summaryrefslogtreecommitdiff
path: root/ext/openssl
AgeCommit message (Collapse)Author
2013-05-09* file.c, ext/etc/etc.c, ext/socket/unixsocket.c,akr
ext/openssl/ossl.h, ext/openssl/openssl_missing.c: Use HAVE_AGGREGATE_MEMBER instead of HAVE_ST_MEMBER. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40625 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-28ossl_bn.c: reduce alloca/mallocnobu
* ext/openssl/ossl_bn.c (ossl_bn_initialize): no need of alloca for small fixed size array. * ext/openssl/ossl_bn.c (ossl_bn_initialize): check overflow first, and use alloca for small size input. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40518 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-28ossl_bn.c: fix ossl_bn_initialize bug with integershirosaki
* ext/openssl/ossl_bn.c (ossl_bn_initialize): fix buffer overflow on x64 Windows and memory leak when initializing with integer. [ruby-core:54615] [Bug #8337] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40513 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-25ext/openssl/ossl_bn.c: fix implicit conversionnobu
* ext/openssl/ossl_bn.c (ossl_bn_initialize): fix precision loss by implicit conversion. * ext/openssl/ossl_bn.c (ossl_bn_initialize): check Bignum overflow. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40463 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-25* ext/openssl/ossl_bn.c (ossl_bn_initialize): allow Fixnum and Bignum.naruse
[ruby-core:53986] [Feature #8217] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40461 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-16* ext/openssl/*: Document synonymous methods, by windwiny [GH-277]zzak
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40316 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-15* ext/openssl/ossl_ssl.c: Correct shutdown behavior w.r.t GC.emboss
* test/openssl/test_ssl.rb: Add tests to verify correct behavior. [Bug #8240] Patch provided by Shugo Maeda. Thanks! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40304 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-14* ext/-test-/debug/depend: New file.akr
* ext/-test-/exception/depend: Ditto. * ext/-test-/printf/depend: Ditto. * ext/-test-/string/depend: Ditto. * ext/coverage/depend: Ditto. * ext/io/console/depend: Ditto. * ext/io/nonblock/depend: Ditto. * ext/io/wait/depend: Ditto. * ext/openssl/depend: Ditto. * ext/pathname/depend: Ditto. * ext/psych/depend: Ditto. * ext/zlib/depend: Ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40287 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-11Fix typonaruse
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40247 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-08Fix #6154 by introducing new EAGAIN/EWOULDBLOCK/EINPROGRESSheadius
subclasses that include WaitReadable or WaitWritable rather than extending them into the exception object each time. * error.c: Capture EGAIN, EWOULDBLOCK, EINPROGRESS exceptions and export them for use in WaitReadable/Writable exceptions. * io.c: Create versions of EAGAIN, EWOULDBLOCK, EINPROGRESS that include WaitReadable and WaitWritable. Add rb_readwrite_sys_fail for nonblocking failures using those exceptions. Use that function in io_getpartial and io_write_nonblock instead of rb_mod_sys_fail * ext/openssl/ossl_ssl.c: Add new SSLError subclasses that include WaitReadable and WaitWritable. Use those classes for write_would_block and read_would_block instead of rb_mod_sys_fail. * ext/socket/ancdata.c: Use rb_readwrite_sys_fail instead of rb_mod_sys_fail in bsock_sendmsg_internal and bsock_recvmsg_internal. * ext/socket/init.c: Use rb_readwrite_sys_fail instead of rb_mod_sys_fail in rsock_s_recvfrom_nonblock and rsock_s_connect_nonblock. * ext/socket/socket.c: Use rb_readwrite_sys_fail instead of rb_mod_sys_fail in sock_connect_nonblock. * include/ruby/ruby.h: Export rb_readwrite_sys_fail for use instead of rb_mod_sys_fail. Introduce new constants RB_IO_WAIT_READABLE and RB_IO_WAIT_WRITABLE for first arg to rb_readwrite_sys_fail. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40195 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-04* ext/openssl/ossl_bn.c (ossl_bn_to_i): Use bn2hex to speed up.naruse
In general, binary to/from decimal needs extra cost. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40094 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-03* ext/openssl/ossl_bn.c (ossl_bn_initialize): fix can't create from bn.naruse
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40090 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-03-05use INT2FIX(0) instead of INT2NUM(0).kazu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39604 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-02-19* ext/openssl/ossl.c (class OpenSSL): Use only inner parenthesis indrbrain
create_extension examples. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39310 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-02-19* ext/openssl/ossl.c (class OpenSSL): Fixed ExtensionFactory example.drbrain
Patch by Richard Bradley. [ruby-trunk - Bug #7551] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39309 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-12-20ossl.c: RTESTnobu
* ext/openssl/ossl.c (ossl_fips_mode_set): do not assume RTEST() to be parenthesized always. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-12-20* ext/openssl/ossl_cipher.c: fix errors for installations that do notemboss
feature Authenticated Encryption. * ext/openssl/extconf.rb: detect presence of EVP_CTRL_GCM_GET_TAG to determine whether Authenticated Encryption can be used. [Feature #6980] [ruby-core:47426] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-12-20* ext/openssl/ossl.c: do not use FIPS_mode_set if not available.emboss
* test/openssl/utils.rb: revise comment about setting FIPS mode to false. * test/openssl/test_fips.rb: remove tests that cause errors on ruby-ci. [Feature #6946] [ruby-core:47345] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38491 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-12-20* remove trailing spaces.nobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38489 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-12-20* ext/openssl/ossl_cipher.c: add support for Authenticated Encryptionemboss
with Associated Data (AEAD) for OpenSSL versions that support the GCM encryption mode. It's the only mode supported for now by OpenSSL itself. Add Cipher#authenticated? to detect whether a chosen mode does support Authenticated Encryption. * test/openssl/test_cipher.rb: add tests for Authenticated Encryption. [Feature #6980] [ruby-core:47426] Thank you, Stephen Touset for providing a patch! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-12-20* ext/openssl/ossl.c: add OpenSSL.fips_mode= to allow enabling FIPSemboss
mode manually. * test/openssl/utils.rb: turn off FIPS mode for tests. This prevents OpenSSL installations with FIPS mode enabled by default from raising FIPS-related errors during the tests. * test/openssl/test_fips.rb: add tests for FIPS-capable OpenSSL installations. [Feature #6946] [ruby-core:47345] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38480 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-12-18* ext/openssl/lib/ssl.rb: Enable insertion of empty fragments as aemboss
countermeasure for the BEAST attack by default. The default options of OpenSSL::SSL:SSLContext are now: OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS [Bug #5353] [ruby-core:39673] * test/openssl/test_ssl.rb: Adapt tests to new SSLContext default. * NEWS: Announce the new default. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-12-08* ext/openssl/ossl_x509name.c: Completed documentation fordrbrain
OpenSSL::X509::Name. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38268 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-11-29* ext/openssl/ossl_ssl.c (ssl_npn_encode_protocol_i): fix byte orderngoto
issue on big-endian architecture [ruby-core:50292] [Bug #7463] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37996 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-11-27extconf.rb: git rid of post-1.8 featurenobu
* ext/digest/*/extconf.rb, ext/openssl/extconf.rb: get git rid of post-1.8 feature require_relative for cross compilation. [ruby-core:50160] [Bug #7439] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-10-02* ext/openssl/ossl_x509store.c (ossl_x509store_add_file): Addeddrbrain
documentation * ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths): ditto * ext/openssl/ossl_x509store.c (ossl_x509store_add_cert): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37070 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-09-18* ext/openssl/ossl_ssl.c (ossl_sslctx_attrs): add npn_select_db tonaruse
suppress warning: instance variable @npn_select_cb not initialized git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36985 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-09-04remove trailing spaces.nobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36895 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-09-03remove trailing spaces.nobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36886 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-09-03* ext/openssl/extconf.rb: Detect OpenSSL_FIPS macroemboss
ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to indicate whether OpenSSL runs in FIPS mode. test/openssl/test_pkey_dh.rb: Generate 256 bit keys for non-FIPS installations to improve test performance (e.g. for rubyci). test/openssl/utils.rb: Replace DSS1 as certificate signature digest with SHA1 for FIPS installations when using DSA by introducing TestUtils::DSA_SIGNATURE_DIGEST. test/openssl/test_x509cert.rb: test/openssl/test_x509crl.rb: test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST NEWS: Introduce OpenSSL::OPENSSL_FIPS These changes allow running the OpenSSL tests in FIPS mode while keeping a high performance for non-FIPS installations. Introduction of OpenSSL::OPENSSL_FIPS allows for applications to react to special requirements when using OpenSSL in FIPS mode. [Feature #6946] [ruby-core:47345] - Diese und die folgenden Zeilen werden ignoriert -- M ext/openssl/extconf.rb M ext/openssl/ossl.c M NEWS M ChangeLog M test/openssl/utils.rb M test/openssl/test_x509crl.rb M test/openssl/test_x509req.rb M test/openssl/test_x509cert.rb M test/openssl/test_pkey_dh.rb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-08-31* ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.emboss
ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be advertised by the server can be set in the SSLContext by using SSLContext#npn_protocols=, protocol selection on the client is supported by providing a selection callback with SSLContext#npn_select_cb. The protocol that was finally negotiated is available through SSL#npn_protocol. test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation. NEWS: add news about NPN support. [Feature #6503] [ruby-core:45272] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-08-02* ext/openssl/lib/openssl/digest.rbemboss
test/openssl/test_digest.rb: Add Digest module function to OpenSSL module and test it. Patch provided by Eric Hodel. [ruby-core:46908][Feature #6819] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-07-11* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): nonstatic initializer usa
of an aggregate type is a C99ism. * ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): get rid of VC++ warnings. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36364 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-07-11get rid of warningsnobu
* io.c (sysopen_func, rb_sysopen_internal): cast through VALUE to get rid of warnings. fixup of r36355. * process.c (rb_waitpid_blocking, rb_waitpid): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36361 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-07-10rb_thread_call_without_gvlnobu
* include/ruby/thread.h: new header file for thread stuff. * thread.c (rb_thread_call_without_gvl): export. [Feature#4328] returns void* instead of VALUE. [Feature #5543] * thread.c (rb_thread_blocking_region): deprecate. [ruby-core:46295] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36355 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-10* ext/openssl/ossl_pkey_ec.cemboss
test/openssl/test_pkey_ec.rb: Add support for EC_POINT_mul. Patch provided by Sambasiva Suda. Thanks! [ruby-core:44408][ruby-trunk - Feature #6310] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-10* lib/openssl/ssl.rb: Use a simple random number to generate theemboss
session id. MD5, as was used before, causes problems when using a FIPS version of OpenSSL. Issue was found by Jared Jennings, thank you! [ruby-trunk - Bug #6137] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36005 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-10* ext/openssl/ossl.cemboss
ext/openssl/ossl_pkey_rsa.c ext/openssl/ossl_pkey_dsa.c ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less than four characters long, as OpenSSL itself does not allow this. Issue found by Eric Hodel. * ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem, following the PKey interface contract. * test/openssl/test_pkey_dsa.rb test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_ec.rb: Add tests that assert correct behaviour when dealing with passwords that are less than four characters long. [ruby-core: 42281][ruby-trunk - Bug #5951] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-09* ext/openssl/ossl.c: Fix error in example. Patch by David Albert.emboss
Add/extend existing documentation. Examples now also cover RSA signatures and PBKDF2. [ruby-core: 45154][ruby-trunk - Bug #6475] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35996 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-09* ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb andemboss
remove SSLContext#disable_client_renegotiation and related functionality introduced in r35797. The new callback approach gives clients maximum flexibility to decide on their own what to do on renegotiation attempts. Add documentation for SSL module and SSLError. * test/openssl/test_ssl.rb: Add a test for SSLContext#renegotiation_cb. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-26* ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.emboss
* test/openssl/test_ssl.rb: Simple tests for this. Client-side renegotiation is still considered problematic, even when used in the context of secure renegotiation (RI, RFC 5746). The changes allow users to either completely disable client renegotiation on the server, or to specify a maximum number of handshakes allowed in total. The number of total handshakes is counted in a callback set as SSL_set_info_callback. If the maximum number of handshakes is exceeded an error will be raised We do not support renegotiation in the OpenSSL extension, therefore this feature can only be tested externally. The feature is opt-in, the default setting will be to allow unlimited client renegotiation, as was the case before. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-25* ext/openssl/ossl_ssl.c: Revert r35583emboss
* test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid the test failing in Ruby CI [1] [1] http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz#test-all git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-18* ext/openssl/extconf.rb: Use Logging::message instead of message.kosaki
* ext/zlib/extconf.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35705 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-18* ext/openssl/extconf.rb: Clarify a message when hit Applekosaki
OpenSSL issue. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-18* ext/extmk.rb: Show a message when extconf.rb raised an exception.kosaki
* ext/openssl/extconf.rb: Use exception raising instead of message and/or abort. We want to display error message to console _and_ logging into mkmf.log. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-07* ext/openssl/ossl_ssl.c (ossl_start_ssl): remove useless rb_sys_failnaruse
before ossl_raise. this cause a test failure on Linux. http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35583 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-07* ext/openssl/ossl_ssl.c: add support for option flagsemboss
OpenSSL::SSL::OP_NO_TLSv1_1 OpenSSL::SSL::OP_NO_TLSv1_2 to allow blocking specific TLS versions. Thanks to Justin Guyett for pointing this out to me. * test/openssl/test_ssl.rb: add tests to assert correct behavior when blocking certain versions of TLS/SSL both on server and client side. Also refactored tests to reduce boilerplate code a little. * test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where client rejects the connection because a forbidden protocol version was used. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-06* ext/openssl/ossl_ssl.c: support TLSv1.1 & TLSv1.1. Add emboss
SSLContext#version to inspect the version that was negotiated for a given connection. * ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support. * test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they are supported by the native OpenSSL being used. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-01* ext/openssl/deprecation.rb (OpenSSL.check_func): check if header isnobu
available for macro compatibility. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35507 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-04-30* ext/digest/*/extconf.rb: use pkg_config to use same library withnobu
openssl. [ruby-core:44755][Bug #6379] * ext/openssl/deprecation.rb: extract check for broken Apple OpenSSL. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35504 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 20:50:27 +0000