* ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an
OCSP SingleResponse structure. Also add two new methods #responses
and #find_response to OCSP::BasicResponse. A BasicResponse has one or
more SingleResponse. We have OCSP::BasicResponse#status that returns
them as an array of arrays, each containing the content of a
SingleResponse, but this is not useful. When validating an OCSP
response, we need to look into the each SingleResponse and check their
validity but it is not simple. For example, when validating for a
certificate 'cert', the code would be like:
# certid_target is an OpenSSL::OCSP::CertificateId for cert
basic = res.basic
result = basic.status.any? do |ary|
ary[0].cmp(certid_target) &&
ary[4] <= Time.now && (!ary[5] || Time.now <= ary[5])
end
Adding OCSP::SingleResponse at the same time allows exposing
OCSP_check_validity(). With this, the code above can be rewritten as:
basic = res.basic
single = basic.find_response(certid_target)
result = single.check_validity
* test/openssl/test_ocsp.rb: Test this.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ocsp.c (ossl_ocspbres_add_status): Allow specifying
the times (thisUpdate, nextUpdate and revocationTime) with Time
objects. Currently they accepts only relative seconds from the current
time. This is inconvenience, especially for revocationTime. When
Integer is passed, they are still treated as relative times. Since the
type check is currently done with rb_Integer(), this is a slightly
incompatible change. Hope no one passes a relative time as String or
Time object...
Also, allow passing nil as nextUpdate. It is optional.
* ext/openssl/ruby_missing.h: Define RB_INTEGER_TYPE_P() if not defined.
openssl gem will be released before Ruby 2.4.0.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55456 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c,
ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement
initialize_copy method for OpenSSL::PKey::*.
[ruby-core:75504] [Bug #12381]
* test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb,
test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they
actually copy the OpenSSL objects, and modifications to cloned object
don't affect the original object.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkey.h, ext/openssl/ossl_pkey_dh.c,
ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_rsa.c: A few days
ago, OpenSSL changed {DH,DSA,RSA}_get0_*() to take const BIGNUM **.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fd809cfdbd6e32b6b67b68c59f6d55fbed7a9327
[ruby-core:75225] [Feature #12324]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55450 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* variable.c (rb_path_to_class): consider the string length
instead of a terminator.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55449 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* variable.c (rb_path_to_class): search the constant at once
instead of checking if defined and then getting it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55448 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/ruby/test_file_exhaustive.rb (test_expand_path_compose):
normalization is meaningless unless file system encoding is UTF.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55446 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/openssl/test_pkey_ec.rb (setup): Don't call EC#generate_key! for
Oakley-* curves. This causes an odd error on Ubuntu 16.04 with openssl
1.0.2g-1ubuntu4.1.
begin
OpenSSL::PKey::EC.new("Oakley-EC2N-4").generate_key
rescue
p $!
end
OpenSSL::PKey::RSA.new(512)
This sometimes causes:
#<OpenSSL::PKey::ECError: EC_KEY_generate_key: pairwise test failed>
fips.c(139): OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST FAILURE
[ruby-dev:49670] [Bug #12504]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55444 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
HEAD(2c6d256). It contains to update vendored Molinillo to 0.5.0.
https://github.com/rubygems/rubygems/pull/1638
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55441 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/stringio/test_stringio.rb (test_overflow): could occur only
on sizeof(long) >= sizeof(void*).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55440 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/stringio/test_stringio.rb (test_overflow): refine the
conditinon, try to allocate strings until the buffer is located
in higher half address.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55439 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/bigdecimal/bigdecimal.c: use NUM2INT and NUM2USHORT to
reject nil.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55438 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* vsnprintf.c (BSD_vfprintf): make PRI_EXTRA_MARK_LEN an explicit
int to suppress type-limits warnings by old gcc.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55437 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* vm_eval.c (rb_eval_cmd): refactor to share common code, and
suppress false maybe-uninitialized warnings by old gcc.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55436 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* common.mk (build-ext), ext/extmk.rb: use variable EXTENCS
different than ENCOBJS, to get rid of circular dependency.
build libencs when linking encodings statically.
[ruby-core:75618] [Bug #12401]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55434 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* class.c (Init_class_hierarchy): prevent rb_cObject which is the
class tree root, from GC. [ruby-dev:49666] [Bug #12492]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55429 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_verify, ossl_ocspbres_verify):
Use ossl_clear_error() so that they don't print warnings to stderr and
leak errors in the OpenSSL error queue. Also, check the return value
of OCSP_*_verify() correctly. They can return -1 on verification
failure.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55423 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow
specifying hash algorithm used in signing. They are hard coded to use
SHA-1.
Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>.
[ruby-core:70915] [Feature #11552] [GH ruby/openssl#28]
* test/openssl/test_ocsp.rb: Test sign-verify works.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/date/date_core.c (decode_jd): do not assert type of
argument. just try to convert.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55421 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* thread.c (debug_deadlock_check): fix format specifier for
thread_id, which may not be a pointer, nor even a scalar value.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55419 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* numeric.c: [DOC] fix rdoc directive, and an example of negative
value. [ruby-core:76025] [Bug #12487]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55418 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* tool/mkconfig.rb: provide Unicode Version information as
RbConfig::CONFIG['UNICODE_VERSION'].
[ruby-core:75845] [Feature #12460]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55417 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/ruby/enc/test_case_comprehensive.rb
(TestComprehensiveCaseFold::read_data): use \A and \z instead of
^ and $ in regexp.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55415 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* strftime.c (rb_strftime_with_timespec): limit the result string
size by the format length, to get rid of unlimited memory use.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55412 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash,
ossl_ocspcid_get_issuer_key_hash, ossl_ocspcid_get_hash_algorithm):
Add accessor methods OCSP::CertificateId#issuer_name_hash,
#issuer_key_hash, #hash_algorithm.
Based on a patch provided by Paul Kehrer <paul.l.kehrer@gmail.com>.
[ruby-core:48062] [Feature #7181]
* test/openssl/test_ocsp.rb: Test these new methods.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55411 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/date/date_strftime.c (date_strftime_with_tmx): reject too
large precision to get rid of buffer overflow.
reported by Guido Vranken <guido AT guidovranken.nl>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55410 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der):
Implement #to_der methods for OCSP::BasicResponse and
OCSP::CertificateId.
(ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*()
instead of raw DATA_PTR().
(ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow
initializing from DER string.
(Init_ossl_ocsp): Define new #to_der methods.
* test/openssl/test_ocsp.rb: Test these changes. Also add missing tests
for OCSP::{Response,Request}#to_der.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
rhe
duerst
svn
nobu
hsbt
kazu
mrkn
naruse