* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert

`tmp_dh_callback` to Ruby, and call it when setting up an SSL
  connection.  This allows us to move the "default" behavior to the
  reader method.

* ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of
  accessing the SSLContext's internals.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
tenderlove 2015-07-31 18:20:31 +00:00
Родитель af13f15b50
Коммит 5b5d79c88b
3 изменённых файлов: 25 добавлений и 18 удалений

Просмотреть файл

@ -1,3 +1,13 @@
Sat Aug 1 03:14:07 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert
`tmp_dh_callback` to Ruby, and call it when setting up an SSL
connection. This allows us to move the "default" behavior to the
reader method.
* ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of
accessing the SSLContext's internals.
Fri Jul 31 23:34:27 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* .travis.yml: update libssl before running tests.

Просмотреть файл

@ -77,12 +77,23 @@ module OpenSSL
INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
"verify_callback", "options", "cert_store", "extra_chain_cert",
"client_cert_cb", "session_id_context",
"client_cert_cb", "session_id_context", "tmp_dh_callback",
"session_get_cb", "session_new_cb", "session_remove_cb",
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
"alpn_protocols", "alpn_select_cb",
"npn_select_cb"].map { |x| "@#{x}" }
# A callback invoked when DH parameters are required.
#
# The callback is invoked with the Session for the key exchange, an
# flag indicating the use of an export cipher and the keylength
# required.
#
# The callback must return an OpenSSL::PKey::DH instance of the correct
# key length.
attr_writer :tmp_dh_callback
# call-seq:
# SSLContext.new => ctx
# SSLContext.new(:TLSv1) => ctx
@ -91,7 +102,6 @@ module OpenSSL
# You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
def initialize(version = nil)
INIT_VARS.each { |v| instance_variable_set v, nil }
@tmp_dh_callback = OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
return unless version
self.ssl_version = version
end
@ -115,8 +125,8 @@ module OpenSSL
return params
end
def tmp_dh_callback=(value)
@tmp_dh_callback = value || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
def tmp_dh_callback
@tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
end
end

Просмотреть файл

@ -49,7 +49,6 @@ static VALUE eSSLErrorWaitWritable;
#define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v))
#define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v))
#define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v))
#define ossl_sslctx_set_tmp_dh_cb(o,v) rb_iv_set((o),"@tmp_dh_callback",(v))
#define ossl_sslctx_set_sess_id_ctx(o, v) rb_iv_set((o),"@session_id_context",(v))
#define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert")
@ -66,7 +65,7 @@ static VALUE eSSLErrorWaitWritable;
#define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert")
#define ossl_sslctx_get_client_cert_cb(o) rb_iv_get((o),"@client_cert_cb")
#define ossl_sslctx_get_tmp_ecdh_cb(o) rb_iv_get((o),"@tmp_ecdh_callback")
#define ossl_sslctx_get_tmp_dh_cb(o) rb_iv_get((o),"@tmp_dh_callback")
#define ossl_sslctx_get_tmp_dh_cb(o) rb_funcall((o),rb_intern("tmp_dh_callback"),0)
#define ossl_sslctx_get_sess_id_ctx(o) rb_iv_get((o),"@session_id_context")
#define ossl_ssl_get_io(o) rb_iv_get((o),"@io")
@ -2115,18 +2114,6 @@ Init_ossl_ssl(void)
*/
rb_attr(cSSLContext, rb_intern("tmp_ecdh_callback"), 1, 1, Qfalse);
/*
* A callback invoked when DH parameters are required.
*
* The callback is invoked with the Session for the key exchange, an
* flag indicating the use of an export cipher and the keylength
* required.
*
* The callback must return an OpenSSL::PKey::DH instance of the correct
* key length.
*/
rb_attr(cSSLContext, rb_intern("tmp_dh_callback"), 1, 0, Qfalse);
/*
* Sets the context in which a session can be reused. This allows
* sessions for multiple applications to be distinguished, for example, by