifically setting the tmp_dh_callback to nil. + + * ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto + + * test/openssl/test_pair.rb (module OpenSSL): add a test + Sun Jul 26 07:47:14 2015 Aaron Patterson <tenderlove@ruby-lang.org> * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): move the default diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index ef2b3f1c64..1c0cc2fd00 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -128,6 +128,10 @@ module OpenSSL end return params end + + def tmp_dh_callback=(value) + @tmp_dh_callback = value || DEFAULT_TMP_DH_CALLBACK + end end module SocketForwarder diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 3e756eae5f..ca5f43cf0e 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -2122,7 +2122,7 @@ Init_ossl_ssl(void) * The callback must return an OpenSSL::PKey::DH instance of the correct * key length. */ - rb_attr(cSSLContext, rb_intern("tmp_dh_callback"), 1, 1, Qfalse); + rb_attr(cSSLContext, rb_intern("tmp_dh_callback"), 1, 0, Qfalse); /* * Sets the context in which a session can be reused. This allows diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb index a8df74d821..cd5d5d8959 100644 --- a/test/openssl/test_pair.rb +++ b/test/openssl/test_pair.rb @@ -283,6 +283,31 @@ module OpenSSL::TestPairM serv.close if serv && !serv.closed? end + def test_connect_works_when_setting_dh_callback_to_nil + ctx2 = OpenSSL::SSL::SSLContext.new + ctx2.ciphers = "DH" + ctx2.tmp_dh_callback = nil + sock1, sock2 = tcp_pair + s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2) + accepted = s2.accept_nonblock(exception: false) + + ctx1 = OpenSSL::SSL::SSLContext.new + ctx1.ciphers = "DH" + ctx1.tmp_dh_callback = nil + s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) + t = Thread.new { s1.connect } + + accept = s2.accept + assert_equal s1, t.value + assert accept + ensure + s1.close if s1 + s2.close if s2 + sock1.close if sock1 + sock2.close if sock2 + accepted.close if accepted.respond_to?(:close) + end + def test_connect_without_setting_dh_callback ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ciphers = "DH" |