Drop support for Ruby 2.3, 2.4, and 2.5.
As of 2021-10, Ruby 2.6 is the oldest version that still receives
security fixes from the Ruby core team, so it doesn't make much sense
to keep code for those ancient versions.
https://github.com/ruby/openssl/commit/3436bd040d
On the server side, the serialized list of protocols is stored in
SSL_CTX as a String object reference. We utilize a hidden instance
variable to prevent it from being GC'ed, but this is not enough because
it can also be relocated by GC.compact.
https://github.com/ruby/openssl/commit/5eb68ba778
We store the reverse reference to the Ruby object in the OpenSSL
struct for use from OpenSSL callback functions. To prevent the Ruby
object from being relocated by GC.compact, we must "pin" it by calling
rb_gc_mark().
https://github.com/ruby/openssl/commit/a6ba9f894f
We store the reverse reference to the Ruby object in the OpenSSL
struct for use from OpenSSL callback functions. To prevent the Ruby
object from being relocated by GC.compact, we must "pin" it by calling
rb_gc_mark().
https://github.com/ruby/openssl/commit/022b7ceada
Similarly to SSLSocket#syswrite, the blocking SSLSocket#sysread allows
context switches. We must prevent other threads from modifying the
string buffer.
We can use rb_str_locktmp() and rb_str_unlocktmp() to temporarily
prohibit modification of the string.
https://github.com/ruby/openssl/commit/d38274949f
Provide a wrapper of SSL_set0_tmp_dh_pkey()/SSL_CTX_set_tmp_dh(), which
sets the DH parameters used for ephemeral DH key exchange.
SSLContext#tmp_dh_callback= already exists for this purpose, as a
wrapper around SSL_CTX_set_tmp_dh_callback(), but it is considered
obsolete and the OpenSSL API is deprecated for future removal. There is
no practical use case where an application needs to use different DH
parameters nowadays. This was originally introduced to support export
grade ciphers.
RDoc for #tmp_dh_callback= is updated to recommend the new #tmp_dh=.
Note that current versions of OpenSSL support automatic ECDHE curve
selection which is enabled by default. SSLContext#tmp_dh= should only be
necessary if you must allow ancient clients which don't support ECDHE.
https://github.com/ruby/openssl/commit/aa43da4f04
In AIX, altzone exists in the standard library but is not declared
in time.h. By 524513be39, have_var
and try_var in mkmf recognizes a variable that exists in a library
even when it is not declared. As a result, in AIX, HAVE_ALTZONE
is defined, but compile fails due to the lack of the declaration.
%v is supposed to be the VMS date, and VMS date format uses an
uppercase month.
Ruby 1.8 used an uppercase month for %v, but the behavior was
changed without explanation in r31672.
Time#strftime still uses an uppercase month for %v, so this change
makes Date#strftime consistent with Time#strftime.
Fixes [Bug #13810]
https://github.com/ruby/date/commit/56c489fd7e
Just append OpenSSL error reason to the given message string
object, which would be alreadly formatted.
Suppress -Wformat-security warning in `ossl_tsfac_create_ts`.
https://github.com/ruby/openssl/commit/11b1d8a6b8
Hiroshi SHIBATA
Nobuyoshi Nakada
Kazuki Yamaguchi
Nobuhiro IMAI
David Carlier
Sutou Kouhei
Akinori MUSHA
Pavel Rosický
Kazuhiro NISHIYAMA
卜部昌平
Rei Odaira
Jeremy Evans