jruby-openssl 0.9.20-java → 0.10.7-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +132 -1
- data/LICENSE.txt +1 -1
- data/Mavenfile +49 -69
- data/README.md +14 -16
- data/Rakefile +4 -0
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +21 -12
- data/lib/jopenssl/version.rb +8 -10
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl19/openssl/ssl-internal.rb +104 -0
- data/lib/jopenssl22/openssl/ssl.rb +16 -16
- data/lib/jopenssl23/openssl/bn.rb +2 -1
- data/lib/jopenssl23/openssl/buffering.rb +39 -35
- data/lib/jopenssl23/openssl/config.rb +12 -11
- data/lib/jopenssl23/openssl/digest.rb +1 -1
- data/lib/jopenssl23/openssl/pkey.rb +22 -34
- data/lib/jopenssl23/openssl/ssl.rb +210 -125
- data/lib/jopenssl23/openssl/x509.rb +76 -1
- data/lib/jopenssl23/openssl.rb +1 -1
- data/lib/openssl/bn.rb +1 -3
- data/lib/openssl/buffering.rb +1 -3
- data/lib/openssl/cipher.rb +1 -3
- data/lib/openssl/config.rb +10 -4
- data/lib/openssl/digest.rb +1 -3
- data/lib/openssl/pkcs12.rb +1 -3
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/ssl-internal.rb +1 -3
- data/lib/openssl/ssl.rb +1 -3
- data/lib/openssl/x509-internal.rb +1 -3
- data/lib/openssl/x509.rb +1 -3
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.68/bcpkix-jdk15on-1.68.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.68/bcprov-jdk15on-1.68.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.68/bctls-jdk15on-1.68.jar +0 -0
- data/pom.xml +100 -322
- metadata +19 -75
- data/integration/1.47/pom.xml +0 -15
- data/integration/1.48/pom.xml +0 -15
- data/integration/1.49/pom.xml +0 -15
- data/integration/1.50/pom.xml +0 -15
- data/integration/Mavenfile +0 -57
- data/integration/pom.xml +0 -122
- data/lib/jopenssl18/openssl/bn.rb +0 -25
- data/lib/jopenssl18/openssl/buffering.rb +0 -241
- data/lib/jopenssl18/openssl/cipher.rb +0 -28
- data/lib/jopenssl18/openssl/config.rb +0 -316
- data/lib/jopenssl18/openssl/digest.rb +0 -32
- data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
- data/lib/jopenssl18/openssl/ssl-internal.rb +0 -112
- data/lib/jopenssl18/openssl/ssl.rb +0 -1
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -110
- data/lib/jopenssl18/openssl/x509.rb +0 -1
- data/lib/jopenssl18/openssl.rb +0 -23
- data/lib/jopenssl24.rb +0 -112
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.56/bcpkix-jdk15on-1.56.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.56/bcprov-jdk15on-1.56.jar +0 -0
@@ -19,6 +19,104 @@ require 'fcntl' # used by OpenSSL::SSL::Nonblock (if loaded)
|
|
19
19
|
|
20
20
|
module OpenSSL
|
21
21
|
module SSL
|
22
|
+
class SSLContext
|
23
|
+
DEFAULT_PARAMS = {
|
24
|
+
:ssl_version => "SSLv23",
|
25
|
+
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
26
|
+
:ciphers => %w{
|
27
|
+
ECDHE-ECDSA-AES128-GCM-SHA256
|
28
|
+
ECDHE-RSA-AES128-GCM-SHA256
|
29
|
+
ECDHE-ECDSA-AES256-GCM-SHA384
|
30
|
+
ECDHE-RSA-AES256-GCM-SHA384
|
31
|
+
DHE-RSA-AES128-GCM-SHA256
|
32
|
+
DHE-DSS-AES128-GCM-SHA256
|
33
|
+
DHE-RSA-AES256-GCM-SHA384
|
34
|
+
DHE-DSS-AES256-GCM-SHA384
|
35
|
+
ECDHE-ECDSA-AES128-SHA256
|
36
|
+
ECDHE-RSA-AES128-SHA256
|
37
|
+
ECDHE-ECDSA-AES128-SHA
|
38
|
+
ECDHE-RSA-AES128-SHA
|
39
|
+
ECDHE-ECDSA-AES256-SHA384
|
40
|
+
ECDHE-RSA-AES256-SHA384
|
41
|
+
ECDHE-ECDSA-AES256-SHA
|
42
|
+
ECDHE-RSA-AES256-SHA
|
43
|
+
DHE-RSA-AES128-SHA256
|
44
|
+
DHE-RSA-AES256-SHA256
|
45
|
+
DHE-RSA-AES128-SHA
|
46
|
+
DHE-RSA-AES256-SHA
|
47
|
+
DHE-DSS-AES128-SHA256
|
48
|
+
DHE-DSS-AES256-SHA256
|
49
|
+
DHE-DSS-AES128-SHA
|
50
|
+
DHE-DSS-AES256-SHA
|
51
|
+
AES128-GCM-SHA256
|
52
|
+
AES256-GCM-SHA384
|
53
|
+
AES128-SHA256
|
54
|
+
AES256-SHA256
|
55
|
+
AES128-SHA
|
56
|
+
AES256-SHA
|
57
|
+
ECDHE-ECDSA-RC4-SHA
|
58
|
+
ECDHE-RSA-RC4-SHA
|
59
|
+
RC4-SHA
|
60
|
+
}.join(":"),
|
61
|
+
:options => -> {
|
62
|
+
opts = OpenSSL::SSL::OP_ALL
|
63
|
+
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
64
|
+
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
|
65
|
+
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
66
|
+
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
67
|
+
opts
|
68
|
+
}.call
|
69
|
+
} unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
|
70
|
+
|
71
|
+
begin
|
72
|
+
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
73
|
+
DEFAULT_CERT_STORE.set_default_paths
|
74
|
+
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
75
|
+
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
76
|
+
end
|
77
|
+
end unless const_defined? :DEFAULT_CERT_STORE
|
78
|
+
|
79
|
+
def set_params(params={})
|
80
|
+
params = DEFAULT_PARAMS.merge(params)
|
81
|
+
params.each{|name, value| self.__send__("#{name}=", value) }
|
82
|
+
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
83
|
+
unless self.ca_file or self.ca_path or self.cert_store
|
84
|
+
self.cert_store = DEFAULT_CERT_STORE
|
85
|
+
end
|
86
|
+
end
|
87
|
+
return params
|
88
|
+
end unless method_defined? :set_params
|
89
|
+
end
|
90
|
+
|
91
|
+
module SocketForwarder
|
92
|
+
def addr
|
93
|
+
to_io.addr
|
94
|
+
end
|
95
|
+
|
96
|
+
def peeraddr
|
97
|
+
to_io.peeraddr
|
98
|
+
end
|
99
|
+
|
100
|
+
def setsockopt(level, optname, optval)
|
101
|
+
to_io.setsockopt(level, optname, optval)
|
102
|
+
end
|
103
|
+
|
104
|
+
def getsockopt(level, optname)
|
105
|
+
to_io.getsockopt(level, optname)
|
106
|
+
end
|
107
|
+
|
108
|
+
def fcntl(*args)
|
109
|
+
to_io.fcntl(*args)
|
110
|
+
end
|
111
|
+
|
112
|
+
def closed?
|
113
|
+
to_io.closed?
|
114
|
+
end
|
115
|
+
|
116
|
+
def do_not_reverse_lookup=(flag)
|
117
|
+
to_io.do_not_reverse_lookup = flag
|
118
|
+
end
|
119
|
+
end
|
22
120
|
|
23
121
|
def verify_certificate_identity(cert, hostname)
|
24
122
|
should_verify_common_name = true
|
@@ -63,6 +161,12 @@ module OpenSSL
|
|
63
161
|
include SocketForwarder
|
64
162
|
include Nonblock
|
65
163
|
|
164
|
+
def sysclose
|
165
|
+
return if closed?
|
166
|
+
stop
|
167
|
+
io.close if sync_close
|
168
|
+
end unless method_defined? :sysclose
|
169
|
+
|
66
170
|
def post_connection_check(hostname)
|
67
171
|
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
68
172
|
raise SSLError, "hostname does not match the server certificate"
|
@@ -68,13 +68,13 @@ module OpenSSL
|
|
68
68
|
}.call
|
69
69
|
} unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
|
70
70
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
end
|
71
|
+
begin
|
72
|
+
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
73
|
+
DEFAULT_CERT_STORE.set_default_paths
|
74
|
+
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
75
|
+
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
76
|
+
end
|
77
|
+
end unless const_defined? :DEFAULT_CERT_STORE
|
78
78
|
|
79
79
|
##
|
80
80
|
# Sets the parameters for this SSL context to the values in +params+.
|
@@ -86,14 +86,14 @@ module OpenSSL
|
|
86
86
|
|
87
87
|
def set_params(params={})
|
88
88
|
params = DEFAULT_PARAMS.merge(params)
|
89
|
-
params.each{|name, value| self.__send__("#{name}=", value) }
|
89
|
+
params.each { |name, value| self.__send__("#{name}=", value) }
|
90
90
|
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
91
91
|
unless self.ca_file or self.ca_path or self.cert_store
|
92
92
|
self.cert_store = DEFAULT_CERT_STORE
|
93
93
|
end
|
94
94
|
end
|
95
95
|
return params
|
96
|
-
end unless method_defined? :set_params
|
96
|
+
end unless method_defined? :set_params
|
97
97
|
end
|
98
98
|
|
99
99
|
module SocketForwarder
|
@@ -124,7 +124,7 @@ module OpenSSL
|
|
124
124
|
def do_not_reverse_lookup=(flag)
|
125
125
|
to_io.do_not_reverse_lookup = flag
|
126
126
|
end
|
127
|
-
end
|
127
|
+
end
|
128
128
|
|
129
129
|
module Nonblock
|
130
130
|
def initialize(*args)
|
@@ -228,6 +228,12 @@ module OpenSSL
|
|
228
228
|
include SocketForwarder
|
229
229
|
include Nonblock
|
230
230
|
|
231
|
+
def sysclose
|
232
|
+
return if closed?
|
233
|
+
stop
|
234
|
+
io.close if sync_close
|
235
|
+
end unless method_defined? :sysclose
|
236
|
+
|
231
237
|
##
|
232
238
|
# Perform hostname verification after an SSL connection is established
|
233
239
|
#
|
@@ -248,12 +254,6 @@ module OpenSSL
|
|
248
254
|
return true
|
249
255
|
end
|
250
256
|
|
251
|
-
#def session
|
252
|
-
# SSL::Session.new(self)
|
253
|
-
#rescue SSL::Session::SessionError
|
254
|
-
# nil
|
255
|
-
#end
|
256
|
-
|
257
257
|
private
|
258
258
|
|
259
259
|
def using_anon_cipher?
|
@@ -63,7 +63,7 @@ module OpenSSL::Buffering
|
|
63
63
|
end
|
64
64
|
|
65
65
|
##
|
66
|
-
# Consumes
|
66
|
+
# Consumes _size_ bytes from the buffer
|
67
67
|
|
68
68
|
def consume_rbuff(size=nil)
|
69
69
|
if @rbuffer.empty?
|
@@ -79,7 +79,7 @@ module OpenSSL::Buffering
|
|
79
79
|
public
|
80
80
|
|
81
81
|
##
|
82
|
-
# Reads
|
82
|
+
# Reads _size_ bytes from the stream. If _buf_ is provided it must
|
83
83
|
# reference a string which will receive the data.
|
84
84
|
#
|
85
85
|
# See IO#read for full details.
|
@@ -106,7 +106,7 @@ module OpenSSL::Buffering
|
|
106
106
|
end
|
107
107
|
|
108
108
|
##
|
109
|
-
# Reads at most
|
109
|
+
# Reads at most _maxlen_ bytes from the stream. If _buf_ is provided it
|
110
110
|
# must reference a string which will receive the data.
|
111
111
|
#
|
112
112
|
# See IO#readpartial for full details.
|
@@ -136,7 +136,7 @@ module OpenSSL::Buffering
|
|
136
136
|
end
|
137
137
|
|
138
138
|
##
|
139
|
-
# Reads at most
|
139
|
+
# Reads at most _maxlen_ bytes in the non-blocking manner.
|
140
140
|
#
|
141
141
|
# When no data can be read without blocking it raises
|
142
142
|
# OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
|
@@ -163,6 +163,11 @@ module OpenSSL::Buffering
|
|
163
163
|
# Note that one reason that read_nonblock writes to the underlying IO is
|
164
164
|
# when the peer requests a new TLS/SSL handshake. See openssl the FAQ for
|
165
165
|
# more details. http://www.openssl.org/support/faq.html
|
166
|
+
#
|
167
|
+
# By specifying a keyword argument _exception_ to +false+, you can indicate
|
168
|
+
# that read_nonblock should not raise an IO::Wait*able exception, but
|
169
|
+
# return the symbol +:wait_writable+ or +:wait_readable+ instead. At EOF,
|
170
|
+
# it will return +nil+ instead of raising EOFError.
|
166
171
|
|
167
172
|
def read_nonblock(maxlen, buf=nil, exception: true)
|
168
173
|
if maxlen == 0
|
@@ -185,11 +190,11 @@ module OpenSSL::Buffering
|
|
185
190
|
end
|
186
191
|
|
187
192
|
##
|
188
|
-
# Reads the next "line
|
189
|
-
#
|
193
|
+
# Reads the next "line" from the stream. Lines are separated by _eol_. If
|
194
|
+
# _limit_ is provided the result will not be longer than the given number of
|
190
195
|
# bytes.
|
191
196
|
#
|
192
|
-
#
|
197
|
+
# _eol_ may be a String or Regexp.
|
193
198
|
#
|
194
199
|
# Unlike IO#gets the line read will not be assigned to +$_+.
|
195
200
|
#
|
@@ -215,7 +220,7 @@ module OpenSSL::Buffering
|
|
215
220
|
|
216
221
|
##
|
217
222
|
# Executes the block for every line in the stream where lines are separated
|
218
|
-
# by
|
223
|
+
# by _eol_.
|
219
224
|
#
|
220
225
|
# See also #gets
|
221
226
|
|
@@ -227,7 +232,7 @@ module OpenSSL::Buffering
|
|
227
232
|
alias each_line each
|
228
233
|
|
229
234
|
##
|
230
|
-
# Reads lines from the stream which are separated by
|
235
|
+
# Reads lines from the stream which are separated by _eol_.
|
231
236
|
#
|
232
237
|
# See also #gets
|
233
238
|
|
@@ -240,7 +245,7 @@ module OpenSSL::Buffering
|
|
240
245
|
end
|
241
246
|
|
242
247
|
##
|
243
|
-
# Reads a line from the stream which is separated by
|
248
|
+
# Reads a line from the stream which is separated by _eol_.
|
244
249
|
#
|
245
250
|
# Raises EOFError if at end of file.
|
246
251
|
|
@@ -276,7 +281,7 @@ module OpenSSL::Buffering
|
|
276
281
|
end
|
277
282
|
|
278
283
|
##
|
279
|
-
# Pushes character
|
284
|
+
# Pushes character _c_ back onto the stream such that a subsequent buffered
|
280
285
|
# character read will return it.
|
281
286
|
#
|
282
287
|
# Unlike IO#getc multiple bytes may be pushed back onto the stream.
|
@@ -303,7 +308,7 @@ module OpenSSL::Buffering
|
|
303
308
|
private
|
304
309
|
|
305
310
|
##
|
306
|
-
# Writes
|
311
|
+
# Writes _s_ to the buffer. When the buffer is full or #sync is true the
|
307
312
|
# buffer is flushed to the underlying socket.
|
308
313
|
|
309
314
|
def do_write(s)
|
@@ -311,36 +316,33 @@ module OpenSSL::Buffering
|
|
311
316
|
@wbuffer << s
|
312
317
|
@wbuffer.force_encoding(Encoding::BINARY)
|
313
318
|
@sync ||= false
|
314
|
-
if @sync or @wbuffer.size > BLOCK_SIZE
|
315
|
-
|
316
|
-
nwritten = 0
|
317
|
-
while remain > 0
|
318
|
-
str = @wbuffer[nwritten,remain]
|
319
|
+
if @sync or @wbuffer.size > BLOCK_SIZE
|
320
|
+
until @wbuffer.empty?
|
319
321
|
begin
|
320
|
-
nwrote = syswrite(
|
322
|
+
nwrote = syswrite(@wbuffer)
|
321
323
|
rescue Errno::EAGAIN
|
322
324
|
retry
|
323
325
|
end
|
324
|
-
|
325
|
-
nwritten += nwrote
|
326
|
+
@wbuffer[0, nwrote] = ""
|
326
327
|
end
|
327
|
-
@wbuffer[0,nwritten] = ""
|
328
328
|
end
|
329
329
|
end
|
330
330
|
|
331
331
|
public
|
332
332
|
|
333
333
|
##
|
334
|
-
# Writes
|
335
|
-
# converted using
|
334
|
+
# Writes _s_ to the stream. If the argument is not a String it will be
|
335
|
+
# converted using +.to_s+ method. Returns the number of bytes written.
|
336
336
|
|
337
|
-
def write(s)
|
338
|
-
|
339
|
-
|
337
|
+
def write(*s)
|
338
|
+
s.inject(0) do |written, str|
|
339
|
+
do_write(str)
|
340
|
+
written + str.bytesize
|
341
|
+
end
|
340
342
|
end
|
341
343
|
|
342
344
|
##
|
343
|
-
# Writes
|
345
|
+
# Writes _s_ in the non-blocking manner.
|
344
346
|
#
|
345
347
|
# If there is buffered data, it is flushed first. This may block.
|
346
348
|
#
|
@@ -371,6 +373,10 @@ module OpenSSL::Buffering
|
|
371
373
|
# Note that one reason that write_nonblock reads from the underlying IO
|
372
374
|
# is when the peer requests a new TLS/SSL handshake. See the openssl FAQ
|
373
375
|
# for more details. http://www.openssl.org/support/faq.html
|
376
|
+
#
|
377
|
+
# By specifying a keyword argument _exception_ to +false+, you can indicate
|
378
|
+
# that write_nonblock should not raise an IO::Wait*able exception, but
|
379
|
+
# return the symbol +:wait_writable+ or +:wait_readable+ instead.
|
374
380
|
|
375
381
|
def write_nonblock(s, exception: true)
|
376
382
|
flush
|
@@ -378,16 +384,16 @@ module OpenSSL::Buffering
|
|
378
384
|
end
|
379
385
|
|
380
386
|
##
|
381
|
-
# Writes
|
382
|
-
#
|
387
|
+
# Writes _s_ to the stream. _s_ will be converted to a String using
|
388
|
+
# +.to_s+ method.
|
383
389
|
|
384
|
-
def <<
|
390
|
+
def <<(s)
|
385
391
|
do_write(s)
|
386
392
|
self
|
387
393
|
end
|
388
394
|
|
389
395
|
##
|
390
|
-
# Writes
|
396
|
+
# Writes _args_ to the stream along with a record separator.
|
391
397
|
#
|
392
398
|
# See IO#puts for full details.
|
393
399
|
|
@@ -398,16 +404,14 @@ module OpenSSL::Buffering
|
|
398
404
|
end
|
399
405
|
args.each{|arg|
|
400
406
|
s << arg.to_s
|
401
|
-
|
402
|
-
s << "\n"
|
403
|
-
end
|
407
|
+
s.sub!(/(?<!\n)\z/, "\n")
|
404
408
|
}
|
405
409
|
do_write(s)
|
406
410
|
nil
|
407
411
|
end
|
408
412
|
|
409
413
|
##
|
410
|
-
# Writes
|
414
|
+
# Writes _args_ to the stream.
|
411
415
|
#
|
412
416
|
# See IO#print for full details.
|
413
417
|
|
@@ -30,7 +30,8 @@ module OpenSSL
|
|
30
30
|
class << self
|
31
31
|
|
32
32
|
##
|
33
|
-
# Parses a given
|
33
|
+
# Parses a given _string_ as a blob that contains configuration for
|
34
|
+
# OpenSSL.
|
34
35
|
#
|
35
36
|
# If the source of the IO is a file, then consider using #parse_config.
|
36
37
|
def parse(string)
|
@@ -46,7 +47,7 @@ module OpenSSL
|
|
46
47
|
alias load new
|
47
48
|
|
48
49
|
##
|
49
|
-
# Parses the configuration data read from
|
50
|
+
# Parses the configuration data read from _io_, see also #parse.
|
50
51
|
#
|
51
52
|
# Raises a ConfigError on invalid configuration data.
|
52
53
|
def parse_config(io)
|
@@ -236,7 +237,7 @@ module OpenSSL
|
|
236
237
|
#
|
237
238
|
# This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
|
238
239
|
#
|
239
|
-
# If the optional
|
240
|
+
# If the optional _filename_ parameter is provided, then it is read in and
|
240
241
|
# parsed via #parse_config.
|
241
242
|
#
|
242
243
|
# This can raise IO exceptions based on the access, or availability of the
|
@@ -255,7 +256,7 @@ module OpenSSL
|
|
255
256
|
end
|
256
257
|
|
257
258
|
##
|
258
|
-
# Gets the value of
|
259
|
+
# Gets the value of _key_ from the given _section_
|
259
260
|
#
|
260
261
|
# Given the following configurating file being loaded:
|
261
262
|
#
|
@@ -265,8 +266,8 @@ module OpenSSL
|
|
265
266
|
# #=> [ default ]
|
266
267
|
# # foo=bar
|
267
268
|
#
|
268
|
-
# You can get a specific value from the config if you know the
|
269
|
-
# and
|
269
|
+
# You can get a specific value from the config if you know the _section_
|
270
|
+
# and _key_ like so:
|
270
271
|
#
|
271
272
|
# config.get_value('default','foo')
|
272
273
|
# #=> "bar"
|
@@ -297,7 +298,7 @@ module OpenSSL
|
|
297
298
|
end
|
298
299
|
|
299
300
|
##
|
300
|
-
# Set the target
|
301
|
+
# Set the target _key_ with a given _value_ under a specific _section_.
|
301
302
|
#
|
302
303
|
# Given the following configurating file being loaded:
|
303
304
|
#
|
@@ -307,7 +308,7 @@ module OpenSSL
|
|
307
308
|
# #=> [ default ]
|
308
309
|
# # foo=bar
|
309
310
|
#
|
310
|
-
# You can set the value of
|
311
|
+
# You can set the value of _foo_ under the _default_ section to a new
|
311
312
|
# value:
|
312
313
|
#
|
313
314
|
# config.add_value('default', 'foo', 'buzz')
|
@@ -322,7 +323,7 @@ module OpenSSL
|
|
322
323
|
end
|
323
324
|
|
324
325
|
##
|
325
|
-
# Get a specific
|
326
|
+
# Get a specific _section_ from the current configuration
|
326
327
|
#
|
327
328
|
# Given the following configurating file being loaded:
|
328
329
|
#
|
@@ -351,7 +352,7 @@ module OpenSSL
|
|
351
352
|
end
|
352
353
|
|
353
354
|
##
|
354
|
-
# Sets a specific
|
355
|
+
# Sets a specific _section_ name with a Hash _pairs_.
|
355
356
|
#
|
356
357
|
# Given the following configuration being created:
|
357
358
|
#
|
@@ -365,7 +366,7 @@ module OpenSSL
|
|
365
366
|
# # baz=buz
|
366
367
|
#
|
367
368
|
# It's important to note that this will essentially merge any of the keys
|
368
|
-
# in
|
369
|
+
# in _pairs_ with the existing _section_. For example:
|
369
370
|
#
|
370
371
|
# config['default']
|
371
372
|
# #=> {"foo"=>"bar", "baz"=>"buz"}
|
@@ -1,37 +1,25 @@
|
|
1
1
|
# frozen_string_literal: false
|
2
|
-
|
3
|
-
|
4
|
-
|
2
|
+
#--
|
3
|
+
# Ruby/OpenSSL Project
|
4
|
+
# Copyright (C) 2017 Ruby/OpenSSL Project Authors
|
5
|
+
#++
|
5
6
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
end
|
22
|
-
|
23
|
-
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
|
24
|
-
warn "using default DH parameters." if $VERBOSE
|
25
|
-
case keylen
|
26
|
-
when 512 then OpenSSL::PKey::DH::DEFAULT_512
|
27
|
-
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
|
28
|
-
else
|
29
|
-
nil
|
30
|
-
end
|
31
|
-
}
|
32
|
-
|
33
|
-
else
|
34
|
-
DEFAULT_TMP_DH_CALLBACK = nil
|
35
|
-
end
|
7
|
+
module OpenSSL::PKey
|
8
|
+
if defined?(EC)
|
9
|
+
class EC::Point
|
10
|
+
# :call-seq:
|
11
|
+
# point.to_bn([conversion_form]) -> OpenSSL::BN
|
12
|
+
#
|
13
|
+
# Returns the octet string representation of the EC point as an instance of
|
14
|
+
# OpenSSL::BN.
|
15
|
+
#
|
16
|
+
# If _conversion_form_ is not given, the _point_conversion_form_ attribute
|
17
|
+
# set to the group is used.
|
18
|
+
#
|
19
|
+
# See #to_octet_string for more information.
|
20
|
+
# def to_bn(conversion_form = group.point_conversion_form)
|
21
|
+
# OpenSSL::BN.new(to_octet_string(conversion_form), 2)
|
22
|
+
# end
|
23
|
+
end
|
36
24
|
end
|
37
|
-
end
|
25
|
+
end
|