jruby-openssl 0.9.20-java → 0.10.7-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/History.md +132 -1
- data/LICENSE.txt +1 -1
- data/Mavenfile +49 -69
- data/README.md +14 -16
- data/Rakefile +4 -0
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +21 -12
- data/lib/jopenssl/version.rb +8 -10
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl19/openssl/ssl-internal.rb +104 -0
- data/lib/jopenssl22/openssl/ssl.rb +16 -16
- data/lib/jopenssl23/openssl/bn.rb +2 -1
- data/lib/jopenssl23/openssl/buffering.rb +39 -35
- data/lib/jopenssl23/openssl/config.rb +12 -11
- data/lib/jopenssl23/openssl/digest.rb +1 -1
- data/lib/jopenssl23/openssl/pkey.rb +22 -34
- data/lib/jopenssl23/openssl/ssl.rb +210 -125
- data/lib/jopenssl23/openssl/x509.rb +76 -1
- data/lib/jopenssl23/openssl.rb +1 -1
- data/lib/openssl/bn.rb +1 -3
- data/lib/openssl/buffering.rb +1 -3
- data/lib/openssl/cipher.rb +1 -3
- data/lib/openssl/config.rb +10 -4
- data/lib/openssl/digest.rb +1 -3
- data/lib/openssl/pkcs12.rb +1 -3
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/ssl-internal.rb +1 -3
- data/lib/openssl/ssl.rb +1 -3
- data/lib/openssl/x509-internal.rb +1 -3
- data/lib/openssl/x509.rb +1 -3
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.68/bcpkix-jdk15on-1.68.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.68/bcprov-jdk15on-1.68.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.68/bctls-jdk15on-1.68.jar +0 -0
- data/pom.xml +100 -322
- metadata +19 -75
- data/integration/1.47/pom.xml +0 -15
- data/integration/1.48/pom.xml +0 -15
- data/integration/1.49/pom.xml +0 -15
- data/integration/1.50/pom.xml +0 -15
- data/integration/Mavenfile +0 -57
- data/integration/pom.xml +0 -122
- data/lib/jopenssl18/openssl/bn.rb +0 -25
- data/lib/jopenssl18/openssl/buffering.rb +0 -241
- data/lib/jopenssl18/openssl/cipher.rb +0 -28
- data/lib/jopenssl18/openssl/config.rb +0 -316
- data/lib/jopenssl18/openssl/digest.rb +0 -32
- data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
- data/lib/jopenssl18/openssl/ssl-internal.rb +0 -112
- data/lib/jopenssl18/openssl/ssl.rb +0 -1
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -110
- data/lib/jopenssl18/openssl/x509.rb +0 -1
- data/lib/jopenssl18/openssl.rb +0 -23
- data/lib/jopenssl24.rb +0 -112
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.56/bcpkix-jdk15on-1.56.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.56/bcprov-jdk15on-1.56.jar +0 -0
@@ -16,70 +16,82 @@ require "io/nonblock"
|
|
16
16
|
module OpenSSL
|
17
17
|
module SSL
|
18
18
|
class SSLContext
|
19
|
-
DEFAULT_PARAMS
|
20
|
-
|
19
|
+
unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
|
20
|
+
DEFAULT_PARAMS = { # :nodoc:
|
21
|
+
:min_version => OpenSSL::SSL::TLS1_VERSION,
|
21
22
|
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
22
|
-
:
|
23
|
-
ECDHE-ECDSA-AES128-GCM-SHA256
|
24
|
-
ECDHE-RSA-AES128-GCM-SHA256
|
25
|
-
ECDHE-ECDSA-AES256-GCM-SHA384
|
26
|
-
ECDHE-RSA-AES256-GCM-SHA384
|
27
|
-
DHE-RSA-AES128-GCM-SHA256
|
28
|
-
DHE-DSS-AES128-GCM-SHA256
|
29
|
-
DHE-RSA-AES256-GCM-SHA384
|
30
|
-
DHE-DSS-AES256-GCM-SHA384
|
31
|
-
ECDHE-ECDSA-AES128-SHA256
|
32
|
-
ECDHE-RSA-AES128-SHA256
|
33
|
-
ECDHE-ECDSA-AES128-SHA
|
34
|
-
ECDHE-RSA-AES128-SHA
|
35
|
-
ECDHE-ECDSA-AES256-SHA384
|
36
|
-
ECDHE-RSA-AES256-SHA384
|
37
|
-
ECDHE-ECDSA-AES256-SHA
|
38
|
-
ECDHE-RSA-AES256-SHA
|
39
|
-
DHE-RSA-AES128-SHA256
|
40
|
-
DHE-RSA-AES256-SHA256
|
41
|
-
DHE-RSA-AES128-SHA
|
42
|
-
DHE-RSA-AES256-SHA
|
43
|
-
DHE-DSS-AES128-SHA256
|
44
|
-
DHE-DSS-AES256-SHA256
|
45
|
-
DHE-DSS-AES128-SHA
|
46
|
-
DHE-DSS-AES256-SHA
|
47
|
-
AES128-GCM-SHA256
|
48
|
-
AES256-GCM-SHA384
|
49
|
-
AES128-SHA256
|
50
|
-
AES256-SHA256
|
51
|
-
AES128-SHA
|
52
|
-
AES256-SHA
|
53
|
-
ECDHE-ECDSA-RC4-SHA
|
54
|
-
ECDHE-RSA-RC4-SHA
|
55
|
-
RC4-SHA
|
56
|
-
}.join(":"),
|
23
|
+
:verify_hostname => true,
|
57
24
|
:options => -> {
|
58
25
|
opts = OpenSSL::SSL::OP_ALL
|
59
|
-
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
|
60
|
-
opts |= OpenSSL::SSL::OP_NO_COMPRESSION
|
61
|
-
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
62
|
-
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
26
|
+
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
|
27
|
+
opts |= OpenSSL::SSL::OP_NO_COMPRESSION
|
63
28
|
opts
|
64
29
|
}.call
|
65
|
-
}
|
30
|
+
}
|
66
31
|
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
32
|
+
if !(OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL") &&
|
33
|
+
OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000)
|
34
|
+
DEFAULT_PARAMS.merge!(
|
35
|
+
ciphers: %w{
|
36
|
+
ECDHE-ECDSA-AES128-GCM-SHA256
|
37
|
+
ECDHE-RSA-AES128-GCM-SHA256
|
38
|
+
ECDHE-ECDSA-AES256-GCM-SHA384
|
39
|
+
ECDHE-RSA-AES256-GCM-SHA384
|
40
|
+
DHE-RSA-AES128-GCM-SHA256
|
41
|
+
DHE-DSS-AES128-GCM-SHA256
|
42
|
+
DHE-RSA-AES256-GCM-SHA384
|
43
|
+
DHE-DSS-AES256-GCM-SHA384
|
44
|
+
ECDHE-ECDSA-AES128-SHA256
|
45
|
+
ECDHE-RSA-AES128-SHA256
|
46
|
+
ECDHE-ECDSA-AES128-SHA
|
47
|
+
ECDHE-RSA-AES128-SHA
|
48
|
+
ECDHE-ECDSA-AES256-SHA384
|
49
|
+
ECDHE-RSA-AES256-SHA384
|
50
|
+
ECDHE-ECDSA-AES256-SHA
|
51
|
+
ECDHE-RSA-AES256-SHA
|
52
|
+
DHE-RSA-AES128-SHA256
|
53
|
+
DHE-RSA-AES256-SHA256
|
54
|
+
DHE-RSA-AES128-SHA
|
55
|
+
DHE-RSA-AES256-SHA
|
56
|
+
DHE-DSS-AES128-SHA256
|
57
|
+
DHE-DSS-AES256-SHA256
|
58
|
+
DHE-DSS-AES128-SHA
|
59
|
+
DHE-DSS-AES256-SHA
|
60
|
+
AES128-GCM-SHA256
|
61
|
+
AES256-GCM-SHA384
|
62
|
+
AES128-SHA256
|
63
|
+
AES256-SHA256
|
64
|
+
AES128-SHA
|
65
|
+
AES256-SHA
|
66
|
+
}.join(":"),
|
67
|
+
)
|
68
|
+
end
|
72
69
|
end
|
70
|
+
|
71
|
+
if defined?(OpenSSL::PKey::DH)
|
72
|
+
DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
|
73
|
+
-----BEGIN DH PARAMETERS-----
|
74
|
+
MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY
|
75
|
+
JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab
|
76
|
+
VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6
|
77
|
+
YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
|
78
|
+
1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD
|
79
|
+
7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg==
|
80
|
+
-----END DH PARAMETERS-----
|
81
|
+
_end_of_pem_
|
82
|
+
private_constant :DEFAULT_2048
|
83
|
+
|
84
|
+
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
|
85
|
+
warn "using default DH parameters." if $VERBOSE
|
86
|
+
DEFAULT_2048
|
87
|
+
}
|
73
88
|
end
|
74
89
|
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
|
81
|
-
"alpn_protocols", "alpn_select_cb",
|
82
|
-
"npn_select_cb"].map { |x| "@#{x}" }
|
90
|
+
begin
|
91
|
+
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
|
92
|
+
DEFAULT_CERT_STORE.set_default_paths
|
93
|
+
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
94
|
+
end unless const_defined? :DEFAULT_CERT_STORE # JRuby
|
83
95
|
|
84
96
|
# A callback invoked when DH parameters are required.
|
85
97
|
#
|
@@ -92,44 +104,130 @@ module OpenSSL
|
|
92
104
|
|
93
105
|
attr_accessor :tmp_dh_callback
|
94
106
|
|
95
|
-
#
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
attr_accessor :servername_cb
|
102
|
-
#end
|
107
|
+
# A callback invoked at connect time to distinguish between multiple
|
108
|
+
# server names.
|
109
|
+
#
|
110
|
+
# The callback is invoked with an SSLSocket and a server name. The
|
111
|
+
# callback must return an SSLContext for the server name or nil.
|
112
|
+
attr_accessor :servername_cb
|
103
113
|
|
104
114
|
# call-seq:
|
105
|
-
# SSLContext.new
|
106
|
-
# SSLContext.new(:TLSv1)
|
107
|
-
# SSLContext.new("
|
115
|
+
# SSLContext.new -> ctx
|
116
|
+
# SSLContext.new(:TLSv1) -> ctx
|
117
|
+
# SSLContext.new("SSLv23") -> ctx
|
118
|
+
#
|
119
|
+
# Creates a new SSL context.
|
108
120
|
#
|
109
|
-
#
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
121
|
+
# If an argument is given, #ssl_version= is called with the value. Note
|
122
|
+
# that this form is deprecated. New applications should use #min_version=
|
123
|
+
# and #max_version= as necessary.
|
124
|
+
# def initialize(version = nil)
|
125
|
+
# self.options |= OpenSSL::SSL::OP_ALL
|
126
|
+
# self.ssl_version = version if version
|
127
|
+
# end
|
114
128
|
|
115
129
|
##
|
116
|
-
#
|
117
|
-
#
|
130
|
+
# call-seq:
|
131
|
+
# ctx.set_params(params = {}) -> params
|
132
|
+
#
|
133
|
+
# Sets saner defaults optimized for the use with HTTP-like protocols.
|
134
|
+
#
|
135
|
+
# If a Hash _params_ is given, the parameters are overridden with it.
|
136
|
+
# The keys in _params_ must be assignment methods on SSLContext.
|
118
137
|
#
|
119
138
|
# If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
|
120
139
|
# cert_store are not set then the system default certificate store is
|
121
140
|
# used.
|
122
|
-
|
123
141
|
def set_params(params={})
|
124
142
|
params = DEFAULT_PARAMS.merge(params)
|
125
|
-
|
143
|
+
# TODO JRuby: need to support SSLContext#options (since Ruby 2.5)
|
144
|
+
#self.options = params.delete(:options) # set before min_version/max_version
|
145
|
+
params.each { |name, value| self.__send__("#{name}=", value) }
|
126
146
|
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
127
147
|
unless self.ca_file or self.ca_path or self.cert_store
|
128
148
|
self.cert_store = DEFAULT_CERT_STORE
|
129
149
|
end
|
130
150
|
end
|
131
151
|
return params
|
132
|
-
end unless method_defined? :set_params
|
152
|
+
end unless method_defined? :set_params
|
153
|
+
|
154
|
+
# call-seq:
|
155
|
+
# ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
|
156
|
+
# ctx.min_version = :TLS1_2
|
157
|
+
# ctx.min_version = nil
|
158
|
+
#
|
159
|
+
# Sets the lower bound on the supported SSL/TLS protocol version. The
|
160
|
+
# version may be specified by an integer constant named
|
161
|
+
# OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
|
162
|
+
#
|
163
|
+
# Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
|
164
|
+
# options by #options= once you have called #min_version= or
|
165
|
+
# #max_version=.
|
166
|
+
#
|
167
|
+
# === Example
|
168
|
+
# ctx = OpenSSL::SSL::SSLContext.new
|
169
|
+
# ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
|
170
|
+
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
171
|
+
#
|
172
|
+
# sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
|
173
|
+
# sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
|
174
|
+
def min_version=(version)
|
175
|
+
set_minmax_proto_version(version, @max_proto_version ||= nil)
|
176
|
+
@min_proto_version = version
|
177
|
+
end
|
178
|
+
|
179
|
+
# call-seq:
|
180
|
+
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
181
|
+
# ctx.max_version = :TLS1_2
|
182
|
+
# ctx.max_version = nil
|
183
|
+
#
|
184
|
+
# Sets the upper bound of the supported SSL/TLS protocol version. See
|
185
|
+
# #min_version= for the possible values.
|
186
|
+
def max_version=(version)
|
187
|
+
set_minmax_proto_version(@min_proto_version ||= nil, version)
|
188
|
+
@max_proto_version = version
|
189
|
+
end
|
190
|
+
|
191
|
+
# call-seq:
|
192
|
+
# ctx.ssl_version = :TLSv1
|
193
|
+
# ctx.ssl_version = "SSLv23"
|
194
|
+
#
|
195
|
+
# Sets the SSL/TLS protocol version for the context. This forces
|
196
|
+
# connections to use only the specified protocol version. This is
|
197
|
+
# deprecated and only provided for backwards compatibility. Use
|
198
|
+
# #min_version= and #max_version= instead.
|
199
|
+
#
|
200
|
+
# === History
|
201
|
+
# As the name hints, this used to call the SSL_CTX_set_ssl_version()
|
202
|
+
# function which sets the SSL method used for connections created from
|
203
|
+
# the context. As of Ruby/OpenSSL 2.1, this accessor method is
|
204
|
+
# implemented to call #min_version= and #max_version= instead.
|
205
|
+
def ssl_version=(meth)
|
206
|
+
meth = meth.to_s if meth.is_a?(Symbol)
|
207
|
+
if /(?<type>_client|_server)\z/ =~ meth
|
208
|
+
meth = $`
|
209
|
+
if $VERBOSE
|
210
|
+
warn "#{caller(1, 1)[0]}: method type #{type.inspect} is ignored"
|
211
|
+
end
|
212
|
+
end
|
213
|
+
version = METHODS_MAP[meth.intern] or
|
214
|
+
raise ArgumentError, "unknown SSL method `%s'" % meth
|
215
|
+
set_minmax_proto_version(version, version)
|
216
|
+
@min_proto_version = @max_proto_version = version
|
217
|
+
end unless method_defined? :ssl_version=
|
218
|
+
|
219
|
+
METHODS_MAP = {
|
220
|
+
SSLv23: 0,
|
221
|
+
SSLv2: OpenSSL::SSL::SSL2_VERSION,
|
222
|
+
SSLv3: OpenSSL::SSL::SSL3_VERSION,
|
223
|
+
TLSv1: OpenSSL::SSL::TLS1_VERSION,
|
224
|
+
TLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,
|
225
|
+
TLSv1_2: OpenSSL::SSL::TLS1_2_VERSION,
|
226
|
+
}.freeze
|
227
|
+
private_constant :METHODS_MAP
|
228
|
+
|
229
|
+
# METHODS setup from native (JRuby)
|
230
|
+
# deprecate_constant :METHODS
|
133
231
|
end
|
134
232
|
|
135
233
|
module SocketForwarder
|
@@ -254,55 +352,36 @@ module OpenSSL
|
|
254
352
|
include Buffering
|
255
353
|
include SocketForwarder
|
256
354
|
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
# SSLSocket.new(io) => aSSLSocket
|
270
|
-
# SSLSocket.new(io, ctx) => aSSLSocket
|
271
|
-
#
|
272
|
-
# Creates a new SSL socket from +io+ which must be a real ruby object (not an
|
273
|
-
# IO-like object that responds to read/write).
|
274
|
-
#
|
275
|
-
# If +ctx+ is provided the SSL Sockets initial params will be taken from
|
276
|
-
# the context.
|
277
|
-
#
|
278
|
-
# The OpenSSL::Buffering module provides additional IO methods.
|
279
|
-
#
|
280
|
-
# This method will freeze the SSLContext if one is provided;
|
281
|
-
# however, session management is still allowed in the frozen SSLContext.
|
282
|
-
|
283
|
-
def initialize(io, context = OpenSSL::SSL::SSLContext.new)
|
284
|
-
@io = io
|
285
|
-
@context = context
|
286
|
-
@sync_close = false
|
287
|
-
@hostname = nil
|
288
|
-
@io.nonblock = true if @io.respond_to?(:nonblock=)
|
289
|
-
context.setup
|
290
|
-
super()
|
291
|
-
end
|
292
|
-
end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
|
355
|
+
# attr_reader :hostname
|
356
|
+
#
|
357
|
+
# # The underlying IO object.
|
358
|
+
# attr_reader :io
|
359
|
+
# alias :to_io :io
|
360
|
+
#
|
361
|
+
# # The SSLContext object used in this connection.
|
362
|
+
# attr_reader :context
|
363
|
+
#
|
364
|
+
# # Whether to close the underlying socket as well, when the SSL/TLS
|
365
|
+
# # connection is shut down. This defaults to +false+.
|
366
|
+
# attr_accessor :sync_close
|
293
367
|
|
294
368
|
# call-seq:
|
295
369
|
# ssl.sysclose => nil
|
296
370
|
#
|
297
|
-
#
|
371
|
+
# Sends "close notify" to the peer and tries to shut down the SSL
|
372
|
+
# connection gracefully.
|
373
|
+
#
|
374
|
+
# If sync_close is set to +true+, the underlying IO is also closed.
|
298
375
|
def sysclose
|
299
376
|
return if closed?
|
300
377
|
stop
|
301
378
|
io.close if sync_close
|
302
|
-
end unless
|
379
|
+
end unless method_defined? :sysclose
|
303
380
|
|
304
|
-
|
305
|
-
#
|
381
|
+
# call-seq:
|
382
|
+
# ssl.post_connection_check(hostname) -> true
|
383
|
+
#
|
384
|
+
# Perform hostname verification following RFC 6125.
|
306
385
|
#
|
307
386
|
# This method MUST be called after calling #connect to ensure that the
|
308
387
|
# hostname of a remote peer has been verified.
|
@@ -310,7 +389,8 @@ module OpenSSL
|
|
310
389
|
if peer_cert.nil?
|
311
390
|
msg = "Peer verification enabled, but no certificate received."
|
312
391
|
if using_anon_cipher?
|
313
|
-
msg += " Anonymous cipher suite #{cipher[0]} was negotiated.
|
392
|
+
msg += " Anonymous cipher suite #{cipher[0]} was negotiated. " \
|
393
|
+
"Anonymous suites must be disabled to use peer verification."
|
314
394
|
end
|
315
395
|
raise SSLError, msg
|
316
396
|
end
|
@@ -321,11 +401,16 @@ module OpenSSL
|
|
321
401
|
return true
|
322
402
|
end
|
323
403
|
|
324
|
-
#
|
325
|
-
#
|
326
|
-
#
|
327
|
-
#
|
328
|
-
#
|
404
|
+
# call-seq:
|
405
|
+
# ssl.session -> aSession
|
406
|
+
#
|
407
|
+
# Returns the SSLSession object currently used, or nil if the session is
|
408
|
+
# not established.
|
409
|
+
def session
|
410
|
+
SSL::Session.new(self)
|
411
|
+
rescue SSL::Session::SessionError
|
412
|
+
nil
|
413
|
+
end unless method_defined? :session # JRuby
|
329
414
|
|
330
415
|
private
|
331
416
|
|
@@ -340,7 +425,7 @@ module OpenSSL
|
|
340
425
|
end
|
341
426
|
|
342
427
|
def tmp_dh_callback
|
343
|
-
@context.tmp_dh_callback || OpenSSL::
|
428
|
+
@context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
|
344
429
|
end
|
345
430
|
|
346
431
|
def tmp_ecdh_callback
|
@@ -364,8 +449,8 @@ module OpenSSL
|
|
364
449
|
attr_accessor :start_immediately
|
365
450
|
|
366
451
|
# Creates a new instance of SSLServer.
|
367
|
-
# *
|
368
|
-
# *
|
452
|
+
# * _srv_ is an instance of TCPServer.
|
453
|
+
# * _ctx_ is an instance of OpenSSL::SSL::SSLContext.
|
369
454
|
def initialize(svr, ctx)
|
370
455
|
@svr = svr
|
371
456
|
@ctx = ctx
|
@@ -14,6 +14,54 @@
|
|
14
14
|
|
15
15
|
module OpenSSL
|
16
16
|
module X509
|
17
|
+
# class ExtensionFactory
|
18
|
+
# def create_extension(*arg)
|
19
|
+
# if arg.size > 1
|
20
|
+
# create_ext(*arg)
|
21
|
+
# else
|
22
|
+
# send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
|
23
|
+
# end
|
24
|
+
# end
|
25
|
+
#
|
26
|
+
# def create_ext_from_array(ary)
|
27
|
+
# raise ExtensionError, "unexpected array form" if ary.size > 3
|
28
|
+
# create_ext(ary[0], ary[1], ary[2])
|
29
|
+
# end
|
30
|
+
#
|
31
|
+
# def create_ext_from_string(str) # "oid = critical, value"
|
32
|
+
# oid, value = str.split(/=/, 2)
|
33
|
+
# oid.strip!
|
34
|
+
# value.strip!
|
35
|
+
# create_ext(oid, value)
|
36
|
+
# end
|
37
|
+
#
|
38
|
+
# def create_ext_from_hash(hash)
|
39
|
+
# create_ext(hash["oid"], hash["value"], hash["critical"])
|
40
|
+
# end
|
41
|
+
# end
|
42
|
+
#
|
43
|
+
# class Extension
|
44
|
+
# def ==(other)
|
45
|
+
# return false unless Extension === other
|
46
|
+
# to_der == other.to_der
|
47
|
+
# end
|
48
|
+
#
|
49
|
+
# def to_s # "oid = critical, value"
|
50
|
+
# str = self.oid
|
51
|
+
# str << " = "
|
52
|
+
# str << "critical, " if self.critical?
|
53
|
+
# str << self.value.gsub(/\n/, ", ")
|
54
|
+
# end
|
55
|
+
#
|
56
|
+
# def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
|
57
|
+
# {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
|
58
|
+
# end
|
59
|
+
#
|
60
|
+
# def to_a
|
61
|
+
# [ self.oid, self.value, self.critical? ]
|
62
|
+
# end
|
63
|
+
# end
|
64
|
+
|
17
65
|
class Name
|
18
66
|
module RFC2253DN
|
19
67
|
Special = ',=+<>#;'
|
@@ -96,7 +144,13 @@ module OpenSSL
|
|
96
144
|
end
|
97
145
|
|
98
146
|
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
|
99
|
-
|
147
|
+
if str.start_with?("/")
|
148
|
+
# /A=B/C=D format
|
149
|
+
ary = str[1..-1].split("/").map { |i| i.split("=", 2) }
|
150
|
+
else
|
151
|
+
# Comma-separated
|
152
|
+
ary = str.split(",").map { |i| i.strip.split("=", 2) }
|
153
|
+
end
|
100
154
|
self.new(ary, template)
|
101
155
|
end
|
102
156
|
|
@@ -111,6 +165,13 @@ module OpenSSL
|
|
111
165
|
end
|
112
166
|
end
|
113
167
|
|
168
|
+
# class Attribute
|
169
|
+
# def ==(other)
|
170
|
+
# return false unless Attribute === other
|
171
|
+
# to_der == other.to_der
|
172
|
+
# end
|
173
|
+
# end
|
174
|
+
|
114
175
|
class StoreContext
|
115
176
|
def cleanup
|
116
177
|
warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
|
@@ -129,5 +190,19 @@ module OpenSSL
|
|
129
190
|
}
|
130
191
|
end
|
131
192
|
end
|
193
|
+
|
194
|
+
# class CRL
|
195
|
+
# def ==(other)
|
196
|
+
# return false unless CRL === other
|
197
|
+
# to_der == other.to_der
|
198
|
+
# end
|
199
|
+
# end
|
200
|
+
|
201
|
+
# class Request
|
202
|
+
# def ==(other)
|
203
|
+
# return false unless Request === other
|
204
|
+
# to_der == other.to_der
|
205
|
+
# end
|
206
|
+
# end
|
132
207
|
end
|
133
208
|
end
|
data/lib/jopenssl23/openssl.rb
CHANGED
data/lib/openssl/bn.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
data/lib/openssl/buffering.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
data/lib/openssl/cipher.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
data/lib/openssl/config.rb
CHANGED
@@ -4,8 +4,14 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
11
|
-
end
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
|
+
end
|
10
|
+
|
11
|
+
# @note moved from JOpenSSL native bits.
|
12
|
+
module OpenSSL
|
13
|
+
class Config
|
14
|
+
DEFAULT_CONFIG_FILE = nil
|
15
|
+
end
|
16
|
+
class ConfigError < OpenSSLError; end
|
17
|
+
end
|
data/lib/openssl/digest.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
data/lib/openssl/pkcs12.rb
CHANGED
@@ -28,10 +28,8 @@ module OpenSSL
|
|
28
28
|
@der = str
|
29
29
|
end
|
30
30
|
|
31
|
-
p12_input_stream = java.io.StringBufferInputStream.new(@der)
|
32
|
-
|
33
31
|
store = SecurityHelper.getKeyStore("PKCS12")
|
34
|
-
store.load(
|
32
|
+
store.load(java.io.ByteArrayInputStream.new(@der.to_java_bytes), password.to_java.to_char_array)
|
35
33
|
|
36
34
|
aliases = store.aliases
|
37
35
|
aliases.each do |alias_name|
|
@@ -0,0 +1,22 @@
|
|
1
|
+
#--
|
2
|
+
# Ruby/OpenSSL Project
|
3
|
+
# Copyright (C) 2017 Ruby/OpenSSL Project Authors
|
4
|
+
#++
|
5
|
+
|
6
|
+
# JOpenSSL has these - here for explicit require 'openssl/pkcs5' compatibility
|
7
|
+
|
8
|
+
# module OpenSSL
|
9
|
+
# module PKCS5
|
10
|
+
# module_function
|
11
|
+
#
|
12
|
+
# # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
|
13
|
+
# # This method is provided for backwards compatibility.
|
14
|
+
# def pbkdf2_hmac(pass, salt, iter, keylen, digest)
|
15
|
+
# OpenSSL::KDF.pbkdf2_hmac(pass, salt: salt, iterations: iter, length: keylen, hash: digest)
|
16
|
+
# end
|
17
|
+
#
|
18
|
+
# def pbkdf2_hmac_sha1(pass, salt, iter, keylen)
|
19
|
+
# pbkdf2_hmac(pass, salt, iter, keylen, "sha1")
|
20
|
+
# end
|
21
|
+
# end
|
22
|
+
# end
|
data/lib/openssl/ssl-internal.rb
CHANGED
@@ -1,7 +1,5 @@
|
|
1
1
|
if RUBY_VERSION > '2.1'
|
2
2
|
raise LoadError, "no such library in #{RUBY_VERSION}: openssl/ssl-internal.rb"
|
3
|
-
elsif RUBY_VERSION > '1.9'
|
4
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
5
3
|
else
|
6
|
-
load "
|
4
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
7
5
|
end
|
data/lib/openssl/ssl.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
@@ -1,7 +1,5 @@
|
|
1
1
|
if RUBY_VERSION > '2.1'
|
2
2
|
raise LoadError, "no such library in #{RUBY_VERSION}: openssl/x509-internal.rb"
|
3
|
-
elsif RUBY_VERSION > '1.9'
|
4
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
5
3
|
else
|
6
|
-
load "
|
4
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
7
5
|
end
|
data/lib/openssl/x509.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
Binary file
|