Age | Commit message (Collapse) | Author |
|
* test/openssl/test_x509cert.rb: Exclude test that fails when issuing
a certificate with RSA signature and DSS1 digest for earlier
OpenSSL versions when used in conjunction with OpenSSL 1.0.1.
Thanks, Vit Ondruch, for reporting the issue.
[ruby-core:42949][Bug #6089]
* ext/openssl/ossl_pkcs7.c: fix crash when parsing garbage data.
* test/openssl/test_pkcs7.rb: assert correct behavior for it.
Thanks to Matt Venables for reporting the issue.
[ruby-core:43250][Bug #6134]
* test/openssl/test_x509cert.rb: exclude test that fails when issuing
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@35179 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb (test_multibyte_read_write): start server
for each length to avoid race condition.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34550 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/openssl/buffering.rb: Force multi-byte strings to be treated as
binary data.
* test/openssl/test_ssl.rb: Add test for it.
Thanks to Niklas Baumstark for reporting the issue!
[Ruby 1.9 - Bug #5233] [ruby-core:39120]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34534 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
option to prevent BEAST attack. See [Bug #5353].
In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
TLS-CBC-IV vulunerability described at
http://www.openssl.org/~bodo/tls-cbc.txt
It's known issue of TLSv1/SSLv3 but it attracts lots of attention
these days as BEAST attack. (CVE-2011-3389)
Until now ossl sets OP_ALL at SSLContext allocation and call
SSL_CTX_set_options at connection. SSL_CTX_set_options updates the
value by using |= so bits set by OP_ALL cannot be unset afterwards.
This commit changes to call SSL_CTX_set_options only 1 time for each
SSLContext. It sets the specified value if SSLContext#options= are
called and sets OP_ALL if not.
To help users to unset bits in OP_ALL, this commit also adds several
constant to SSL such as
OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were
not exposed in Ruby because there's no way to unset bits in OP_ALL
before.
Following is an example to enable 0/n split for BEAST prevention.
ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS
* test/openssl/test_ssl.rb: Test above option exists.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34524 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
------------------------------------------------------------------------
r34490 | naruse | 2012-02-08 20:47:00 +0900 (Wed, 08 Feb 2012) | 1 line
Fix condition.
------------------------------------------------------------------------
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34491 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509name.c: Use the numerical representation of
unrecognized OIDs instead of the sn "UNDEF".
* test/openssl/test_x509name.rb: Add tests for the fixed behavior.
Patch provided by Paul Kehrer, thank you!
[ruby-core:41769] [Feature #5787]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34489 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being
fed arbitrary string values.
Clearly distinguish between the cases "universal, infinite and
not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly
infinite". Raise error for universal tags that are not infinite.
* test/openssl/test_asn1.rb: add a test for this.
Thanks to Hiroshi Yoshida for reporting this bug.
[Bug #5363] [ruby-dev:44542]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@33347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl_session.rb: execute test_session_exts_read
only for OpenSSL versions >= 0.9.8k. Thanks, Eric Wong, for
reporting this.
[Bug #4961] [ruby-core:37726]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@33316 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl_session.rb: ensure server calls callbacks in
test_ctx_server_session_cb. Thanks to Eric Wong for the patch.
[Bug #5336] [ruby-core:39619]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@33313 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c: Support disabling OpenSSL compression.
* test/openssl/test_ssl.rb: Add a test for it.
Thanks to Eric Wong for the patch.
[Ruby 1.9 - Feature #5183] [ruby-core:38911]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32975 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_cipher.c (ossl_cipher_initialize): Avoid possible
SEGV from AES encryption/decryption. Processing data by
Cipher#update without initializing key (meaningless usage of Cipher
object since we don't offer a way to export a key) could cause SEGV.
In OpenSSL, the EVP which has EVP_CIPH_RAND_KEY flag (such as DES3)
allows uninitialized key, but other EVPs (such as AES) does not
allow it. Calling EVP_CipherUpdate() without initializing key causes
SEGV so we set the data filled with "\0" as the key by default. See
#2768.
* test/openssl/test_cipher.rb: test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32724 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkcs12.rb: Add test and intermediate certificates.
[ Ruby 1.9 - Feature #3793 ] [ruby-core:32088]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_engine.c: Avoid double free of ENGINE reference.
* test/openssl/test_engine.rb: Add a test for it.
Thanks to Ippei Obayashi for providing the patch.
[ Ruby 1.9 - Bug #5062 ] [ruby-dev:44173]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32605 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl_session.rb: add PEM SSL session without TLS
extensions. Use this as the default for the tests to ensure
compatibility with OpenSSL 0.9.7.
[ Ruby 1.9 - Bug #4961 ] [ruby-core:37726]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c (ossl_verify_cb): trap the exception from
verify callback of SSLContext and X509Store and make the
verification fail normally. Raising exception directly from callback
causes orphan resouces in OpenSSL stack. Patched by Ippei Obayashi.
See #4445.
* test/openssl/test_ssl.rb
(test_exception_in_verify_callback_is_ignored): test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32538 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_x509_cert.rb: Perform SHA-256 tests only if
supported by the available OpenSSL version. Versions < 0.9.8 don't
support it. [ruby-core:37724]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32366 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c: Replaced ossl_x509_ary2k by generic macro to
simplify future conversions.
* ext/openssl/ossl_ssl.c: Implement SSLSocket#client_ca.
* test/openssl/test_ssl.rb: Add test for SSLSocket#client_ca.
Thanks to Ippei Obayashi for providing the patch!
[ Ruby 1.9 - Feature #4481 ] [ruby-core:35461]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32337 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for X509_NAME_hash_old in OpenSSL 1.0.0. See #4805
* test/openssl/test_x509name.rb (test_hash): Make test pass with
OpenSSL 1.0.0.
* NEWS: Add it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
a signed long in 32bit long env.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32212 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
argument type with NUM2LONG if the arg is not a Time object.
See #4919.
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_timeout): Check
type with NUM2LONG. Time as an arg is not allowed. See #4919.
* test/openssl/test_ssl_session.rb (test_session_time,
test_session_timeout): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32211 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL from the callback for SSL_CTX_sess_set_get_cb().
Returning 0 means to OpenSSL that the the session is still valid
(since we created Ruby Session object) and was not freed by us with
SSL_SESSION_free(). Call SSLContext#remove_session(sess) in
session_get_cb block if you don't want OpenSSL to cache the session
internally.
This potential issue was pointed by Ippei Obayashi. See #4416.
* test/openssl/test_ssl_session.rb (test_ctx_server_session_cb): Test
it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32204 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::SSLContext#session_remove_cb was broken. It wrongly
tried to call the session_*new*_cb callback.
* test/openssl/test_ssl_session.rb (class OpenSSL): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fallback scenarios.
* ext/openssl/ossl_pkey_dsa.c
* ext/openssl/ossl_x509req.c
* ext/openssl/ossl_pkey_rsa.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_ssl_session.c
* ext/openssl/ossl_x509crl.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey_dh.c
* ext/openssl/ossl_x509cert.c
* ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset.
* ext/openssl/ossl_ssl.c
* ext/openssl/ossl_cipher.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_pkcs12.c
* ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by
ossl_raise. This automatically flushes OpenSSL's error queue.
* ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing
fails.
* test/openssl/test_pkey_ec.rb
* test/openssl/test_pkey_dsa.rb
* test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is
empty.
* test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in
test_new.
[ Ruby 1.9 - Bug #4885 ] [ruby-core:37134]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkcs12.rb: Inherit from Test::Unit::TestCase
instead of Mintest::Unit::TestCase. [ruby-core:37275]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32197 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::Session#to_der was broken. Fix buffer handling.
* test/openssl/test_ssl_session.rb (test_session): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32196 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
tests from test_ssl.rb
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32195 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
distributing a patched version of OpenSSL that allows multiple CRL
for a key (multi-crl.patch.) Make test pass on such env.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32189 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32105 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32076 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
test/openssl/test_pkey_ec.rb: merge both files into test_pkey_ec.rb.
Removed redundant group instantiation from PKey tests.
* test/openssl/utils.rb: only create TEST_PKEY_EC_P256V1 if EC is
defined.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32058 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
by default in an OpenSSL installation.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32057 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(e.g. DSS1).
* test/openssl/test_digest.c: add tests for this.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32045 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
oid.
* test/openssl/test_digest.rb: add tests for this.
[Ruby 1.9 - Feature #4412] [ruby-core:35319]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32040 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/utils.rb: add test key for DH.
* test/openssl/test_pkey_dh.rb: add tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32039 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
reading arbitrary public/private keys from DER-/PEM-encoded File or
string instances.
* ext/openssl/ossl_pkey_dh.c: improved documentation.
* test/openssl/utils.rb: added EC test key.
* test/openssl/test_pkey_rsa.rb
test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from
OpenSSL::TestUtils.
* test/openssl/test_pkey_ec.rb: Created test file for EC tests.
Test PKey.read.
[Ruby 1.9 - Feature #4424] [ruby-core:35330]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32036 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32032 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Buffering#each_byte should return String in accordance with IO in
1.9.
* test/openssl/test_buffering.rb (class OpenSSL): add tests for getc
and each_byte.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32012 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
not let current length become negative for infinite length constructed
values. Support constructed values of length zero. Added tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31711 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Array to prevent segfault. Added test.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31702 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
length. This also prevents a segfault. Added test and improved
documentation.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31701 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Simplified ossl_asn1_decode0 by splitting it into three separate
functions. Add tests.
[Ruby 1.9 - Bug #4374][ruby-core:35123]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31700 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
branch.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31677 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31640 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31573 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkey_dsa.rb: Add basic tests and tests that
ensure new public key PEM encoding behavior and ensure backward
compatibility.
[Ruby 1.9 - Bug #4422] [ruby-core:35328]
* test/openssl/test_pkey_rsa.rb: Remove line with 'puts'.
previous revision: 31561
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkey_rsa.rb: Add tests that ensure new public key
encoding behavior and also ensure backward compatibility.
[Ruby 1.9 - Bug #4421, Bug #4422] [ruby-core:35327,35328]
previous revision: 31559
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31560 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_digest.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey.h
* test/openssl/pkey/test_pkey_rsa.rb
Reverted premature commit. Sorry for the noise!
Previous revision: 31555
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* NEWS: Describe altered behaviour for RSA and DSA public key
encoding. [Ruby 1.9 - Bug #4421, Bug #4422]
[ruby-core:35327,35328]
Previous revision: 31553
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31554 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
pop pushed error after each try of reading. fixes #4550
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_initialize): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31244 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|