| Age | Commit message (Collapse) | Author |
|---|
|
g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts
fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&#
frozen_string_literal: false\n");f.rewind;f.write s}}'
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
protocol list.
The protocol list from OpenSSL is not null-terminated.
patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53064 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52988 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (mSSLExtConfig): make static
(eSSLError): ditto
(ID_callback_state): ditto
(ossl_ssl_ex_vcb_idx): ditto
(ossl_ssl_ex_store_p): ditto
(ossl_ssl_ex_ptr_idx): ditto
* ext/openssl/ossl_ssl.h: remove extern declarations for
mSSLExtConfig and eSSLError
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52842 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
be return -1 as an error. Therefore, added error handling.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52810 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ci skip][fix GH-1007] Patch by @arthurnn
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52714 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52557 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52555 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/date/date_parse.c (date_zone_to_diff): suppress parentheses
warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52491 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/**/*.c: prefer RARRAY_AREF to indexing RARRAY_CONST_PTR.
pointed out by hanmac.
https://github.com/ruby/ruby/commit/3553a86#commitcomment-14187670
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/bigdecimal/bigdecimal.c: use RARRAY_CONST_PTR just fore
reference instead of RARRAY_PTR, to keep the array WB-protected.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52448 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext: use long for index instead of int and RARRAY_LENINT.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52447 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52228 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
in ext/openssl instead of OpenSSL itself because LibreSSL
silently truncate the selected protocol name by casting the length
from int to unsigned char. [Bug #11369]
Patch by Jeremy Evans <merch-redmine@jeremyevans.net>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52227 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
dropping TLS v1.1 support too. Supporting only TLS v1.2 is too
early, because many popular websites still don't support it.
For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.
We should consider more carefully about this.
[Fix GH-873] [Feature #11524]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Patch provided by @claudijd [Fixes GH-873] [Feature #11524]:
https://github.com/ruby/ruby/pull/873
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52082 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51920 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be>
[Bug #11376]
* ext/openssl/extconf.rb: check for SSLv3 support in the SSL
implementation.
* test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
if there is no support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51722 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
existing options rather than just setting it. Some vendors apply
custom patches to their versions of OpenSSL that set default values
for options. This commit respects the custom patches they've
applied.
* test/openssl/test_ssl.rb (class OpenSSL): check that OP_ALL has been
added to the options.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51642 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): SSL method
name must not contain NUL. preserve the encoding of message.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): use
rb_sym2str to get rid of inadvertent ID creations.
* ext/socket/ancdata.c (ancillary_inspect): ditto.
* ext/socket/option.c (sockopt_inspect): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51586 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLSocket#sysclose to Ruby.
* ext/openssl/ossl_ssl.c (ossl_ssl_close): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
enable to SSLSocket#initialize and remove Nonblock module.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::SSLSocket#initialize to Ruby.
* ext/openssl/ossl_ssl.c: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_call_client_cert_cb),
(ossl_call_tmp_dh_callback, ossl_call_tmp_ecdh_callback),
(ossl_call_session_get_cb, ossl_call_session_new_cb): remove no
longer used variables.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51487 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lookup to private Ruby methods. This means we can keep the default
DH callback logic hidden from consumers. Also, since the SSLSocket
always has a context, we can remove conditionals about that
instance.
* ext/openssl/ossl_ssl.c: move callback lookup methods to private Ruby
methods.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/buffering.rb (gets):
avoid comparing fixnum with nil
* test/openssl/test_pair.rb: test gets with limit when EOF is hit
Thanks to Bar Hofesh <bar.hofesh@safe-t.com> for the bug report
and testing.
[ruby-core:70149] [Bug #11400]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51466 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLContext#options and options= using SSL_CTX_set_options and
SSL_CTX_get_options. This reduces the number of ivars we need and
simplifies `ossl_sslctx_setup`.
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options`
to SSL_OP_ALL
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
constants as longs, so we should follow that and use LONG2NUM.
http://git.io/vOqxD
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51461 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
to return the Ruby dh (or ecdh) object that the caller cares about
instead of doing rb_iv_get / set to communicate. This means we can
remove an rb_iv_get call, and only use the set calls for their
intended purpose (to prevent the object from being GC'd).
* ext/openssl/ossl_ssl.c (ossl_tmp_dh_callback): ditto
* ext/openssl/ossl_ssl.c (ossl_call_tmp_ecdh_callback): ditto
* ext/openssl/ossl_ssl.c (ossl_tmp_ecdh_callback): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51460 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
tmp_ecdh_callback, the SSLSocket instance always holds a reference
to the SSLContext object (it's always set in `initialize`). The
SSLContext holds a reference to the tmp_dh_callback. Ask the
context for the callback instead of storing the callback in two
places.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51459 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
and use `rb_apply` to clean up calls to `rb_protect`.
* ext/openssl/ossl_ssl.c (ossl_tmp_dh_callback): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51458 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
always holds a reference to the SSLContext object, which will have
the callback object. Ask the context for the callback instead of
storing the callback in two places.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
`tmp_dh_callback` to Ruby, and call it when setting up an SSL
connection. This allows us to move the "default" behavior to the
reader method.
* ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of
accessing the SSLContext's internals.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
helpful exception when verifying the peer connection and an
anonymous cipher has been selected. [ruby-core:68330] [Bug #10910]
Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch.
* test/openssl/test_ssl.rb (class OpenSSL): test for change
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_ssl_alpn_protocol): fix condition
to compile, needs ALPN to be available. [Feature #9390]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51392 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
object returned by the servername callback on to the socket as an
instance variable. If the callback allocated a new context object
and didn't keep a reference to it, it could be GC'd out from under
the socket object.
* test/openssl/test_ssl.rb (class OpenSSL): test for change.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
DEFAULT_1024 constants in Ruby.
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Ask PKey for the
default DH callback since it aleady must check whether openssl has
been compiled with DH support.
* ext/openssl/ossl_pkey_dh.c (OSSL_PKEY_BN): Remove C definitions of
DEFAULT_512 and DEFAULT_1024
* ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto
* test/openssl/test_pkey_dh.rb (class OpenSSL): add test to ensure the
Ruby definitions are the same as the C definitions were.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
specifically setting the tmp_dh_callback to nil.
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto
* test/openssl/test_pair.rb (module OpenSSL): add a test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
tmp_dh_callback Ruby code and set it as a default in `initialize`.
* ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_512_GEN):
move this constant to Ruby.
* ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_1024_GEN):
ditto
* ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto
* ext/openssl/ossl_ssl.c (ossl_tmp_dh_callback): ditto
* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): tmp_dh_callback should
always be set, so we can remove this conditional
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51380 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
instance variables to squash warnings with alpn.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51378 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::SSLContext#initialize implementation to pure Ruby.
* ext/openssl/ossl_ssl.c (ossl_sslctx_initialize): ditto
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51375 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): fix argument types
to suppress shorten-64-to-32 and shorten-64-to-32 warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL [copies the string returned by the pointe](https://github.com/openssl/openssl/blob/9f040d6decca7930e978784c917f731e5c45e8f0/ssl/t1_lib.c#L1800-1809), so it should be safe to just return a pointer to the string object and not set an instance variable on the already frozen object.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pair.rb: test for ECDH callback support
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51348 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/extconf.rb: detect ALPN support in OpenSSL
* test/openssl/test_ssl.rb: test for ALPN
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Thanks to Tomoya Chiba for the report and help with patch.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51222 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
