When compiled with OpenSSL <= 1.1.1, OpenSSL::SSL::SSLContext#setup
does not raise an exception on an error return from
SSL_CTX_load_verify_locations(), but instead only prints a verbose-mode
warning. This is not helpful since it very likely indicates an actual
error, such as the specified file not being readable.
Also, OpenSSL's error queue is not correctly cleared:
$ ruby -w -ropenssl -e'OpenSSL.debug=true; ctx=OpenSSL::SSL::SSLContext.new; ctx.ca_file="bad-path"; ctx.setup; pp OpenSSL.errors'
-e:1: warning: can't set verify locations
["error:02001002:system library:fopen:No such file or directory",
"error:2006D080:BIO routines:BIO_new_file:no such file",
"error:0B084002:x509 certificate routines:X509_load_cert_crl_file: system lib"]
The behavior is currently different when compiled with OpenSSL >= 3.0:
SSLError is raised if SSL_CTX_load_verify_file() or
SSL_CTX_load_verify_dir() fails.
This inconsistency was unintentionally introduced by commit https://github.com/ruby/openssl/commit/5375a55ffc35
("ssl: use SSL_CTX_load_verify_{file,dir}() if available", 2020-02-22).
However, raising SSLError seems more appropriate in this situation.
Let's adjust the OpenSSL <= 1.1.1 code so that it behaves the same way
as the OpenSSL >= 3.0 code currently does.
Fixes: https://github.com/ruby/openssl/issues/649https://github.com/ruby/openssl/commit/7eb10f7b75
Enrich SSLError's message with the low-level certificate verification
result, even if SSL_get_error() returns SSL_ERROR_SYSCALL. This is
currently done on SSL_ERROR_SSL only.
According to the man page of SSL_get_error(), SSL_ERROR_SYSCALL may be
returned for "other errors, check the error queue for details". This
apparently means we have to treat SSL_ERROR_SYSCALL, if errno is not
set, as equivalent to SSL_ERROR_SSL.
https://github.com/ruby/openssl/commit/5113777e82
The vast majority have no reference so it's just a matter of setting the flags.
For the couple exception, they have very little references so it's
easy.
https://github.com/ruby/openssl/commit/2c7c6de69e
This fixes a linkage error about `ossl_ssl_type` on platforms which do
not have socket, like WASI.
Even before this patch, some items are disabled under `OPENSSL_NO_SOCK` since
ee22fad45d
However, due to some new use of OpenSSL::SSL::Socket over the past few years,
the build under `OPENSSL_NO_SOCK` had been broken.
This patch guards whole `OpenSSL::SSL` items by `OPENSSL_NO_SOCK`.
[ky: adjusted to apply on top of my previous commit that removed the
OpenSSL::ExtConfig, and added a guard to lib/openssl/ssl.rb.]
https://github.com/ruby/openssl/commit/b0cfac6a96
As noted in commit https://github.com/ruby/openssl/commit/a2ed156cc9f1 ("test/test_ssl: do not run NPN tests
for LibreSSL >= 2.6.1", 2017-08-13), NPN is known not to work properly
on LibreSSL.
Disable NPN support on LibreSSL, whether OPENSSL_NO_NEXTPROTONEG is
defined or not.
NPN is less relevant today anyway. Let's also silence test suite when
it's not available.
https://github.com/ruby/openssl/commit/289f6e0e1f
- This callback is invoked when TLS key material is generated or
received, in order to allow applications to store this keying material
for debugging purposes.
- It is invoked with an `SSLSocket` and a string containing the key
material in the format used by NSS for its SSLKEYLOGFILE debugging
output.
- This commit adds the Ruby binding `keylog_cb` and the related tests
- It is only compatible with OpenSSL >= 1.1.1. Even if LibreSSL implements
`SSL_CTX_set_keylog_callback()` from v3.4.2, it does nothing (see
648d39f0f0)
https://github.com/ruby/openssl/commit/3b63232cf1
OpenSSL::SSL::SSLSocket allowed #read and #write to be called before an
SSL/TLS handshake is completed. They passed unencrypted data to the
underlying socket.
This behavior is very odd to have in this library. A verbose mode
warning "SSL session is not started yet" was emitted whenever this
happened. It also didn't behave well with OpenSSL::Buffering. Let's
just get rid of it.
Fixes: https://github.com/ruby/openssl/issues/9https://github.com/ruby/openssl/commit/bf780748b3
Use SSL_get_rbio() instead of SSL_get_fd(). SSL_get_fd() internally
calls SSL_get_rbio() and it's enough for our purpose.
In OpenSSL 3.0, SSL_get_fd() leaves an entry in the OpenSSL error queue
if BIO has not been set up yet, and we would have to clean it up.
https://github.com/ruby/openssl/commit/e95ee24867
SSLSocket#connect eventually calls `GetOpenFile` in order to get the
underlying file descriptor for the IO object passed in on
initialization. `GetOpenFile` assumes that the Ruby object passed in is
a T_FILE object and just casts it to a T_FILE without any checks. If
you pass an object that *isn't* a T_FILE to that function, the program
will segv.
Since we assume the IO object is a file in the `connect` method, this
commit adds a `CheckType` in the initialize method to ensure that the IO
object is actually a T_FILE. If the object *isn't* a T_FILE, this class
will segv on `connect`, so I think this is a backwards compatible
change.
https://github.com/ruby/openssl/commit/919fa44ec2
On the server side, the serialized list of protocols is stored in
SSL_CTX as a String object reference. We utilize a hidden instance
variable to prevent it from being GC'ed, but this is not enough because
it can also be relocated by GC.compact.
https://github.com/ruby/openssl/commit/5eb68ba778
We store the reverse reference to the Ruby object in the OpenSSL
struct for use from OpenSSL callback functions. To prevent the Ruby
object from being relocated by GC.compact, we must "pin" it by calling
rb_gc_mark().
https://github.com/ruby/openssl/commit/022b7ceada
Similarly to SSLSocket#syswrite, the blocking SSLSocket#sysread allows
context switches. We must prevent other threads from modifying the
string buffer.
We can use rb_str_locktmp() and rb_str_unlocktmp() to temporarily
prohibit modification of the string.
https://github.com/ruby/openssl/commit/d38274949f
Provide a wrapper of SSL_set0_tmp_dh_pkey()/SSL_CTX_set_tmp_dh(), which
sets the DH parameters used for ephemeral DH key exchange.
SSLContext#tmp_dh_callback= already exists for this purpose, as a
wrapper around SSL_CTX_set_tmp_dh_callback(), but it is considered
obsolete and the OpenSSL API is deprecated for future removal. There is
no practical use case where an application needs to use different DH
parameters nowadays. This was originally introduced to support export
grade ciphers.
RDoc for #tmp_dh_callback= is updated to recommend the new #tmp_dh=.
Note that current versions of OpenSSL support automatic ECDHE curve
selection which is enabled by default. SSLContext#tmp_dh= should only be
necessary if you must allow ancient clients which don't support ECDHE.
https://github.com/ruby/openssl/commit/aa43da4f04
LibreSSL 2.2.2 introduced TLS_method(), but with different semantics
from OpenSSL: TLS_method() enabled TLS >= 1.0 while SSLv23_method()
enabled all available versions, which included SSL 3.0 in addition.
However, LibreSSL 2.3.0 removed SSL 3.0 support completely and now
TLS_method() and SSLv23_method() are equivalent.
https://github.com/ruby/openssl/commit/3b7d7045b8
SSL_CTX_set_ecdh_auto() exists in OpenSSL 1.1.0 and LibreSSL 2.6.1, but
it is made no-op and the automatic curve selection cannot be disabled.
Wrap it with ifdef to make it clear that it is safe to remove it
completely when we drop support for OpenSSL 1.0.2.
https://github.com/ruby/openssl/commit/2ae8f21234
Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.
OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:
- Ubuntu 14.04 is EOL since 2019-04-30
- RHEL 6 will reach EOL on 2020-11-30
LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.
Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.
https://github.com/ruby/openssl/commit/c055938f4b
This defines TLS1_3_VERSION when using LibreSSL 3.2+. LibreSSL 3.2/3.3
doesn't advertise this by default, even though it will use TLS 1.3
in both client and server modes.
Changes between LibreSSL 3.1 and 3.2/3.3 broke a few tests, Defining
TLS1_3_VERSION by itself fixes 1 test failure. A few tests now
fail on LibreSSL 3.2/3.3 unless TLS 1.2 is set as the maximum version,
and this adjusts those tests. The client CA test doesn't work in
LibreSSL 3.2+, so I've marked that as pending.
For the hostname verification, LibreSSL 3.2.2+ has a new stricter
hostname verifier that doesn't like subjectAltName such as
c*.example.com and d.*.example.com, so adjust the related tests.
With these changes, the tests pass on LibreSSL 3.2/3.3.
https://github.com/ruby/openssl/commit/a0e98d48c9
The underlying API SSL_CTX_set_tmp_ecdh_callback() was removed by
LibreSSL >= 2.6.1 and OpenSSL >= 1.1.0, in other words, it is not
supported by any non-EOL versions of OpenSSL.
The wrapper was initially implemented in Ruby 2.3 and has been
deprecated since Ruby/OpenSSL 2.0 (bundled with Ruby 2.4) with explicit
warning with rb_warn().
https://github.com/ruby/openssl/commit/ee037e1460
Let's revert the changes for now, as it cannot be included in the 2.2.0
release.
My comment on #257:
> A blocker is OpenSSL::SSL::SSLContext#add_certificate_chain_file. It
> has a pending change and I don't want to include it in an incomplete
> state.
>
> The initial implementation in commit 46e4bdba40c5 was not really
> useful. The issue is described in #305. #309 extended it
> to take the corresponding private key together. However, the new
> implementation was incompatible on Windows and was reverted by #320 to
> the initial one.
>
> (The prerequisite to implement it in) an alternative way is #288, and
> it's still cooking.
This effectively reverts the following commits:
- dacd08937ccd ("ssl: suppress test failure with SSLContext#add_certificate_chain_file", 2020-03-09)
- 46e4bdba40c5 ("Add support for SSL_CTX_use_certificate_chain_file. Fixes #254.", 2019-06-13)
https://github.com/ruby/openssl/commit/ea925619a9
Import current master (2c43241dc0ed) of ruby/openssl.git.
Below are the commits that were made since the last batch at commit
b99775b163 (ruby/openssl.git commit f49e7110ca1e). Note that some of
them have been applied already.
----------------------------------------------------------------
Benoit Daloze (1):
Remove redundant and ignored workflow file
DBL-Lee (1):
add support for SHA512_256/SHA512_224
Hiroshi SHIBATA (2):
Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms
Fixed inconsistency directory structure with ruby/ruby repo
Jeremy Evans (2):
Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock
Remove taint support
Kazuki Yamaguchi (26):
config: support .include directive
random: make OpenSSL::Random.pseudo_bytes alias of .random_bytes
extconf.rb: get rid of -Werror=deprecated-declarations
test/openssl/test_ssl: skip test_fallback_scsv if necessary
ts: simplify OpenSSL::Timestamp::Request#algorithm
History.md: add missing references to GitHub issues
config: deprecate OpenSSL::Config#add_value and #[]=
test/openssl/test_ssl: remove sleep from test_finished_messages
test/openssl/test_ssl: fix random failure in SSLSocket.open test
test/openssl/test_ssl: avoid explicitly-sized private keys
test/openssl/test_ssl: remove commented-out test case
test/openssl/test_ssl: allow kRSA tests to fail
ssl: avoid declarations after statements
engine: revert OpenSSL::Engine.load changes for cloudhsm
engine: remove really outdated static engines
engine: do not check for ENGINE_load_builtin_engines()
engine: fix guards for 'dynamic' and 'cryptodev' engines
lib/openssl.rb: require openssl/version.rb
x509: add error code and verify flags constants
ssl: set verify error code in the case of verify_hostname failure
.github/workflows: merge CI jobs into a single workflow
.github/workflows: test against different OpenSSL versions
.travis.yml: fully migrate to GitHub Actions
ssl: suppress test failure with SSLContext#add_certificate_chain_file
ssl: remove test case test_puts_meta from test_pair
Revert "Use version.rb in gemspec"
MSP-Greg (2):
.travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2
Use version.rb in gemspec
Samuel Williams (1):
Restore compatibility with older versions of Ruby.
Yusuke Endoh (1):
Make OpenSSL::OSSL#test_memcmp_timing robust