| Age | Commit message (Collapse) | Author |
|---|
|
* ext/openssl/ossl_x509attr.c (ossl_x509attr_set_value): check that the
argument is an OpenSSL::ASN1::Data before converting to ASN1_TYPE.
This fixes SEGV on OpenSSL::X509::Attribute#value=(non-asn1-value).
* test/openssl/test_x509attr.rb: add tests for OpenSSL::X509::Attribute.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55071 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkey_ec.rb (test_ec_point_mul): My previous commit
r55059 was broken. I should have been more careful. Sorry.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkey_ec.rb (test_ec_point_mul): CentOS 7 patches
OpenSSL to reject curves defined over a small field.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55059 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_random.rb (OpenSSL::TestRandom): ignore
out-of-date OpenSSL before 1.0, as well as other tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55058 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_random.rb: requires test/openssl/utils.rb for
OpenSSL::TestCase now.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55056 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
family may put errors on 0 return (0 means verification failure).
Clear OpenSSL error queue before return to Ruby. Since the queue is
thread global, remaining errors in the queue can cause an unexpected
error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215]
* ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.
* ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.
* ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.
* ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
queue before re-raising exception.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
* ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.
* test/openssl: check that OpenSSL.errors is empty every time after
running a test case.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): Validate the
arguments before passing to EC_POINT(s)_mul(). Add description of this
method. [ruby-core:65152] [Bug #10268]
* test/openssl/test_pkey_ec.rb (test_ec_point_mul): Test that
OpenSSL::PKey::EC::Point#mul works.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55048 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_bn.c (try_convert_to_bnptr): Extracted from
GetBNPtr(). This doesn't raise exception but returns NULL on error.
(GetBNPtr): Raise TypeError if conversion fails.
(ossl_bn_eq): Implement BN#==.
(ossl_bn_eql): #eql? should not raise TypeError even if the argument
is not compatible with BN.
(ossl_bn_hash): Implement BN#hash.
* ext/openssl/ossl_bn.c (Init_ossl_bn): Define #== and #hash.
* test/openssl/test_bn.rb: Test BN#eql?, #== and #hash
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55047 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* object.c, numeric.c, enum.c, ext/-test-/bignum/mul.c,
lib/rexml/quickpath.rb, lib/rexml/text.rb, lib/rexml/xpath_parser.rb,
lib/rubygems/specification.rb, lib/uri/generic.rb,
bootstraptest/test_eval.rb, basictest/test.rb,
test/-ext-/bignum/test_big2str.rb, test/-ext-/bignum/test_div.rb,
test/-ext-/bignum/test_mul.rb, test/-ext-/bignum/test_str2big.rb,
test/csv/test_data_converters.rb, test/date/test_date.rb,
test/json/test_json_generate.rb, test/minitest/test_minitest_mock.rb,
test/openssl/test_cipher.rb, test/rexml/test_jaxen.rb,
test/ruby/test_array.rb, test/ruby/test_basicinstructions.rb,
test/ruby/test_bignum.rb, test/ruby/test_case.rb,
test/ruby/test_class.rb, test/ruby/test_complex.rb,
test/ruby/test_enum.rb, test/ruby/test_eval.rb,
test/ruby/test_iseq.rb, test/ruby/test_literal.rb,
test/ruby/test_math.rb, test/ruby/test_module.rb,
test/ruby/test_numeric.rb, test/ruby/test_range.rb,
test/ruby/test_rational.rb, test/ruby/test_refinement.rb,
test/ruby/test_rubyvm.rb, test/ruby/test_struct.rb,
test/ruby/test_variable.rb, test/rubygems/test_gem_specification.rb,
test/thread/test_queue.rb: Use Integer instead of Fixnum and Bignum.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55029 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb (test_get_ephemeral_key): skip
unsupported ciphers. [GH-1318]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54506 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb (test_get_ephemeral_key): skip
unavailable public keys. [GH-1318]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54498 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb (test_get_ephemeral_key): should use
assert_instance_of instead of comparison of classes.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54487 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_ssl_tmp_key): Access to ephemeral
TLS session key in case of forward secrecy cipher. Only
available since OpenSSL 1.0.2. [Fix GH-1318]
* ext/openssl/extconf.rb: Check for SSL_get_server_tmp_key.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
By setting the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag.
This flag was introduced at the same time as
SSL_MODE_ENABLE_PARTIAL_WRITE in OpenSSL 0.9.4 and makes usage
with non-blocking sockets much easier.
Before this, a Rubyist would need to remember the exact object
which failed to write and reuse it later when the socket became
writable again. This causes problems when the buffer is given
by another layer of the application (e.g. a buffer is given
by a Rack middleware or application to a Rack web server).
* ext/openssl/ossl_ssl.c (ossl_sslctx_s_alloc):
enable SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default
[Bug #12126]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54466 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/extconf.rb: check SSL_CTX_set_next_proto_select_cb
function rather than OPENSSL_NPN_NEGOTIATED macro. it exists
even if it is disabled by OpenSSL configuration.
[ruby-core:74384] [Bug #12182]
* ext/openssl/ossl_ssl.c: update #ifdef(s) as above.
* test/openssl/test_ssl.rb: skip NPN tests if NPN is disabled.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54258 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
The first one of ruby/openssl#40
https://github.com/ruby/openssl/issues/40#issuecomment-159839338
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53718 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkey_dh.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53553 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
https://weakdh.org/
[fix GH-1196][Bug #11968][ruby-core:72766]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* compile.c, cont.c, doc, man: fix common misspelling.
[ruby-core:72466] [Bug #11870]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53299 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[fix GH-1142] Patch by @mlarraz
* test/openssl/test_pair.rb: ditto.
* test/ruby/test_econv.rb: ditto.
* test/ruby/test_settracefunc.rb: ditto.
* test/thread/test_queue.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb (test_setting_twice): ignore fixed
flags. some flags like SSL_OP_NO_SSL_MASK cannot change.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53035 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb (test_setting_twice): ignore fixed
falgs. some flags like SSL_OP_NO_SSL_MASK cannot change.
* test/openssl/test_ssl.rb (test_options_setting_nil_means_all):
ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53010 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
I was worried r52750 would break IO.copy_stream with things like
OpenSSL sockets which wrap IOs, but require data to be run through
through encryption/decryption filters. Apparently my worry
was unfounded, but perhaps this test will ensure this case continues
to work.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52751 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52555 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ECDH cipher.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52412 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be>
[Bug #11376]
* ext/openssl/extconf.rb: check for SSLv3 support in the SSL
implementation.
* test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
if there is no support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51722 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
account OpenSSL installations that have SSLv3 disabled by default.
Thanks Jeremy Evans <code@jeremyevans.net> for the patches.
[Bug #11366] [Bug #11367]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51649 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
existing options rather than just setting it. Some vendors apply
custom patches to their versions of OpenSSL that set default values
for options. This commit respects the custom patches they've
applied.
* test/openssl/test_ssl.rb (class OpenSSL): check that OP_ALL has been
added to the options.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51642 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): SSL method
name must not contain NUL. preserve the encoding of message.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl.rb: use assert_raise instead of a
deprecated method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51587 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_ssl_session.rb (test_ctx_server_session_cb):
ensure the method to be tested is supported.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51569 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
in OpenSSL tests. [ruby-core:70020][Bug #11368]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/buffering.rb (gets):
avoid comparing fixnum with nil
* test/openssl/test_pair.rb: test gets with limit when EOF is hit
Thanks to Bar Hofesh <bar.hofesh@safe-t.com> for the bug report
and testing.
[ruby-core:70149] [Bug #11400]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51466 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLContext#options and options= using SSL_CTX_set_options and
SSL_CTX_get_options. This reduces the number of ivars we need and
simplifies `ossl_sslctx_setup`.
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options`
to SSL_OP_ALL
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pair.rb (test_ecdh_callback): join client
thread only when it started.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51446 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pair.rb (test_ecdh_callback): join client
thread before closing sockets.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51434 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pair.rb (test_ecdh_callback): fix thread leak.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
helpful exception when verifying the peer connection and an
anonymous cipher has been selected. [ruby-core:68330] [Bug #10910]
Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch.
* test/openssl/test_ssl.rb (class OpenSSL): test for change
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
object returned by the servername callback on to the socket as an
instance variable. If the callback allocated a new context object
and didn't keep a reference to it, it could be GC'd out from under
the socket object.
* test/openssl/test_ssl.rb (class OpenSSL): test for change.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::SSLContext#servername_cb
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51386 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
DEFAULT_1024 constants in Ruby.
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Ask PKey for the
default DH callback since it aleady must check whether openssl has
been compiled with DH support.
* ext/openssl/ossl_pkey_dh.c (OSSL_PKEY_BN): Remove C definitions of
DEFAULT_512 and DEFAULT_1024
* ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto
* test/openssl/test_pkey_dh.rb (class OpenSSL): add test to ensure the
Ruby definitions are the same as the C definitions were.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
specifically setting the tmp_dh_callback to nil.
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): ditto
* test/openssl/test_pair.rb (module OpenSSL): add a test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
callback is used when no DH callback is specified.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51379 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pair.rb: test for ECDH callback support
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51348 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/extconf.rb: detect ALPN support in OpenSSL
* test/openssl/test_ssl.rb: test for ALPN
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* time: Object#timeout has been deprecated a long time ago, use
Timeout.timeout.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51225 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL::SSL::SSLSocket#sysread does not accept kwargs in blocking
mode, inform users if they make an error.
* ext/openssl/ossl_ssl.c (ossl_ssl_read_internal):
do not process kwargs in blocking mode
* test/openssl/test_ssl.rb: test sysread
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51016 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
