| Age | Commit message (Collapse) | Author |
|---|
|
https://weakdh.org/
[fix GH-1196][Bug #11968][ruby-core:72766]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLSocket): fix
NotImplementedError typo. [Fix GH-1165]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts
fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&#
frozen_string_literal: false\n");f.rewind;f.write s}}'
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
dropping TLS v1.1 support too. Supporting only TLS v1.2 is too
early, because many popular websites still don't support it.
For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.
We should consider more carefully about this.
[Fix GH-873] [Feature #11524]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Patch provided by @claudijd [Fixes GH-873] [Feature #11524]:
https://github.com/ruby/ruby/pull/873
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52082 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
existing options rather than just setting it. Some vendors apply
custom patches to their versions of OpenSSL that set default values
for options. This commit respects the custom patches they've
applied.
* test/openssl/test_ssl.rb (class OpenSSL): check that OP_ALL has been
added to the options.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51642 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLSocket#sysclose to Ruby.
* ext/openssl/ossl_ssl.c (ossl_ssl_close): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
enable to SSLSocket#initialize and remove Nonblock module.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::SSLSocket#initialize to Ruby.
* ext/openssl/ossl_ssl.c: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lookup to private Ruby methods. This means we can keep the default
DH callback logic hidden from consumers. Also, since the SSLSocket
always has a context, we can remove conditionals about that
instance.
* ext/openssl/ossl_ssl.c: move callback lookup methods to private Ruby
methods.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/buffering.rb (gets):
avoid comparing fixnum with nil
* test/openssl/test_pair.rb: test gets with limit when EOF is hit
Thanks to Bar Hofesh <bar.hofesh@safe-t.com> for the bug report
and testing.
[ruby-core:70149] [Bug #11400]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51466 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLContext#options and options= using SSL_CTX_set_options and
SSL_CTX_get_options. This reduces the number of ivars we need and
simplifies `ossl_sslctx_setup`.
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options`
to SSL_OP_ALL
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
`tmp_dh_callback` to Ruby, and call it when setting up an SSL
connection. This allows us to move the "default" behavior to the
reader method.
* ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of
accessing the SSLContext's internals.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
helpful exception when verifying the peer connection and an
anonymous cipher has been selected. [ruby-core:68330] [Bug #10910]
Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch.
* test/openssl/test_ssl.rb (class OpenSSL): test for change
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
DEFAULT_1024 constants in Ruby.
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Ask PKey for the
default DH callback since it aleady must check whether openssl has
been compiled with DH support.
* ext/openssl/ossl_pkey_dh.c (OSSL_PKEY_BN): Remove C definitions of
DEFAULT_512 and DEFAULT_1024
* ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto
* test/openssl/test_pkey_dh.rb (class OpenSSL): add test to ensure the
Ruby definitions are the same as the C definitions were.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
specifically setting the tmp_dh_callback to nil.
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto
* test/openssl/test_pair.rb (module OpenSSL): add a test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
tmp_dh_callback Ruby code and set it as a default in `initialize`.
* ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_512_GEN):
move this constant to Ruby.
* ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_1024_GEN):
ditto
* ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto
* ext/openssl/ossl_ssl.c (ossl_tmp_dh_callback): ditto
* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): tmp_dh_callback should
always be set, so we can remove this conditional
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51380 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
instance variables to squash warnings with alpn.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51378 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::SSLContext#initialize implementation to pure Ruby.
* ext/openssl/ossl_ssl.c (ossl_sslctx_initialize): ditto
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51375 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core:69382] [Feature #11190]
IO#nonblock= is easier-to-read, potentially more portable, and
avoids redundantly setting flags.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50762 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[fix GH-876][ci skip] Patch by @davydovanton
* lib/net/https.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
following RFC 6125. with the patch provided by Tony Arcieri and
Hiroshi Nakamura [ruby-core:61545] [Bug #9644]
* test/openssl/test_ssl.rb: add tests for above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50292 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(OpenSSL::X509::Name::RFC2253DN::StringChar): get rid of a false
positive assertion in ripper's test.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48521 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined.
this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48097 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
New method.
(OpenSSL::X509::Certificate#pretty_print): Ditto.
* ext/openssl/lib/openssl/bn.rb (OpenSSL::BN#pretty_print): Ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47647 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
if any exception occur.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46223 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Consider Socket#accept as well as TCPServer#accept.
Reported by Sam Stelfox. [ruby-core:62064] [Bug #9750]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45863 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable
compression by default.
Reported by Jeff Hodges.
[ruby-core:59829] [Bug #9424]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/digest.rb (initialize): check argument
size by lambda.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44116 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/digest.rb (digest, hexdigest): create
new instance and call on it directly, to get rid of deprecated
class OpenSSL::Digest::Digest.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44115 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Fixes GH-446] https://github.com/ruby/ruby/pull/446
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44101 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLSocket methods. [ruby-trunk - Bug #9028]
* test/openssl/test_ssl.rb: Test for the above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43940 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/buffering.rb (OpenSSL::Buffering#initialize):
initialize of a module should pass arguments to super.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43774 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::Buffering which breaks overview because of RDoc bug
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::Buffering.new [Fixes GH-445]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43740 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43665 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
- Integer#to_bn
- OpenSSL::Buffering module
- Document deprecated OpenSSL::Digest::Digest compatibility class
- OpenSSL::Config
These changes were based on a patch by @vbatts via GH-436
https://github.com/ruby/ruby/pull/436
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43663 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Based on a patch by Rafal Lisowski [Bug #7348]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42995 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
exceptions. As in: `io.read_nonblock(size, exception: false)`
[ruby-core:38666] [Feature #5138]
* ext/openssl/ossl_ssl.c (ossl_ssl_read_internal): ditto
* ext/stringio/stringio.c (strio_sysread): ditto
* io.c (rb_io_write_nonblock): support non-blocking writes without
raising an exception.
* ext/openssl/ossl_ssl.c (ossl_ssl_write_internal): ditto
* test/openssl/test_pair.rb (class OpenSSL): tests
* test/ruby/test_io.rb (class TestIO): ditto
* test/socket/test_nonblock.rb (class TestSocketNonblock): ditto
* test/stringio/test_stringio.rb (class TestStringIO): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42695 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
critical.
The patch for CVE-2013-4073 caused SSL crash when a SSL server returns
the certificate that has critical SAN value. X509 extension could
include 2 or 3 elements in it:
[id, criticality, octet_string] if critical,
[id, octet_string] if not.
Making sure to pick the last element of X509 extension and use it as
SAN value.
[ruby-core:55685] [Bug #8575]
Thank you @nahi for providing the patch!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41785 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
hostname verification. Patched by nahi.
* test/openssl/test_ssl.rb (test_verify_certificate_identity): test for
above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41671 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core:53986] [Feature #8217]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40461 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
countermeasure for the BEAST attack by default. The default options
of OpenSSL::SSL:SSLContext are now:
OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
[Bug #5353] [ruby-core:39673]
* test/openssl/test_ssl.rb: Adapt tests to new SSLContext default.
* NEWS: Announce the new default.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36895 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
test/openssl/test_digest.rb: Add Digest module function to OpenSSL
module and test it. Patch provided by Eric Hodel.
[ruby-core:46908][Feature #6819]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
session id. MD5, as was used before, causes problems when
using a FIPS version of OpenSSL. Issue was found by Jared
Jennings, thank you!
[ruby-trunk - Bug #6137]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36005 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
match server cert." error.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35494 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
