diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2020-03-09 18:26:19 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2020-03-10 17:41:01 +0900 |
commit | e4a26cd4f8e74e5d29de10a3a0ce5829829301b0 (patch) | |
tree | 3e2ca67325456a954d6f0f898594453b13119a0d /ext/openssl/ossl_ssl.c | |
parent | 61cfd6da84e9cbf02c2e3ff5fae476fec92a1cec (diff) |
openssl: sync with upstream repository
Import current master (2c43241dc0ed) of ruby/openssl.git.
Below are the commits that were made since the last batch at commit
b99775b163ce (ruby/openssl.git commit f49e7110ca1e). Note that some of
them have been applied already.
----------------------------------------------------------------
Benoit Daloze (1):
Remove redundant and ignored workflow file
DBL-Lee (1):
add support for SHA512_256/SHA512_224
Hiroshi SHIBATA (2):
Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms
Fixed inconsistency directory structure with ruby/ruby repo
Jeremy Evans (2):
Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock
Remove taint support
Kazuki Yamaguchi (26):
config: support .include directive
random: make OpenSSL::Random.pseudo_bytes alias of .random_bytes
extconf.rb: get rid of -Werror=deprecated-declarations
test/openssl/test_ssl: skip test_fallback_scsv if necessary
ts: simplify OpenSSL::Timestamp::Request#algorithm
History.md: add missing references to GitHub issues
config: deprecate OpenSSL::Config#add_value and #[]=
test/openssl/test_ssl: remove sleep from test_finished_messages
test/openssl/test_ssl: fix random failure in SSLSocket.open test
test/openssl/test_ssl: avoid explicitly-sized private keys
test/openssl/test_ssl: remove commented-out test case
test/openssl/test_ssl: allow kRSA tests to fail
ssl: avoid declarations after statements
engine: revert OpenSSL::Engine.load changes for cloudhsm
engine: remove really outdated static engines
engine: do not check for ENGINE_load_builtin_engines()
engine: fix guards for 'dynamic' and 'cryptodev' engines
lib/openssl.rb: require openssl/version.rb
x509: add error code and verify flags constants
ssl: set verify error code in the case of verify_hostname failure
.github/workflows: merge CI jobs into a single workflow
.github/workflows: test against different OpenSSL versions
.travis.yml: fully migrate to GitHub Actions
ssl: suppress test failure with SSLContext#add_certificate_chain_file
ssl: remove test case test_puts_meta from test_pair
Revert "Use version.rb in gemspec"
MSP-Greg (2):
.travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2
Use version.rb in gemspec
Samuel Williams (1):
Restore compatibility with older versions of Ruby.
Yusuke Endoh (1):
Make OpenSSL::OSSL#test_memcmp_timing robust
Diffstat (limited to 'ext/openssl/ossl_ssl.c')
-rw-r--r-- | ext/openssl/ossl_ssl.c | 43 |
1 files changed, 27 insertions, 16 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index dfbfbb22ee..34bb636ead 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -359,7 +359,14 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(status)); return 0; } - preverify_ok = ret == Qtrue; + if (ret != Qtrue) { + preverify_ok = 0; +#if defined(X509_V_ERR_HOSTNAME_MISMATCH) + X509_STORE_CTX_set_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH); +#else + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); +#endif + } } return ossl_verify_cb_call(cb, preverify_ok, ctx); @@ -1325,12 +1332,16 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self) static VALUE ossl_sslctx_add_certificate_chain_file(VALUE self, VALUE path) { - StringValue(path); - SSL_CTX *ctx = NULL; + SSL_CTX *ctx; + int ret; GetSSLCTX(self, ctx); + StringValueCStr(path); + ret = SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(path)); + if (ret != 1) + ossl_raise(eSSLError, "SSL_CTX_use_certificate_chain_file"); - return SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(path)) == 1 ? Qtrue : Qfalse; + return Qtrue; } /* @@ -2327,16 +2338,16 @@ static VALUE ossl_ssl_get_finished(VALUE self) { SSL *ssl; + char sizer[1], *buf; + size_t len; GetSSL(self, ssl); - char sizer[1]; - size_t len = SSL_get_finished(ssl, sizer, 0); - - if(len == 0) - return Qnil; + len = SSL_get_finished(ssl, sizer, 0); + if (len == 0) + return Qnil; - char* buf = ALLOCA_N(char, len); + buf = ALLOCA_N(char, len); SSL_get_finished(ssl, buf, len); return rb_str_new(buf, len); } @@ -2352,16 +2363,16 @@ static VALUE ossl_ssl_get_peer_finished(VALUE self) { SSL *ssl; + char sizer[1], *buf; + size_t len; GetSSL(self, ssl); - char sizer[1]; - size_t len = SSL_get_peer_finished(ssl, sizer, 0); - - if(len == 0) - return Qnil; + len = SSL_get_peer_finished(ssl, sizer, 0); + if (len == 0) + return Qnil; - char* buf = ALLOCA_N(char, len); + buf = ALLOCA_N(char, len); SSL_get_peer_finished(ssl, buf, len); return rb_str_new(buf, len); } |