diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2020-08-04 23:14:44 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-07-18 17:44:41 +0900 |
| commit | cd002305f0db447b47b54b93e1ecb3c666d37c06 (patch) | |
| tree | da28b58337630ed2d37ca6a22667ef0bb2ebf044 /ext/openssl/ossl_x509.c | |
| parent | decce40da7ee5180a4093f794eacc1dc5fe8e814 (diff) | |
[ruby/openssl] require OpenSSL >= 1.0.2 and LibreSSL >= 3.1
Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.
OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:
- Ubuntu 14.04 is EOL since 2019-04-30
- RHEL 6 will reach EOL on 2020-11-30
LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.
Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.
https://github.com/ruby/openssl/commit/c055938f4b
Diffstat (limited to 'ext/openssl/ossl_x509.c')
| -rw-r--r-- | ext/openssl/ossl_x509.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/ext/openssl/ossl_x509.c b/ext/openssl/ossl_x509.c index 4fc0648614..f8470703fc 100644 --- a/ext/openssl/ossl_x509.c +++ b/ext/openssl/ossl_x509.c @@ -115,11 +115,9 @@ Init_ossl_x509(void) DefX509Const(V_ERR_SUITE_B_LOS_NOT_ALLOWED); DefX509Const(V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256); #endif -#if defined(X509_V_ERR_HOSTNAME_MISMATCH) DefX509Const(V_ERR_HOSTNAME_MISMATCH); DefX509Const(V_ERR_EMAIL_MISMATCH); DefX509Const(V_ERR_IP_ADDRESS_MISMATCH); -#endif #if defined(X509_V_ERR_DANE_NO_MATCH) DefX509Const(V_ERR_DANE_NO_MATCH); #endif @@ -187,12 +185,10 @@ Init_ossl_x509(void) /* Set by Store#flags= and StoreContext#flags=. Enables checking of the * signature of the root self-signed CA. */ DefX509Const(V_FLAG_CHECK_SS_SIGNATURE); -#if defined(X509_V_FLAG_TRUSTED_FIRST) /* Set by Store#flags= and StoreContext#flags=. When constructing a * certificate chain, search the Store first for the issuer certificate. * Enabled by default in OpenSSL >= 1.1.0. */ DefX509Const(V_FLAG_TRUSTED_FIRST); -#endif #if defined(X509_V_FLAG_SUITEB_128_LOS_ONLY) /* Set by Store#flags= and StoreContext#flags=. * Enables Suite B 128 bit only mode. */ @@ -208,11 +204,9 @@ Init_ossl_x509(void) * Enables Suite B 128 bit mode allowing 192 bit algorithms. */ DefX509Const(V_FLAG_SUITEB_128_LOS); #endif -#if defined(X509_V_FLAG_PARTIAL_CHAIN) /* Set by Store#flags= and StoreContext#flags=. * Allows partial chains if at least one certificate is in trusted store. */ DefX509Const(V_FLAG_PARTIAL_CHAIN); -#endif #if defined(X509_V_FLAG_NO_ALT_CHAINS) /* Set by Store#flags= and StoreContext#flags=. Suppresses searching for * a alternative chain. No effect in OpenSSL >= 1.1.0. */ |