* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert

`tmp_dh_callback` to Ruby, and call it when setting up an SSL connection. This allows us to move the "default" behavior to the reader method. * ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of accessing the SSLContext's internals. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-07-31 18:20:31 +00:00 · 2015-07-31 18:20:31 +00:00 · 5b5d79c88b
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+Sat Aug  1 03:14:07 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert
+	  `tmp_dh_callback` to Ruby, and call it when setting up an SSL
+	  connection.  This allows us to move the "default" behavior to the
+	  reader method.
+
+	* ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of
+	  accessing the SSLContext's internals.
+
 Fri Jul 31 23:34:27 2015  Aaron Patterson <tenderlove@ruby-lang.org>

 	* .travis.yml: update libssl before running tests.
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@ -77,12 +77,23 @@ module OpenSSL
      INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
        "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
        "verify_callback", "options", "cert_store", "extra_chain_cert",
-        "client_cert_cb", "session_id_context",
+        "client_cert_cb", "session_id_context", "tmp_dh_callback",
        "session_get_cb", "session_new_cb", "session_remove_cb",
        "tmp_ecdh_callback", "servername_cb", "npn_protocols",
        "alpn_protocols", "alpn_select_cb",
        "npn_select_cb"].map { |x| "@#{x}" }

+      # A callback invoked when DH parameters are required.
+      #
+      # The callback is invoked with the Session for the key exchange, an
+      # flag indicating the use of an export cipher and the keylength
+      # required.
+      #
+      # The callback must return an OpenSSL::PKey::DH instance of the correct
+      # key length.
+
+      attr_writer :tmp_dh_callback
+
      # call-seq:
      #    SSLContext.new => ctx
      #    SSLContext.new(:TLSv1) => ctx
@ -91,7 +102,6 @@ module OpenSSL
      # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
      def initialize(version = nil)
        INIT_VARS.each { |v| instance_variable_set v, nil }
-        @tmp_dh_callback = OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
        return unless version
        self.ssl_version = version
      end
@ -115,8 +125,8 @@ module OpenSSL
        return params
      end

-      def tmp_dh_callback=(value)
-        @tmp_dh_callback = value || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
+      def tmp_dh_callback
+        @tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
      end
    end

--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@ -49,7 +49,6 @@ static VALUE eSSLErrorWaitWritable;
 #define ossl_sslctx_set_cert_store(o,v)  	rb_iv_set((o),"@cert_store",(v))
 #define ossl_sslctx_set_extra_cert(o,v)  	rb_iv_set((o),"@extra_chain_cert",(v))
 #define ossl_sslctx_set_client_cert_cb(o,v) 	rb_iv_set((o),"@client_cert_cb",(v))
-#define ossl_sslctx_set_tmp_dh_cb(o,v)   	rb_iv_set((o),"@tmp_dh_callback",(v))
 #define ossl_sslctx_set_sess_id_ctx(o, v) 	rb_iv_set((o),"@session_id_context",(v))

 #define ossl_sslctx_get_cert(o)          	rb_iv_get((o),"@cert")
@ -66,7 +65,7 @@ static VALUE eSSLErrorWaitWritable;
 #define ossl_sslctx_get_extra_cert(o)    	rb_iv_get((o),"@extra_chain_cert")
 #define ossl_sslctx_get_client_cert_cb(o) 	rb_iv_get((o),"@client_cert_cb")
 #define ossl_sslctx_get_tmp_ecdh_cb(o)          rb_iv_get((o),"@tmp_ecdh_callback")
-#define ossl_sslctx_get_tmp_dh_cb(o)     	rb_iv_get((o),"@tmp_dh_callback")
+#define ossl_sslctx_get_tmp_dh_cb(o)     	rb_funcall((o),rb_intern("tmp_dh_callback"),0)
 #define ossl_sslctx_get_sess_id_ctx(o)   	rb_iv_get((o),"@session_id_context")

 #define ossl_ssl_get_io(o)           rb_iv_get((o),"@io")
@ -2115,18 +2114,6 @@ Init_ossl_ssl(void)
     */
    rb_attr(cSSLContext, rb_intern("tmp_ecdh_callback"), 1, 1, Qfalse);

-     /*
-     * A callback invoked when DH parameters are required.
-     *
-     * The callback is invoked with the Session for the key exchange, an
-     * flag indicating the use of an export cipher and the keylength
-     * required.
-     *
-     * The callback must return an OpenSSL::PKey::DH instance of the correct
-     * key length.
-     */
-    rb_attr(cSSLContext, rb_intern("tmp_dh_callback"), 1, 0, Qfalse);
-
    /*
     * Sets the context in which a session can be reused.  This allows
     * sessions for multiple applications to be distinguished, for example, by