path: root/ext/openssl
AgeCommit message (Collapse)Author
2018-03-02openssl: search winsocknobu
* ext/openssl/extconf.rb: on Windows search winsock library always, regardless pkg-config. direct use of winsock is not region of OpenSSL. [ruby-core:85895] [Bug #14568] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-03-02search winsock libraries explicitlynobu
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-02-16no ID cache in Init functionsnobu
Init functions are called only once, cache is useless. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-01-25openssl/buffering.rb: no RS when outputnobu
* ext/openssl/lib/openssl/buffering.rb (do_write, puts): output methods should not be affected by the input record separator. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-12-14openssl: import v2.1.0rhe
Import Ruby/OpenSSL 2.1.0. Commits since v2.1.0.beta2 can be found at: ---------------------------------------------------------------- Kazuki Yamaguchi (8): test/test_ssl: prevent changing default internal encoding ssl: remove a misleading comment pkey/ec: rearrange PKey::EC::Point#initialize ssl: remove unreachable code asn1: fix docs pkey/ec: add support for octet string encoding of EC point Ruby/OpenSSL 2.0.7 Ruby/OpenSSL 2.1.0 eregon (1): Fix test-all tests to avoid creating report_on_exception warnings git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-11-25openssl: import v2.1.0.beta2rhe
Import Ruby/OpenSSL 2.1.0.beta2. The full commit log since commit e72d960db262 which was imported by r60013 can be found at: ---------------------------------------------------------------- Kazuki Yamaguchi (26): bn: use ALLOCV() macro instead of xmalloc() appveyor.yml: remove 'openssl version' line test/test_ssl_session: skip tests for session_remove_cb x509ext: implement X509::Extension#== x509attr: implement X509::Attribute#== x509cert: implement X509::Certificate#== x509revoked: add missing X509::Revoked#to_der x509crl, x509revoked: implement X509::{CRL,Revoked}#== x509req: implement X509::Request#== ssl: extract rb_intern("call") cipher: disallow setting AAD for non-AEAD ciphers test/test_cipher: fix test_non_aead_cipher_set_auth_data failure ssl: fix conflict of options in SSLContext#set_params buffering: let #write accept multiple arguments pkey: make pkey_check_public_key() non-static x509cert, x509crl, x509req, ns_spki: check sanity of public key test/envutil: port assert_warning from Ruby trunk test/utils: remove a pointless .public_key call in issue_cert ssl: add SSLContext#add_certificate test/test_ssl: fix test_security_level Drop support for LibreSSL 2.4 kdf: add HKDF support test/test_x509cert: fix flaky test test/test_x509crl: fix random failure fix a typo Ruby/OpenSSL 2.1.0.beta2 Mark Wright (1): Fix build failure against OpenSSL 1.1 built with no-deprecated Thanks rhenium for the code review and fixes. Peter Karman (1): Add RSA sign_pss() and verify_pss() methods aeris (1): TLS Fallback Signaling Cipher Suite Value kazu (1): Use caller with length to reduce unused strings git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-11-25openssl: revert changes in SSLContext#{min,max}_version= in r60310rhe
And adapt a net/http test to their old behavior. [ruby-core:83491] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-10-23multiple arguments to writenobu
Make write methods of IO-like objects accept multiple arguments, as well as IO#write. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-10-21openssl: merge test fix from upstreamrhe
Merge a commit from upstream: d1cbf6d75280 test/test_ssl_session: skip tests for session_remove_cb Tests using SSL::SSLContext#session_remove_cb= are now skipped. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-10-21fix OpenSSL::SSL::SSLContext#min_version doesn't worknaruse
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-10-21Use caller with length to reduce unused stringskazu
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-24openssl: import e72d960db262rhe
Sync with master branch of ruby/openssl.git to import changes in v2.1.0.beta1..v2.0.6. The commit log since v2.1.0.beta1 which was imported by r59734 can be found at: ---------------------------------------------------------------- Kazuki Yamaguchi (16): test/test_pair: fix test_write_nonblock{,_no_exceptions} x509name: fix a typo in docs test/test_fips: skip if setting FIPS mode fails test/test_asn1: fix possible failure in test_utctime test/test_ssl: suppress warning in test_alpn_protocol_selection_cancel test/test_pair: disable compression test/test_ssl: skip tmp_ecdh_callback test for LibreSSL >= 2.6.1 test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1 tool/ruby-openssl-docker: update test/test_pair: replace sleep with ssl: prevent SSLSocket#sysread* from leaking uninitialized data ossl.c: use struct CRYPTO_dynlock_value for non-dynamic locks ossl.c: make legacy locking callbacks reentrant test/test_engine: suppress stderr test/test_engine: check if RC4 is supported Ruby/OpenSSL 2.0.6 SHIBATA Hiroshi (1): To use upstream url of github nobu (1): ruby.h: unnormalized Fixnum value git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-15To use github url for gemspec.hsbt
[Bug #13906][ruby-core:82817] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-07ruby.h: unnormalized Fixnum valuenobu
* include/ruby/ruby.h (ST2FIX): fix unnormalized Fixnum value bug on mingw/mswin. [ruby-core:82687] [Bug #13877] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-03openssl: import v2.1.0.beta1rhe
Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5 (imported by r59567) can be found at: ---------------------------------------------------------------- Antonio Terceiro (1): test/test_ssl: explicitly accept TLS 1.1 in corresponding test Colby Swandale (1): document using secure protocol to fetch git master in Bundler Colton Jenkins (1): Add fips_mode_get to return fips_mode Kazuki Yamaguchi (85): Start preparing for 2.1.0 Remove support for OpenSSL 0.9.8 and 1.0.0 bn: refine tests bn: implement unary {plus,minus} operators for OpenSSL::BN bn: implement OpenSSL::BN#negative? Don't define main() when built with --enable-debug test: let OpenSSL::TestCase include OpenSSL::TestUtils test: prepare test PKey instances on demand Add OpenSSL.print_mem_leaks Enable OSSL_MDEBUG on CI builds ssl: move default DH parameters from OpenSSL::PKey::DH Make exceptions with the same format regardless of OpenSSL.debug ssl: show reason of 'certificate verify error' in exception message ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384 ssl: do not confuse different ex_data index registries ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object Fix RDoc markup ssl: suppress compiler warning ext/openssl/deprecation.rb: remove broken-apple-openssl extconf.rb: print informative message if OpenSSL can't be found Rakefile: compile the extension before test kdf: introduce OpenSSL::KDF module ossl.h: add NUM2UINT64T() macro kdf: add scrypt Expand rb_define_copy_func() macro Expand FPTR_TO_FD() macro Remove SafeGet*() macros cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname() digest: rename GetDigestPtr() to ossl_evp_get_digestbyname() Add ossl_str_new(), an exception-safe rb_str_new() bio: simplify ossl_membio2str() using ossl_str_new() Remove unused functions and macros Drop support for LibreSSL 2.3 ocsp: add OpenSSL::OCSP::Request#signed? asn1: infinite length -> indefinite length asn1: rearrange tests ssl: remove a needless NULL check in SSL::SSLContext#ciphers ssl: return nil in SSL::SSLSocket#cipher if session is not started asn1: remove an unnecessary function prototype asn1: require tag information when instantiating generic type asn1: initialize 'unused_bits' attribute of BitString with 0 asn1: check for illegal 'unused_bits' value of BitString asn1: disallow NULL to be passed to asn1time_to_time() asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid asn1: allow constructed encoding with definite length form asn1: prohibit indefinite length form for primitive encoding asn1: allow tag number to be >= 32 for universal tag class asn1: use ossl_asn1_tag() asn1: clean up OpenSSL::ASN1::Constructive#to_der asn1: harmonize OpenSSL::ASN1::*#to_der asn1: prevent EOC octets from being in the middle of the content asn1: do not treat EOC octets as part of content octets x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry ssl: do not call session_remove_cb during GC Backport "Merge branch 'topic/test-memory-leak'" to maint cipher: update the documentation for Cipher#auth_tag= Rakefile: let sync:to_ruby know about test/openssl/fixtures test: fix formatting test/utils: remove OpenSSL::TestUtils.silent test/utils: add SSLTestCase#tls12_supported? test/utils: have start_server yield only the port number test/utils: do not set ecdh_curves in start_server test/utils: let server_loop close socket test/utils: improve error handling in start_server test/utils: add OpenSSL::TestUtils.openssl? and .libressl? test/utils: do not use DSA certificates in SSL tests test/test_ssl: remove test_invalid_shutdown_by_gc test/test_ssl: move test_multibyte_read_write to test_pair test/test_ssl_session: rearrange tests test/test_pair, test/test_ssl: fix for TLS 1.3 ssl: remove useless call to rb_thread_wait_fd() ssl: fix NPN support ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private ssl: use 2048-bit group in the default tmp_dh_cb ssl: ensure that SSL option flags are non-negative ssl: update OpenSSL::SSL::OP_* flags ssl: prefer TLS_method() over SSLv23_method() ssl: add SSLContext#min_version= and #max_version= ssl: rework SSLContext#ssl_version= test/test_x509name: change script encoding to ASCII-8BIT x509name: refactor OpenSSL::X509::Name#to_s x509name: add OpenSSL::X509::Name#to_utf8 x509name: add OpenSSL::X509::Name#inspect x509name: update regexp in OpenSSL::X509::Name.parse Ruby/OpenSSL 2.1.0.beta1 Marcus Stollsteimer (1): Fix rdoc for core Integer class nobu (4): [DOC] {read,write}_nonblock with exception: false [DOC] keyword argument _exception_ [DOC] mark up literals Revert r57690 except for read_nonblock git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-08-10openssl: import v2.0.5rhe
Import Ruby/OpenSSL 2.0.5. The full commit history since v2.0.4 (imported at r59081) can be found at: This will fix the test failure on latest Debian sid and the "no OPENSSL_Applink" issue on mswin. ---------------------------------------------------------------- Kazuki Yamaguchi (11): test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params bio: prevent possible GC issue in ossl_obj2bio() bio: do not use the FILE BIO method in ossl_obj2bio() Rakefile: install_dependencies: install only when needed appveyor.yml: test against Ruby 2.4 ossl_pem_passwd_cb: relax passphrase length constraint ossl_pem_passwd_cb: do not check for taintedness ossl_pem_passwd_cb: handle nil from the block explicitly ssl: remove unsupported TLS versions from SSLContext::METHODS ssl: fix compile error with OpenSSL 1.0.0 Ruby/OpenSSL 2.0.5 Lars Kanis (1): Add msys2 library dependency tag in gem metadata git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-06-14openssl: import v2.0.4rhe
Import Ruby/OpenSSL 2.0.4. Only bug (and typo) fixes. The full commit history since v2.0.3 (imported at r57482) can be found at: This contains the fix for [Bug #11033]. ---------------------------------------------------------------- Jun Aruga (1): Update .travis.yml and Dockerfile Kazuki Yamaguchi (9): test/test_pkey_ec: do not use dummy 0 order test/test_ssl: fix typo in test_sysread_and_syswrite ssl: check return value of SSL_set_fd() Fix typos test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors tool/sync-with-trunk: 'LASY' -> 'LAST' x509store: clear error queue after calling X509_LOOKUP_load_file() extconf.rb: simplify searching libraries logic Ruby/OpenSSL 2.0.4 SHIBATA Hiroshi (1): Fix typos Vladimir Rybas (1): Fix documentation for OpenSSL::Cipher#final nobu (2): openssl: fix broken openssl check openssl: fix broken openssl check usa (1): Search SSL libraries by testing various filename patterns git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-05-16Search SSL libraries by testing various filename patternsusa
* ext/openssl/extconf.rb (find_openssl_library): should search by more flexible method, especially for LibreSSL on Windows. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-03-22ruby tool/update-deps --fixshyouhei
Onigumo 6 (r57045) introduced new onigumo.h header file, which is required from quite much everywhere. This commit adds necessary dependencies. Note: ruby/oniguruma.h now includes onigumo.h, ruby/io.h includes oniguruma.h, ruby/encoding.h also includes oniguruma.h, and internal.h includes encoding.h. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-23Revert r57690 except for read_nonblocknobu git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-23[DOC] mark up literalsnobu
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-23[DOC] keyword argument _exception_nobu
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-23[DOC] {read,write}_nonblock with exception: falsenobu
Update docs to reflect EOF behavior change of read_nonblock and write_nonblock when using `exception: false`. [Fix GH-1527] Author: Russell Davis <> git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-10openssl: fix broken openssl checknobu
* ext/openssl/deprecation.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-02-10openssl: fix broken openssl checknobu
* ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-01-31openssl: import v2.0.3rhe
Import Ruby/OpenSSL 2.0.3. Only bugfixes. The full commit log since 2.0.2 (imported at r57146) can be found at: ---------------------------------------------------------------- Corey Bonnell (1): Fix for ASN1::Constructive 'each' implementation Kazuki Yamaguchi (10): Fix build with static OpenSSL libraries on Windows ([ruby-core:78878] [Bug #13080]) Merge pull request #96 from CBonnell/master Merge branch 'topic/windows-static-linking-without-pkg-config' into maint appveyor.yml: update OpenSSL version to 1.0.2j buffering: fix typo in doc test/envutil: fix assert_raise_with_message x509: fix OpenSSL::X509::Name#eql? ([ruby-core:79310] [Bug #13170]) ruby-openssl-docker: update versions of Ruby and OpenSSL .travis.yml: test with Ruby 2.4 Ruby/OpenSSL 2.0.3 git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-12-22openssl: import v2.0.2rhe
Import Ruby/OpenSSL 2.0.2. This release contains only bugfixes. The full commit log since 2.0.1 (imported at r57041) can be found at: ---------------------------------------------------------------- Kazuki Yamaguchi (5): ssl: check for SSL_CTX_clear_options() Rename functions in openssl_missing.c ssl: use SSL_SESSION_get_protocol_version() pkey: allow instantiating OpenSSL::PKey::PKey with unsupported key type Ruby/OpenSSL 2.0.2 git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-12-10openssl: import v2.0.1rhe
Import Ruby/OpenSSL 2.0.1. The full commit history since 2.0.0 (imported at r56946) can be found at: This release contains only bug fixes. Note, the first two commits since v2.0.0 are already imported at r56953 to make Travis and RubyCI green. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-12-01openssl: import fixes from upstreamrhe
Import the following two commits from upstream: commit 72126d6c8b88abd69c3565fc3bbbd5ed1e401611 Author: Kazuki Yamaguchi <> Date: Thu Dec 1 22:27:03 2016 +0900 pkey: check existence of EVP_PKEY_get0() EVP_PKEY_get0() did not exist in early OpenSSL 0.9.8 series. So define ourselves if needed. commit 94a1c4e0c5705ad1e9a4ca08cacaa6cba8b1e6f5 Author: Kazuki Yamaguchi <> Date: Thu Dec 1 22:13:22 2016 +0900 test/test_cipher: fix test with OpenSSL 1.0.1 before 1.0.1d Set the authentication tag before the AAD when decrypting. Before OpenSSL commit 96f7fafa2431 ("Don't require tag before ciphertext in AESGCM mode", 2012-10-16, at OpenSSL_1_0_1-stable branch, included in OpenSSL 1.0.1d), the authentication tag must be set before any calls of EVP_CipherUpdate(). They should fix build on CentOS 5 and Ubuntu 12.04 respectively. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30ossl.c: castnobu
* ext/openssl/ossl.c (ossl_pem_passwd_cb): cast to int. it's safe because len does not exceed int max_len. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30openssl: import v2.0.0rhe
Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2 (imported at r56098) can be found at: git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-29parse.y: ambiguous parenthesesnobu
* parse.y (parser_yylex): warn ambiguous parentheses after a space in method definitions. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-10-26[DOC] replace Fixnum with Integer [ci skip]nobu
* numeric.c: [DOC] update document for Integer class. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-24fid typos [ci skip]nobu
* fix typos, "a" before "Integer" to "an". [Fix GH-1438] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-16* ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): Fix compile errorngoto
with old version of fcc (Fujitsu C Compiler) on Solaris 10. [Bug #12769] [ruby-dev:49809] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-08openssl: import v2.0.0.beta.2rhe
* {ext,test}/openssl: Import Ruby/OpenSSL 2.0.0.beta.2. The full commit history since v2.0.0.beta.1 can be found at: git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29* remove trailing spaces.svn
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29import Ruby/OpenSSL 2.0.0.beta.1rhe
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: [Feature #9612] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-06openssl: avoid undefined behavior on empty SSL_writenormal
SSL_write(3ssl) manpage has this in the WARNINGS section: When calling SSL_write() with num=0 bytes to be sent the behaviour is undefined. And indeed, the new test case demonstrates failures when empty strings are used. So, match the behavior of IO#write, IO#write_nonblock, and IO#syswrite by returning zero, as the OpenSSL::SSL::SSLSocket API already closely mimics the IO one. * ext/openssl/ossl_ssl.c (ossl_ssl_write_internal): avoid undefined behavior * test/openssl/test_pair.rb (test_write_zero): new test [ruby-core:76751] [Bug #12660] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-07-06Update dependenciesnobu
* (compile.o, loadpath.o): update dependencies. * (vm_call.o): remove stale object dependencies. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-29openssl: fix for OpenSSL 1.0.0trhe
* ext/openssl/ossl_ocsp.c: The "reuse" behavior of d2i_ functions does not work well with OpenSSL 1.0.0t. So avoid it. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-28* ext/digest/md5/md5ossl.h: Remove excess semicolons.ngoto
Suppress warning on Solaris with Oracle Solaris Studio 12. [ruby-dev:49692] [Bug #12524] * ext/digest/md5/md5cc.h: ditto. * ext/digest/sha1/sha1cc.h: ditto. * ext/digest/sha1/sha1ossl.h: ditto. * ext/digest/sha2/sha2cc.h: ditto. * ext/digest/sha2/sha2ossl.h: ditto. * ext/openssl/ossl_pkey_rsa.c: ditto. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: add OpenSSL::OCSP::SingleResponserhe
* ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an OCSP SingleResponse structure. Also add two new methods #responses and #find_response to OCSP::BasicResponse. A BasicResponse has one or more SingleResponse. We have OCSP::BasicResponse#status that returns them as an array of arrays, each containing the content of a SingleResponse, but this is not useful. When validating an OCSP response, we need to look into the each SingleResponse and check their validity but it is not simple. For example, when validating for a certificate 'cert', the code would be like: # certid_target is an OpenSSL::OCSP::CertificateId for cert basic = res.basic result = basic.status.any? do |ary| ary[0].cmp(certid_target) && ary[4] <= && (!ary[5] || <= ary[5]) end Adding OCSP::SingleResponse at the same time allows exposing OCSP_check_validity(). With this, the code above can be rewritten as: basic = res.basic single = basic.find_response(certid_target) result = single.check_validity * test/openssl/test_ocsp.rb: Test this. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: allow passing absolute times in OCSP::BasicResponse#add_statusrhe
* ext/openssl/ossl_ocsp.c (ossl_ocspbres_add_status): Allow specifying the times (thisUpdate, nextUpdate and revocationTime) with Time objects. Currently they accepts only relative seconds from the current time. This is inconvenience, especially for revocationTime. When Integer is passed, they are still treated as relative times. Since the type check is currently done with rb_Integer(), this is a slightly incompatible change. Hope no one passes a relative time as String or Time object... Also, allow passing nil as nextUpdate. It is optional. * ext/openssl/ruby_missing.h: Define RB_INTEGER_TYPE_P() if not defined. openssl gem will be released before Ruby 2.4.0. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: implement initialize_copy for OpenSSL::OCSP::*rhe
* ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request, BasicResponse,Response}#initialize_copy. [ruby-core:75504] [Bug #12381] * test/openssl/test_ocsp.rb: Test them. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: implement initialize_copy method for PKey classesrhe
* ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement initialize_copy method for OpenSSL::PKey::*. [ruby-core:75504] [Bug #12381] * test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they actually copy the OpenSSL objects, and modifications to cloned object don't affect the original object. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: add 'const's required in OpenSSL masterrhe
* ext/openssl/ossl_pkey.h, ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_rsa.c: A few days ago, OpenSSL changed {DH,DSA,RSA}_get0_*() to take const BIGNUM **.;a=commit;h=fd809cfdbd6e32b6b67b68c59f6d55fbed7a9327 [ruby-core:75225] [Feature #12324] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15openssl: refactor OpenSSL::OCSP::*#verifyrhe
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_verify, ossl_ocspbres_verify): Use ossl_clear_error() so that they don't print warnings to stderr and leak errors in the OpenSSL error queue. Also, check the return value of OCSP_*_verify() correctly. They can return -1 on verification failure. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15openssl: allow specifying hash algorithm in OCSP::*#signrhe
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow specifying hash algorithm used in signing. They are hard coded to use SHA-1. Based on a patch provided by Tim Shirley <>. [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28] * test/openssl/test_ocsp.rb: Test sign-verify works. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14openssl: add some accessor methods for OCSP::CertificateIdrhe
* ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash, ossl_ocspcid_get_issuer_key_hash, ossl_ocspcid_get_hash_algorithm): Add accessor methods OCSP::CertificateId#issuer_name_hash, #issuer_key_hash, #hash_algorithm. Based on a patch provided by Paul Kehrer <>. [ruby-core:48062] [Feature #7181] * test/openssl/test_ocsp.rb: Test these new methods. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e