* Reword the description in README for more clarity.
* Add a compatibility matrix of our stable branches and explain the
maintenance policy.
* Remove the obsolete paragraph for how to use the gem in Ruby 2.3,
which is no longer supported.
https://github.com/ruby/openssl/commit/7691034fcb
JRuby has its own implementation of the `openssl` library in
jruby-openssl. The simplest way for us to allow users to set
openssl as a gem dependency is to ship a stub gem that just
depends on jruby-openssl. This patch adds that to the gemspec.
Additional work may be required to fit this stub gem into the test
and release process.
See #20 for more details.
https://github.com/ruby/openssl/commit/74ccaa5e18
Drop support for Ruby 2.3, 2.4, and 2.5.
As of 2021-10, Ruby 2.6 is the oldest version that still receives
security fixes from the Ruby core team, so it doesn't make much sense
to keep code for those ancient versions.
https://github.com/ruby/openssl/commit/3436bd040d
Back in 2016, we chose not to use Bundler in Ruby/OpenSSL development
because Bundler depended on openssl and could not be used for testing
openssl itself - "bundle exec rake test" would end up with loading two
different versions of openssl at the same time.
This has been resolved long time ago. We can now safely use it for
development dependency management and for Rake tasks.
https://github.com/ruby/openssl/commit/47283d9161
Sync with the current tip of master branch, 62436385306c of
ruby/openssl.git. Changes can be found at:
https://github.com/ruby/openssl/compare/v2.1.1...62436385306c
----------------------------------------------------------------
Brian Cunnie (1):
Correctly verify abbreviated IPv6 SANs
Janko Marohnić (1):
Reduce memory allocation when writing to SSLSocket
Jeremy Evans (1):
Move rb_global_variable call to directly after assignment
Kazuki Yamaguchi (7):
pkcs7: allow recipient's certificate to be omitted for PKCS7#decrypt
pkey: resume key generation after interrupt
tool/ruby-openssl-docker: update to latest versions
test/test_ssl: fix test failure with TLS 1.3
test/test_x509name: change script encoding to ASCII-8BIT
x509name: refactor OpenSSL::X509::Name#to_s
x509name: fix handling of X509_NAME_{oneline,print_ex}() return value
ahadc (1):
Update CONTRIBUTING.md
nobu (6):
no ID cache in Init functions
search winsock libraries explicitly
openssl: search winsock
openssl_missing.h: constified
reduce LibreSSL warnings
openssl/buffering.rb: no RS when output
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Commits in upstream repository since v2.1.0 can be found at:
https://github.com/ruby/openssl/compare/v2.1.0...v2.1.1
----------------------------------------------------------------
Kazuki Yamaguchi (7):
test/utils: disable Thread's report_on_exception in start_server
cipher: validate iterations argument for Cipher#pkcs5_keyivgen
extconf.rb: fix build with LibreSSL 2.7.0
test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1
test/test_ssl_session: set client protocol version explicitly
Ruby/OpenSSL 2.0.8
Ruby/OpenSSL 2.1.1
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63406 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Import Ruby/OpenSSL 2.1.0.beta2. The full commit log since commit
e72d960db262 which was imported by r60013 can be found at:
https://github.com/ruby/openssl/compare/e72d960db262...v2.1.0.beta2
----------------------------------------------------------------
Kazuki Yamaguchi (26):
bn: use ALLOCV() macro instead of xmalloc()
appveyor.yml: remove 'openssl version' line
test/test_ssl_session: skip tests for session_remove_cb
x509ext: implement X509::Extension#==
x509attr: implement X509::Attribute#==
x509cert: implement X509::Certificate#==
x509revoked: add missing X509::Revoked#to_der
x509crl, x509revoked: implement X509::{CRL,Revoked}#==
x509req: implement X509::Request#==
ssl: extract rb_intern("call")
cipher: disallow setting AAD for non-AEAD ciphers
test/test_cipher: fix test_non_aead_cipher_set_auth_data failure
ssl: fix conflict of options in SSLContext#set_params
buffering: let #write accept multiple arguments
pkey: make pkey_check_public_key() non-static
x509cert, x509crl, x509req, ns_spki: check sanity of public key
test/envutil: port assert_warning from Ruby trunk
test/utils: remove a pointless .public_key call in issue_cert
ssl: add SSLContext#add_certificate
test/test_ssl: fix test_security_level
Drop support for LibreSSL 2.4
kdf: add HKDF support
test/test_x509cert: fix flaky test
test/test_x509crl: fix random failure
History.md: fix a typo
Ruby/OpenSSL 2.1.0.beta2
Mark Wright (1):
Fix build failure against OpenSSL 1.1 built with no-deprecated Thanks rhenium for the code review and fixes.
Peter Karman (1):
Add RSA sign_pss() and verify_pss() methods
aeris (1):
TLS Fallback Signaling Cipher Suite Value
kazu (1):
Use caller with length to reduce unused strings
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60907 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync with master branch of ruby/openssl.git to import changes in
v2.1.0.beta1..v2.0.6. The commit log since v2.1.0.beta1 which was
imported by r59734 can be found at:
https://github.com/ruby/openssl/compare/v2.1.0.beta1...e72d960db262
----------------------------------------------------------------
Kazuki Yamaguchi (16):
test/test_pair: fix test_write_nonblock{,_no_exceptions}
x509name: fix a typo in docs
test/test_fips: skip if setting FIPS mode fails
test/test_asn1: fix possible failure in test_utctime
test/test_ssl: suppress warning in test_alpn_protocol_selection_cancel
test/test_pair: disable compression
test/test_ssl: skip tmp_ecdh_callback test for LibreSSL >= 2.6.1
test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1
tool/ruby-openssl-docker: update
test/test_pair: replace sleep with IO.select
ssl: prevent SSLSocket#sysread* from leaking uninitialized data
ossl.c: use struct CRYPTO_dynlock_value for non-dynamic locks
ossl.c: make legacy locking callbacks reentrant
test/test_engine: suppress stderr
test/test_engine: check if RC4 is supported
Ruby/OpenSSL 2.0.6
SHIBATA Hiroshi (1):
To use upstream url of github
nobu (1):
ruby.h: unnormalized Fixnum value
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60013 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5
(imported by r59567) can be found at:
https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1
----------------------------------------------------------------
Antonio Terceiro (1):
test/test_ssl: explicitly accept TLS 1.1 in corresponding test
Colby Swandale (1):
document using secure protocol to fetch git master in Bundler
Colton Jenkins (1):
Add fips_mode_get to return fips_mode
Kazuki Yamaguchi (85):
Start preparing for 2.1.0
Remove support for OpenSSL 0.9.8 and 1.0.0
bn: refine tests
bn: implement unary {plus,minus} operators for OpenSSL::BN
bn: implement OpenSSL::BN#negative?
Don't define main() when built with --enable-debug
test: let OpenSSL::TestCase include OpenSSL::TestUtils
test: prepare test PKey instances on demand
Add OpenSSL.print_mem_leaks
Enable OSSL_MDEBUG on CI builds
ssl: move default DH parameters from OpenSSL::PKey::DH
Make exceptions with the same format regardless of OpenSSL.debug
ssl: show reason of 'certificate verify error' in exception message
ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
ssl: do not confuse different ex_data index registries
ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
Fix RDoc markup
ssl: suppress compiler warning
ext/openssl/deprecation.rb: remove broken-apple-openssl
extconf.rb: print informative message if OpenSSL can't be found
Rakefile: compile the extension before test
kdf: introduce OpenSSL::KDF module
ossl.h: add NUM2UINT64T() macro
kdf: add scrypt
Expand rb_define_copy_func() macro
Expand FPTR_TO_FD() macro
Remove SafeGet*() macros
cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()
digest: rename GetDigestPtr() to ossl_evp_get_digestbyname()
Add ossl_str_new(), an exception-safe rb_str_new()
bio: simplify ossl_membio2str() using ossl_str_new()
Remove unused functions and macros
Drop support for LibreSSL 2.3
ocsp: add OpenSSL::OCSP::Request#signed?
asn1: infinite length -> indefinite length
asn1: rearrange tests
ssl: remove a needless NULL check in SSL::SSLContext#ciphers
ssl: return nil in SSL::SSLSocket#cipher if session is not started
asn1: remove an unnecessary function prototype
asn1: require tag information when instantiating generic type
asn1: initialize 'unused_bits' attribute of BitString with 0
asn1: check for illegal 'unused_bits' value of BitString
asn1: disallow NULL to be passed to asn1time_to_time()
asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid
asn1: allow constructed encoding with definite length form
asn1: prohibit indefinite length form for primitive encoding
asn1: allow tag number to be >= 32 for universal tag class
asn1: use ossl_asn1_tag()
asn1: clean up OpenSSL::ASN1::Constructive#to_der
asn1: harmonize OpenSSL::ASN1::*#to_der
asn1: prevent EOC octets from being in the middle of the content
asn1: do not treat EOC octets as part of content octets
x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry
ssl: do not call session_remove_cb during GC
Backport "Merge branch 'topic/test-memory-leak'" to maint
cipher: update the documentation for Cipher#auth_tag=
Rakefile: let sync:to_ruby know about test/openssl/fixtures
test: fix formatting
test/utils: remove OpenSSL::TestUtils.silent
test/utils: add SSLTestCase#tls12_supported?
test/utils: have start_server yield only the port number
test/utils: do not set ecdh_curves in start_server
test/utils: let server_loop close socket
test/utils: improve error handling in start_server
test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
test/utils: do not use DSA certificates in SSL tests
test/test_ssl: remove test_invalid_shutdown_by_gc
test/test_ssl: move test_multibyte_read_write to test_pair
test/test_ssl_session: rearrange tests
test/test_pair, test/test_ssl: fix for TLS 1.3
ssl: remove useless call to rb_thread_wait_fd()
ssl: fix NPN support
ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private
ssl: use 2048-bit group in the default tmp_dh_cb
ssl: ensure that SSL option flags are non-negative
ssl: update OpenSSL::SSL::OP_* flags
ssl: prefer TLS_method() over SSLv23_method()
ssl: add SSLContext#min_version= and #max_version=
ssl: rework SSLContext#ssl_version=
test/test_x509name: change script encoding to ASCII-8BIT
x509name: refactor OpenSSL::X509::Name#to_s
x509name: add OpenSSL::X509::Name#to_utf8
x509name: add OpenSSL::X509::Name#inspect
x509name: update regexp in OpenSSL::X509::Name.parse
Ruby/OpenSSL 2.1.0.beta1
Marcus Stollsteimer (1):
Fix rdoc for core Integer class
nobu (4):
[DOC] {read,write}_nonblock with exception: false
[DOC] keyword argument _exception_
[DOC] mark up literals
Revert r57690 except for read_nonblock
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Import Ruby/OpenSSL 2.0.5. The full commit history since v2.0.4
(imported at r59081) can be found at:
https://github.com/ruby/openssl/compare/v2.0.4...v2.0.5
This will fix the test failure on latest Debian sid and the "no
OPENSSL_Applink" issue on mswin.
----------------------------------------------------------------
Kazuki Yamaguchi (11):
test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
bio: prevent possible GC issue in ossl_obj2bio()
bio: do not use the FILE BIO method in ossl_obj2bio()
Rakefile: install_dependencies: install only when needed
appveyor.yml: test against Ruby 2.4
ossl_pem_passwd_cb: relax passphrase length constraint
ossl_pem_passwd_cb: do not check for taintedness
ossl_pem_passwd_cb: handle nil from the block explicitly
ssl: remove unsupported TLS versions from SSLContext::METHODS
ssl: fix compile error with OpenSSL 1.0.0
Ruby/OpenSSL 2.0.5
Lars Kanis (1):
Add msys2 library dependency tag in gem metadata
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Import Ruby/OpenSSL 2.0.4. Only bug (and typo) fixes. The full commit
history since v2.0.3 (imported at r57482) can be found at:
https://github.com/ruby/openssl/compare/v2.0.3...v2.0.4
This contains the fix for [Bug #11033].
----------------------------------------------------------------
Jun Aruga (1):
Update .travis.yml and Dockerfile
Kazuki Yamaguchi (9):
test/test_pkey_ec: do not use dummy 0 order
test/test_ssl: fix typo in test_sysread_and_syswrite
ssl: check return value of SSL_set_fd()
Fix typos
test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
tool/sync-with-trunk: 'LASY' -> 'LAST'
x509store: clear error queue after calling X509_LOOKUP_load_file()
extconf.rb: simplify searching libraries logic
Ruby/OpenSSL 2.0.4
SHIBATA Hiroshi (1):
Fix typos
Vladimir Rybas (1):
Fix documentation for OpenSSL::Cipher#final
nobu (2):
openssl: fix broken openssl check
openssl: fix broken openssl check
usa (1):
Search SSL libraries by testing various filename patterns
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59081 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Import Ruby/OpenSSL 2.0.3. Only bugfixes. The full commit log since
2.0.2 (imported at r57146) can be found at:
https://github.com/ruby/openssl/compare/v2.0.2...v2.0.3
----------------------------------------------------------------
Corey Bonnell (1):
Fix for ASN1::Constructive 'each' implementation
Kazuki Yamaguchi (10):
Fix build with static OpenSSL libraries on Windows
([ruby-core:78878] [Bug #13080])
Merge pull request #96 from CBonnell/master
Merge branch 'topic/windows-static-linking-without-pkg-config' into maint
appveyor.yml: update OpenSSL version to 1.0.2j
buffering: fix typo in doc
test/envutil: fix assert_raise_with_message
x509: fix OpenSSL::X509::Name#eql?
([ruby-core:79310] [Bug #13170])
ruby-openssl-docker: update versions of Ruby and OpenSSL
.travis.yml: test with Ruby 2.4
Ruby/OpenSSL 2.0.3
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Import Ruby/OpenSSL 2.0.2. This release contains only bugfixes. The full
commit log since 2.0.1 (imported at r57041) can be found at:
https://github.com/ruby/openssl/compare/v2.0.1...v2.0.2
----------------------------------------------------------------
Kazuki Yamaguchi (5):
ssl: check for SSL_CTX_clear_options()
Rename functions in openssl_missing.c
ssl: use SSL_SESSION_get_protocol_version()
pkey: allow instantiating OpenSSL::PKey::PKey with unsupported key type
Ruby/OpenSSL 2.0.2
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57146 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Import Ruby/OpenSSL 2.0.1. The full commit history since 2.0.0 (imported
at r56946) can be found at:
https://github.com/ruby/openssl/compare/v2.0.0...v2.0.1
This release contains only bug fixes. Note, the first two commits since
v2.0.0 are already imported at r56953 to make Travis and RubyCI green.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57041 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2
(imported at r56098) can be found at:
https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* {ext,test}/openssl: Import Ruby/OpenSSL 2.0.0.beta.2. The full commit
history since v2.0.0.beta.1 can be found at:
https://github.com/ruby/openssl/compare/v2.0.0.beta.1...v2.0.0.beta.2
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1.
ext/openssl is now converted into a default gem. The full commit
history since r55538 can be found at:
https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1
[Feature #9612]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Kazuki Yamaguchi
Charles Oliver Nutter
Hiroshi SHIBATA
Nobuyoshi Nakada
rhe
hsbt