summaryrefslogtreecommitdiff
path: root/ext/openssl
AgeCommit message (Collapse)Author
2011-10-26* ext/openssl/extconf.rb: add -Wall flag by default when compiler isemboss
GCC. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33529 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-10-22* include/ruby/intern.h (rb_fd_set_cloexec): declared.akr
* io.c (rb_fd_set_cloexec): new function. (ruby_dup): call rb_fd_set_cloexec to set close-on-exec flag. (rb_sysopen_internal): ditto. (rb_pipe): ditto. (io_reopen): ditto. (io_cntl): ditto. * process.c (rb_f_exec): change the default :close_others option to true. (rb_f_system): ditto. (move_fds_to_avoid_crash): call rb_fd_set_cloexec to set close-on-exec flag. (ruby_setsid): ditto. (rb_daemon): ditto. * thread_pthread.c (rb_thread_create_timer_thread): call rb_fd_set_cloexec to set close-on-exec flag. * ruby.c (load_file_internal): ditto. * file.c (rb_file_s_truncate): ditto. (file_load_ok): ditto. * random.c (fill_random_seed): ditto. * ext/pty/pty.c (chfunc): ditto. (get_device_once): ditto. * ext/openssl/ossl_bio.c (ossl_obj2bio): ditto. * ext/socket/init.c (rsock_socket): ditto. (rsock_s_accept_nonblock): ditto. (rsock_s_accept): ditto. * ext/socket/socket.c (rsock_sock_s_socketpair): ditto. * ext/socket/ancdata.c (discard_cmsg): ditto. (make_io_for_unix_rights): ditto. * ext/socket/unixsocket.c (unix_recv_io): ditto. * ext/io/console/console.c (console_dev): ditto. [ruby-core:38140] [Feature #5041] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33507 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-10-20* ext/openssl/ossl_ns_spki.c: Complete documentation.emboss
* test/openssl/test_ns_spki.rb: Integrate SPKI#to_text. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-10-20* ext/openssl/ossl_pkcs5.c: add note on timing attacks and generalemboss
documentation. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-10-19* ext/openssl/ossl_ns_spki.c (Init_ossl_ns_spki): Stub documentationdrbrain
for Netscape SPKI. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-10-19* lib/openssl/buffering.rb: Force multi-byte strings to be treated asemboss
binary data. * test/openssl/test_ssl.rb: Add test for it. Thanks to Niklas Baumstark for reporting the issue! [Ruby 1.9 - Bug #5233] [ruby-core:39120] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-10-19* ext/openssl/ossl_ssl.c: Remove set, but unused variables.emboss
ext/openssl/ossl_pkey.c: ditto * ext/openssl/ossl_pkey_dh.c: Make functions passed to rb_thread_blocking_region return VALUE instead of void. ext/openssl/ossl_pkey_dsa.c: ditto ext/openssl/ossl_pkey_rsa.c: ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33477 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-09-25* ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when beingemboss
fed arbitrary string values. Clearly distinguish between the cases "universal, infinite and not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly infinite". Raise error for universal tags that are not infinite. * test/openssl/test_asn1.rb: add a test for this. Thanks to Hiroshi Yoshida for reporting this bug. [Bug #5363] [ruby-dev:44542] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33333 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-09-23* ext/openssl/ossl_asn1.c: remove unused variable.emboss
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33318 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-09-01* Release GVL while OpenSSL's public key generation.nahi
t = Thread.new { print "."; sleep 0.1 } key = OpenSSL::PKey::RSA.new(2048) #=> Thread t works in parallel with public key generation if OS/machine allows it. This works with OpenSSL >= 0.9.8. From this version, it has new public key generation function which allows us to interrupt the execution while pkey generation iterations. * ext/openssl/extconf.rb: Check existence of OpenSSL's new public key generation function. (DH_generate_parameters_ex, DSA_generate_parameters_ex and RSA_generate_key_ex. * ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2, ossl_generate_cb_stop): Added new callback function for OpenSSL pkey generation which handles Thread interruption by Ruby. ossl_generate_cb_stop is the unblock function(ubf) for Ruby which sets a stop flag. New pkey generation callback ossl_generate_cb_2 checks the stop flag at each iterations of OpenSSL and interrupts pkey generation when the flag is set. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call rb_thread_blocking_region with the above unblock function to release GVL while pkey generation. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): ditto. * test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-08-25* ext/openssl/lib/openssl/bn.rb: Hide copyright info from RDoc.drbrain
* ext/openssl/lib/openssl/digest.rb: ditto * ext/openssl/lib/openssl/x509.rb: ditto * ext/openssl/lib/openssl/cipher.rb: ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33066 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-08-25* ext/openssl/ossl_digest.c: Document OpenSSL::Digest::digest and adddrbrain
an example to OpenSSL::Digest. Patch by Sylvain Daubert. [Ruby 1.9 - Bug #5166] * ext/openssl/lib/openssl/digest.rb (module OpenSSL): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33065 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-08-16* ext/openssl/ossl_x509cert.c: fixed whitespace issuesemboss
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32992 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-08-16* ext/openssl/ossl_x509cert.c: Add class documentation foremboss
OpenSSL::X509::Certificate. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32991 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-08-16* ext/openssl/ossl_pkey.c: corrected docs, OpenSSL::PKey::DH doesemboss
*not* support #sign/verify. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32987 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-08-15* ext/openssl/ossl_ssl.c: Support disabling OpenSSL compression.emboss
* test/openssl/test_ssl.rb: Add a test for it. Thanks to Eric Wong for the patch. [Ruby 1.9 - Feature #5183] [ruby-core:38911] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32973 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-08-07* ext/openssl/ossl_asn1.c (decode_eoc): remove unused variables.kosaki
Patch by Eric Wong. [Feature #5157] [ruby-core:38798] * ext/openssl/ossl_asn1.c (ossl_asn1_decode): ditto. * ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-28* ext/openssl/ossl_cipher.c (ossl_cipher_initialize): Avoid possiblenahi
SEGV from AES encryption/decryption. Processing data by Cipher#update without initializing key (meaningless usage of Cipher object since we don't offer a way to export a key) could cause SEGV. In OpenSSL, the EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows uninitialized key, but other EVPs (such as AES) does not allow it. Calling EVP_CipherUpdate() without initializing key causes SEGV so we set the data filled with "\0" as the key by default. See #2768. * test/openssl/test_cipher.rb: test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32723 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-25* ext/openssl/lib/openssl.rb: End of transition period introduced bynahi
[ruby-dev:38018]. From the next version of 1.9.3, you should use require "openssl" instead of require "openssl/ssl" and require "openssl/x509" git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32664 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-25* ext/openssl/lib/openssl/x509.rb: Cosmetic change: move definition nahi
introduced in r30152 to x509-internal.rb. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-25* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated nahi
SSLError from SSLSocket just after invoking SSLSocket#close. OpenSSL's SSL_shutdown could try to send alert packet and it might set SSLerr(global error stack) as the result. It causes the next SSL read/write operation to fail by unrelated reason. By design, we're ignoring any error at SSL_shutdown() so we clear global error stack after SSL_shutdown is called. See #5039. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-22* ext/openssl/ossl_hmac.c: Revert checking return type ofemboss
HMAC_Init_ex as it is not compatible with OpenSSL < 1.0.0. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32609 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-22* ext/openssl/ossl_digest.c: Check return value of EVP_DigestInit_ex.emboss
* ext/openssl/ossl_hmac.c: Check return value of HMAC_Init_ex. Thanks, Jared Jennings, for the patch. [ Ruby 1.9 - Bug #4944 ] [ruby-core:37670] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32606 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-22* ext/openssl/ossl_engine.c: Avoid double free of ENGINE reference.emboss
* test/openssl/test_engine.rb: Add a test for it. Thanks to Ippei Obayashi for providing the patch. [ Ruby 1.9 - Bug #5062 ] [ruby-dev:44173] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32604 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-20* include/ruby/intern.h (rb_update_max_fd): declaration moved fromakr
internal.h. * file.c: ditto. * io.c: call rb_update_max_fd for each new fds. * process.c: ditto. * random.c: ditto. * ruby.c: ditto. * ext/io/console/console.c: ditto. * ext/openssl/ossl_bio.c: ditto. * ext/pty/pty.c: ditto. * ext/socket/init.c: ditto. * ext/socket/socket.c: ditto. * ext/socket/ancdata.c: ditto. * ext/socket/unixsocket.c: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32587 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-14* ext/openssl/ossl.c (ossl_verify_cb): trap the exception fromnahi
verify callback of SSLContext and X509Store and make the verification fail normally. Raising exception directly from callback causes orphan resouces in OpenSSL stack. Patched by Ippei Obayashi. See #4445. * test/openssl/test_ssl.rb (test_exception_in_verify_callback_is_ignored): test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32537 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-08* ext/openssl/ossl.h: include openssl/e_os2.h before checking theusa
defition of OPENSSL_SYS_WIN32. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32452 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-30* sytle fixes.nobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32344 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-30* ext/openssl/ossl.c/.h: Added ossl_x509_name_sk2ary.emboss
* ext/openssl/ossl.c: Replaced ossl_x509_ary2k by generic macro to simplify future conversions. * ext/openssl/ossl_ssl.c: Implement SSLSocket#client_ca. * test/openssl/test_ssl.rb: Add test for SSLSocket#client_ca. Thanks to Ippei Obayashi for providing the patch! [ Ruby 1.9 - Feature #4481 ] [ruby-core:35461] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32337 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-29* ext/openssl/ossl.h (OPENSSL_SYS_WIN32): define only if not defined.eban
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32292 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-29* ext/openssl/ossl.h (OPENSSL_SYS_WIN32): support for mingw(msys).eban
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32288 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-26* ext/openssl/extconf.rbemboss
* ext/openssl/ossl_missing.h/.c: add ASN1_put_eoc if missing. * ext/openssl/ossl_asn1.c: introduce ossl_asn1_object_size and ossl_asn1_put_object to wrap functionality depending on OpenSSL version in use. Fixes [ Ruby 1.9 - Bug #4916 ] reported by Hiroshi Nakamura. [ruby-core:37286] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32230 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-24* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Try to shutdown SSL nahi
connection more gracefully. Call SSL_shutdown() max 4 times until it returns 1 (success). Bi-directional SSL close has several states but SSL_shutdown() kicks only 1 transition per call. Max 4 is from mod_ssl.c of Apache httpd that says 'max 2x pending * 2x data = 4'. See #4237. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32219 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-23* ext/openssl/ossl_x509name.c: Add X509::Name#hash_old as a wrapper nahi
for X509_NAME_hash_old in OpenSSL 1.0.0. See #4805 * test/openssl/test_x509name.rb (test_hash): Make test pass with OpenSSL 1.0.0. * NEWS: Add it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-23* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_time): Check nahi
argument type with NUM2LONG if the arg is not a Time object. See #4919. * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_timeout): Check type with NUM2LONG. Time as an arg is not allowed. See #4919. * test/openssl/test_ssl_session.rb (test_session_time, test_session_timeout): Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32211 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22* ext/openssl/ossl_ssl.c (ossl_sslctx_session_new_cb): Return 0 tonahi
OpenSSL from the callback for SSL_CTX_sess_set_get_cb(). Returning 0 means to OpenSSL that the the session is still valid (since we created Ruby Session object) and was not freed by us with SSL_SESSION_free(). Call SSLContext#remove_session(sess) in session_get_cb block if you don't want OpenSSL to cache the session internally. This potential issue was pointed by Ippei Obayashi. See #4416. * test/openssl/test_ssl_session.rb (test_ctx_server_session_cb): Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32204 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22* ext/openssl/ossl_ssl_session.c: Respect T_BIGNUM time values. Patch byemboss
Tomoyuki Chikanaga. [ Ruby 1.9 - Bug #4919 ] [ruby-dev:43869] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32203 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22* ext/openssl/ossl_ssl.c (ossl_sslctx_session_remove_cb):nahi
OpenSSL::SSL::SSLContext#session_remove_cb was broken. It wrongly tried to call the session_*new*_cb callback. * test/openssl/test_ssl_session.rb (class OpenSSL): Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22* ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DERemboss
fallback scenarios. * ext/openssl/ossl_pkey_dsa.c * ext/openssl/ossl_x509req.c * ext/openssl/ossl_pkey_rsa.c * ext/openssl/ossl_pkey_ec.c * ext/openssl/ossl_ssl_session.c * ext/openssl/ossl_x509crl.c * ext/openssl/ossl_pkey.c * ext/openssl/ossl_pkey_dh.c * ext/openssl/ossl_x509cert.c * ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset. * ext/openssl/ossl_ssl.c * ext/openssl/ossl_cipher.c * ext/openssl/ossl_pkey_ec.c * ext/openssl/ossl_pkcs12.c * ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by ossl_raise. This automatically flushes OpenSSL's error queue. * ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing fails. * test/openssl/test_pkey_ec.rb * test/openssl/test_pkey_dsa.rb * test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is empty. * test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in test_new. [ Ruby 1.9 - Bug #4885 ] [ruby-core:37134] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22* ext/openssl/ossl_ssl.c: Use SSL_MODE_RELEASE_BUFFERS if available.emboss
Thanks, Eric Wong, for providing the patch. [ Ruby 1.9 - Feature #4672 ] [ruby-core:36127] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32198 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_to_der):nahi
OpenSSL::SSL::Session#to_der was broken. Fix buffer handling. * test/openssl/test_ssl_session.rb (test_session): Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32196 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-20* ext/openssl/ossl_cipher.c, ext/openssl/lib/openssl/cipher.rb:nahi
Documentation fix by Ippei Obayashi. See #4419. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32176 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-13* ext/openssl/ossl_digest.c: fix error for digests that have no oidemboss
(e.g. DSS1). * test/openssl/test_digest.c: add tests for this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32045 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-13* ext/openssl/ossl_digest.c: allow Digests to be created by sn, ln oremboss
oid. * test/openssl/test_digest.rb: add tests for this. [Ruby 1.9 - Feature #4412] [ruby-core:35319] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32040 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-13* ext/openssl/pkey_dh.c: corrected documentation.emboss
* test/openssl/utils.rb: add test key for DH. * test/openssl/test_pkey_dh.rb: add tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32039 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-13* ext/openssl/pkey_dh.c: clarify difference between DH#public_key andemboss
DH#pub_key in documentation. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32038 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-12* ext/openssl/ossl_pkey.c: added PKey.read module function that allowemboss
reading arbitrary public/private keys from DER-/PEM-encoded File or string instances. * ext/openssl/ossl_pkey_dh.c: improved documentation. * test/openssl/utils.rb: added EC test key. * test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from OpenSSL::TestUtils. * test/openssl/test_pkey_ec.rb: Created test file for EC tests. Test PKey.read. [Ruby 1.9 - Feature #4424] [ruby-core:35330] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32036 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-12* ext/openssl/ossl_pkey_dh.c: completed documentation.emboss
* ext/openssl/ossl_pkey_dsa.c: corrected examples. Improved parameter sections. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32031 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-12* ext/openssl/ossl_pkey_dsa.c: completed documentation.emboss
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32029 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-11* ext/openssl/lib/openssl/buffering.rb (module OpenSSL):nahi
Buffering#each_byte should return String in accordance with IO in 1.9. * test/openssl/test_buffering.rb (class OpenSSL): add tests for getc and each_byte. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32012 b2dd03c8-39d4-4d8f-98ff-823fe69b080e