diff options
| author | Bart de Water <496367+bdewater@users.noreply.github.com> | 2020-06-28 14:39:26 -0400 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2020-07-31 21:07:19 +0900 |
| commit | 8161cf85ba4f9091176536bcac9107879e4293a1 (patch) | |
| tree | d737649bae49f26bff646e2868608e2aa91ef2bb /lib/rubygems/security.rb | |
| parent | e7b6e0ff5823c422cd3e508d2b7104a91a2e36f6 (diff) | |
Stop using deprecated OpenSSL::Digest constants
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/3379
Diffstat (limited to 'lib/rubygems/security.rb')
| -rw-r--r-- | lib/rubygems/security.rb | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb index 8c86896fef..64fb4c0f83 100644 --- a/lib/rubygems/security.rb +++ b/lib/rubygems/security.rb @@ -339,26 +339,15 @@ module Gem::Security class Exception < Gem::Exception; end ## - # Digest algorithm used to sign gems - - DIGEST_ALGORITHM = - if defined?(OpenSSL::Digest::SHA256) - OpenSSL::Digest::SHA256 - elsif defined?(OpenSSL::Digest::SHA1) - OpenSSL::Digest::SHA1 - else - require 'digest' - Digest::SHA512 - end - - ## # Used internally to select the signing digest from all computed digests DIGEST_NAME = # :nodoc: - if DIGEST_ALGORITHM.method_defined? :name - DIGEST_ALGORITHM.new.name + if defined?(OpenSSL::Digest::SHA256) + 'SHA256' + elsif defined?(OpenSSL::Digest::SHA1) + 'SHA1' else - DIGEST_ALGORITHM.name[/::([^:]+)\z/, 1] + 'SHA512' end ## @@ -468,6 +457,22 @@ module Gem::Security end ## + # Creates a new digest instance using the specified +algorithm+. The default + # is SHA256. + + if defined?(OpenSSL::Digest) + def self.create_digest(algorithm = DIGEST_NAME) + OpenSSL::Digest.new(algorithm) + end + else + require 'digest' + + def self.create_digest(algorithm = DIGEST_NAME) + Digest.const_get(algorithm).new + end + end + + ## # Creates a new key pair of the specified +length+ and +algorithm+. The # default is a 3072 bit RSA key. @@ -528,7 +533,7 @@ module Gem::Security ## # Sign the public key from +certificate+ with the +signing_key+ and - # +signing_cert+, using the Gem::Security::DIGEST_ALGORITHM. Uses the + # +signing_cert+, using the Gem::Security::DIGEST_NAME. Uses the # default certificate validity range and extensions. # # Returns the newly signed certificate. @@ -555,7 +560,7 @@ module Gem::Security signed = create_cert signee_subject, signee_key, age, extensions, serial signed.issuer = signing_cert.subject - signed.sign signing_key, Gem::Security::DIGEST_ALGORITHM.new + signed.sign signing_key, Gem::Security::DIGEST_NAME end ## |