dnsruby 1.61.3 → 1.61.9

data/lib/dnsruby/resource/TLSA.rb

@@ -33,8 +33,8 @@ module Dnsruby
         # 255 Private use
         attr_accessor :matching_type
         # sec 2.1.4
-        attr_accessor :data
-        attr_accessor :databin
+        attr_reader :data
+        attr_reader :databin
 
         def verify
           raise ArgumentError, "usage with invalid value: #{@usage}" if @usage < 0 || @usage > 255
@@ -71,7 +71,7 @@ module Dnsruby
           if @matching_type == 0 && @selector == 0 && @databin
             begin
               cert = OpenSSL::X509::Certificate.new(@databin)
-            rescue => e
+            rescue
               raise ArgumentError, 'data is invalid cert '
             end
           end

data/lib/dnsruby/resource/TXT.rb

@@ -82,7 +82,17 @@ module Dnsruby
             end
           else
             if (seen_strings && !in_string)
-              next
+              if (c == ";")
+                 # Comment in zone file!
+                 return strings
+              end
+              if (c != " " && c != "\t")
+                in_string = true
+                count+=1
+                strings[count] = ""
+              else
+                next
+              end
             end
             if (pos == 0)
               unquoted = true

data/lib/dnsruby/select_thread.rb

@@ -140,7 +140,7 @@ module Dnsruby
       }
       begin
         @@wakeup_sockets[0].send("wakeup!", 0)
-      rescue Exception => e
+      rescue Exception
         #          do nothing
       end
     end
@@ -190,12 +190,11 @@ module Dnsruby
         end
         #         next if (timeout < 0)
         begin
-          ready, write, errors = IO.select(sockets, nil, nil, timeout)
+          ready, _write, _errors = IO.select(sockets, nil, nil, timeout)
         rescue SelectWakeup
           #  If SelectWakeup, then just restart this loop - the select call will be made with the new data
           next
-        rescue IOError, EncodeError => e
-          #           print "IO Error  =: #{e}\n"
+        rescue IOError, EncodeError
           exceptions = clean_up_closed_sockets
           exceptions.each { |exception| send_exception_to_client(*exception) }
 
@@ -248,7 +247,7 @@ module Dnsruby
     # Removes closed sockets from @@sockets, and returns an array containing 1
     # exception for each closed socket contained in @@socket_hash.
     def clean_up_closed_sockets
-      exceptions = @@mutex.synchronize do
+      @@mutex.synchronize do
         closed_sockets_in_hash = @@sockets.select(&:closed?).select { |s| @@socket_hash[s] }
         @@sockets.delete_if { | socket | socket.closed? }
         closed_sockets_in_hash.each_with_object([]) do |socket, exceptions|
@@ -257,6 +256,7 @@ module Dnsruby
           end
         end
       end
+      exceptions
     end
 
     def process_error(errors)
@@ -295,7 +295,6 @@ module Dnsruby
       @@mutex.synchronize do
         ids = get_active_ids(@@query_hash, msg.header.id)
         return if ids.empty? # should be only one
-        query_settings = @@query_hash[ids[0]].clone
       end
 
       answerip = msg.answerip.downcase
@@ -732,7 +731,7 @@ module Dnsruby
       }
 
       responses.each do |item|
-        client_id, client_queue, msg, err, query, res = item
+        client_id, client_queue, msg, err, _query, _res = item
         #         push_to_client(client_id, client_queue, msg, err)
         client_queue.push([client_id, Resolver::EventType::VALIDATED, msg, err])
         notify_queue_observers(client_queue, client_id)

data/lib/dnsruby/single_verifier.rb

@@ -462,7 +462,6 @@ module Dnsruby
     def check_no_wildcard_expansion(msg) # :nodoc:
       #  @TODO@ Do this for NSEC3 records!!!
       proven_no_wildcards = false
-      name = msg.question()[0].qname
       [msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
         nsec_rrsets.each {|nsecs|
           nsecs.rrs.each {|nsec|
@@ -800,6 +799,19 @@ module Dnsruby
 
         asn1 = OpenSSL::ASN1::Sequence.new([r_asn1, s_asn1]).to_der
         verified = keyrec.public_key.verify(OpenSSL::Digest::DSS1.new, asn1, sig_data)
+      elsif [Algorithms.ECDSAP256SHA256, Algorithms.ECDSAP384SHA384].include?(sigrec.algorithm)
+        byte_size = (keyrec.public_key.group.degree + 7) / 8
+        sig_bytes = sigrec.signature[0..(byte_size - 1)]
+        sig_char = sigrec.signature[byte_size..-1] || ''
+        asn1 = OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+
+        digest_obj = if sigrec.algorithm == Algorithms.ECDSAP384SHA384
+                       OpenSSL::Digest::SHA384.new
+                     else
+                       OpenSSL::Digest::SHA256.new
+                     end
+
+        verified = keyrec.public_key.dsa_verify_asn1(digest_obj.digest(sig_data), asn1)
       else
         raise RuntimeError.new("Algorithm #{sigrec.algorithm.code} unsupported by Dnsruby")
       end
@@ -1316,8 +1328,7 @@ module Dnsruby
             msg.security_level = Message::SecurityLevel.SECURE
             return true
           end
-        rescue VerifyError => e
-          #           print "Verify failed : #{e}\n"
+        rescue VerifyError
         end
       end
       if (error)

data/lib/dnsruby/validator_thread.rb

@@ -1,12 +1,12 @@
 # --
 # Copyright 2007 Nominet UK
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -109,7 +109,7 @@ module Dnsruby
           return true
         rescue VerifyError => e
           response.security_error = e
-          response.security_level = BOGUS
+          response.security_level = Message::SecurityLevel.BOGUS
           #  Response security_level should already be set
           return false
         end

data/lib/dnsruby/version.rb

@@ -1,3 +1,3 @@
 module Dnsruby
-  VERSION = '1.61.3'
+  VERSION = '1.61.9'
 end

data/lib/dnsruby/zone_reader.rb

@@ -68,7 +68,7 @@ module Dnsruby
             end
             zone.push(rr)
           end
-        rescue Exception => e
+        rescue Exception
           raise ParseException.new("Error reading line #{io.lineno} of #{io.inspect} : [#{line}]")
         end
       end
@@ -303,7 +303,7 @@ module Dnsruby
         (split.length - 2).times {|i| line += "#{split[i+2]} "}
         line += "\n"
         split = line.split
-      rescue Error => e
+      rescue Error
       end
 
       #  Add the type so we can load the zone one RRSet at a time.

data/lib/dnsruby/zone_transfer.rb

@@ -244,7 +244,6 @@ module Dnsruby
     end
 
     def parseRR(rec) #:nodoc: all
-      name = rec.name
       type = rec.type
       delta = Delta.new
 

data/lib/dnsruby.rb

@@ -25,10 +25,6 @@ require 'dnsruby/DNS'
 require 'dnsruby/hosts'
 require 'dnsruby/update'
 require 'dnsruby/zone_transfer'
-require 'dnsruby/dnssec'
-require 'dnsruby/zone_reader'
-require 'dnsruby/resolv'
-
 
 # = Dnsruby library
 # Dnsruby is a thread-aware DNS stub resolver library written in Ruby.
@@ -239,3 +235,7 @@ module Dnsruby
   class ZoneSerialError < ResolvError
   end
 end
+
+require 'dnsruby/dnssec'
+require 'dnsruby/zone_reader'
+require 'dnsruby/resolv'

data/test/spec_helper.rb

@@ -1,15 +1,21 @@
+$VERBOSE = true
+
+if Warning.respond_to?(:[]=)
+  Warning[:deprecated] = true
+end
+
 if ENV['RUN_EXTRA_TASK'] == 'TRUE'
   require 'coveralls'
   Coveralls.wear!
 
   require 'simplecov'
 
-  # SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
-      # [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter])
-  SimpleCov.formatter = Coveralls::SimpleCov::Formatter
-  SimpleCov.start do
-    add_filter 'test/'
-  end
+  # # SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
+  #     # [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter])
+  # SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+  # SimpleCov.start do
+  #   add_filter 'test/'
+  # end
 end
 
 require 'minitest'

data/test/tc_caa.rb

@@ -16,7 +16,6 @@
 # ++
 
 require_relative 'spec_helper'
-require 'pry'
 
 class TestCAA < Minitest::Test
 

data/test/tc_dnskey.rb

@@ -85,4 +85,33 @@ class DnskeyTest < Minitest::Test
     dnskey.protocol=3
 
   end
+
+  def test_ecdsa_integrity
+    ecdsa_256_pub = 'example.com. 3600 IN DNSKEY 256 3 13 ( oJMRESz5E4gYzS/q6XD' +
+    'rvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA== )'
+
+    dnskey = Dnsruby::RR.create(ecdsa_256_pub)
+    assert_equal(3, dnskey.protocol)
+    assert_equal(256, dnskey.flags)
+    assert_equal(Dnsruby::Algorithms::ECDSAP256SHA256, dnskey.algorithm)
+    assert_equal(Dnsruby::RR::DNSKEY::ZONE_KEY, dnskey.flags & Dnsruby::RR::DNSKEY::ZONE_KEY)
+    assert_equal(0, dnskey.flags & Dnsruby::RR::DNSKEY::SEP_KEY)
+
+    dnskey2 = Dnsruby::RR.create(dnskey.to_s)
+    assert(dnskey2.to_s == dnskey.to_s, "#{dnskey} not equal to \n#{dnskey2}")
+
+    ecdsa_384_pub = 'example.com. 3600 IN DNSKEY 256 3 14 ( Bl2HDw98sGin4lNlx7n' +
+    'QX3w98jx6UhAgC73Jq+6LFlD12gnVTMHecM8Z GoTFSh+mV+qEPFZ5s3NbC4qvwUW0kkPb+0ip' +
+    'CuLRwZYhYKk7D+RDb+fX XozI9hhZrsXBcEhss )'
+
+    dnskey = Dnsruby::RR.create(ecdsa_384_pub)
+    assert_equal(3, dnskey.protocol)
+    assert_equal(256, dnskey.flags)
+    assert_equal(Dnsruby::Algorithms::ECDSAP384SHA384, dnskey.algorithm)
+    assert_equal(Dnsruby::RR::DNSKEY::ZONE_KEY, dnskey.flags & Dnsruby::RR::DNSKEY::ZONE_KEY)
+    assert_equal(0, dnskey.flags & Dnsruby::RR::DNSKEY::SEP_KEY)
+
+    dnskey2 = Dnsruby::RR.create(dnskey.to_s)
+    assert(dnskey2.to_s == dnskey.to_s, "#{dnskey} not equal to \n#{dnskey2}")
+  end
 end

data/test/tc_name.rb

@@ -80,4 +80,23 @@ class TestName < Minitest::Test
     n2 = Name.create("nall.all.")
     assert(n1 == n2, n1.to_s)
   end
+
+  def test_punycode
+    [
+      [
+        "møllerriis.com",
+        "xn--mllerriis-l8a.com"
+      ],
+      [
+        "フガフガ。hogehoge.エグザンプル.JP",
+        "xn--mcka5jb.hogehoge.xn--ickqs6k2dyb.jp"
+      ],
+      [
+        "フガ#フガ。hogehoge.エグザンプル.JP",
+        "xn--#-yeub5nc.hogehoge.xn--ickqs6k2dyb.jp"
+      ]
+    ].each do |tc|
+      assert_equal(Dnsruby::Name.create(tc[0]).to_s, tc[1])
+    end
+  end
 end

data/test/tc_res_file.rb

@@ -21,6 +21,12 @@ class TestAResolverFile < Minitest::Test
     Dnsruby::Config.reset
   end
 
+  # def test_bad_resFile
+  #   res = Dnsruby::DNS.new("test/resolv.conf.bad")
+  #   res.getaddress("bbc.co.uk")
+  #   assert_nil res
+  # end
+
   def test_resFile
     res = Dnsruby::DNS.new("test/resolv.conf")
 

data/test/tc_resolv.rb

@@ -20,7 +20,7 @@ require_relative '../lib/dnsruby/resolv'
 class TestResolv < Minitest::Test
 
   RELATIVE_NAME = 'google-public-dns-a.google.com'
-  SHORT_RELATIVE_NAME = 'dns.google'
+  SHORT_ABSOLUTE_NAME = 'dns.google.'
   ABSOLUTE_NAME = RELATIVE_NAME + '.'
   IPV4_ADDR     = '8.8.8.8'
   IPV6_ADDR     = '2001:4860:4860::8888'
@@ -54,16 +54,16 @@ class TestResolv < Minitest::Test
 
   def test_resolv_address_to_name
 
-    assert_equal(SHORT_RELATIVE_NAME, Dnsruby::Resolv.getname(IPV4_ADDR).to_s)
+    assert_equal(SHORT_ABSOLUTE_NAME, Dnsruby::Resolv.getname(IPV4_ADDR).to_s(true))
 
     assert_raises(Dnsruby::ResolvError) do
-      Dnsruby::Resolv.getname(SHORT_RELATIVE_NAME)
+      Dnsruby::Resolv.getname(SHORT_ABSOLUTE_NAME)
     end
 
     names = Dnsruby::Resolv.getnames(IPV4_ADDR)
     assert_equal(1, names.size)
-    assert_equal(SHORT_RELATIVE_NAME, names.first.to_s)
-    Dnsruby::Resolv.each_name(IPV4_ADDR) { |name| assert_equal(SHORT_RELATIVE_NAME, name.to_s)}
+    assert_equal(SHORT_ABSOLUTE_NAME, names.first.to_s(true))
+    Dnsruby::Resolv.each_name(IPV4_ADDR) { |name| assert_equal(SHORT_ABSOLUTE_NAME, name.to_s(true))}
   end
 
   def test_resolv_address_to_address

data/test/tc_resolver.rb

@@ -73,8 +73,8 @@ class TestResolver < Minitest::Test
   end
 
   def test_send_plain_message
-    resolver = Resolver.new
-    response, error = resolver.send_plain_message(Message.new("cnn.com"))
+    resolver = Resolver.new('1.1.1.1')
+    response, error = resolver.send_plain_message(Message.new("example.com", Types.A))
     assert_nil_error(error)
     assert_valid_response(response)
 
@@ -132,7 +132,7 @@ class TestResolver < Minitest::Test
     r = Resolver.new
     q=Queue.new
     r.send_async(m,q,q)
-    id,ret, error=q.pop
+    _id, ret, _error=q.pop
     assert(ret.kind_of?(Message))
     no_pointer=true
     ret.each_answer do |answer|
@@ -171,7 +171,7 @@ class TestResolver < Minitest::Test
     # test timeout behaviour for different retry, retrans, total timeout etc.
     # Problem here is that many sockets will be created for queries which time out.
     #  Run a query which will not respond, and check that the timeout works
-    if (!RUBY_PLATFORM=~/darwin/)
+    if (RUBY_PLATFORM !~ /darwin/)
       start=stop=0
       retry_times = 3
       retry_delay=1
@@ -185,14 +185,14 @@ class TestResolver < Minitest::Test
         res.retry_times=retry_times
         res.retry_delay=retry_delay
         start=Time.now
-        m = res.send_message(Message.new("a.t.dnsruby.validation-test-servers.nominet.org.uk", Types.A))
+        res.send_message(Message.new("a.t.dnsruby.validation-test-servers.nominet.org.uk", Types.A))
         fail
       rescue ResolvTimeout
         stop=Time.now
         time = stop-start
         assert(time <= expected * 1.3 && time >= expected * 0.9, "Wrong time take, expected #{expected}, took #{time}")
       end
-  end
+    end
   end
 
   def test_packet_timeout
@@ -209,7 +209,7 @@ class TestResolver < Minitest::Test
         #  Work out what time should be, then time it to check
         expected = query_timeout
         start=Time.now
-        m = res.send_message(Message.new("a.t.dnsruby.validation-test-servers.nominet.org.uk", Types.A))
+        res.send_message(Message.new("a.t.dnsruby.validation-test-servers.nominet.org.uk", Types.A))
         fail
       rescue Dnsruby::ResolvTimeout
         stop=Time.now
@@ -227,7 +227,7 @@ class TestResolver < Minitest::Test
       res.query_timeout=expected
       q = Queue.new
       start = Time.now
-      m = res.send_async(Message.new("a.t.dnsruby.validation-test-servers.nominet.org.uk", Types.A), q, q)
+      res.send_async(Message.new("a.t.dnsruby.validation-test-servers.nominet.org.uk", Types.A), q, q)
       id,ret,err = q.pop
       stop = Time.now
       assert(id=q)
@@ -382,19 +382,19 @@ class TestRawQuery < Minitest::Test
           resolver.query("google.com", "MX")
           begin
             resolver.query("googlöe.com", "MX") 
-          rescue Dnsruby::ResolvError => e
+          rescue Dnsruby::ResolvError
             # fine
           end
           resolver.query("google.com", "MX")
           resolver.query("google.com", "MX")
           begin
             resolver.query("googlöe.com", "MX")
-          rescue Dnsruby::ResolvError => e
+          rescue Dnsruby::ResolvError
             # fine
           end
           begin
             resolver.query("googlöe.com", "MX") 
-          rescue Dnsruby::ResolvError => e
+          rescue Dnsruby::ResolvError
             # fine
           end
 #          Dnsruby::Cache.delete("googlöe.com", "MX")

data/test/tc_rr-opt.rb

@@ -28,15 +28,14 @@ class TestRrOpt < Minitest::Test
   # This works only with send_plain_message, not send_message, query, etc.
   def test_plain_respects_bufsize
 
-
-      resolver = Resolver.new(['a.gtld-servers.net', 'b.gtld-servers.net', 'c.gtld-servers.net'])
+      resolver = Resolver.new('a.gtld-servers.net')
       resolver.query_timeout=20
 
     run_test = ->(bufsize) do
 
 
       create_test_query = ->(bufsize) do
-        message = Message.new('com', Types.ANY, Classes.IN)
+        message = Message.new('com', Types.RRSIG, Classes.IN)
         message.add_additional(RR::OPT.new(bufsize))
         message
       end
@@ -46,14 +45,12 @@ class TestRrOpt < Minitest::Test
       if (_error != nil) then
         print "Error at #{bufsize} : #{_error}"
       end
-      # puts "\nBufsize is #{bufsize}, binary message size is #{response.encode.size}"
+#       puts "\nBufsize is #{bufsize}, binary message size is #{response.encode.size}"
       assert_equal(true, response.header.tc)
       assert(response.encode.size <= bufsize)
     end
 
-    #run_test.(512)
-    #run_test.(612)
-    run_test.(4096)
+    run_test.(612)
   end
 
 

data/test/tc_rr-txt.rb

@@ -143,7 +143,13 @@ class TestRrTest < Minitest::Test
 
    r1 = RR.create("auto._domainkey.cacert.org.  43200 IN	TXT	\"v=DKIM1\;g=*\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB\"	; ----- DKIM auto for cacert.org")
    r2 = RR.create("auto._domainkey.cacert.org.	43200	IN	TXT	\"v=DKIM1;g=*;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB\"")
-   assert(r1.to_s == r2.to_s)
+   assert_equal(r1.to_s, r2.to_s)
+  end
+
+  def test_quote_and_unquoted
+    t = Dnsruby::RR::TXT.parse '"a" b'
+    assert_equal("a", t[0])
+    assert_equal("b", t[1])
   end
 
 end

data/test/tc_tcp.rb

@@ -142,14 +142,14 @@ class TestTcp < Minitest::Test
       ans = HackMessage.decode(received_query)
       ans.wipe_additional
       100.times {|i|
-      ans.add_additional(Dnsruby::RR.create("example.com 3600 IN A 1.2.3.#{i}"))
+        ans.add_additional(Dnsruby::RR.create("example.com 3600 IN A 1.2.3.#{i}"))
       }
       ans.header.arcount = 110
       ans.header.tc = true
       socket.send(ans.encode,0)
     }
 
-        server_thread = Thread.new {
+    _server_thread = Thread.new {
       ts = TCPServer.new(port)
       t = ts.accept
       packet = t.recvfrom(2)[0]

data/test/tc_verifier.rb

@@ -31,6 +31,7 @@ class VerifierTest < Minitest::Test
       do_test_sha256
       do_test_sha512
       do_test_nsec
+      do_test_ecdsa256
     else
       print "OpenSSL doesn't support SHA2 - disabling SHA256/SHA512 tests. DNSSEC validation will not work with these type of signatures.\n"
     end
@@ -70,6 +71,20 @@ class VerifierTest < Minitest::Test
     verifier.verify_rrset(rrset, key512)
   end
 
+  def do_test_ecdsa256
+    Time.stub :now, Time.parse("Wed, 01 Jul 2020 11:54:04 EEST +03:00") do
+      ecdsa256 = Dnsruby::RR.create("rainiselevi.ee.	3600	IN	DNSKEY	256 3 ECDSAP256SHA256 ( oJMRESz5E
+        4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA== ) ; key_tag=34505")
+      a = Dnsruby::RR.create("rainiselevi.ee.	3600	IN	A	35.228.30.236")
+      sig = Dnsruby::RR.create("rainiselevi.ee.	3600	IN	RRSIG	A ECDSAP256SHA256 2 300 20200702092142 ( 20200630072142 34505
+         rainiselevi.ee. kf3Fl1mSIso2kB12QOr+aNWYTUXtx9nRC/v+Kn1454u9I/YAFQd6nJQAsFd9vCTsZY+nL4wpj5pV+EsAMIxccA== )")
+      rrset = Dnsruby::RRSet.new(a)
+      rrset.add(sig)
+      verifier = Dnsruby::SingleVerifier.new(nil)
+      assert(verifier.verify_rrset(rrset, ecdsa256))
+    end
+  end
+
   def test_se_query
     #  Run some queries on the .se zone
     Dnsruby::Dnssec.clear_trusted_keys

data/test/test_utils.rb

@@ -1,5 +1,3 @@
-require_relative 'spec_helper'
-
 # Use this in tests in the tests directory with:
 # require_relative 'test_utils'
 # include TestUtils

data/test/ts_offline.rb

@@ -62,14 +62,14 @@ TESTS.each { |test| require_relative "tc_#{test}.rb" }
 
 def have_open_ssl?
   have_open_ssl = true
-  begin
-    require "openssl"
-    OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, "key", "data")
-    key = OpenSSL::PKey::RSA.new
-    key.e = 111
-  rescue
-    have_open_ssl = false
-  end
+#  begin
+#    require "openssl"
+#    OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, "key", "data")
+#    key = OpenSSL::PKey::RSA.new
+#    key.e = 111
+#  rescue
+#    have_open_ssl = false
+#  end
   have_open_ssl
 end