Age | Commit message (Collapse) | Author |
|
* ext/extmk.rb: Show a message when extconf.rb raised an exception.
* ext/openssl/extconf.rb: Use exception raising instead of message
and/or abort. We want to display error message to console _and_
logging into mkmf.log.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@36929 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@35191 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_x509cert.rb: Exclude test that fails when issuing
a certificate with RSA signature and DSS1 digest for earlier
OpenSSL versions when used in conjunction with OpenSSL 1.0.1.
Thanks, Vit Ondruch, for reporting the issue.
[ruby-core:42949][Bug #6089]
* ext/openssl/ossl_pkcs7.c: fix crash when parsing garbage data.
* test/openssl/test_pkcs7.rb: assert correct behavior for it.
Thanks to Matt Venables for reporting the issue.
[ruby-core:43250][Bug #6134]
* test/openssl/test_x509cert.rb: exclude test that fails when issuing
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@35179 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/openssl/buffering.rb: Force multi-byte strings to be treated as
binary data.
* test/openssl/test_ssl.rb: Add test for it.
Thanks to Niklas Baumstark for reporting the issue!
[Ruby 1.9 - Bug #5233] [ruby-core:39120]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34534 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
option to prevent BEAST attack. See [Bug #5353].
In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
TLS-CBC-IV vulunerability described at
http://www.openssl.org/~bodo/tls-cbc.txt
It's known issue of TLSv1/SSLv3 but it attracts lots of attention
these days as BEAST attack. (CVE-2011-3389)
Until now ossl sets OP_ALL at SSLContext allocation and call
SSL_CTX_set_options at connection. SSL_CTX_set_options updates the
value by using |= so bits set by OP_ALL cannot be unset afterwards.
This commit changes to call SSL_CTX_set_options only 1 time for each
SSLContext. It sets the specified value if SSLContext#options= are
called and sets OP_ALL if not.
To help users to unset bits in OP_ALL, this commit also adds several
constant to SSL such as
OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were
not exposed in Ruby because there's no way to unset bits in OP_ALL
before.
Following is an example to enable 0/n split for BEAST prevention.
ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS
* test/openssl/test_ssl.rb: Test above option exists.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34524 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509name.c: Use the numerical representation of
unrecognized OIDs instead of the sn "UNDEF".
* test/openssl/test_x509name.rb: Add tests for the fixed behavior.
Patch provided by Paul Kehrer, thank you!
[ruby-core:41769] [Feature #5787]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34489 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_cipher.c: Update and complete documentation.
* ext/openssl/ossl_cipher.c: Add warning about key as IV.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34473 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_asn1.c: Call INT2NUM only once for GeneralString.
Thanks to Mantas Mikulenas for noticing and providing a patch!
[ruby-core:42358] [Bug #5972]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34472 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being
fed arbitrary string values.
Clearly distinguish between the cases "universal, infinite and
not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly
infinite". Raise error for universal tags that are not infinite.
* test/openssl/test_asn1.rb: add a test for this.
Thanks to Hiroshi Yoshida for reporting this bug.
[Bug #5363] [ruby-dev:44542]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@33347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/openssl/ossl_pkey.c: Remove unused variables.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@33317 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/bn.rb: Hide copyright info from RDoc.
* ext/openssl/lib/openssl/digest.rb: ditto
* ext/openssl/lib/openssl/cipher.rb: ditto
* backport r33065 from trunk.
* ext/openssl/ossl_digest.c: Document OpenSSL::Digest::digest and add
an example to OpenSSL::Digest. Patch by Sylvain Daubert.
[Ruby 1.9 - Bug #5166]
* ext/openssl/lib/openssl/digest.rb (module OpenSSL): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@33067 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509cert.c: Add class documentation for
OpenSSL::X509::Certificate.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32993 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey.c: corrected docs, OpenSSL::PKey::DH does
*not* support #sign/verify.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32989 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c: Support disabling OpenSSL compression.
* test/openssl/test_ssl.rb: Add a test for it.
Thanks to Eric Wong for the patch.
[Ruby 1.9 - Feature #5183] [ruby-core:38911]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32975 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_cipher.c (ossl_cipher_initialize): Avoid possible
SEGV from AES encryption/decryption. Processing data by
Cipher#update without initializing key (meaningless usage of Cipher
object since we don't offer a way to export a key) could cause SEGV.
In OpenSSL, the EVP which has EVP_CIPH_RAND_KEY flag (such as DES3)
allows uninitialized key, but other EVPs (such as AES) does not
allow it. Calling EVP_CipherUpdate() without initializing key causes
SEGV so we set the data filled with "\0" as the key by default. See
#2768.
* test/openssl/test_cipher.rb: test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32724 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for openssl/{x509,ssl} usage. Users should require "openssl" instead
of "openssl/ssl" and "openssl/x509". Start of transition period
introduced by [ruby-dev:38018].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32665 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/x509.rb: Cosmetic change: move definition
introduced in r30152 to x509-internal.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32663 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated
SSLError from SSLSocket just after invoking SSLSocket#close.
OpenSSL's SSL_shutdown could try to send alert packet and it might
set SSLerr(global error stack) as the result. It causes the next
SSL read/write operation to fail by unrelated reason.
By design, we're ignoring any error at SSL_shutdown() so we clear
global error stack after SSL_shutdown is called. See #5039.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32660 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_hmac.c: Revert checking return type of
HMAC_Init_ex as it is not compatible with OpenSSL < 1.0.0.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32610 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_digest.c: Check return value of EVP_DigestInit_ex.
* ext/openssl/ossl_hmac.c: Check return value of HMAC_Init_ex.
Thanks, Jared Jennings, for the patch.
[ Ruby 1.9 - Bug #4944 ] [ruby-core:37670]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32607 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_engine.c: Avoid double free of ENGINE reference.
* test/openssl/test_engine.rb: Add a test for it.
Thanks to Ippei Obayashi for providing the patch.
[ Ruby 1.9 - Bug #5062 ] [ruby-dev:44173]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32605 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
r32579:
* io.c (rb_update_max_fd): new function.
* internal.h (rb_update_max_fd): declare rb_update_max_fd.
* thread_pthread.c (rb_thread_create_timer_thread): update max fd when
timer thread pipe is created.
r32581:
* io.c (UPDATE_MAXFD): removed.
r32587:
* include/ruby/intern.h (rb_update_max_fd): declaration moved from
internal.h.
* file.c: ditto.
* io.c: call rb_update_max_fd for each new fds.
* process.c: ditto.
* random.c: ditto.
* ruby.c: ditto.
* ext/io/console/console.c: ditto.
* ext/openssl/ossl_bio.c: ditto.
* ext/pty/pty.c: ditto.
* ext/socket/init.c: ditto.
* ext/socket/socket.c: ditto.
* ext/socket/ancdata.c: ditto.
* ext/socket/unixsocket.c: ditto.
r32588:
* io.c (rb_update_max_fd): remove parentheses. they are not in
macro.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c (ossl_verify_cb): trap the exception from
verify callback of SSLContext and X509Store and make the
verification fail normally. Raising exception directly from callback
causes orphan resouces in OpenSSL stack. Patched by Ippei Obayashi.
See #4445.
* test/openssl/test_ssl.rb
(test_exception_in_verify_callback_is_ignored): test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32538 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
defition of OPENSSL_SYS_WIN32.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32452 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32344 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c: Replaced ossl_x509_ary2k by generic macro to
simplify future conversions.
* ext/openssl/ossl_ssl.c: Implement SSLSocket#client_ca.
* test/openssl/test_ssl.rb: Add test for SSLSocket#client_ca.
Thanks to Ippei Obayashi for providing the patch!
[ Ruby 1.9 - Feature #4481 ] [ruby-core:35461]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32337 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32292 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32288 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_missing.h/.c: add ASN1_put_eoc if missing.
* ext/openssl/ossl_asn1.c: introduce ossl_asn1_object_size and
ossl_asn1_put_object to wrap functionality depending on OpenSSL
version in use.
Fixes [ Ruby 1.9 - Bug #4916 ] reported by Hiroshi Nakamura.
[ruby-core:37286]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32230 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
connection more gracefully. Call SSL_shutdown() max 4 times until it
returns 1 (success). Bi-directional SSL close has several states but
SSL_shutdown() kicks only 1 transition per call. Max 4 is from
mod_ssl.c of Apache httpd that says 'max 2x pending * 2x data = 4'.
See #4237.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32219 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for X509_NAME_hash_old in OpenSSL 1.0.0. See #4805
* test/openssl/test_x509name.rb (test_hash): Make test pass with
OpenSSL 1.0.0.
* NEWS: Add it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
argument type with NUM2LONG if the arg is not a Time object.
See #4919.
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_timeout): Check
type with NUM2LONG. Time as an arg is not allowed. See #4919.
* test/openssl/test_ssl_session.rb (test_session_time,
test_session_timeout): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32211 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL from the callback for SSL_CTX_sess_set_get_cb().
Returning 0 means to OpenSSL that the the session is still valid
(since we created Ruby Session object) and was not freed by us with
SSL_SESSION_free(). Call SSLContext#remove_session(sess) in
session_get_cb block if you don't want OpenSSL to cache the session
internally.
This potential issue was pointed by Ippei Obayashi. See #4416.
* test/openssl/test_ssl_session.rb (test_ctx_server_session_cb): Test
it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32204 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Tomoyuki Chikanaga.
[ Ruby 1.9 - Bug #4919 ] [ruby-dev:43869]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32203 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::SSLContext#session_remove_cb was broken. It wrongly
tried to call the session_*new*_cb callback.
* test/openssl/test_ssl_session.rb (class OpenSSL): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fallback scenarios.
* ext/openssl/ossl_pkey_dsa.c
* ext/openssl/ossl_x509req.c
* ext/openssl/ossl_pkey_rsa.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_ssl_session.c
* ext/openssl/ossl_x509crl.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey_dh.c
* ext/openssl/ossl_x509cert.c
* ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset.
* ext/openssl/ossl_ssl.c
* ext/openssl/ossl_cipher.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_pkcs12.c
* ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by
ossl_raise. This automatically flushes OpenSSL's error queue.
* ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing
fails.
* test/openssl/test_pkey_ec.rb
* test/openssl/test_pkey_dsa.rb
* test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is
empty.
* test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in
test_new.
[ Ruby 1.9 - Bug #4885 ] [ruby-core:37134]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Thanks, Eric Wong, for providing the patch.
[ Ruby 1.9 - Feature #4672 ] [ruby-core:36127]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32198 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::Session#to_der was broken. Fix buffer handling.
* test/openssl/test_ssl_session.rb (test_session): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32196 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Documentation fix by Ippei Obayashi. See #4419.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32176 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(e.g. DSS1).
* test/openssl/test_digest.c: add tests for this.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32045 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
oid.
* test/openssl/test_digest.rb: add tests for this.
[Ruby 1.9 - Feature #4412] [ruby-core:35319]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32040 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/utils.rb: add test key for DH.
* test/openssl/test_pkey_dh.rb: add tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32039 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
DH#pub_key in documentation.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32038 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
reading arbitrary public/private keys from DER-/PEM-encoded File or
string instances.
* ext/openssl/ossl_pkey_dh.c: improved documentation.
* test/openssl/utils.rb: added EC test key.
* test/openssl/test_pkey_rsa.rb
test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from
OpenSSL::TestUtils.
* test/openssl/test_pkey_ec.rb: Created test file for EC tests.
Test PKey.read.
[Ruby 1.9 - Feature #4424] [ruby-core:35330]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32036 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey_dsa.c: corrected examples. Improved parameter
sections.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32031 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32029 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Buffering#each_byte should return String in accordance with IO in
1.9.
* test/openssl/test_buffering.rb (class OpenSSL): add tests for getc
and each_byte.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32012 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
CertificateError when Request#to_der gets an error from OpenSSL.
Patch from Ippei Obayashi, see #4420. I cannot write a test for
this... Request does not allow to create broken bytes...
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32005 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey_rsa.c: Complete documentation.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31826 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|