| Age | Commit message (Collapse) | Author |
|---|
|
* ext/openssl/ossl.c (ossl_fips_mode_set): do not assume RTEST() to be
parenthesized always.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
feature Authenticated Encryption.
* ext/openssl/extconf.rb: detect presence of EVP_CTRL_GCM_GET_TAG to
determine whether Authenticated Encryption can be used.
[Feature #6980] [ruby-core:47426]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/utils.rb: revise comment about setting FIPS mode to
false.
* test/openssl/test_fips.rb: remove tests that cause errors on
ruby-ci.
[Feature #6946] [ruby-core:47345]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38491 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38489 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
with Associated Data (AEAD) for OpenSSL versions that support the
GCM encryption mode. It's the only mode supported for now by OpenSSL
itself. Add Cipher#authenticated? to detect whether a chosen mode
does support Authenticated Encryption.
* test/openssl/test_cipher.rb: add tests for Authenticated Encryption.
[Feature #6980] [ruby-core:47426] Thank you, Stephen Touset for
providing a patch!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
mode manually.
* test/openssl/utils.rb: turn off FIPS mode for tests. This prevents
OpenSSL installations with FIPS mode enabled by default from raising
FIPS-related errors during the tests.
* test/openssl/test_fips.rb: add tests for FIPS-capable OpenSSL
installations.
[Feature #6946] [ruby-core:47345]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38480 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
countermeasure for the BEAST attack by default. The default options
of OpenSSL::SSL:SSLContext are now:
OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
[Bug #5353] [ruby-core:39673]
* test/openssl/test_ssl.rb: Adapt tests to new SSLContext default.
* NEWS: Announce the new default.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::X509::Name.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38268 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
issue on big-endian architecture [ruby-core:50292] [Bug #7463]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37996 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/digest/*/extconf.rb, ext/openssl/extconf.rb: get git rid of
post-1.8 feature require_relative for cross compilation.
[ruby-core:50160] [Bug #7439]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
documentation
* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths):
ditto
* ext/openssl/ossl_x509store.c (ossl_x509store_add_cert): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37070 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
suppress warning: instance variable @npn_select_cb not initialized
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36985 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36895 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36886 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to
indicate whether OpenSSL runs in FIPS mode.
test/openssl/test_pkey_dh.rb: Generate 256 bit keys for
non-FIPS installations to improve test performance (e.g. for
rubyci).
test/openssl/utils.rb: Replace DSS1 as certificate signature
digest with SHA1 for FIPS installations when using DSA by
introducing TestUtils::DSA_SIGNATURE_DIGEST.
test/openssl/test_x509cert.rb:
test/openssl/test_x509crl.rb:
test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST
NEWS: Introduce OpenSSL::OPENSSL_FIPS
These changes allow running the OpenSSL tests in FIPS mode
while keeping a high performance for non-FIPS installations.
Introduction of OpenSSL::OPENSSL_FIPS allows for applications
to react to special requirements when using OpenSSL in FIPS mode.
[Feature #6946] [ruby-core:47345]
- Diese und die folgenden Zeilen werden ignoriert --
M ext/openssl/extconf.rb
M ext/openssl/ossl.c
M NEWS
M ChangeLog
M test/openssl/utils.rb
M test/openssl/test_x509crl.rb
M test/openssl/test_x509req.rb
M test/openssl/test_x509cert.rb
M test/openssl/test_pkey_dh.rb
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be
advertised by the server can be set in the SSLContext by using
SSLContext#npn_protocols=, protocol selection on the client is
supported by providing a selection callback with
SSLContext#npn_select_cb. The protocol that was finally negotiated
is available through SSL#npn_protocol.
test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation.
NEWS: add news about NPN support.
[Feature #6503] [ruby-core:45272]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
test/openssl/test_digest.rb: Add Digest module function to OpenSSL
module and test it. Patch provided by Eric Hodel.
[ruby-core:46908][Feature #6819]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
of an aggregate type is a C99ism.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): get rid of VC++
warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36364 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* io.c (sysopen_func, rb_sysopen_internal): cast through VALUE to get
rid of warnings. fixup of r36355.
* process.c (rb_waitpid_blocking, rb_waitpid): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36361 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* include/ruby/thread.h: new header file for thread stuff.
* thread.c (rb_thread_call_without_gvl): export. [Feature#4328]
returns void* instead of VALUE. [Feature #5543]
* thread.c (rb_thread_blocking_region): deprecate. [ruby-core:46295]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36355 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
test/openssl/test_pkey_ec.rb: Add support for EC_POINT_mul.
Patch provided by Sambasiva Suda. Thanks!
[ruby-core:44408][ruby-trunk - Feature #6310]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
session id. MD5, as was used before, causes problems when
using a FIPS version of OpenSSL. Issue was found by Jared
Jennings, thank you!
[ruby-trunk - Bug #6137]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36005 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/openssl/ossl_pkey_rsa.c
ext/openssl/ossl_pkey_dsa.c
ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less
than four characters long, as OpenSSL itself does not allow this.
Issue found by Eric Hodel.
* ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem,
following the PKey interface contract.
* test/openssl/test_pkey_dsa.rb
test/openssl/test_pkey_rsa.rb
test/openssl/test_pkey_ec.rb: Add tests that assert correct
behaviour when dealing with passwords that are less than four
characters long.
[ruby-core: 42281][ruby-trunk - Bug #5951]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Add/extend existing documentation. Examples now also cover RSA
signatures and PBKDF2.
[ruby-core: 45154][ruby-trunk - Bug #6475]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35996 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
remove SSLContext#disable_client_renegotiation and related
functionality introduced in r35797. The new callback approach
gives clients maximum flexibility to decide on their own what to
do on renegotiation attempts.
Add documentation for SSL module and SSLError.
* test/openssl/test_ssl.rb: Add a test for
SSLContext#renegotiation_cb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb: Simple tests for this.
Client-side renegotiation is still considered problematic, even
when used in the context of secure renegotiation (RI, RFC 5746).
The changes allow users to either completely disable client
renegotiation on the server, or to specify a maximum number of
handshakes allowed in total. The number of total handshakes is
counted in a callback set as SSL_set_info_callback. If the
maximum number of handshakes is exceeded an error will be raised
We do not support renegotiation in the OpenSSL extension, therefore
this feature can only be tested externally.
The feature is opt-in, the default setting will be to allow
unlimited client renegotiation, as was the case before.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid
the test failing in Ruby CI [1]
[1] http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz#test-all
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/zlib/extconf.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35705 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL issue.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/extconf.rb: Use exception raising instead of message
and/or abort. We want to display error message to console _and_
logging into mkmf.log.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
before ossl_raise. this cause a test failure on Linux.
http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35583 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::OP_NO_TLSv1_1
OpenSSL::SSL::OP_NO_TLSv1_2
to allow blocking specific TLS versions. Thanks to Justin Guyett for
pointing this out to me.
* test/openssl/test_ssl.rb: add tests to assert correct behavior when
blocking certain versions of TLS/SSL both on server and client side.
Also refactored tests to reduce boilerplate code a little.
* test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where
client rejects the connection because a forbidden protocol version
was used.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLContext#version to inspect the version that was negotiated for
a given connection.
* ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support.
* test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they
are supported by the native OpenSSL being used.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
available for macro compatibility.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35507 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
openssl. [ruby-core:44755][Bug #6379]
* ext/openssl/deprecation.rb: extract check for broken Apple OpenSSL.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35504 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
match server cert." error.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35494 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/extconf.rb: add --with-broken-apple-openssl option.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35428 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35427 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
CPPFLAGS.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35426 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
reached.
* variable.c (rb_obj_remove_instance_variable): Replaced "not reached"
comment with the UNREACHABLE macro.
* variable.c (rb_mod_const_missing): ditto.
* variable.c (rb_mod_remove_cvar): ditto.
* enum.c (first_i): ditto.
* string.c (rb_str_aref): ditto.
* string.c (str_byte_aref): ditto.
* string.c (rb_to_id): ditto.
* io.c (rb_io_fmode_modestr): ditto.
* io.c (rb_io_oflags_modestr): ditto.
* pack.c (num2i32): ditto.
* vm_eval.c (rb_method_missing): ditto.
* vm_eval.c (rb_f_throw): ditto.
* dir.c (dir_read): ditto.
* win32/win32.c (child_result): ditto.
* struct.c (rb_struct_getmember): ditto.
* struct.c (rb_struct_set): ditto.
* struct.c (rb_struct_aref_id): ditto.
* eval.c (rb_f_raise): ditto.
* process.c (rb_f_exit_bang): ditto.
* process.c (rb_f_exit): ditto.
* process.c (rb_f_abort): ditto.
* ext/-test-/iter/break.c (iter_break_value): ditto.
* ext/pty/pty.c (pty_check): ditto.
* ext/openssl/ossl_pkey.c (ossl_pkey_new): ditto.
* ext/readline/readline.c (rb_remove_history): ditto.
* ext/stringio/stringio.c (strio_unimpl): ditto.
* numeric.c (num_sadded): ditto.
* numeric.c (num_init_copy): ditto.
* numeric.c (rb_num2ll): ditto.
* numeric.c (rb_num2ull): ditto.
* vm_insnhelper.c (call_cfunc): ditto.
* ruby.c (opt_W_getter): ditto.
* bignum.c (rb_big_coerce): ditto.
* file.c (rb_f_test): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35322 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
reaches end of non-void function" warnings. [ruby-trunk - Bug #6066]
* re.c (name_to_backref_number): ditto.
* object.c (rb_Float): ditto.
* io.c (io_readpartial): ditto.
* io.c (io_read_nonblock): ditto.
* pack.c (rb_uv_to_utf8): ditto.
* proc.c (rb_method_entry_arity): ditto.
* vm_method.c (rb_f_notimplement): ditto.
* struct.c (rb_struct_aset_id): ditto.
* class.c (rb_scan_args): ditto.
* process.c (rlimit_resource_type): ditto.
* process.c (rlimit_resource_value): ditto.
* process.c (p_uid_switch): ditto.
* process.c (p_gid_switch): ditto.
* ext/digest/digest.c (rb_digest_instance_update): ditto.
* ext/digest/digest.c (rb_digest_instance_finish): ditto.
* ext/digest/digest.c (rb_digest_instance_reset): ditto.
* ext/digest/digest.c (rb_digest_instance_block_length): ditto.
* ext/bigdecimal/bigdecimal.c (BigDecimalCmp): ditto.
* ext/dl/handle.c (rb_dlhandle_close): ditto.
* ext/tk/tcltklib.c (pending_exception_check0): ditto.
* ext/tk/tcltklib.c (pending_exception_check1): ditto.
* ext/tk/tcltklib.c (ip_cancel_eval_core): ditto.
* ext/tk/tcltklib.c (lib_get_reltype_name): ditto.
* ext/tk/tcltklib.c (create_dummy_encoding_for_tk_core): ditto.
* ext/tk/tkutil/tkutil.c (tk_hash_kv): ditto.
* ext/openssl/ossl_ssl.c (ossl_ssl_session_reused): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_dsa_verify_asn1): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_is_at_infinit): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_is_on_curve): ditto.
* ext/fiddle/conversions.c (generic_to_value): ditto.
* ext/socket/raddrinfo.c (rsock_io_socket_addrinfo): ditto.
* ext/socket/socket.c (sock_s_getnameinfo): ditto.
* ext/ripper/eventids2.c (ripper_token2eventid): ditto.
* cont.c (return_fiber): ditto.
* dmydln.c (dln_load): ditto.
* vm_insnhelper.c (vm_search_normal_superclass): ditto.
* bignum.c (big_fdiv): ditto.
* marshal.c (r_symlink): ditto.
* marshal.c (r_symbol): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35321 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35190 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkcs7.rb: assert correct behavior for it.
Thanks to Matt Venables for reporting the issue.
[ruby-core:43250][Bug #6134]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35167 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
values for Primitive instances.
* test/openssl/test_asn1.rb: Assert consistent behavior when
encoding nil values: Primitives raise TypeError, Constructives
raise NoMethodError.
Fixes [ruby-core:43009][Bug #6102]
-This line, and those below, will be ignored--
M test/openssl/test_asn1.rb
M ext/openssl/ossl_asn1.c
M ChangeLog
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35159 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): fix argument type.
[Bug #6094]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35117 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This reverts commit r35102.
It breaks tests on FreeBSD.
6) Failure:
test_new_with_exponent(OpenSSL::TestPKeyRSA)
[/usr/home/chkbuild/build/ruby-trunk/20120323T010301Z/ruby/test/openssl/test_pkey_rsa.rb:59]:
<3> expected but was
<12884901891>.
7) Failure:
test_new_exponent_default(OpenSSL::TestPKeyRSA)
[/usr/home/chkbuild/build/ruby-trunk/20120323T010301Z/ruby/test/openssl/test_pkey_rsa.rb:52]:
<65537> expected but was
<281479271743489>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35116 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Bug #6094]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35102 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
from OpenSSL added by Apple.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
