SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable
compression by default.
Reported by Jeff Hodges.
[ruby-core:59829] [Bug #9424]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
error reasons with old OpenSSL, and insert a colon iff formatted
message is not empty.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45271 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
when SSL session has not been started.
* test/openssl/test_ssl.rb: test for change.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44732 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.h (ossl_str_adjust): calculate as long, not
casting to int.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44582 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): Declare a constant
`OP_MSIE_SSLV2_RSA_PADDING` only if the macro is defined. The
`SSL_OP_MSIE_SSLV2_RSA_PADDING` has been removed from latest
snapshot of OpenSSL 1.0.1. [Fixes GH-488]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44402 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/lib/openssl/digest.rb (digest, hexdigest): create
new instance and call on it directly, to get rid of deprecated
class OpenSSL::Digest::Digest.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44115 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
SSLSocket methods. [ruby-trunk - Bug #9028]
* test/openssl/test_ssl.rb: Test for the above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* include/ruby/ruby.h (RB_BLOCK_CALL_FUNC_ARGLIST): for declaration
argument list of rb_block_call_func.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43910 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/lib/openssl/buffering.rb (OpenSSL::Buffering#initialize):
initialize of a module should pass arguments to super.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43774 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::Buffering which breaks overview because of RDoc bug
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This patch is based off work by @vbatts in GH-436 completing the
documentation for this class and its methods.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::ASN1::ObjectId included a fix for the class overview, which
previously showed the documentation for Constructive due to missing
ObjectId overview. This patch also includes a note for Primative.
Based on a patch by @vbatts via GH-436
https://github.com/ruby/ruby/pull/436
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43666 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
- Integer#to_bn
- OpenSSL::Buffering module
- Document deprecated OpenSSL::Digest::Digest compatibility class
- OpenSSL::Config
These changes were based on a patch by @vbatts via GH-436
https://github.com/ruby/ruby/pull/436
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43663 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/depend (ossl.o): work around of dependency of
thread_native.h, which depends on headers by THREAD_MODEL.
[ruby-dev:47777]
* ext/openssl/extconf.rb: need THREAD_MODEL.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43451 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (Init_ossl_locks): to suppress shorten-64-to-32
warning, re-apply part of r41879.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42149 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (ossl_thread_id): use rb_nativethread_self()
implemented at r42137 to allow threads which doesn't associated with
Ruby thread to use openssl functions.
* ext/openssl/ossl.c (Init_ossl_locks): If CRYPTO_THREADID is defined
(OpenSSL 1.0.0 or later has it) use CRYPTO_THREADID_set_callback()
instead of CRYPTO_set_id_callback() because its argument is
unsigned long; it may cause id collision on mswin64
whose sizeof(unsigned long) < sizeof(void*).
http://www.openssl.org/docs/crypto/threads.html
* ext/openssl/ossl.c (ossl_threadid_func): defined for above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
thread locking APIs added by last commit.
This patch fixes [Bug #8386].
"rb_mutex_*" APIs control only "Ruby" threads.
Not for native threads.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42135 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
format for ASN.1 UTCTime. [ruby-trunk - Bug #8664]
* test/openssl/test_asn1.rb: Test for the above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42126 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (Init_ossl_locks): use rb_gc_register_mark_object
instead of rb_global_variable. probably RArray may be used.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41881 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL with OPENSSL_NO_EC2M defined, but OPENSSL_NO_EC not
defined.
* test/openssl/test_pkey_ec.rb: Iterate over built-in curves
(and assert their non-emptiness!) instead of hard-coding them, as
this may cause problems with respect to the different availability
of individual curves in individual OpenSSL builds.
[ruby-core:54881] [Bug #8384]
Thanks to Vit Ondruch for providing the patch!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
CRYPTO_set_id_callback() callback functions ossl_thread_id and
ossl_lock_callback to ensure the OpenSSL extension is usable in
multi-threaded environments.
[ruby-core:54900] [Bug #8386]
Thanks, Dirkjan Bussink, for the patch!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41806 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
critical.
The patch for CVE-2013-4073 caused SSL crash when a SSL server returns
the certificate that has critical SAN value. X509 extension could
include 2 or 3 elements in it:
[id, criticality, octet_string] if critical,
[id, octet_string] if not.
Making sure to pick the last element of X509 extension and use it as
SAN value.
[ruby-core:55685] [Bug #8575]
Thank you @nahi for providing the patch!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
emboss
nobu
akr
tenderlove
hsbt
zzak
a_matsuda
drbrain
nagachika
ko1
naruse