Age | Commit message (Collapse) | Author |
|
* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
finalizes only a copy of the digest context, the context must be
cleaned up after initialization by EVP_MD_CTX_cleanup() or a
memory leak will occur. [ruby-core:62038] [Bug #9743]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@45868 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
error reasons with old OpenSSL, and insert a colon iff formatted
message is not empty.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@45472 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/buffering.rb: [DOC] Fix HEREDOC comment for
OpenSSL::Buffering which breaks overview because of RDoc bug
* ext/openssl/lib/openssl/buffering.rb: Fix warning in copyright
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@45053 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey_dh.c: Fixed typo by Sandor Szuecs [Bug #9243]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@44982 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): Declare a constant
`OP_MSIE_SSLV2_RSA_PADDING` only if the macro is defined. The
`SSL_OP_MSIE_SSLV2_RSA_PADDING` has been removed from latest
snapshot of OpenSSL 1.0.1. [Fixes GH-488]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@44768 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
44569:44572,44576:44579,44581,44590:44594,44607,44608,44614,44615:
iseq.c: linear search
* iseq.c (iseq_type_from_id): linear search instead of hash lookup for
small fixed number keys.
------------------------------------------------------------------------
r44570 | nobu | 2014-01-12 17:11:32 +0900 (Sun, 12 Jan 2014) | 4 lines
tcltklib.c: create_ip_exc format argument
* ext/tk/tcltklib.c (create_ip_exc): format argument must not be a
dynamic string, not to contain unescaped %.
------------------------------------------------------------------------
r44571 | nobu | 2014-01-12 17:11:34 +0900 (Sun, 12 Jan 2014) | 5 lines
stubs.c: library name strings
* ext/tk/stubs.c (ruby_open_tcl_dll, ruby_open_tk_dll): make library
names by string literal concatenation at compilation time, not by
sprintf() at runtime.
------------------------------------------------------------------------
r44572 | nobu | 2014-01-12 17:11:36 +0900 (Sun, 12 Jan 2014) | 1 line
ext: use rb_sprintf() and rb_vsprintf() with PRIsVALUE
* ext/bigdecimal/bigdecimal.c (CLASS_NAME): macro to wrap
depending on PRIsVALUE for 1.9. [Backport #9406]
* ext/bigdecimal/bigdecimal.c (DECIMAL_SIZE_OF_BITS): fallback
definition for 2.1 or older. [ruby-core:59750] [Backport #9406]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@44659 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey_ec.c: Ensure compatibility to builds of
OpenSSL with OPENSSL_NO_EC2M defined, but OPENSSL_NO_EC not
defined.
* test/openssl/test_pkey_ec.rb: Iterate over built-in curves
(and assert their non-emptiness!) instead of hard-coding them, as
this may cause problems with respect to the different availability
of individual curves in individual OpenSSL builds.
[ruby-core:54881] [Bug #8384]
Thanks to Vit Ondruch for providing the patch!
* test/openssl/test_pkey_ec.rb: Skip tests for "Oakley" curves as
they are not suitable for ECDSA.
[ruby-core:54881] [Bug #8384]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@43481 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_asn1.c (asn1time_to_time): Implement YYMMDDhhmmZ
format for ASN.1 UTCTime. [ruby-trunk - Bug #8664]
* test/openssl/test_asn1.rb: Test for the above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@42215 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/openssl/ssl.rb: Fix SSL client connection crash for SAN marked
critical.
The patch for CVE-2013-4073 caused SSL crash when a SSL server returns
the certificate that has critical SAN value. X509 extension could
include 2 or 3 elements in it:
[id, criticality, octet_string] if critical,
[id, octet_string] if not.
Making sure to pick the last element of X509 extension and use it as
SAN value.
[ruby-core:55685] [Bug #8575]
Thank you @nahi for providing the patch!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@41812 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix comment typo by @parroty [fix GH-350]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@41809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/ssl.rb (verify_certificate_identity): fix
hostname verification. Patched by nahi.
* test/openssl/test_ssl.rb (test_verify_certificate_identity): test for
above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@41672 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c: Correct shutdown behavior w.r.t GC.
* test/openssl/test_ssl.rb: Add tests to verify correct behavior.
[Bug #8240] Patch provided by Shugo Maeda. Thanks!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@40387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_bn.c (ossl_bn_initialize): fix can't create from bn.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@40113 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c (class OpenSSL): Fixed ExtensionFactory example.
Patch by Richard Bradley. [ruby-trunk - Bug #7551]
* ext/openssl/ossl.c (class OpenSSL): Use only inner parenthesis in
create_extension examples.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@39584 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c (ossl_fips_mode_set): do not assume RTEST() to be
parenthesized always.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
feature Authenticated Encryption.
* ext/openssl/extconf.rb: detect presence of EVP_CTRL_GCM_GET_TAG to
determine whether Authenticated Encryption can be used.
[Feature #6980] [ruby-core:47426]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/utils.rb: revise comment about setting FIPS mode to
false.
* test/openssl/test_fips.rb: remove tests that cause errors on
ruby-ci.
[Feature #6946] [ruby-core:47345]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38491 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38489 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
with Associated Data (AEAD) for OpenSSL versions that support the
GCM encryption mode. It's the only mode supported for now by OpenSSL
itself. Add Cipher#authenticated? to detect whether a chosen mode
does support Authenticated Encryption.
* test/openssl/test_cipher.rb: add tests for Authenticated Encryption.
[Feature #6980] [ruby-core:47426] Thank you, Stephen Touset for
providing a patch!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
mode manually.
* test/openssl/utils.rb: turn off FIPS mode for tests. This prevents
OpenSSL installations with FIPS mode enabled by default from raising
FIPS-related errors during the tests.
* test/openssl/test_fips.rb: add tests for FIPS-capable OpenSSL
installations.
[Feature #6946] [ruby-core:47345]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38480 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
countermeasure for the BEAST attack by default. The default options
of OpenSSL::SSL:SSLContext are now:
OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
[Bug #5353] [ruby-core:39673]
* test/openssl/test_ssl.rb: Adapt tests to new SSLContext default.
* NEWS: Announce the new default.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::X509::Name.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38268 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
issue on big-endian architecture [ruby-core:50292] [Bug #7463]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37996 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/digest/*/extconf.rb, ext/openssl/extconf.rb: get git rid of
post-1.8 feature require_relative for cross compilation.
[ruby-core:50160] [Bug #7439]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
documentation
* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths):
ditto
* ext/openssl/ossl_x509store.c (ossl_x509store_add_cert): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37070 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
suppress warning: instance variable @npn_select_cb not initialized
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36985 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36895 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36886 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to
indicate whether OpenSSL runs in FIPS mode.
test/openssl/test_pkey_dh.rb: Generate 256 bit keys for
non-FIPS installations to improve test performance (e.g. for
rubyci).
test/openssl/utils.rb: Replace DSS1 as certificate signature
digest with SHA1 for FIPS installations when using DSA by
introducing TestUtils::DSA_SIGNATURE_DIGEST.
test/openssl/test_x509cert.rb:
test/openssl/test_x509crl.rb:
test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST
NEWS: Introduce OpenSSL::OPENSSL_FIPS
These changes allow running the OpenSSL tests in FIPS mode
while keeping a high performance for non-FIPS installations.
Introduction of OpenSSL::OPENSSL_FIPS allows for applications
to react to special requirements when using OpenSSL in FIPS mode.
[Feature #6946] [ruby-core:47345]
- Diese und die folgenden Zeilen werden ignoriert --
M ext/openssl/extconf.rb
M ext/openssl/ossl.c
M NEWS
M ChangeLog
M test/openssl/utils.rb
M test/openssl/test_x509crl.rb
M test/openssl/test_x509req.rb
M test/openssl/test_x509cert.rb
M test/openssl/test_pkey_dh.rb
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be
advertised by the server can be set in the SSLContext by using
SSLContext#npn_protocols=, protocol selection on the client is
supported by providing a selection callback with
SSLContext#npn_select_cb. The protocol that was finally negotiated
is available through SSL#npn_protocol.
test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation.
NEWS: add news about NPN support.
[Feature #6503] [ruby-core:45272]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
test/openssl/test_digest.rb: Add Digest module function to OpenSSL
module and test it. Patch provided by Eric Hodel.
[ruby-core:46908][Feature #6819]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
of an aggregate type is a C99ism.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): get rid of VC++
warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36364 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* io.c (sysopen_func, rb_sysopen_internal): cast through VALUE to get
rid of warnings. fixup of r36355.
* process.c (rb_waitpid_blocking, rb_waitpid): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36361 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* include/ruby/thread.h: new header file for thread stuff.
* thread.c (rb_thread_call_without_gvl): export. [Feature#4328]
returns void* instead of VALUE. [Feature #5543]
* thread.c (rb_thread_blocking_region): deprecate. [ruby-core:46295]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36355 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
test/openssl/test_pkey_ec.rb: Add support for EC_POINT_mul.
Patch provided by Sambasiva Suda. Thanks!
[ruby-core:44408][ruby-trunk - Feature #6310]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
session id. MD5, as was used before, causes problems when
using a FIPS version of OpenSSL. Issue was found by Jared
Jennings, thank you!
[ruby-trunk - Bug #6137]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36005 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/openssl/ossl_pkey_rsa.c
ext/openssl/ossl_pkey_dsa.c
ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less
than four characters long, as OpenSSL itself does not allow this.
Issue found by Eric Hodel.
* ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem,
following the PKey interface contract.
* test/openssl/test_pkey_dsa.rb
test/openssl/test_pkey_rsa.rb
test/openssl/test_pkey_ec.rb: Add tests that assert correct
behaviour when dealing with passwords that are less than four
characters long.
[ruby-core: 42281][ruby-trunk - Bug #5951]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Add/extend existing documentation. Examples now also cover RSA
signatures and PBKDF2.
[ruby-core: 45154][ruby-trunk - Bug #6475]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35996 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
remove SSLContext#disable_client_renegotiation and related
functionality introduced in r35797. The new callback approach
gives clients maximum flexibility to decide on their own what to
do on renegotiation attempts.
Add documentation for SSL module and SSLError.
* test/openssl/test_ssl.rb: Add a test for
SSLContext#renegotiation_cb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb: Simple tests for this.
Client-side renegotiation is still considered problematic, even
when used in the context of secure renegotiation (RI, RFC 5746).
The changes allow users to either completely disable client
renegotiation on the server, or to specify a maximum number of
handshakes allowed in total. The number of total handshakes is
counted in a callback set as SSL_set_info_callback. If the
maximum number of handshakes is exceeded an error will be raised
We do not support renegotiation in the OpenSSL extension, therefore
this feature can only be tested externally.
The feature is opt-in, the default setting will be to allow
unlimited client renegotiation, as was the case before.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid
the test failing in Ruby CI [1]
[1] http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz#test-all
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/zlib/extconf.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35705 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL issue.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/extconf.rb: Use exception raising instead of message
and/or abort. We want to display error message to console _and_
logging into mkmf.log.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
before ossl_raise. this cause a test failure on Linux.
http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35583 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::OP_NO_TLSv1_1
OpenSSL::SSL::OP_NO_TLSv1_2
to allow blocking specific TLS versions. Thanks to Justin Guyett for
pointing this out to me.
* test/openssl/test_ssl.rb: add tests to assert correct behavior when
blocking certain versions of TLS/SSL both on server and client side.
Also refactored tests to reduce boilerplate code a little.
* test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where
client rejects the connection because a forbidden protocol version
was used.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLContext#version to inspect the version that was negotiated for
a given connection.
* ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support.
* test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they
are supported by the native OpenSSL being used.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
available for macro compatibility.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35507 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
openssl. [ruby-core:44755][Bug #6379]
* ext/openssl/deprecation.rb: extract check for broken Apple OpenSSL.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35504 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
match server cert." error.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35494 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|