* lib/drb/ssl.rb (DRb::DRbSSLSocket::SSLConfig::DEFAULT): add

SSLTmpDhCallback for configuration option.

* lib/drb/ssl.rb (setup_ssl_context): copy the value of tmp_dh_callback.

* test/drb/ut_array_drbssl.rb: set tmp_dh_callback to suppress warning.

* test/drb/ut_drb_drbssl.rb: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36999 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,14 @@
+Thu Sep 20 16:42:44 2012  NARUSE, Yui  <naruse@ruby-lang.org>
+
+	* lib/drb/ssl.rb (DRb::DRbSSLSocket::SSLConfig::DEFAULT): add
+	  SSLTmpDhCallback for configuration option.
+
+	* lib/drb/ssl.rb (setup_ssl_context): copy the value of tmp_dh_callback.
+
+	* test/drb/ut_array_drbssl.rb: set tmp_dh_callback to suppress warning.
+
+	* test/drb/ut_drb_drbssl.rb: ditto.
+
 Thu Sep 20 10:56:08 2012  NAKAMURA Usaku  <usa@ruby-lang.org>
 
 	* test/drb/ut_drb.rb: revert a part of r36987, and get rid of a warning

lib/drb/ssl.rb

@@ -15,6 +15,7 @@ module DRb
         :SSLClientCA          => nil,
         :SSLCACertificatePath => nil,
         :SSLCACertificateFile => nil,
+        :SSLTmpDhCallback     => nil,
         :SSLVerifyMode        => ::OpenSSL::SSL::VERIFY_NONE,
         :SSLVerifyDepth       => nil,
         :SSLVerifyCallback    => nil,   # custom verification
@@ -101,6 +102,7 @@ module DRb
         ctx.client_ca       = self[:SSLClientCA]
         ctx.ca_path         = self[:SSLCACertificatePath]
         ctx.ca_file         = self[:SSLCACertificateFile]
+        ctx.tmp_dh_callback = self[:SSLTmpDhCallback]
         ctx.verify_mode     = self[:SSLVerifyMode]
         ctx.verify_depth    = self[:SSLVerifyDepth]
         ctx.verify_callback = self[:SSLVerifyCallback]

test/drb/ut_array_drbssl.rb

@@ -9,7 +9,18 @@ if __FILE__ == $0
     it
   end
 
+  TEST_KEY_DH1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
+pFxIvjG05D7HoBZQfrR0c92NGWPkAiCkhQKB8JCbPVzwNLDy6DZ0pmofDKrEsYHG
+AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
+-----END DH PARAMETERS-----
+  _end_of_pem_
+
+  TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)
+
   config = Hash.new
+  config[:SSLTmpDhCallback] = proc { TEST_KEY_DH1024 }
   config[:SSLVerifyMode] = OpenSSL::SSL::VERIFY_PEER
   config[:SSLVerifyCallback] = lambda{|ok,x509_store|
     true

test/drb/ut_drb_drbssl.rb

@@ -1,4 +1,4 @@
-require "#{File.dirname(File.expand_path(__FILE__))}/ut_drb"
+require_relative "ut_drb"
 require 'drb/ssl'
 
 if __FILE__ == $0
@@ -8,7 +8,18 @@ if __FILE__ == $0
     it
   end
 
+  TEST_KEY_DH1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
+pFxIvjG05D7HoBZQfrR0c92NGWPkAiCkhQKB8JCbPVzwNLDy6DZ0pmofDKrEsYHG
+AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
+-----END DH PARAMETERS-----
+  _end_of_pem_
+
+  TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)
+
   config = Hash.new
+  config[:SSLTmpDhCallback] = proc { TEST_KEY_DH1024 }
   config[:SSLVerifyMode] = OpenSSL::SSL::VERIFY_PEER
   config[:SSLVerifyCallback] = lambda{|ok,x509_store|
     true