| Age | Commit message (Collapse) | Author |
|---|
|
|
|
RubyInstaller2 supports metadata tags for installation of dependent
MSYS2/MINGW libraries. The openssl gem requires the mingw-openssl
package to be installed on the system, which the gem installer takes
care about, when this tag is set.
The feature is documented here:
https://github.com/oneclick/rubyinstaller2/wiki/For-gem-developers#msys2-library-dependency
Fixes https://github.com/oneclick/rubyinstaller2/issues/163
https://github.com/ruby/gdbm/commit/d95eed3e86
|
|
This gem exposes no executables.
https://github.com/ruby/pathname/commit/c401d97d58
|
|
Example:
```
In file included from ../../../include/ruby/defines.h:72,
from ../../../include/ruby/ruby.h:23,
from ../../../gc.h:3,
from ../../../ext/objspace/objspace_dump.c:15:
../../../ext/objspace/objspace_dump.c: In function ‘dump_append_ld’:
../../../ext/objspace/objspace_dump.c:95:26: warning: comparison of integer expressions of different signedness: ‘long unsigned int’ and ‘int’ [-Wsign-compare]
95 | RUBY_ASSERT(required <= width);
| ^~
```
Notes:
Merged: https://github.com/ruby/ruby/pull/4417
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4414
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4412
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4413
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4411
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4410
|
|
Having the separate dir makes testing difficult and doesn't
reflect the structure the gem will eventually have. We can filter
these files out if necessary when building the CRuby gem.
https://github.com/ruby/io-console/commit/881010447c
|
|
https://github.com/ruby/io-console/commit/c17b8cf3a9
|
|
This gem exposes no executables, and this clarifies this.
https://github.com/ruby/io-wait/commit/f491c6cc64
|
|
Remove the list of executables.
https://github.com/ruby/zlib/commit/6a70725b8e
|
|
This gem exposes zero executables.
https://github.com/ruby/gdbm/commit/d51cf47f65
|
|
https://github.com/ruby/dbm/commit/c86b94b781
|
|
https://github.com/ruby/date/commit/e574cc9048
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4371
|
|
We previously used a mix of both `#if` and `#ifdef`, but the latter is
more reliable because it will still work if the macro is undefined.
https://github.com/ruby/openssl/commit/e4a622e67e
|
|
On Debian 9 (“stretch”) the `OPENSSL_NO_STATIC_ENGINE` macro is not
defined, which causes all the `#if HAVE_ENGINE_LOAD_…` directives to
fail with `error: 'HAVE_ENGINE_LOAD_…' is not defined, evaluates to 0
[-Werror,-Wundef]` while building TruffleRuby.
We can accomplish the same thing with `#ifdef`, which (of course) works
fine when the `HAVE_ENGINE_LOAD…` macros are also undefined.
Upstreamed from oracle/truffleruby#2255, which fixed
oracle/truffleruby#2254.
https://github.com/ruby/openssl/commit/65e2adf1ac
|
|
ASN1_dup() will not copy the 'pkey' field of a PKCS7_SIGNER_INFO object
by design; it is a temporary field kept until the PKCS7 structure is
finalized. Let's bump reference counter of the pkey in the original
object and use it in the new object, too.
This commit also removes PKCS7#add_signer's routine to add the
content-type attribute as a signed attribute automatically. This
behavior was not documented or tested. This change should not break any
working user code since the method was completely useless without the
change above.
https://github.com/ruby/openssl/commit/20ca7a27a8
|
|
|
|
|
|
https://github.com/ruby/io-console/commit/302e86a28c
https://github.com/ruby/io-console/commit/0690862526
|
|
Fix segmentation fault of Pathname#split when File.split returns
non array value [Bug #17755]
https://github.com/ruby/pathname/commit/e29b49e3b1
https://github.com/ruby/pathname/commit/1db7479a74
|
|
If called with an autoloaded encoding that was not yet
initialized, `rb_enc_interned_str` would crash with
a NULL pointer exception.
See: https://github.com/ruby/ruby/pull/4119#issuecomment-800189841
Notes:
Merged: https://github.com/ruby/ruby/pull/4290
|
|
|
|
|
|
Although the manpage says that BIGNUM functions return 0 on error,
OpenSSL versions before 1.0.2n and current LibreSSL versions may return
-1 instead.
Note that the implementation of OpenSSL::BN#mod_inverse is extracted
from BIGNUM_2c() macro as it didn't really share the same function
signature with others.
https://github.com/ruby/openssl/commit/9b59f34345
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Made stored values `Symbol`s instead of `ID`s.
Fixes https://bugs.ruby-lang.org/issues/17625
Co-Authored-By: xtkoba (Tee KOBAYASHI) <xtkoba+ruby@gmail.com>
https://github.com/ruby/openssl/commit/f2d004679a
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
This defines TLS1_3_VERSION when using LibreSSL 3.2+. LibreSSL 3.2/3.3
doesn't advertise this by default, even though it will use TLS 1.3
in both client and server modes.
Changes between LibreSSL 3.1 and 3.2/3.3 broke a few tests, Defining
TLS1_3_VERSION by itself fixes 1 test failure. A few tests now
fail on LibreSSL 3.2/3.3 unless TLS 1.2 is set as the maximum version,
and this adjusts those tests. The client CA test doesn't work in
LibreSSL 3.2+, so I've marked that as pending.
For the hostname verification, LibreSSL 3.2.2+ has a new stricter
hostname verifier that doesn't like subjectAltName such as
c*.example.com and d.*.example.com, so adjust the related tests.
With these changes, the tests pass on LibreSSL 3.2/3.3.
https://github.com/ruby/openssl/commit/a0e98d48c9
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
The form created an empty EC_GROUP object with the specified EC_METHOD.
However, the feature was unfinished and not useful in any way because
OpenSSL::PKey::EC::Group did not implement wrappers for necessary
functions to set actual parameters for the group, namely
EC_GROUP_set_curve() family.
EC_GROUP object creation with EC_METHOD explicitly specified is
deprecated in OpenSSL 3.0, as it was apparently not intended for use
outside OpenSSL.
It is still possible to create EC_GROUP, but without EC_METHOD
explicitly specified - OpenSSL chooses the appropriate EC_METHOD for
the curve type. The OpenSSL::PKey::EC::Group.new(<:GFp|:GF2m>, p, a, b)
form will continue to work.
https://github.com/ruby/openssl/commit/df4bec841f
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
The underlying API SSL_CTX_set_tmp_ecdh_callback() was removed by
LibreSSL >= 2.6.1 and OpenSSL >= 1.1.0, in other words, it is not
supported by any non-EOL versions of OpenSSL.
The wrapper was initially implemented in Ruby 2.3 and has been
deprecated since Ruby/OpenSSL 2.0 (bundled with Ruby 2.4) with explicit
warning with rb_warn().
https://github.com/ruby/openssl/commit/ee037e1460
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Errno::EPROTOTYPE is not supposed to be raised by SSLSocket#write.
However, on macOS, send(2) which is called via SSL_write() can
occasionally return EPROTOTYPE. Retry SSL_write() so that we get a
proper error, just as ext/socket does.
Reference: https://bugs.ruby-lang.org/issues/14713
Reference: https://github.com/ruby/openssl/issues/227
https://github.com/ruby/openssl/commit/2e700c80bf
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Add more details about each method, and add reference to OpenSSL man
pages.
https://github.com/ruby/openssl/commit/02b6f82c73
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
The certificate passed as the second argument was not properly free'd
in the error paths.
https://github.com/ruby/openssl/commit/9561199b9f
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Use the OpenSSL function name that caused the error to generate a better
error message.
https://github.com/ruby/openssl/commit/b31809ba3d
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Use ossl_x509_sk2ary() to create an array of OpenSSL::X509::Certificate
from STACK_OF(X509).
https://github.com/ruby/openssl/commit/fa1da69f92
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Anything passed to OpenSSL::X509::Store.new was always ignored. Let's
emit an explicit warning to not confuse users.
https://github.com/ruby/openssl/commit/d173700eeb
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
given
Undo special treatment of nil and simply pass the value to
StringValueCStr().
nil was never a valid argument for the method; OpenSSL::X509::StoreError
with an unhelpful error message "system lib" was raised in that case.
https://github.com/ruby/openssl/commit/fb2fcbb137
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
https://github.com/ruby/openssl/commit/f36af95519
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
The socket is called ssl_connection, not connection
https://github.com/ruby/openssl/commit/642783aeda
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
values
SSLContext's verify_mode expects an SSL_VERIFY_* constant (an integer)
and verify_hostname expects either true or false. However, they are set
to nil after calling OpenSSL::SSL::SSLContext.new, which is surprising.
Set a proper value to them by default: verify_mode is set to
OpenSSL::SSL::VERIFY_NONE and verify_hostname is set to false by
default.
Note that this does not change the default behavior. The certificate
verification was never performed unless verify_mode is set to
OpenSSL::SSL::VERIFY_PEER by a user. The same applies to
verify_hostname.
https://github.com/ruby/openssl/commit/87d869352c
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Explicitly check for type given some conflicting statements within openssl's
documentation around EVP_PKEY_cmp and EVP_PKEY_ASN1_METHOD(3).
Add documentation with an example for compare?
https://github.com/ruby/openssl/commit/0bf51da6e2
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
We ran into some Linux-based systems not accepting the upper case variant
https://github.com/ruby/openssl/commit/7bc49121d5
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
OpenSSL::HMAC implements the similar interface as ::Digest. Let's add
base64digest methods to OpenSSL::HMAC, too, for feature parity.
https://github.com/ruby/openssl/commit/098bcb68af
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Use the EVP API instead of the low-level HMAC API. Use of the HMAC API
has been discouraged and is being marked as deprecated starting from
OpenSSL 3.0.0.
The two singleton methods OpenSSL::HMAC, HMAC.digest and HMAC.hexdigest
are now in lib/openssl/hmac.rb.
https://github.com/ruby/openssl/commit/0317e2fc02
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Deprecate it for future removal. However, I do not expect any
application is affected by this.
The other form of calling it, PKey::EC::Point#mul(bn [, bn]) remains
untouched.
PKey::EC::Point#mul calls EC_POINTs_mul(3) when multiple BNs
are given as an array. LibreSSL 2.8.0 released on 2018-08 removed the
feature and OpenSSL 3.0 which is planned to be released in 2020 will
also deprecate the function as there is no real use-case.
https://github.com/ruby/openssl/commit/812de4253d
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
appropriate
IO.read may mangle line separator, which will corrupt binary data
including DER-encoded X.509 certificates and such.
Fixes: https://github.com/ruby/openssl/issues/243
https://github.com/ruby/openssl/commit/93213b2730
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
PKey::EC#dh_compute_key
Use the new OpenSSL::PKey::PKey#derive instead of the raw
{EC,}DH_compute_key(), mainly to reduce amount of the C code.
https://github.com/ruby/openssl/commit/28edf6bafc
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
|
Add OpenSSL::PKey::PKey#derive as the wrapper for EVP_PKEY_CTX_derive().
This is useful for pkey types that we don't have dedicated classes, such
as X25519.
https://github.com/ruby/openssl/commit/28f0059bea
Notes:
Merged: https://github.com/ruby/ruby/pull/4275
|
