| Age | Commit message (Collapse) | Author |
|---|
|
* ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
option to prevent BEAST attack. See [Bug #5353].
In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
TLS-CBC-IV vulunerability described at
http://www.openssl.org/~bodo/tls-cbc.txt
It's known issue of TLSv1/SSLv3 but it attracts lots of attention
these days as BEAST attack. (CVE-2011-3389)
Until now ossl sets OP_ALL at SSLContext allocation and call
SSL_CTX_set_options at connection. SSL_CTX_set_options updates the
value by using |= so bits set by OP_ALL cannot be unset afterwards.
This commit changes to call SSL_CTX_set_options only 1 time for each
SSLContext. It sets the specified value if SSLContext#options= are
called and sets OP_ALL if not.
To help users to unset bits in OP_ALL, this commit also adds several
constant to SSL such as
OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were
not exposed in Ruby because there's no way to unset bits in OP_ALL
before.
Following is an example to enable 0/n split for BEAST prevention.
ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS
* test/openssl/test_ssl.rb: Test above option exists.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@34525 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl.h (OPENSSL_SYS_WIN32): support for mingw(msys).
--
* ext/openssl/ossl.h (OPENSSL_SYS_WIN32): define only if not defined.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@32918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_time): Check
argument type with NUM2LONG if the arg is not a Time object.
See #4919.
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_timeout): Check
type with NUM2LONG. Time as an arg is not allowed. See #4919.
* test/openssl/test_ssl.rb (test_session_time,
test_session_timeout): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@32880 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl_ssl.c: By trunk@31346, function check of SSLv2 is executed.
However, the problem is not revised in this.
This adds the control of using function of SSLv2 in made macro by function check.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@32382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/extconf.rb: Should check SSLv2_*method.
openssl compiled with "no-ssl2" the extconf don't fail
when running `make' having this compilation errors.
Patched by Laurent Arnoud. fixes #4562, #4556
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@31816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl_pkey_dh.c (ossl_dh_initialize):
pop pushed error after each try of reading. fixes #4550
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_initialize): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@31796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize):
pop pushed error after each try of reading. fixes #4550
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@31795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl_x509name.c: id_aref's type is ID.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@31792 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_verify): flags is VALUE,
so it should use NUM2INT.
* ext/openssl/ossl_ocsp.c (ossl_ocspbres_verify): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@31791 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/lib/openssl/buffering.rb (module OpenSSL): #flush should
not change sync mode on exception.
* test/openssl/test_buffering.rb: added
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@31777 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl_ssl.c (ssl_get_error): Thread context switch was
blocked on Windows while blocking call for SSLSocket. Need to
convert errno for letting rb_io_wait_readable detect EWOULDBLOCK.
Patch by arton. ref #3794.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@30334 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl_x509ext.c (ossl_x509extfactory_set_config):
fix compile error when !HAVE_X509V3_SET_NCONF. Thanks
Chikanaga-san. [ruby-dev:42761] [Ruby 1.9-Bug#4158]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@30320 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* etc/openssl/ossl_ssl.c (ossl_ssl_get_cert): raise exception if
pointer is invalid. Thanks Ippei Obayashi! [ruby-dev:42573]
--
STDIN is not valid when ruby doesn't have tty.
--
making ssl test a little better
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@30138 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/lib/openssl/bn.rb (Integer#to_bn): OpenSSL::BN.new
accepts only Strings, so call Integer#to_s(16).
16 is for an optimization. [ruby-dev:42336]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@30028 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* ext/openssl/ossl_bn.c (ossl_bn_is_prime): fix comparison
with rb_scan_args. Before this fix, OpenSSL::BN#prime?
is fully broken.
--
Add ML ref [ruby-dev:42225] for r29237.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@29794 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* Fixed wrong check of missing functions. Patch by Adrian Quark.
ref #3400
The patch contains following comment:
This patch should avoid unnecessary incompatibility with future
versions of Openssl. Changes suggested by bmaher_at_amazon.com.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@29662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* backport r29071 from ruby_1_8;
* ext/openssl/ossl_asn1.c (obj_to_asn1bool): fixed ASN1::Boolean
encoding issue for OpenSSL 1.0.0 compatibility.
ASN1::Boolean.new(false).to_der wrongly generated "\1\1\377" which
means 'true'.
ASN1_TYPE_set of OpenSSL <= 0.9.8 treats value 0x100 as 'false'
but OpenSSL >= 1.0.0 treats it as 'true'. ruby-ossl was using
0x100 for 'false' for backward compatibility. Just use 0x0 for
the case OpenSSL >= OpenSSL 0.9.7.
* test/openssl/test_asn1.rb: test added.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@29389 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
--
* suppress warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@27976 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lib/irb/cmd/fork.rb, lib/mutex_m.rb,
lib/shell/process-controller.rb, lib/sync.rb, object.c:
suppress warnings patched by Benoit Daloze at [ruby-core:30366].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@27967 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
truncated with ec_key.group.order.size after openssl 0.9.8m for
FIPS 186-3 compliance.
WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
false when you pass dgst longer than expected (no truncation
performed).
* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27645 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
loopy version of openssl (0.9.8l?).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27461 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL 0.9.8.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27460 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/extconf.rb: check some functions added/removed at
OpenSSL 1.0.0.
* ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which
exists.
* ext/openssl/ossl_ssl_session (SSL_SESSION_cmp): removed at 1.0.0,
so implement compatible fuction here.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27440 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27439 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27437 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
which allows net/https to specify timeout. [ruby-core:24812]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27282 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
store->ex_data.sk. [ruby-core:28907] [ruby-core:23971]
[ruby-core:18121]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27064 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
patched by Jeroen van Meeuwen at [ruby-core:25210]
fixed by Nobuyoshi Nakada [ruby-core:25238],
Hongli Lai [ruby-core:27417],
and Motohiro KOSAKI [ruby-core:28063]
* ext/openssl/ossl_ssl.c (ossl_ssl_method_tab),
(ossl_ssl_cipher_to_ary): constified.
* ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls):
split pkcs7_get_certs_or_crls.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26781 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26743 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
No need to define hexdigest() here because the super method is
properly defined to use digest() passing through arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26741 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
subclass of Digest::Class so it can take advantage of all those
utility methods such as base64digest.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26740 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::Digest class in place of where either an instance of
the class or the algorithm name was demanded. For example,
OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1, key, data) is now
accepted as well as the usual
OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, key, data) and
OpenSSL::HMAC.digest("SHA1", key, data).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26739 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
warning at SSLSocket#connect.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@25976 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Chris Chandler [ruby-core:18411]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@25019 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
frozen (or untrusted for $SECURE >= 4) [ruby-core:18377]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@25017 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24861 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509store.c (ossl_x509store_add_{file,path}):
replaced deprecated funtion.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24541 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
implemented.
* ext/openssl/ossl_engine.c: ditto.
* ext/openssl/ossl_config.c: ditto.
* ext/openssl/ossl_cipher.c: ditto.
* ext/openssl/ossl_pkcs5.c: ditto.
* ext/openssl/ossl_x509ext.c: ditto.
* ext/socket/socket.c: ditto.
* ext/socket/basicsocket.c: ditto.
* ext/socket/ancdata.c: ditto.
* ext/socket/unixsocket.c: ditto.
* ext/iconv/iconv.c: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23204 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23030 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(read_would_block): defined.
(ossl_start_ssl): add nonblock argument.
(ossl_ssl_connect): follow ossl_start_ssl change.
(ossl_ssl_connect_nonblock): new method.
(ossl_ssl_accept): follow ossl_start_ssl change.
(ossl_ssl_accept_nonblock): new method.
(ossl_ssl_read_internal): use write_would_block and
read_would_block.
(ossl_ssl_write_internal): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23029 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(OpenSSL::Buffering#write_nonblock): new method.
* ext/openssl/ossl_ssl.c (ossl_ssl_write_nonblock): new method.
(ossl_ssl_write_internal): defined.
(ossl_ssl_write): use ossl_ssl_write_internal.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23020 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23010 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(rb_mWaitWritable): defined.
(io_getpartial): extend IO::WaitReadable on EWOULDBLOCK and EAGAIN.
(rb_io_write_nonblock): extend IO::WaitWritable on EWOULDBLOCK and
EAGAIN.
* error.c (make_errno_exc): extracted from rb_sys_fail.
(rb_mod_sys_fail): new function.
* include/ruby/ruby.h (rb_mod_sys_fail): declared.
(rb_mWaitReadable): declared.
(rb_mWaitWritable): declared.
* ext/socket/init.c (rsock_s_recvfrom_nonblock): extend
IO::WaitReadable on EWOULDBLOCK and EAGAIN.
(rsock_s_accept_nonblock): extend IO::WaitReadable on EWOULDBLOCK,
EAGAIN, ECONNABORTED and EPROTO.
* ext/socket/socket.c (sock_connect_nonblock): extend IO::WaitWritable
on EINPROGRESS.
* ext/socket/ancdata.c (bsock_sendmsg_internal): extend
IO::WaitWritable on EWOULDBLOCK and EAGAIN.
(bsock_recvmsg_internal): extend IO::WaitReadable on EWOULDBLOCK and
EAGAIN.
* ext/openssl/ossl_ssl.c (ossl_ssl_read_internal): raise SSLError
extended by IO::WaitReadable/IO::WaitWritable on
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
* ext/openssl/ossl.c (ossl_make_error): extracted from ossl_raise.
(ossl_exc_new): new function.
* ext/openssl/ossl.h (ossl_exc_new): declared.
* lib/net/protocol.rb (rbuf_fill): rescue IO::WaitReadable and
IO::WaitWritable.
[ruby-core:22539], [ruby-dev:38140]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core:22860]
* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a
warning.
* ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may
be larger than long.
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time),
(ossl_ssl_session_get_timeout): use TIMET2NUM() to convert
time_t.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22925 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OPENSSL_free instead of free. a patch from Charlie Savage at
[ruby-core:22858].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22924 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* include/ruby/ruby.h (NUM2INT, rb_special_const_p): returns true
and false instead of Qtrue and Qfalse for platforms where VALUE
is bigger than int.
* gc.c (gc_stress_set), ext/openssl/ossl_asn1.c (decode_bool): got
rid of variables named `bool'.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22922 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.h (OSSL_Debug): don't use gcc extention for
variadic macro.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG doesn't fit into Fixnum.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
