Age | Commit message (Collapse) | Author |
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33634 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
exponent value correctly. Awful bug. This bug caused exponent of
generated key to be always '1'. By default, and regardless of e
given as a parameter.
!!! Keys generated by this code (trunk after 2011-09-01) must be
re-generated !!! (ruby_1_9_3 is safe)
* test/openssl/test_pkey_rsa.rb: Add tests for default exponent and
specifying exponent by a parameter.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33633 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_engine.c: add some missing OpenSSL engines.
Thanks, Yui Naruse, for providing the patch!
[Bug #5548] [ruby-core:40670]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* io.c (rb_cloexec_dup): new function.
(ruby_dup): use rb_cloexec_dup.
* ext/pty/pty.c (pty_getpty): use rb_cloexec_dup.
* ext/openssl/ossl_bio.c (ossl_obj2bio): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33553 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
GCC.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33529 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* io.c (rb_fd_set_cloexec): new function.
(ruby_dup): call rb_fd_set_cloexec to set close-on-exec flag.
(rb_sysopen_internal): ditto.
(rb_pipe): ditto.
(io_reopen): ditto.
(io_cntl): ditto.
* process.c (rb_f_exec): change the default :close_others option to
true.
(rb_f_system): ditto.
(move_fds_to_avoid_crash): call rb_fd_set_cloexec to set
close-on-exec flag.
(ruby_setsid): ditto.
(rb_daemon): ditto.
* thread_pthread.c (rb_thread_create_timer_thread): call
rb_fd_set_cloexec to set close-on-exec flag.
* ruby.c (load_file_internal): ditto.
* file.c (rb_file_s_truncate): ditto.
(file_load_ok): ditto.
* random.c (fill_random_seed): ditto.
* ext/pty/pty.c (chfunc): ditto.
(get_device_once): ditto.
* ext/openssl/ossl_bio.c (ossl_obj2bio): ditto.
* ext/socket/init.c (rsock_socket): ditto.
(rsock_s_accept_nonblock): ditto.
(rsock_s_accept): ditto.
* ext/socket/socket.c (rsock_sock_s_socketpair): ditto.
* ext/socket/ancdata.c (discard_cmsg): ditto.
(make_io_for_unix_rights): ditto.
* ext/socket/unixsocket.c (unix_recv_io): ditto.
* ext/io/console/console.c (console_dev): ditto.
[ruby-core:38140] [Feature #5041]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33507 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ns_spki.rb: Integrate SPKI#to_text.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
documentation.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33495 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for Netscape SPKI.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
binary data.
* test/openssl/test_ssl.rb: Add test for it.
Thanks to Niklas Baumstark for reporting the issue!
[Ruby 1.9 - Bug #5233] [ruby-core:39120]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/openssl/ossl_pkey.c: ditto
* ext/openssl/ossl_pkey_dh.c: Make functions passed to
rb_thread_blocking_region return VALUE instead of void.
ext/openssl/ossl_pkey_dsa.c: ditto
ext/openssl/ossl_pkey_rsa.c: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33477 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fed arbitrary string values.
Clearly distinguish between the cases "universal, infinite and
not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly
infinite". Raise error for universal tags that are not infinite.
* test/openssl/test_asn1.rb: add a test for this.
Thanks to Hiroshi Yoshida for reporting this bug.
[Bug #5363] [ruby-dev:44542]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33333 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33318 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
t = Thread.new { print "."; sleep 0.1 }
key = OpenSSL::PKey::RSA.new(2048)
#=> Thread t works in parallel with public key generation if
OS/machine allows it.
This works with OpenSSL >= 0.9.8. From this version, it has new
public key generation function which allows us to interrupt the
execution while pkey generation iterations.
* ext/openssl/extconf.rb: Check existence of OpenSSL's new public key
generation function. (DH_generate_parameters_ex,
DSA_generate_parameters_ex and RSA_generate_key_ex.
* ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2,
ossl_generate_cb_stop): Added new callback function for OpenSSL pkey
generation which handles Thread interruption by Ruby.
ossl_generate_cb_stop is the unblock function(ubf) for Ruby which
sets a stop flag. New pkey generation callback ossl_generate_cb_2
checks the stop flag at each iterations of OpenSSL and interrupts
pkey generation when the flag is set.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call
rb_thread_blocking_region with the above unblock function to release
GVL while pkey generation.
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
* ext/openssl/ossl_pkey_dh.c (dh_generate): ditto.
* test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/digest.rb: ditto
* ext/openssl/lib/openssl/x509.rb: ditto
* ext/openssl/lib/openssl/cipher.rb: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33066 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
an example to OpenSSL::Digest. Patch by Sylvain Daubert.
[Ruby 1.9 - Bug #5166]
* ext/openssl/lib/openssl/digest.rb (module OpenSSL): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33065 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32992 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::X509::Certificate.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32991 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
*not* support #sign/verify.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32987 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb: Add a test for it.
Thanks to Eric Wong for the patch.
[Ruby 1.9 - Feature #5183] [ruby-core:38911]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32973 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Patch by Eric Wong. [Feature #5157] [ruby-core:38798]
* ext/openssl/ossl_asn1.c (ossl_asn1_decode): ditto.
* ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SEGV from AES encryption/decryption. Processing data by
Cipher#update without initializing key (meaningless usage of Cipher
object since we don't offer a way to export a key) could cause SEGV.
In OpenSSL, the EVP which has EVP_CIPH_RAND_KEY flag (such as DES3)
allows uninitialized key, but other EVPs (such as AES) does not
allow it. Calling EVP_CipherUpdate() without initializing key causes
SEGV so we set the data filled with "\0" as the key by default. See
#2768.
* test/openssl/test_cipher.rb: test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32723 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:38018]. From the next version of 1.9.3, you should use
require "openssl"
instead of
require "openssl/ssl"
and
require "openssl/x509"
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32664 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
introduced in r30152 to x509-internal.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLError from SSLSocket just after invoking SSLSocket#close.
OpenSSL's SSL_shutdown could try to send alert packet and it might
set SSLerr(global error stack) as the result. It causes the next
SSL read/write operation to fail by unrelated reason.
By design, we're ignoring any error at SSL_shutdown() so we clear
global error stack after SSL_shutdown is called. See #5039.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
HMAC_Init_ex as it is not compatible with OpenSSL < 1.0.0.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32609 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_hmac.c: Check return value of HMAC_Init_ex.
Thanks, Jared Jennings, for the patch.
[ Ruby 1.9 - Bug #4944 ] [ruby-core:37670]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32606 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_engine.rb: Add a test for it.
Thanks to Ippei Obayashi for providing the patch.
[ Ruby 1.9 - Bug #5062 ] [ruby-dev:44173]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32604 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
internal.h.
* file.c: ditto.
* io.c: call rb_update_max_fd for each new fds.
* process.c: ditto.
* random.c: ditto.
* ruby.c: ditto.
* ext/io/console/console.c: ditto.
* ext/openssl/ossl_bio.c: ditto.
* ext/pty/pty.c: ditto.
* ext/socket/init.c: ditto.
* ext/socket/socket.c: ditto.
* ext/socket/ancdata.c: ditto.
* ext/socket/unixsocket.c: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32587 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
verify callback of SSLContext and X509Store and make the
verification fail normally. Raising exception directly from callback
causes orphan resouces in OpenSSL stack. Patched by Ippei Obayashi.
See #4445.
* test/openssl/test_ssl.rb
(test_exception_in_verify_callback_is_ignored): test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32537 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
defition of OPENSSL_SYS_WIN32.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32452 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32344 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c: Replaced ossl_x509_ary2k by generic macro to
simplify future conversions.
* ext/openssl/ossl_ssl.c: Implement SSLSocket#client_ca.
* test/openssl/test_ssl.rb: Add test for SSLSocket#client_ca.
Thanks to Ippei Obayashi for providing the patch!
[ Ruby 1.9 - Feature #4481 ] [ruby-core:35461]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32337 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32292 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32288 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_missing.h/.c: add ASN1_put_eoc if missing.
* ext/openssl/ossl_asn1.c: introduce ossl_asn1_object_size and
ossl_asn1_put_object to wrap functionality depending on OpenSSL
version in use.
Fixes [ Ruby 1.9 - Bug #4916 ] reported by Hiroshi Nakamura.
[ruby-core:37286]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32230 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
connection more gracefully. Call SSL_shutdown() max 4 times until it
returns 1 (success). Bi-directional SSL close has several states but
SSL_shutdown() kicks only 1 transition per call. Max 4 is from
mod_ssl.c of Apache httpd that says 'max 2x pending * 2x data = 4'.
See #4237.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32219 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for X509_NAME_hash_old in OpenSSL 1.0.0. See #4805
* test/openssl/test_x509name.rb (test_hash): Make test pass with
OpenSSL 1.0.0.
* NEWS: Add it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
argument type with NUM2LONG if the arg is not a Time object.
See #4919.
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_timeout): Check
type with NUM2LONG. Time as an arg is not allowed. See #4919.
* test/openssl/test_ssl_session.rb (test_session_time,
test_session_timeout): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32211 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL from the callback for SSL_CTX_sess_set_get_cb().
Returning 0 means to OpenSSL that the the session is still valid
(since we created Ruby Session object) and was not freed by us with
SSL_SESSION_free(). Call SSLContext#remove_session(sess) in
session_get_cb block if you don't want OpenSSL to cache the session
internally.
This potential issue was pointed by Ippei Obayashi. See #4416.
* test/openssl/test_ssl_session.rb (test_ctx_server_session_cb): Test
it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32204 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Tomoyuki Chikanaga.
[ Ruby 1.9 - Bug #4919 ] [ruby-dev:43869]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32203 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::SSLContext#session_remove_cb was broken. It wrongly
tried to call the session_*new*_cb callback.
* test/openssl/test_ssl_session.rb (class OpenSSL): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fallback scenarios.
* ext/openssl/ossl_pkey_dsa.c
* ext/openssl/ossl_x509req.c
* ext/openssl/ossl_pkey_rsa.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_ssl_session.c
* ext/openssl/ossl_x509crl.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey_dh.c
* ext/openssl/ossl_x509cert.c
* ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset.
* ext/openssl/ossl_ssl.c
* ext/openssl/ossl_cipher.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_pkcs12.c
* ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by
ossl_raise. This automatically flushes OpenSSL's error queue.
* ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing
fails.
* test/openssl/test_pkey_ec.rb
* test/openssl/test_pkey_dsa.rb
* test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is
empty.
* test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in
test_new.
[ Ruby 1.9 - Bug #4885 ] [ruby-core:37134]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Thanks, Eric Wong, for providing the patch.
[ Ruby 1.9 - Feature #4672 ] [ruby-core:36127]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32198 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::Session#to_der was broken. Fix buffer handling.
* test/openssl/test_ssl_session.rb (test_session): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32196 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Documentation fix by Ippei Obayashi. See #4419.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32176 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(e.g. DSS1).
* test/openssl/test_digest.c: add tests for this.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32045 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
oid.
* test/openssl/test_digest.rb: add tests for this.
[Ruby 1.9 - Feature #4412] [ruby-core:35319]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32040 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/utils.rb: add test key for DH.
* test/openssl/test_pkey_dh.rb: add tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32039 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
DH#pub_key in documentation.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32038 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|