| Age | Commit message (Collapse) | Author |
|---|
|
https://github.com/ruby/openssl/commit/8945f379b3
|
|
Since around 2018, we have been using spaces for indentation for newly
added code[1]. The mixed use of tabs and spaces has repeatedly confused
new contributors who configured their editors to use a different tab
size than 8. Since git blame can now skip specific commits, ruby/ruby
did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl.
While at it, fix a few indentation issues, mainly in switch-case labels
and in ossl_ssl_session.c, which used doubled indentation size.
This patch contains white-space changes only. git diff -w output should
be empty.
[1] https://bugs.ruby-lang.org/issues/14246
[2] https://bugs.ruby-lang.org/issues/18891
https://github.com/ruby/openssl/commit/4d6214f507
|
|
These declarations were added to every source file because older
versions of RDoc did not resolve ancestor tree across files. Since
RDoc 6.9.0 supports this, this workaround is no longer needed.
https://redirect.github.com/ruby/rdoc/pull/1217
https://github.com/ruby/openssl/commit/6491ce63be
|
|
Move attribute documentation out of the class-level section and into
the appropriate sections so that they attach correctly.
https://github.com/ruby/openssl/commit/61410acc50
|
|
ruby/openssl exposes OIDs to Ruby as strings in many places, but the
conversion logic has been duplicated and the behavior is inconsistent.
There are mainly two patterns:
- Returns the short name associated with the OID/NID, or the dotted
decimal notation if it is unknown to OpenSSL.
- Returns the long name, or the dotted decimal notation.
These patterns are implemented using different OpenSSL APIs and that
caused subtle differences. Add helper functions ossl_asn1obj_to_string()
and ossl_asn1obj_to_string_long_name() to unify the logic.
Also, document the current behaviors where it is not yet done. The
inconsistency was likely unintentional, but since it dates back to the
original implementations, standardizing it now would cause more issues
than it resolves.
https://github.com/ruby/openssl/commit/2ea36c21a4
|
|
obj_to_asn1obj() in ossl_ts.c and ossl_asn1.c are identical. Let's
remove one in ossl_ts.c.
eASN1Error can now be made static to ossl_asn1.c.
https://github.com/ruby/openssl/commit/dcb05c40c2
|
|
With the introduction of OpenSSL 3 providers, newly implemented
algorithms do not necessarily have a corresponding NID assigned. To use
such an algorithm, it has to be "fetched" from providers using the new
EVP_*_fetch() functions.
For digest algorithms, we have to use EVP_MD_fetch() instead of the
existing EVP_get_digestbyname(). However, it is not a drop-in
replacement because:
- EVP_MD_fetch() does not support all algorithm name aliases recognized
by EVP_get_digestbyname().
- Both return an EVP_MD, but the one returned by EVP_MD_fetch() is
sometimes reference counted and the user has to explicitly release
it with EVP_MD_free().
So, keep using EVP_get_digestbyname() for all OpenSSL versions for now,
and fall back to EVP_MD_fetch() if it fails. In the latter case, prepare
a T_DATA object to manage the fetched EVP_MD's lifetime.
https://github.com/ruby/openssl/commit/9fc2179403
|
|
In OpenSSL 3.4, TS_VERIFY_CTX_set_certs() and TS_VERIFY_CTX_set_store()
are deprecated in favor of the new functions with "set0" in the names.
The new functions have a slightly different behavior. They will free the
previous value automatically. Increment the reference counter of
X509_STORE before setting it to TS_VERIFY_CTX, and do not try to
manually unset it.
We avoided doing this to work around a bug that was present in older
versions of OpenSSL, which has now been fixed in OpenSSL 1.0.2 by commit
https://github.com/openssl/openssl/commit/bff9ce4db38b.
https://github.com/ruby/openssl/commit/ce37f7d93a
|
|
While the struct is currently still public in OpenSSL, there has been
an accessor since OpenSSL 0.9.8h. It would be nice if this accessor
could be used so that the struct can be made opaque at some point in
the future.
https://github.com/ruby/openssl/commit/812aeab2f5
|
|
Drop support for OpenSSL 1.0.2. It has reached upstream EOL in 2019-12.
Most distributions that shipped with OpenSSL 1.0.2 have also reached
EOL, or provide a newer version in the package repository:
- RHEL 7 (EOL 2024-06)
- Ubuntu 16.04 LTS (EOL 2021-04)
- Amazon Linux 2 (EOL 2026-06, but OpenSSL 1.1.1 can be installed via
the openssl11{,-devel} package)
https://github.com/ruby/openssl/commit/38ec6fd50e
|
|
It was originally sorted in alphabetical order, but it has been broken
over time. Let's fix it.
https://github.com/ruby/openssl/commit/974c67f38f
|
|
get_asn1obj() is used by several methods in OpenSSL::Timestamp to get
the string representation of an OID. On an error, such as memory
allocation failure, it can raise OpenSSL::X509::AttributeError. It
should be OpenSSL::Timestamp::TimestampError instead.
https://github.com/ruby/openssl/commit/a424aad1df
|
|
Internals of OpenSSL::PKCS7 should be kept within ossl_pkcs7.c.
Add a new ossl_pkcs7_new() function for duplicating and wrapping an
OpenSSL PKCS7 object in OpenSSL::PKCS7. This follows the convention
used by other ossl_*_new() functions.
https://github.com/ruby/openssl/commit/b5f79f771e
|
|
Update the references to the file "LICENCE" with "COPYING".
The file LICENCE doesn't exist in ruby/ruby nor ruby/openssl. This has
been always the case since OpenSSL for Ruby 2 was merged to the ruby
tree as a standard library in 2003.
In OpenSSL for Ruby 2's CVS repository[1], the LICENCE file contained
an old version of the Ruby License, identical to the COPYING file that
was in Ruby's tree at that time (r4128[2]).
[1] http://cvs.savannah.gnu.org/viewvc/rubypki/ossl2/LICENCE?revision=1.1.1.1&view=markup
[2] https://github.com/ruby/ruby/blob/231247c010acba191b78ed2d1310c935e63ad919/COPYING
https://github.com/ruby/openssl/commit/5bccf07d04
|
|
https://github.com/ruby/openssl/commit/71cd1e3f5c
|
|
The vast majority have no reference so it's just a matter of setting the flags.
For the couple exception, they have very little references so it's
easy.
https://github.com/ruby/openssl/commit/2c7c6de69e
|
|
TS_VERIFY_CTS_set_certs
OpenSSL 3.0 fixed the typo in the function name and replaced the
current 'CTS' version with a macro.
https://github.com/ruby/openssl/commit/2be6779b08
|
|
prevent `ossl_ts_*_free()` from calling when `d2i_TS_*_bio()` failed.
https://github.com/ruby/openssl/commit/b29e215786
|
|
TS_time_cb on libressl expects an long long/time_t 64 bits long instead.
https://github.com/ruby/openssl/commit/4c99f577b2
|
|
https://github.com/ruby/openssl/commit/0f91e2a6ee
|
|
Just append OpenSSL error reason to the given message string
object, which would be alreadly formatted.
Suppress -Wformat-security warning in `ossl_tsfac_create_ts`.
https://github.com/ruby/openssl/commit/11b1d8a6b8
|
|
Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.
OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:
- Ubuntu 14.04 is EOL since 2019-04-30
- RHEL 6 will reach EOL on 2020-11-30
LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.
Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.
https://github.com/ruby/openssl/commit/c055938f4b
|
|
Made stored values `Symbol`s instead of `ID`s.
Fixes https://bugs.ruby-lang.org/issues/17625
Co-Authored-By: xtkoba (Tee KOBAYASHI) <xtkoba+ruby@gmail.com>
https://github.com/ruby/openssl/commit/f2d004679a
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
appropriate
IO.read may mangle line separator, which will corrupt binary data
including DER-encoded X.509 certificates and such.
Fixes: https://github.com/ruby/openssl/issues/243
https://github.com/ruby/openssl/commit/93213b2730
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
```
find . -name \*.o -exec nm {} + |&
sed '/Init_.*\.rbimpl_id/!d;s/^.* b //;s/\.[1-9][0-9]*$//;s/\.rbimpl_id$//' |
uniq
```
should be empty.
|
|
https://github.com/ruby/openssl/commit/b28fb2f05c
|
|
Stop the special treatment of invalid hashAlgorithm of the message
imprint. Those invalid values can only appear after the object is
instantiated, before the user sets an actual message digest algorithm.
OpenSSL::Timestamp::TokenInfo#algorithm already does the same.
Also, remove the test case "test_create_request" since it does not make
much sense. Those fields are to be set by the user after creation of
the object and checking the initial value is pointless.
Fixes: https://github.com/ruby/openssl/issues/335
https://github.com/ruby/openssl/commit/890a6476fa
|
|
Import the master branch of ruby/openssl for preparing to release openssl-2.2.0
Notes:
Merged-By: hsbt <hsbt@ruby-lang.org>
|
