summaryrefslogtreecommitdiff
path: root/ext/openssl
AgeCommit message (Collapse)Author
2017-08-10openssl: import v2.0.5rhe
Import Ruby/OpenSSL 2.0.5. The full commit history since v2.0.4 (imported at r59081) can be found at: https://github.com/ruby/openssl/compare/v2.0.4...v2.0.5 This will fix the test failure on latest Debian sid and the "no OPENSSL_Applink" issue on mswin. ---------------------------------------------------------------- Kazuki Yamaguchi (11): test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params bio: prevent possible GC issue in ossl_obj2bio() bio: do not use the FILE BIO method in ossl_obj2bio() Rakefile: install_dependencies: install only when needed appveyor.yml: test against Ruby 2.4 ossl_pem_passwd_cb: relax passphrase length constraint ossl_pem_passwd_cb: do not check for taintedness ossl_pem_passwd_cb: handle nil from the block explicitly ssl: remove unsupported TLS versions from SSLContext::METHODS ssl: fix compile error with OpenSSL 1.0.0 Ruby/OpenSSL 2.0.5 Lars Kanis (1): Add msys2 library dependency tag in gem metadata git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-06-14openssl: import v2.0.4rhe
Import Ruby/OpenSSL 2.0.4. Only bug (and typo) fixes. The full commit history since v2.0.3 (imported at r57482) can be found at: https://github.com/ruby/openssl/compare/v2.0.3...v2.0.4 This contains the fix for [Bug #11033]. ---------------------------------------------------------------- Jun Aruga (1): Update .travis.yml and Dockerfile Kazuki Yamaguchi (9): test/test_pkey_ec: do not use dummy 0 order test/test_ssl: fix typo in test_sysread_and_syswrite ssl: check return value of SSL_set_fd() Fix typos test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors tool/sync-with-trunk: 'LASY' -> 'LAST' x509store: clear error queue after calling X509_LOOKUP_load_file() extconf.rb: simplify searching libraries logic Ruby/OpenSSL 2.0.4 SHIBATA Hiroshi (1): Fix typos Vladimir Rybas (1): Fix documentation for OpenSSL::Cipher#final nobu (2): openssl: fix broken openssl check openssl: fix broken openssl check usa (1): Search SSL libraries by testing various filename patterns git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59081 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-16Search SSL libraries by testing various filename patternsusa
* ext/openssl/extconf.rb (find_openssl_library): should search by more flexible method, especially for LibreSSL on Windows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-03-22ruby tool/update-deps --fixshyouhei
Onigumo 6 (r57045) introduced new onigumo.h header file, which is required from quite much everywhere. This commit adds necessary dependencies. Note: ruby/oniguruma.h now includes onigumo.h, ruby/io.h includes oniguruma.h, ruby/encoding.h also includes oniguruma.h, and internal.h includes encoding.h. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58054 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-23Revert r57690 except for read_nonblocknobu
https://github.com/ruby/ruby/pull/1527#issuecomment-281867551 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57694 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-23[DOC] mark up literalsnobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-23[DOC] keyword argument _exception_nobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-23[DOC] {read,write}_nonblock with exception: falsenobu
Update docs to reflect EOF behavior change of read_nonblock and write_nonblock when using `exception: false`. [Fix GH-1527] Author: Russell Davis <russell-stripe@users.noreply.github.com> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57690 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-10openssl: fix broken openssl checknobu
* ext/openssl/deprecation.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-10openssl: fix broken openssl checknobu
* ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-01-31openssl: import v2.0.3rhe
Import Ruby/OpenSSL 2.0.3. Only bugfixes. The full commit log since 2.0.2 (imported at r57146) can be found at: https://github.com/ruby/openssl/compare/v2.0.2...v2.0.3 ---------------------------------------------------------------- Corey Bonnell (1): Fix for ASN1::Constructive 'each' implementation Kazuki Yamaguchi (10): Fix build with static OpenSSL libraries on Windows ([ruby-core:78878] [Bug #13080]) Merge pull request #96 from CBonnell/master Merge branch 'topic/windows-static-linking-without-pkg-config' into maint appveyor.yml: update OpenSSL version to 1.0.2j buffering: fix typo in doc test/envutil: fix assert_raise_with_message x509: fix OpenSSL::X509::Name#eql? ([ruby-core:79310] [Bug #13170]) ruby-openssl-docker: update versions of Ruby and OpenSSL .travis.yml: test with Ruby 2.4 Ruby/OpenSSL 2.0.3 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-12-22openssl: import v2.0.2rhe
Import Ruby/OpenSSL 2.0.2. This release contains only bugfixes. The full commit log since 2.0.1 (imported at r57041) can be found at: https://github.com/ruby/openssl/compare/v2.0.1...v2.0.2 ---------------------------------------------------------------- Kazuki Yamaguchi (5): ssl: check for SSL_CTX_clear_options() Rename functions in openssl_missing.c ssl: use SSL_SESSION_get_protocol_version() pkey: allow instantiating OpenSSL::PKey::PKey with unsupported key type Ruby/OpenSSL 2.0.2 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57146 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-12-10openssl: import v2.0.1rhe
Import Ruby/OpenSSL 2.0.1. The full commit history since 2.0.0 (imported at r56946) can be found at: https://github.com/ruby/openssl/compare/v2.0.0...v2.0.1 This release contains only bug fixes. Note, the first two commits since v2.0.0 are already imported at r56953 to make Travis and RubyCI green. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57041 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-12-01openssl: import fixes from upstreamrhe
Import the following two commits from upstream: commit 72126d6c8b88abd69c3565fc3bbbd5ed1e401611 Author: Kazuki Yamaguchi <k@rhe.jp> Date: Thu Dec 1 22:27:03 2016 +0900 pkey: check existence of EVP_PKEY_get0() EVP_PKEY_get0() did not exist in early OpenSSL 0.9.8 series. So define ourselves if needed. commit 94a1c4e0c5705ad1e9a4ca08cacaa6cba8b1e6f5 Author: Kazuki Yamaguchi <k@rhe.jp> Date: Thu Dec 1 22:13:22 2016 +0900 test/test_cipher: fix test with OpenSSL 1.0.1 before 1.0.1d Set the authentication tag before the AAD when decrypting. Before OpenSSL commit 96f7fafa2431 ("Don't require tag before ciphertext in AESGCM mode", 2012-10-16, at OpenSSL_1_0_1-stable branch, included in OpenSSL 1.0.1d), the authentication tag must be set before any calls of EVP_CipherUpdate(). They should fix build on CentOS 5 and Ubuntu 12.04 respectively. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30ossl.c: castnobu
* ext/openssl/ossl.c (ossl_pem_passwd_cb): cast to int. it's safe because len does not exceed int max_len. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56948 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30openssl: import v2.0.0rhe
Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2 (imported at r56098) can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-29parse.y: ambiguous parenthesesnobu
* parse.y (parser_yylex): warn ambiguous parentheses after a space in method definitions. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56927 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-10-26[DOC] replace Fixnum with Integer [ci skip]nobu
* numeric.c: [DOC] update document for Integer class. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-24fid typos [ci skip]nobu
* fix typos, "a" before "Integer" to "an". [Fix GH-1438] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56225 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-16* ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): Fix compile errorngoto
with old version of fcc (Fujitsu C Compiler) on Solaris 10. [Bug #12769] [ruby-dev:49809] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56173 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-08openssl: import v2.0.0.beta.2rhe
* {ext,test}/openssl: Import Ruby/OpenSSL 2.0.0.beta.2. The full commit history since v2.0.0.beta.1 can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.1...v2.0.0.beta.2 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29* remove trailing spaces.svn
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56028 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29import Ruby/OpenSSL 2.0.0.beta.1rhe
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-06openssl: avoid undefined behavior on empty SSL_writenormal
SSL_write(3ssl) manpage has this in the WARNINGS section: When calling SSL_write() with num=0 bytes to be sent the behaviour is undefined. And indeed, the new test case demonstrates failures when empty strings are used. So, match the behavior of IO#write, IO#write_nonblock, and IO#syswrite by returning zero, as the OpenSSL::SSL::SSLSocket API already closely mimics the IO one. * ext/openssl/ossl_ssl.c (ossl_ssl_write_internal): avoid undefined behavior * test/openssl/test_pair.rb (test_write_zero): new test [ruby-core:76751] [Bug #12660] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-07-06Update dependenciesnobu
* common.mk (compile.o, loadpath.o): update dependencies. * common.mk (vm_call.o): remove stale object dependencies. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55589 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-29openssl: fix for OpenSSL 1.0.0trhe
* ext/openssl/ossl_ocsp.c: The "reuse" behavior of d2i_ functions does not work well with OpenSSL 1.0.0t. So avoid it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55538 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-28* ext/digest/md5/md5ossl.h: Remove excess semicolons.ngoto
Suppress warning on Solaris with Oracle Solaris Studio 12. [ruby-dev:49692] [Bug #12524] * ext/digest/md5/md5cc.h: ditto. * ext/digest/sha1/sha1cc.h: ditto. * ext/digest/sha1/sha1ossl.h: ditto. * ext/digest/sha2/sha2cc.h: ditto. * ext/digest/sha2/sha2ossl.h: ditto. * ext/openssl/ossl_pkey_rsa.c: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55523 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: add OpenSSL::OCSP::SingleResponserhe
* ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an OCSP SingleResponse structure. Also add two new methods #responses and #find_response to OCSP::BasicResponse. A BasicResponse has one or more SingleResponse. We have OCSP::BasicResponse#status that returns them as an array of arrays, each containing the content of a SingleResponse, but this is not useful. When validating an OCSP response, we need to look into the each SingleResponse and check their validity but it is not simple. For example, when validating for a certificate 'cert', the code would be like: # certid_target is an OpenSSL::OCSP::CertificateId for cert basic = res.basic result = basic.status.any? do |ary| ary[0].cmp(certid_target) && ary[4] <= Time.now && (!ary[5] || Time.now <= ary[5]) end Adding OCSP::SingleResponse at the same time allows exposing OCSP_check_validity(). With this, the code above can be rewritten as: basic = res.basic single = basic.find_response(certid_target) result = single.check_validity * test/openssl/test_ocsp.rb: Test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: allow passing absolute times in OCSP::BasicResponse#add_statusrhe
* ext/openssl/ossl_ocsp.c (ossl_ocspbres_add_status): Allow specifying the times (thisUpdate, nextUpdate and revocationTime) with Time objects. Currently they accepts only relative seconds from the current time. This is inconvenience, especially for revocationTime. When Integer is passed, they are still treated as relative times. Since the type check is currently done with rb_Integer(), this is a slightly incompatible change. Hope no one passes a relative time as String or Time object... Also, allow passing nil as nextUpdate. It is optional. * ext/openssl/ruby_missing.h: Define RB_INTEGER_TYPE_P() if not defined. openssl gem will be released before Ruby 2.4.0. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55456 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: implement initialize_copy for OpenSSL::OCSP::*rhe
* ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, BasicResponse,Response}#initialize_copy. [ruby-core:75504] [Bug #12381] * test/openssl/test_ocsp.rb: Test them. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: implement initialize_copy method for PKey classesrhe
* ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement initialize_copy method for OpenSSL::PKey::*. [ruby-core:75504] [Bug #12381] * test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they actually copy the OpenSSL objects, and modifications to cloned object don't affect the original object. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: add 'const's required in OpenSSL masterrhe
* ext/openssl/ossl_pkey.h, ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_rsa.c: A few days ago, OpenSSL changed {DH,DSA,RSA}_get0_*() to take const BIGNUM **. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fd809cfdbd6e32b6b67b68c59f6d55fbed7a9327 [ruby-core:75225] [Feature #12324] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55450 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15openssl: refactor OpenSSL::OCSP::*#verifyrhe
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_verify, ossl_ocspbres_verify): Use ossl_clear_error() so that they don't print warnings to stderr and leak errors in the OpenSSL error queue. Also, check the return value of OCSP_*_verify() correctly. They can return -1 on verification failure. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55423 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15openssl: allow specifying hash algorithm in OCSP::*#signrhe
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow specifying hash algorithm used in signing. They are hard coded to use SHA-1. Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>. [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28] * test/openssl/test_ocsp.rb: Test sign-verify works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14openssl: add some accessor methods for OCSP::CertificateIdrhe
* ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash, ossl_ocspcid_get_issuer_key_hash, ossl_ocspcid_get_hash_algorithm): Add accessor methods OCSP::CertificateId#issuer_name_hash, #issuer_key_hash, #hash_algorithm. Based on a patch provided by Paul Kehrer <paul.l.kehrer@gmail.com>. [ruby-core:48062] [Feature #7181] * test/openssl/test_ocsp.rb: Test these new methods. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55411 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse}rhe
* ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der): Implement #to_der methods for OCSP::BasicResponse and OCSP::CertificateId. (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*() instead of raw DATA_PTR(). (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow initializing from DER string. (Init_ossl_ocsp): Define new #to_der methods. * test/openssl/test_ocsp.rb: Test these changes. Also add missing tests for OCSP::{Response,Request}#to_der. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14openssl: fix acesssor functions for RSA and DH in openssl_missing.hrhe
* ext/openssl/openssl_missing.h (DH_set0_pqg, RSA_set0_key): DH_set0_pqg() allows 'q' to be NULL. Fix a typo in RSA_set0_key(). Fixes r55285. [ruby-core:75225] [Feature #12324] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55408 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-12openssl: support non AES-GCM AEAD ciphers in OpenSSL::Cipherrhe
* ext/openssl/ossl_cipher.c (ossl_cipher_get_auth_tag, ossl_cipher_set_auth_tag): Check if the cipher flags retrieved by EVP_CIPHER_CTX_flags() includes EVP_CIPH_FLAG_AEAD_CIPHER to see if the cipher supports AEAD. AES-GCM was the only supported in OpenSSL 1.0.1. (Init_ossl_cipher): Fix doc; OpenSSL::Cipher::AES.new(128, :GCM) can't work. * ext/openssl/openssl_missing.h: Define EVP_CTRL_AEAD_{GET,SET}_TAG if missing. They are added in OpenSSL 1.1.0, and have the same value as EVP_CTRL_GCM_{GET,SET}_TAG and EVP_CTRL_CCM_{GET,SET}_TAG. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-09openssl: use ASN1_ENUMERATED_to_BN() if neededrhe
* ext/openssl/ossl_asn1.c (asn1integer_to_num): Use ASN1_ENUMERATED_to_BN() to convert an ASN1_ENUMERATED to a BN. Starting from OpenSSL 1.1.0, ASN1_INTEGER_to_BN() rejects non-ASN1_INTEGER objects. The format of INTEGER and ENUMERATED are almost identical so they behaved in the same way in OpenSSL <= 1.0.2. [ruby-core:75225] [Feature #12324] * test/openssl/test_asn1.rb (test_decode_enumerated): Test that it works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55344 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-09openssl: fix build with OPENSSL_NO_ECrhe
* ext/openssl/ossl_ssl.c: Add define guards for OPENSSL_NO_EC. SSL_CTX_set_ecdh_auto() is defined even when ECDH is disabled in OpenSSL's configuration. This fixes r55214. * test/openssl/test_pair.rb (test_ecdh_curves): Skip if the OpenSSL does not support ECDH. * test/openssl/utils.rb (start_server): Ignore error in SSLContext#ecdh_curves=. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55342 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-09openssl: fix build with OpenSSL 1.1.0 and no pkg-configrhe
* ext/openssl/extconf.rb: Check for CRYPTO_malloc() and SSL_new(). OpenSSL_add_all_digests() and SSL_library_init() are deprecated and converted to macros in OpenSSL 1.1.0. [ruby-core:75225] [Feature #12324] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55335 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-07openssl: adjust tests for OpenSSL 1.1.0rhe
This fixes `make test-all TESTS=openssl` with OpenSSL master. * test/openssl/test_x509name.rb: Don't register OID for 'emailAddress' and 'serialNumber'. A recent change in OpenSSL made OBJ_create() reject an already existing OID. They were needed to run tests with OpenSSL 0.9.6 which is now unsupported. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25 [ruby-core:75225] [Feature #12324] * test/openssl/test_ssl_session.rb (test_server_session): Duplicate SSL::Session before re-adding to the session store. OpenSSL 1.1.0 starts rejecting SSL_SESSION once removed by SSL_CTX_remove_session(). https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75 * test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519 is new in OpenSSL 1.1.0 but this is for key agreement and not for signing. * test/openssl/test_pair.rb, test/openssl/test_ssl.rb, test/openssl/utils.rb: Set security level to 0 when using aNULL cipher suites. * test/openssl/utils.rb: Use 1024 bits DSA key for client certificates. * test/openssl/test_engine.rb: Run each test in separate process. We can no longer cleanup engines explicitly as ENGINE_cleanup() was removed. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6d4fb1d59e61aacefa25edc4fe5acfe1ac93f743 * ext/openssl/ossl_engine.c (ossl_engine_s_cleanup): Add a note to the RDoc for Engine.cleanup. * ext/openssl/lib/openssl/digest.rb: Don't define constants for DSS, DSS1 and SHA(-0) when using with OpenSSL 1.1.0. They are removed. * test/openssl/test_digest.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_ssl.rb, test/openssl/test_x509cert.rb, test/openssl/test_x509req.rb: Don't test unsupported hash functions. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55314 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-07openssl: add SSL::SSLContext#security_level{=,}rhe
* ext/openssl/extconf.rb: Check for SSL_CTX_get_security_level(). OpenSSL 1.1.0 introduced "security level". [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_ssl.c (ossl_sslctx_{get,set}_security_level): Add SSLContext#security_level and #security_level=. * test/openssl/test_ssl.rb (test_security_level): Add test. ...but this doesn't actually test it. Because #security_level= is necessary in order to run other tests on OpenSSL 1.1.0, go without tests for now. Will fix after converting SSLContext#key= and #cert= to normal methods. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55309 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-07openssl: avoid deprecated version-specific ssl methods if necessaryrhe
* ext/openssl/extconf.rb: Check for SSL_CTX_set_min_proto_version() macro added in OpenSSL 1.1.0. Version-specific methods, such as TLSv1_method(), are deprecated in OpenSSL 1.1.0. We need to use version-flexible methods (TLS_*method() or SSLv23_*method()) and disable other protocol versions as necessary. [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_ssl.c: Use SSL_CTX_set_{min,max}_proto_version() to fix the protocol version. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55304 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-06openssl: fix free function of OpenSSL::Cipherrhe
* ext/openssl/ossl_cipher.c (ossl_cipher_free): Use EVP_CIPHER_CTX_free() to free EVP_CIPHER_CTX allocated by EVP_CIPHER_CTX_new(). [ruby-core:75225] [Feature #12324] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55294 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-06openssl: fix compile on VCrhe
* ext/openssl/openssl_missing.h: Include ruby/config.h. r55285 added some inline functions but VC does not recognize 'inline' keyword. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55291 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05openssl: use SSL_is_server()rhe
* ext/openssl/extconf.rb: Check existence of SSL_is_server(). This function was introduced in OpenSSL 1.0.2. [ruby-core:75225] [Feature #12324] * ext/openssl/openssl_missing.h: Implement SSL_is_server() if missing. * ext/openssl/ossl_ssl.c (ssl_info_cb): Use SSL_is_server() to see if the SSL is server. The state machine in OpenSSL was rewritten and SSL_get_state() no longer returns SSL_ST_ACCEPT. (ossl_ssl_cipher_to_ary, ossl_sslctx_session_get_cb): Add some `const`s to suppress warning. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55289 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05openssl: avoid d2i_ASN1_BOOLEAN()rhe
* ext/openssl/ossl_asn1.c (decode_bool): Do the same thing as d2i_ASN1_BOOLEAN() does by ourselves. This function is removed in OpenSSL 1.1.0. [ruby-core:75225] [Feature #12324] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55288 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05openssl: adapt to OpenSSL 1.1.0 opaque structsrhe
* ext/openssl/extconf.rb: Check existence of accessor functions that don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its structures opaque and requires use of these accessor functions. [ruby-core:75225] [Feature #12324] * ext/openssl/openssl_missing.[ch]: Implement them if missing. * ext/openssl/ossl*.c: Use these accessor functions. * test/openssl/test_hmac.rb: Add missing test for HMAC#reset. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55287 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structsrhe
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and {RSA,DSA,EC_KEY,DH}_get0_*() functions. OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide setter methods for each parameter of each PKey type, for example PKey::RSA#e=, but this is no longer possible because the new API RSA_set0_key() requires the 'n' at the same time. This commit adds deprecation warning to them and adds PKey::*#set_* methods as direct wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'. [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}. Emit a warning with rb_warning() when old setter methods are used. * test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb, test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH object that are used in tmp_dh_callback. Generating a new key pair every time should be fine - actually the private exponent is ignored in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set. https://www.openssl.org/news/secadv/20160128.txt git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e