jruby-openssl 0.10.0-java → 0.10.5-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d93b285d36ec67e3b61f243a65384bf348cf95bf
-  data.tar.gz: 18cbb5707579086acf731bc4fe1c33ecd20ed80f
+  metadata.gz: 9d6499fed6e65be2c2ce456ff6aa60748cf25877
+  data.tar.gz: eb002de6cd119571cd27844029a92034deb0e585
 SHA512:
-  metadata.gz: 4eb2b1cc22129cce2992317b5731703a392530fa5b8ab7b64cfb2c33763c7923694fbc6591985a7001681ce4df24c64f59e55a2288911026666600a6363a86d0
-  data.tar.gz: 7dadbafd95149c82c1b2669f3e264c59ce2e23d28acc9edc2b8d3d6a18d37a78d412a6bec078b59a44adb78ce348c4b514da1b8bbaed9e66d2b5c85833b8a74d
+  metadata.gz: d720cada18be2c96df796c93fe545a72b58fc53d24d06781509f50751bafb340886840530b6b469c0c97b66aedff9a13bde58017cff5b1514330a1611ec31464
+  data.tar.gz: 9eb17b1809536887e1c7beef398bebce95c86ed5ed0d46e43c658396387cec56f7fafbd4098fa4c2f273960faf5cae12fe980131eb6ab56bee8a694fdc75eea5

data/History.md

@@ -1,3 +1,61 @@
+## 0.10.5
+
+* [fix] EC key sign/verify (#193)
+* [feat] upgrade BC library to 1.65
+* [refactor] clean security helpers to avoid reflection (#197)
+* Just use normal getInstance to get KeyFactory (fixes #197)
+* Allow multiple Certificates with the same SubjectDN in the store (#198)
+* Try direct path for MessageDigest before invasive path (#194) 
+  (relates to jruby/jruby#6098)
+* [refactor] avoid NativeException usage (jruby/jruby#5646) 
+
+## 0.10.4
+
+* Use CertificateFactory.getInstance rather than reflection
+  eliminates one of the module warnings we have been seeing (#161)
+
+## 0.10.3
+
+* [fix] implement (missing) PKey::DSA#params
+* [fix] authorityKeyIdentifier ext (general-name) value
+* [fix] authority keyid extension's :always part optional (#174)
+* [fix] work-around for not setting certificate serial
+  raise a more friendly error (jruby/jruby#1691)
+* [fix] PKey.read not parsing RSA pub-key (#176)
+* [feat] support reading DSA (public key) in full DER
+* [fix] RSA key DER format to closely follow OpenSSL
+* [fix] add missing ASN1 factory methods (Null, EndOfContent)
+* [fix] support getting password from block for PKeys
+* [fix] incorrect ASN.1 for wrapped Integer type
+* [fix] correct public key for subjectKeyIdentifier ext (#173)
+* [fix] invalid Cert#sign handling -> raise (instead of ClassCastException)
+* [feat] more TLS (GCM) ciphers - supported on Java 8+
+* [feat] add ECDHE-RSA-AES128-GCM-SHA256 as supported cipher (#185)
+* [feat] add support for ECDHE-RSA-AES256-GCM-SHA384 (#187)
+* [fix] try hard not to fail on unkown oids (OpenSSL::X509::Certificate#to_text)
+* update Bouncy-Castle to 1.62 (and handle supported BC compatibility)
+
+## 0.10.2
+
+* update Bouncy-Castle to 1.61 (and handle supported BC compatibility)
+* [fix] avoid NPE when CRL fails to parse (invalid str) (jruby/jruby#5619)
+* hide (deprecated) Jopenssl constant 
+* default OpenSSL.warn to warnings-enabled flag
+* only un-restrict jce when its restricted
+* OpenSSL::Cipher#update additional buffer argument (#170) (jruby/jruby#5242)
+
+## 0.10.1
+
+* loading JOpenSSL's native ext part the JRuby 9.2 (internal) way
+* avoid, once again, installing BC provider on boot (due OCSP support)
+* [feat] support OpenSSL::KDF as a (semi) OpenSSL::PKCS5 replacement
+* rename ugly-sh "Jopenssl" constant to **JOpenSSL**
+* support PKCS7#decrypt with 1 argument (pkey only - without certificate)
+* undo some of the call-sites in SSLSocket - account for sub-classes (#165)
+* follow-up to provide == for X.509 types (like C-OpenSSL does in 2.1) 
+* validate iter parameter on Cipher#pkcs5_keyivgen (since OpenSSL 2.0.8)
+* remove openssl/pkcs7.rb -> since 1.8 no longer supported
+
 ## 0.10.0
 
 **NOTE:** dropped support for anything below ~ JRuby 1.7.20

data/Mavenfile

@@ -2,9 +2,6 @@
 
 gemspec :jar => 'jopenssl', :include_jars => true
 
-sonatype_url = 'https://oss.sonatype.org/content/repositories/snapshots/'
-snapshot_repository :id => 'sonatype', :url => sonatype_url
-
 distribution_management do
   snapshot_repository :id => :ossrh, :url => 'https://oss.sonatype.org/content/repositories/snapshots'
   repository :id => :ossrh, :url => 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
@@ -52,10 +49,11 @@ plugin( :compiler, '3.1',
         :source => '1.7', :target => java_target,
         :encoding => 'UTF-8', :debug => true,
         :showWarnings => true, :showDeprecation => true,
+        :excludes => [ 'module-info.java' ],
+        #:jdkToolchain => { :version => '[1.7,11)' },
 
         :generatedSourcesDirectory => gen_sources,
-        :annotationProcessors => [ 'org.jruby.anno.AnnotationBinder' ],
-        :compilerArgs => [ '-XDignore.symbol.file=true' ] ) do
+        :annotationProcessors => [ 'org.jruby.anno.AnnotationBinder' ]) do
 
   #execute_goal :compile, :id => 'annotation-binder', :phase => 'compile',
   #    :generatedSourcesDirectory => gen_sources, #:outputDirectory => gen_sources,
@@ -64,10 +62,19 @@ plugin( :compiler, '3.1',
   #    :useIncrementalCompilation => false, :fork => true, :verbose => true,
   #    :compilerArgs => [ '-XDignore.symbol.file=true', '-J-Dfile.encoding=UTF-8' ]
 
-  execute_goal :compile, :id => 'compile-populators', :phase => 'process-classes',
-      :includes => [ 'org/jruby/gen/**/*.java' ], :optimize => true,
-      :compilerArgs => [ '-XDignore.symbol.file=true' ]
-      # NOTE: maybe '-J-Xbootclasspath/p:${unsafe.jar}' ... as well ?!
+  execute_goal :compile,
+               :id => 'compile-populators', :phase => 'process-classes',
+               :includes => [ 'org/jruby/gen/**/*.java' ],
+               :optimize => true,
+               :compilerArgs => [ '', '-XDignore.symbol.file=true' ]
+end
+
+profile 'module-info' do
+  activation { jdk '[9,)' }
+  plugin :compiler, '3.8.1',
+         :source => '9', :target => java_target,
+         :release => '9',
+         :includes => [ 'module-info.java' ]
 end
 
 plugin :clean do
@@ -80,49 +87,53 @@ plugin :clean do
                  'failOnError' =>  'false' )
 end
 
-# NOTE: unfortunately we can not use 1.6.8 to generate invokers ...
-# although we'd like to compile against 1.6 to make sure all is well
-jar 'org.jruby:jruby-core', '1.7.17', :scope => :provided  # 1.6.8
+jar 'org.jruby:jruby-core', '1.7.20', :scope => :provided
 jar 'junit:junit', '4.11', :scope => :test
 
+# 9.1.17.0 is Java 7 compatible (till supporting JRuby 1.7)
+# NOTE: to build on Java 11 - installing gems fails (due old jossl) with:
+#  load error: jopenssl/load -- java.lang.StringIndexOutOfBoundsException
+MVN_JRUBY_VERSION = ENV_JAVA['java.version'].to_i >= 9 ? '9.2.9.0' : '9.1.17.0'
+
 jruby_plugin! :gem do
-  # when installing dependent gems we want to use the built in openssl
-  # not the one from this lib directory
-  # we compile against jruby-core-1.7.17 and want to keep this out of
-  # the plugin execution here
+  # when installing dependent gems we want to use the built in openssl not the one from this lib directory
+  # we compile against jruby-core-1.7.20 and want to keep this out of the plugin execution here
   execute_goal :id => 'default-initialize', :addProjectClasspath => false, :libDirectory => 'something-which-does-not-exists'
   execute_goals :id => 'default-push', :skip => true
 end
 
-# we want to have the snapshots on oss.sonatype.org and the released gems
-# on maven central
+# we want to have the snapshots on oss.sonatype.org and the released gems on maven central
 plugin :deploy, '2.8.1' do
   execute_goals( :deploy, :skip => false )
 end
 
-supported_bc_versions = %w{ 1.55 1.56 1.57 1.58 1.59 }
+supported_bc_versions = %w{ 1.58 1.59 1.60 1.61 1.62 1.63 1.64 1.65 }
 
-default_bc_version = File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
+default_bc_version = File.read File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
 default_bc_version = default_bc_version[/BOUNCY_CASTLE_VERSION\s?=\s?'(.*?)'/, 1]
 
-properties( 'jruby.plugins.version' => '1.0.10',
-            'jruby.versions' => '1.7.20',
+properties( 'jruby.plugins.version' => '1.1.8',
+            'jruby.switches' => '-W0', # https://github.com/torquebox/jruby-maven-plugins/issues/94
             'bc.versions' => default_bc_version,
             'invoker.test' => '${bc.versions}',
             # allow to skip all tests with -Dmaven.test.skip
             'invoker.skip' => '${maven.test.skip}',
             'runit.dir' => 'src/test/ruby/**/test_*.rb',
-            # use this version of jruby for ALL the jruby-maven-plugins
-            'jruby.version' => '1.7.20',
+            'mavengem.wagon.version' => '1.0.3', # for jruby plugin
+            'mavengem-wagon.version' => '1.0.3', # for polyglot-ruby
+            # use this version of jruby for the jruby-maven-plugins
+            'jruby.versions' => MVN_JRUBY_VERSION, 'jruby.version' => MVN_JRUBY_VERSION,
             # dump pom.xml as readonly when running 'rmvn'
             'polyglot.dump.pom' => 'pom.xml',
-            'polyglot.dump.readonly' => true,
-            'tesla.dump.pom' => 'pom.xml',
-            'tesla.dump.readonly' => true )
+            'polyglot.dump.readonly' => true )
 
 # make sure we have the embedded jars in place before we run runit plugin
 plugin! :dependency do
-  execute_goal 'copy-dependencies', :phase => 'generate-test-resources', :outputDirectory => '${basedir}/lib', :useRepositoryLayout => true, :includeGroupIds => 'org.bouncycastle'
+  execute_goal 'copy-dependencies',
+               :phase => 'generate-test-resources',
+               :outputDirectory => '${basedir}/lib',
+               :useRepositoryLayout => true,
+               :includeGroupIds => 'org.bouncycastle'
 end
 
 jruby_plugin(:runit) { execute_goal( :test, :runitDirectory => '${runit.dir}' ) }
@@ -141,53 +152,24 @@ invoker_run_options = {
       'runit.dir' => '${runit.dir}' }
 }
 
-# profile :id => 'test-1.6.8' do
-#   plugin :invoker, '1.8' do
-#     execute_goals( :install, :run, invoker_run_options )
-#   end
-#   properties 'jruby.versions' => '1.6.8', 'jruby.modes' => '1.8,1.9',
-#              'bc.versions' => supported_bc_versions.join(',')
-# end
-#
-# profile :id => 'test-1.7.4' do
-#   plugin :invoker, '1.8' do
-#     execute_goals( :install, :run, invoker_run_options )
-#   end
-#   properties 'jruby.versions' => '1.7.4', 'jruby.modes' => '1.8,1.9',
-#              'bc.versions' => supported_bc_versions.join(',')
-# end
-
-jruby_1_7_versions = %w{ 1.7.18 1.7.20 1.7.22 1.7.23 1.7.24 1.7.25 1.7.26 1.7.27 }
-
-jruby_1_7_versions.each { |version|
-
-profile :id => "test-#{version}" do
-  plugin :invoker, '1.8' do
-    execute_goals( :install, :run, invoker_run_options )
-  end
-  properties 'jruby.versions' => version, 'jruby.modes' => '1.9,2.0',
-             'bc.versions' => supported_bc_versions.join(',')
-end
-
-}
-
-jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 9.1.13.0 9.1.16.0 9.1.17.0 }
+jruby_9_K_versions  = %w{ 9.0.5.0 9.1.2.0 9.1.8.0 9.1.12.0 9.1.16.0 9.1.17.0 }
+jruby_9_K_versions += %w{ 9.2.0.0 9.2.5.0 9.2.6.0 9.2.7.0 9.2.8.0 9.2.9.0 }
 
 jruby_9_K_versions.each { |version|
 profile :id => "test-#{version}" do
   plugin :invoker, '1.8' do
     execute_goals( :install, :run, invoker_run_options )
   end
-  # NOTE: we're work-around 9K maven-runit version bug (due minitest changes) !
-  # ... still can not build with 9K : https://github.com/jruby/jruby/issues/3184
-  properties 'jruby.version' => version, 'jruby.versions' => version,
+  properties 'jruby.version' => version,
+             'jruby.versions' => version,
              'bc.versions' => supported_bc_versions.join(',')
 end
 }
 
 profile :id => 'release' do
-  plugin :gpg, '1.5' do
+  plugin :gpg, '1.6' do
     execute_goal :sign, :phase => :verify
   end
 end
+
 # vim: syntax=Ruby

data/README.md

@@ -23,6 +23,7 @@ the JRuby [mailing list][1] or the [bug tracker][2].
 |        0.9.17 |   1.6.8-9.1.5 |  Java 6-8  |    1.50-1.54 |
 |      ~>0.9.18 |   1.6.8-9.1.x |  Java 6-8  |    1.50-1.55 |
 |        0.10.0 |  1.7.20-9.2.x |  Java 7-10 |    1.55-1.59 |
+|        0.10.3 |  1.7.20-9.2.x |  Java 7-11 |    1.56-1.62 |
 
 NOTE: backwards JRuby compatibility was not handled for versions <= **0.9.6** 
 
@@ -42,28 +43,24 @@ any of OpenSSL's C code, only Ruby parts (*.rb) are the same as in MRI's OpenSSL
     mvn test
 
 will run (junit as well as ruby) tests and a some ruby tests against the default
-jruby version. to pick a different version and/or modes (1.8, 1.9, 2.0, 2.1) run
+jruby version. to pick a different JRuby version run
 
-    mvn test -Djruby.versions=1.7.12 -Djruby.modes=1.8
+    mvn test -Djruby.versions=9.2.8.0
 
 for running integration-tests the gem will be first installed and then the same
 tests run for each possible bouncy-castle version (see [listing][3]), run with
 
-    mvn verify -P test-9.0.4.0,test-1.7.22
+    mvn verify -P test-9.2.9.0,test-9.1.17.0
 
 or pick a bouncy-castle version
 
-    mvn verify -P test-1.6.8 -Dbc.versions=1.50
-
-or simply be more picky
-
-    mvn verify -P test-1.7.4 -Dbc.versions=1.49 -Djruby.modes=1.9
+    mvn verify -P test-9.2.9.0 -Dbc.versions=1.60
 
 NOTE: you can pick any jruby version which is on [central][4] or on [ci.jruby][5]
 
 ## License
 
-(c) 2009-2018 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1
+(c) 2009-2020 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1
 
 [0]: https://secure.travis-ci.org/jruby/jruby-openssl.svg
 [1]: http://xircles.codehaus.org/projects/jruby/lists

data/Rakefile

@@ -27,6 +27,10 @@ else
       RubyMaven.exec( 'package -Dmaven.test.skip=true' )
     end
   end
+  task :test_prepare do
+    RubyMaven.exec( 'prepare-package -Dmaven.test.skip=true' )
+    RubyMaven.exec( 'test-compile' ) # separate step due -Dmaven.test.skip=true
+  end
 end
 
 task :build do

data/lib/jopenssl/_compat23.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: false
+
+module OpenSSL
+
+  module PKey
+
+    class DH
+
+      def set_key(pub_key, priv_key)
+        self.pub_key = pub_key
+        self.priv_key = priv_key
+        self
+      end
+
+      def set_pqg(p, q, g)
+        self.p = p
+        if respond_to?(:q)
+          self.q = q
+        else # TODO self.q = q
+          OpenSSL.warn "JRuby-OpenSSL does not support setting q param on #{inspect}" if q
+        end
+        self.g = g
+        self
+      end
+
+    end
+
+    class DSA
+
+      def set_key(pub_key, priv_key)
+        self.pub_key = pub_key
+        self.priv_key = priv_key
+        self
+      end
+
+      def set_pqg(p, q, g)
+        self.p = p
+        self.q = q
+        self.g = g
+        self
+      end
+
+    end
+
+    class RSA
+
+      def set_key(n, e, d)
+        self.n = n
+        self.e = e
+        self.d = d
+        self
+      end
+
+      def set_factors(p, q)
+        self.p = p
+        self.q = q
+        self
+      end
+
+      def set_crt_params(dmp1, dmq1, iqmp)
+        self.dmp1 = dmp1
+        self.dmq1 = dmq1
+        self.iqmp = iqmp
+        self
+      end
+
+    end
+
+  end
+
+end

data/lib/jopenssl/load.rb

@@ -1,13 +1,12 @@
 warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUBY_VERSION
 
-require 'java'
 require 'jopenssl/version'
 
-warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{Jopenssl::VERSION}" if JRUBY_VERSION < '1.7.20'
+warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{JOpenSSL::VERSION}" if JRUBY_VERSION < '1.7.20'
 
 # NOTE: assuming user does pull in BC .jars from somewhere else on the CP
 unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
-  version = Jopenssl::BOUNCY_CASTLE_VERSION
+  version = JOpenSSL::BOUNCY_CASTLE_VERSION
   bc_jars = nil
   begin
     require 'jar-dependencies'
@@ -26,13 +25,17 @@ unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
   end
 end
 
-require 'jruby'
 require 'jopenssl.jar'
-org.jruby.ext.openssl.OpenSSL.load(JRuby.runtime)
+
+if JRuby::Util.respond_to?(:load_ext) # JRuby 9.2
+  JRuby::Util.load_ext('org.jruby.ext.openssl.OpenSSL')
+else; require 'jruby'
+  org.jruby.ext.openssl.OpenSSL.load(JRuby.runtime)
+end
 
 if RUBY_VERSION > '2.3'
   load 'jopenssl23/openssl.rb'
-  load 'jopenssl24.rb' if RUBY_VERSION >= '2.4'
+  load 'jopenssl/_compat23.rb'
 elsif RUBY_VERSION > '2.2'
   load 'jopenssl22/openssl.rb'
 elsif RUBY_VERSION > '2.1'
@@ -41,4 +44,7 @@ else
   load 'jopenssl19/openssl.rb'
 end
 
-require 'openssl/pkcs12'
+module OpenSSL
+  autoload :Config, 'openssl/config' unless const_defined?(:Config, false)
+  autoload :PKCS12, 'openssl/pkcs12'
+end

data/lib/jopenssl/version.rb

@@ -1,4 +1,9 @@
-module Jopenssl
-  VERSION = '0.10.0'
-  BOUNCY_CASTLE_VERSION = '1.59'
+module JOpenSSL
+  VERSION = '0.10.5'
+  BOUNCY_CASTLE_VERSION = '1.65'
+end
+
+Object.class_eval do
+  Jopenssl = JOpenSSL
+  private_constant :Jopenssl if respond_to?(:private_constant)
 end

data/lib/jopenssl19/openssl/ssl-internal.rb

@@ -19,6 +19,104 @@ require 'fcntl' # used by OpenSSL::SSL::Nonblock (if loaded)
 
 module OpenSSL
   module SSL
+    class SSLContext
+      DEFAULT_PARAMS = {
+          :ssl_version => "SSLv23",
+          :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+          :ciphers => %w{
+          ECDHE-ECDSA-AES128-GCM-SHA256
+          ECDHE-RSA-AES128-GCM-SHA256
+          ECDHE-ECDSA-AES256-GCM-SHA384
+          ECDHE-RSA-AES256-GCM-SHA384
+          DHE-RSA-AES128-GCM-SHA256
+          DHE-DSS-AES128-GCM-SHA256
+          DHE-RSA-AES256-GCM-SHA384
+          DHE-DSS-AES256-GCM-SHA384
+          ECDHE-ECDSA-AES128-SHA256
+          ECDHE-RSA-AES128-SHA256
+          ECDHE-ECDSA-AES128-SHA
+          ECDHE-RSA-AES128-SHA
+          ECDHE-ECDSA-AES256-SHA384
+          ECDHE-RSA-AES256-SHA384
+          ECDHE-ECDSA-AES256-SHA
+          ECDHE-RSA-AES256-SHA
+          DHE-RSA-AES128-SHA256
+          DHE-RSA-AES256-SHA256
+          DHE-RSA-AES128-SHA
+          DHE-RSA-AES256-SHA
+          DHE-DSS-AES128-SHA256
+          DHE-DSS-AES256-SHA256
+          DHE-DSS-AES128-SHA
+          DHE-DSS-AES256-SHA
+          AES128-GCM-SHA256
+          AES256-GCM-SHA384
+          AES128-SHA256
+          AES256-SHA256
+          AES128-SHA
+          AES256-SHA
+          ECDHE-ECDSA-RC4-SHA
+          ECDHE-RSA-RC4-SHA
+          RC4-SHA
+        }.join(":"),
+          :options => -> {
+            opts = OpenSSL::SSL::OP_ALL
+            opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+            opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+            opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+            opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
+            opts
+          }.call
+      } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
+
+      begin
+        DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
+        DEFAULT_CERT_STORE.set_default_paths
+        if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+          DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+        end
+      end unless const_defined? :DEFAULT_CERT_STORE
+
+      def set_params(params={})
+        params = DEFAULT_PARAMS.merge(params)
+        params.each{|name, value| self.__send__("#{name}=", value) }
+        if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
+          unless self.ca_file or self.ca_path or self.cert_store
+            self.cert_store = DEFAULT_CERT_STORE
+          end
+        end
+        return params
+      end unless method_defined? :set_params
+    end
+
+    module SocketForwarder
+      def addr
+        to_io.addr
+      end
+
+      def peeraddr
+        to_io.peeraddr
+      end
+
+      def setsockopt(level, optname, optval)
+        to_io.setsockopt(level, optname, optval)
+      end
+
+      def getsockopt(level, optname)
+        to_io.getsockopt(level, optname)
+      end
+
+      def fcntl(*args)
+        to_io.fcntl(*args)
+      end
+
+      def closed?
+        to_io.closed?
+      end
+
+      def do_not_reverse_lookup=(flag)
+        to_io.do_not_reverse_lookup = flag
+      end
+    end
 
     def verify_certificate_identity(cert, hostname)
       should_verify_common_name = true
@@ -63,6 +161,12 @@ module OpenSSL
       include SocketForwarder
       include Nonblock
 
+      def sysclose
+        return if closed?
+        stop
+        io.close if sync_close
+      end unless method_defined? :sysclose
+
       def post_connection_check(hostname)
         unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
           raise SSLError, "hostname does not match the server certificate"