* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert

`tmp_dh_callback` to Ruby, and call it when setting up an SSL connection. This allows us to move the "default" behavior to the reader method. * ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of accessing the SSLContext's internals. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-07-31 18:20:31 +0000
committer: tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-07-31 18:20:31 +0000
commit: 5b5d79c88bef88f35b24578873bdc39ef2157f20 (patch)
tree: 9525d088b0bdceaac3849002bf7e3dc0ec2a3252 /ext
parent: af13f15b50b0fa20248acd75dfae959a3b8501b9 (diff)
2 files changed, 15 insertions, 18 deletions
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index ed33f27f1d..07f693181a 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -77,12 +77,23 @@ module OpenSSL
       INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
         "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
         "verify_callback", "options", "cert_store", "extra_chain_cert",
-        "client_cert_cb", "session_id_context",
+        "client_cert_cb", "session_id_context", "tmp_dh_callback",
         "session_get_cb", "session_new_cb", "session_remove_cb",
         "tmp_ecdh_callback", "servername_cb", "npn_protocols",
         "alpn_protocols", "alpn_select_cb",
         "npn_select_cb"].map { |x| "@#{x}" }
 
+      # A callback invoked when DH parameters are required.
+      #
+      # The callback is invoked with the Session for the key exchange, an
+      # flag indicating the use of an export cipher and the keylength
+      # required.
+      #
+      # The callback must return an OpenSSL::PKey::DH instance of the correct
+      # key length.
+
+      attr_writer :tmp_dh_callback
+
       # call-seq:
       #    SSLContext.new => ctx
       #    SSLContext.new(:TLSv1) => ctx
@@ -91,7 +102,6 @@ module OpenSSL
       # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
       def initialize(version = nil)
         INIT_VARS.each { |v| instance_variable_set v, nil }
-        @tmp_dh_callback = OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
         return unless version
         self.ssl_version = version
       end
@@ -115,8 +125,8 @@ module OpenSSL
         return params
       end
 
-      def tmp_dh_callback=(value)
-        @tmp_dh_callback = value || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
+      def tmp_dh_callback
+        @tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
       end
     end
 
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 9fe33773db..08d137590c 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -49,7 +49,6 @@ static VALUE eSSLErrorWaitWritable;
 #define ossl_sslctx_set_cert_store(o,v)  	rb_iv_set((o),"@cert_store",(v))
 #define ossl_sslctx_set_extra_cert(o,v)  	rb_iv_set((o),"@extra_chain_cert",(v))
 #define ossl_sslctx_set_client_cert_cb(o,v) 	rb_iv_set((o),"@client_cert_cb",(v))
-#define ossl_sslctx_set_tmp_dh_cb(o,v)   	rb_iv_set((o),"@tmp_dh_callback",(v))
 #define ossl_sslctx_set_sess_id_ctx(o, v) 	rb_iv_set((o),"@session_id_context",(v))
 
 #define ossl_sslctx_get_cert(o)          	rb_iv_get((o),"@cert")
@@ -66,7 +65,7 @@ static VALUE eSSLErrorWaitWritable;
 #define ossl_sslctx_get_extra_cert(o)    	rb_iv_get((o),"@extra_chain_cert")
 #define ossl_sslctx_get_client_cert_cb(o) 	rb_iv_get((o),"@client_cert_cb")
 #define ossl_sslctx_get_tmp_ecdh_cb(o)          rb_iv_get((o),"@tmp_ecdh_callback")
-#define ossl_sslctx_get_tmp_dh_cb(o)     	rb_iv_get((o),"@tmp_dh_callback")
+#define ossl_sslctx_get_tmp_dh_cb(o)     	rb_funcall((o),rb_intern("tmp_dh_callback"),0)
 #define ossl_sslctx_get_sess_id_ctx(o)   	rb_iv_get((o),"@session_id_context")
 
 #define ossl_ssl_get_io(o)           rb_iv_get((o),"@io")
@@ -2115,18 +2114,6 @@ Init_ossl_ssl(void)
      */
     rb_attr(cSSLContext, rb_intern("tmp_ecdh_callback"), 1, 1, Qfalse);
 
-     /*
-     * A callback invoked when DH parameters are required.
-     *
-     * The callback is invoked with the Session for the key exchange, an
-     * flag indicating the use of an export cipher and the keylength
-     * required.
-     *
-     * The callback must return an OpenSSL::PKey::DH instance of the correct
-     * key length.
-     */
-    rb_attr(cSSLContext, rb_intern("tmp_dh_callback"), 1, 0, Qfalse);
-
     /*
      * Sets the context in which a session can be reused.  This allows
      * sessions for multiple applications to be distinguished, for example, by
author	tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-07-31 18:20:31 +0000
committer	tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-07-31 18:20:31 +0000
commit	5b5d79c88bef88f35b24578873bdc39ef2157f20 (patch)
tree	9525d088b0bdceaac3849002bf7e3dc0ec2a3252 /ext
parent	af13f15b50b0fa20248acd75dfae959a3b8501b9 (diff)