Граф коммитов

56 Коммитов

Автор SHA1 Сообщение Дата
emboss 4bb125f91a * test/openssl/test_asn1_rb:
test/openssl/test_ssl_session.rb:
  test/openssl/test_x509name.rb:
  test/openssl/test_buffering.rb:
  test/openssl/test_x509cert.rb:
  test/openssl/test_ssl.rb: Refactor code that leads to warnings on
  Ruby CI.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36894 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-09-03 22:54:12 +00:00
emboss 25e6db3e3c * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be
  advertised by the server can be set in the SSLContext by using
  SSLContext#npn_protocols=, protocol selection on the client is
  supported by providing a selection callback with
  SSLContext#npn_select_cb. The protocol that was finally negotiated
  is available through SSL#npn_protocol.
  test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation.
  NEWS: add news about NPN support.
  [Feature #6503] [ruby-core:45272]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-08-31 09:47:36 +00:00
nobu d059d718b5 remove trainling spaces.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-08-21 04:50:18 +00:00
emboss 14ba7fab58 * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb and
remove SSLContext#disable_client_renegotiation and related
  functionality introduced in r35797. The new callback approach
  gives clients maximum flexibility to decide on their own what to
  do on renegotiation attempts.
  Add documentation for SSL module and SSLError. 
* test/openssl/test_ssl.rb: Add a test for
  SSLContext#renegotiation_cb.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-09 16:44:12 +00:00
emboss 50ba64ab87 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.
* test/openssl/test_ssl.rb: Simple tests for this.

  Client-side renegotiation is still considered problematic, even
  when used in the context of secure renegotiation (RI, RFC 5746).
  The changes allow users to either completely disable client
  renegotiation on the server, or to specify a maximum number of
  handshakes allowed in total. The number of total handshakes is
  counted in a callback set as SSL_set_info_callback. If the
  maximum number of handshakes is exceeded an error will be raised
  We do not support renegotiation in the OpenSSL extension, therefore
  this feature can only be tested externally.
  The feature is opt-in, the default setting will be to allow
  unlimited client renegotiation, as was the case before.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-26 00:56:33 +00:00
emboss 6f5582a2ae * test/openssl/test_ssl.rb: Clarify the intention of errors to be
expected. Two errors are possible when connection is refused due
  to a protocol version that was explicitly disallowed,
  OpenSSL::SSL::SSLError or Errno::ECONNRESET, depending on the
  OpenSSL version in use.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-25 14:44:15 +00:00
emboss 913827b6af * ext/openssl/ossl_ssl.c: Revert r35583
* test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid
the test failing in Ruby CI [1]
	
[1] http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz#test-all


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-25 13:24:47 +00:00
naruse 2f6c48e53b OpenSSL 1.0.1 pre-beta disabled TLS v1.2 by default.
http://cvs.openssl.org/chngview?cn=21471

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35752 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-21 14:03:18 +00:00
nobu 8545d2f4b9 test_ssl.rb: test only if necessary option is available.
* test/openssl/test_ssl.rb (test_forbid_tls_v1_{1,2}_{for_client,from_server}):
  test only if necessary option is available.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35570 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-07 17:18:55 +00:00
emboss 5f7be3150f * ext/openssl/ossl_ssl.c: add support for option flags
OpenSSL::SSL::OP_NO_TLSv1_1
  OpenSSL::SSL::OP_NO_TLSv1_2
  to allow blocking specific TLS versions. Thanks to Justin Guyett for
  pointing this out to me.
* test/openssl/test_ssl.rb: add tests to assert correct behavior when
  blocking certain versions of TLS/SSL both on server and client side.
  Also refactored tests to reduce boilerplate code a little.
* test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where
  client rejects the connection because a forbidden protocol version
  was used.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-07 11:57:01 +00:00
emboss 060184c347 * ext/openssl/ossl_ssl.c: support TLSv1.1 & TLSv1.1. Add
SSLContext#version to inspect the version that was negotiated for
  a given connection.
* ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support.
* test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they
  are supported by the native OpenSSL being used. 



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-05-06 22:26:08 +00:00
nahi 3ff2f9f3a3 * ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
option to prevent BEAST attack. See [Bug #5353].

  In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
  TLS-CBC-IV vulunerability described at
  http://www.openssl.org/~bodo/tls-cbc.txt
  It's known issue of TLSv1/SSLv3 but it attracts lots of attention
  these days as BEAST attack. (CVE-2011-3389)

  Until now ossl sets OP_ALL at SSLContext allocation and call
  SSL_CTX_set_options at connection.  SSL_CTX_set_options updates the
  value by using |= so bits set by OP_ALL cannot be unset afterwards.

  This commit changes to call SSL_CTX_set_options only 1 time for each
  SSLContext. It sets the specified value if SSLContext#options= are
  called and sets OP_ALL if not.

  To help users to unset bits in OP_ALL, this commit also adds several
  constant to SSL such as
  OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS.  These constants were
  not exposed in Ruby because there's no way to unset bits in OP_ALL
  before.

  Following is an example to enable 0/n split for BEAST prevention.

    ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS

* test/openssl/test_ssl.rb: Test above option exists.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-02-08 05:27:14 +00:00
akr df8126f9e3 * test/openssl/test_ssl.rb (test_multibyte_read_write): start server
for each length to avoid race condition.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33508 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-10-22 11:35:58 +00:00
emboss 65ca601ba6 * lib/openssl/buffering.rb: Force multi-byte strings to be treated as
binary data.
* test/openssl/test_ssl.rb: Add test for it.

Thanks to Niklas Baumstark for reporting the issue!

[Ruby 1.9 - Bug #5233] [ruby-core:39120]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-10-19 20:05:21 +00:00
nahi a31495b170 * test/openssl/test_ssl.rb: Move duplicated tests for SSL::Session to
test_ssl_session.rb


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33458 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-10-12 14:41:19 +00:00
naruse c7b58831a3 Explicitly close the tcp connection.
Without this, the connection will be alive without GC after exit
the block and the test will fail as "TCPServer was closed and SSLServer
is still alive" on 64bit Unix: at least CentOS, Ubuntu, and FreeBSD.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33300 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-09-20 01:23:33 +00:00
drbrain 7c371d4658 * test/openssl/test_ssl.rb (class OpenSSL): Test
OpenSSL::SSL::SSLSocket#session and #session=.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33294 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-09-19 00:28:41 +00:00
emboss 1be5789eed * ext/openssl/ossl_ssl.c: Support disabling OpenSSL compression.
* test/openssl/test_ssl.rb: Add a test for it.
  Thanks to Eric Wong for the patch.
  [Ruby 1.9 - Feature #5183] [ruby-core:38911]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32973 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-08-15 01:10:26 +00:00
nahi ab86f1cffb * ext/openssl/ossl.c (ossl_verify_cb): trap the exception from
verify callback of SSLContext and X509Store and make the 
  verification fail normally. Raising exception directly from callback
  causes orphan resouces in OpenSSL stack. Patched by Ippei Obayashi. 
  See #4445.

* test/openssl/test_ssl.rb
  (test_exception_in_verify_callback_is_ignored): test it.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32537 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-07-14 05:41:05 +00:00
emboss 1dcd4b325e * ext/openssl/ossl.c/.h: Added ossl_x509_name_sk2ary.
* ext/openssl/ossl.c: Replaced ossl_x509_ary2k by generic macro to
  simplify future conversions.
* ext/openssl/ossl_ssl.c: Implement SSLSocket#client_ca.
* test/openssl/test_ssl.rb: Add test for SSLSocket#client_ca.
  Thanks to Ippei Obayashi for providing the patch!
  [ Ruby 1.9 - Feature #4481 ] [ruby-core:35461]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32337 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-30 14:48:52 +00:00
nahi 02ab6d95be * test/openssl/test_ssl_session.rb: Split out SSL::Session related
tests from test_ssl.rb


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32195 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22 03:40:08 +00:00
tenderlove 033cea7d8e drying up the requires in the openssl tests
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-12-15 19:50:00 +00:00
naruse 7fd6016e1c Set DH Parameter for SSLContext to clean warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30123 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-12-07 14:24:40 +00:00
usa 1972f9eec1 * test/openssl/test_ssl.rb (test_not_started_session): non socket
argument of SSLSocket.new is not supported on Windows.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29993 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-12-01 06:09:22 +00:00
tenderlove 8a6ebf4c51 making ssl test a little better
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29788 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-15 02:46:55 +00:00
naruse a33b5edda0 STDIN is not valid when ruby doesn't have tty.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29787 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-15 02:37:23 +00:00
tenderlove fb7a337e97 * etc/openssl/ossl_ssl.c (ossl_ssl_get_cert): raise exception if
pointer is invalid.  Thanks Ippei Obayashi! [ruby-dev:42573]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-11-14 21:46:08 +00:00
nahi 7f438d8402 * ext/openssl/lib/openssl/x509-internal.rb: removed unused local
variable.

        * test/openssl/*: less warnings while test running with -w.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29217 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-09-10 08:54:50 +00:00
usa 4b1a1f7701 * test/openssl/test_ssl.rb (test_client_auth): Errno::ECONNRESET is raised on
Windows.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-05-19 05:14:41 +00:00
usa 119863716b * test/openssl/test_ssl.rb (server_loop): treat Errno::ENOTSOCK just like as
Errno::EBADF and Errno::EINVAL.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27883 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-05-19 05:08:17 +00:00
akr 37679ee584 supress warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26418 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-01-25 23:12:50 +00:00
naruse 6bbed0e31b * test: use require_relative.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2009-09-12 17:00:51 +00:00
akr c4049f4cb6 * io.c (rb_mWaitReadable): defined.
(rb_mWaitWritable): defined.
  (io_getpartial): extend IO::WaitReadable on EWOULDBLOCK and EAGAIN.
  (rb_io_write_nonblock): extend IO::WaitWritable on EWOULDBLOCK and
  EAGAIN.

* error.c (make_errno_exc): extracted from rb_sys_fail.
  (rb_mod_sys_fail): new function.

* include/ruby/ruby.h (rb_mod_sys_fail): declared.
  (rb_mWaitReadable): declared.
  (rb_mWaitWritable): declared.

* ext/socket/init.c (rsock_s_recvfrom_nonblock): extend
  IO::WaitReadable on EWOULDBLOCK and EAGAIN.
  (rsock_s_accept_nonblock): extend IO::WaitReadable on EWOULDBLOCK,
  EAGAIN, ECONNABORTED and EPROTO.

* ext/socket/socket.c (sock_connect_nonblock): extend IO::WaitWritable
  on EINPROGRESS.

* ext/socket/ancdata.c (bsock_sendmsg_internal): extend
  IO::WaitWritable on EWOULDBLOCK and EAGAIN.
  (bsock_recvmsg_internal): extend IO::WaitReadable on EWOULDBLOCK and
  EAGAIN.

* ext/openssl/ossl_ssl.c (ossl_ssl_read_internal): raise SSLError
  extended by IO::WaitReadable/IO::WaitWritable on
  SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.

* ext/openssl/ossl.c (ossl_make_error): extracted from ossl_raise.
  (ossl_exc_new): new function.

* ext/openssl/ossl.h (ossl_exc_new): declared.

* lib/net/protocol.rb (rbuf_fill): rescue IO::WaitReadable and
  IO::WaitWritable.

  [ruby-core:22539], [ruby-dev:38140] 



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2009-03-19 11:40:38 +00:00
nobu 287a34ae0d * {ext,lib,test}/**/*.rb: removed trailing spaces.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2009-03-06 03:56:38 +00:00
technorama 7361a2ecb3 * ext/openssl/ossl_ssl.c: Server Name Indication support.
new methods SSLContext#server_name_cb=, SSLSocket#hostname=.

* test/openssl/test_ssl.rb: Tests for above.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@21761 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2009-01-24 21:45:42 +00:00
matz 57f7d8c2cd * ext/openssl/ossl_ssl.c (ossl_ssl_read_nonblock):
OpenSSL::SSL::SSLSocket should implement read_nonblock.  a patch
  from Aaron Patterson in [ruby-core:20277].  fix: #814 [ruby-core:20241]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20493 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-12-04 07:21:10 +00:00
nobu 00b4a3f9c4 * test: assert_raises has been deprecated since a long time ago.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@19536 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-09-24 17:44:39 +00:00
kazu 8bf5284c1e * test/openssl/test_ssl.rb (OpenSSL#test_client_session):
Debian's openssl 0.9.8g-13 failed at assert(ssl.session_reused?),
  when use default SSLContext. [ruby-dev:36167]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@19268 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-09-09 11:41:45 +00:00
kazu 2d302dfd40 * lib/webrick/server.rb (WEBrick::GenericServer#shutdown):
rescue Errno::ENOTCONN and close. [ruby-dev:35896]

* test/openssl/test_ssl.rb (OpenSSL#start_server): ditto.
  [ruby-dev:35897]

* lib/net/imap.rb (Net::IMAP#disconnect): ditto. [ruby-dev:35898]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@18777 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-08-22 11:12:06 +00:00
mame 787cde7f9a * test/openssl/test_ssl.rb (server_loop): rescue Errno::EINVAL and
Errno::ECONNABORTED.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@18234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-07-27 14:33:05 +00:00
mame 3ac2c3472a * test/openssl/test_ssl.rb (start_server): shutdown TCPServer before
close.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@17747 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-06-30 14:15:48 +00:00
knu 55fece6379 * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_initialize):
Add a null check for ssl; submitted by akira yamada
  in [ruby-dev:34950].

* ext/openssl/ossl_ssl.c (Init_ossl_ssl): Define OP_NO_TICKET if
  SSL_OP_NO_TICKET is present; submitted by akira yamada
  in [ruby-dev:34944].

* test/openssl/test_ssl.rb (OpenSSL#test_server_session): Add a
  workaround for the case where OpenSSL is configured with
  --enable-tlsext; submitted by akira yamada in [ruby-dev:34944].


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16842 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-06-05 11:36:55 +00:00
mame 67acbe3954 * test/openssl/test_ssl.rb (start_server): add timeout to server.join.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16161 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-04-22 15:36:36 +00:00
technorama 45acd59d2d * ext/openssl/ossl_ssl.c: Switch stats hash key from string to symbol.
New method SSLContext#setup to aid C extension writers.
* test/openssl/test_ssl.rb: Add tests for new method and sessions.
  Use threads for ssl server instead of forking.
* ext/openssl/ossl_version.h: Bump version.
* ext/openssl/ossl_x509ext.c: Fix warnings.
* test/openssl/utils.rb: Fix warnings.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16111 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-04-20 22:32:06 +00:00
gotoyuzo 40aa32a0d7 * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
  new method to set suitable SSL parameters.

* lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, 
  test/openssl/test_ssl.rb: follow above change.

* test/net/http/test_https.rb: refine error case.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14479 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-12-22 08:31:53 +00:00
gotoyuzo 2c03835396 * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version):
new method OpenSSL::SSL::SSLContext#ssl_version to wrap
  SSL_CTX_set_ssl_version.

* ext/openssl/ossl_ssl.c (ossl_ssl_get_verify_result):
  new method OpenSSL::SSL::SSLSocket#verify_result to wrap
  SSL_get_verrify_result.

* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLContext.build):
  new method to build OpenSSL::SSL::SSLContext with Hash parameters.
  this method provides safety default parameters than SSLContext.new.

* ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL.verify_cetificate_identity):
  new module function: pull out identity verification process
  from OpenSSL::SSL::SSLSocket#post_connection_check.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14270 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-12-17 12:18:28 +00:00
gotoyuzo d4f5b77d3a * ext/openssl/lib/openssl/buffering.rb (Buffering#gets): added second
optional argument to specify maximum length limit.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14261 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-12-17 07:06:16 +00:00
gotoyuzo 2a0604d7b8 * test/openssl/test_ssl.rb (test_parallel): call GC.start to close
unused files. [ruby-dev:27981]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-12-12 06:56:08 +00:00
gotoyuzo 5505449793 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
- SSLContext#client_cert_cb is a Proc. it is called when a client
    certificate is requested by a server and no certificate was yet
    set for the SSLContext. it must return an Array which includes
    OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects.
  - SSLContext#tmp_dh_callback is called in key exchange with DH
    algorithm. it must return an OpenSSL::PKey::DH object.

* ext/openssl/ossl_ssl.c:
  (ossl_sslctx_set_ciphers): ignore the argument if it's nil.
  (ossl_start_ssl, ossl_ssl_write): call rb_sys_fail if errno isn't 0.
  [ruby-dev:25831]

* ext/openssl/ossl_pkey.c
  (GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first.
  (DupPrivPKeyPtr): new function.

* ext/openssl/ossl_pkey_dh.c: add default DH parameters.

* ext/openssl/ossl_pkey.h: ditto.

* ext/openssl/lib/openssl/cipher.rb: fix typo. [ruby-dev:24285]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8129 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-03-09 10:45:42 +00:00
gotoyuzo 1883e41c1b * ext/openssl/lib/openssl/ssl.rb
(OpenSSL::SSL::SSLSocket#post_connection_check): new method.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7970 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-02-14 04:14:39 +00:00