From 5f7be3150f0bffb6a958770c61270302123774c3 Mon Sep 17 00:00:00 2001 From: emboss Date: Mon, 7 May 2012 11:57:01 +0000 Subject: * ext/openssl/ossl_ssl.c: add support for option flags OpenSSL::SSL::OP_NO_TLSv1_1 OpenSSL::SSL::OP_NO_TLSv1_2 to allow blocking specific TLS versions. Thanks to Justin Guyett for pointing this out to me. * test/openssl/test_ssl.rb: add tests to assert correct behavior when blocking certain versions of TLS/SSL both on server and client side. Also refactored tests to reduce boilerplate code a little. * test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where client rejects the connection because a forbidden protocol version was used. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/ossl_ssl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'ext/openssl') diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 3746f97fa7..d375b0ff67 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -1919,7 +1919,7 @@ Init_ossl_ssl() rb_define_const(cSSLContext, "SESSION_CACHE_BOTH", LONG2FIX(SSL_SESS_CACHE_BOTH)); /* no different than CACHE_SERVER in 0.9.8e */ /* - * Normally the sesison cache is checked for expired sessions every 255 + * Normally the session cache is checked for expired sessions every 255 * connections. Since this may lead to a delay that cannot be controlled, * the automatic flushing may be disabled and #flush_sessions can be * called explicitly. @@ -2035,6 +2035,12 @@ Init_ossl_ssl() ossl_ssl_def_const(OP_NO_SSLv2); ossl_ssl_def_const(OP_NO_SSLv3); ossl_ssl_def_const(OP_NO_TLSv1); +#if defined(SSL_OP_NO_TLSv1_1) + ossl_ssl_def_const(OP_NO_TLSv1_1); +#endif +#if defined(SSL_OP_NO_TLSv1_2) + ossl_ssl_def_const(OP_NO_TLSv1_2); +#endif #if defined(SSL_OP_NO_TICKET) ossl_ssl_def_const(OP_NO_TICKET); #endif -- cgit v1.2.3