jruby-openssl 0.9.20-java → 0.10.7-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +132 -1
- data/LICENSE.txt +1 -1
- data/Mavenfile +49 -69
- data/README.md +14 -16
- data/Rakefile +4 -0
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +21 -12
- data/lib/jopenssl/version.rb +8 -10
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl19/openssl/ssl-internal.rb +104 -0
- data/lib/jopenssl22/openssl/ssl.rb +16 -16
- data/lib/jopenssl23/openssl/bn.rb +2 -1
- data/lib/jopenssl23/openssl/buffering.rb +39 -35
- data/lib/jopenssl23/openssl/config.rb +12 -11
- data/lib/jopenssl23/openssl/digest.rb +1 -1
- data/lib/jopenssl23/openssl/pkey.rb +22 -34
- data/lib/jopenssl23/openssl/ssl.rb +210 -125
- data/lib/jopenssl23/openssl/x509.rb +76 -1
- data/lib/jopenssl23/openssl.rb +1 -1
- data/lib/openssl/bn.rb +1 -3
- data/lib/openssl/buffering.rb +1 -3
- data/lib/openssl/cipher.rb +1 -3
- data/lib/openssl/config.rb +10 -4
- data/lib/openssl/digest.rb +1 -3
- data/lib/openssl/pkcs12.rb +1 -3
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/ssl-internal.rb +1 -3
- data/lib/openssl/ssl.rb +1 -3
- data/lib/openssl/x509-internal.rb +1 -3
- data/lib/openssl/x509.rb +1 -3
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.68/bcpkix-jdk15on-1.68.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.68/bcprov-jdk15on-1.68.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.68/bctls-jdk15on-1.68.jar +0 -0
- data/pom.xml +100 -322
- metadata +19 -75
- data/integration/1.47/pom.xml +0 -15
- data/integration/1.48/pom.xml +0 -15
- data/integration/1.49/pom.xml +0 -15
- data/integration/1.50/pom.xml +0 -15
- data/integration/Mavenfile +0 -57
- data/integration/pom.xml +0 -122
- data/lib/jopenssl18/openssl/bn.rb +0 -25
- data/lib/jopenssl18/openssl/buffering.rb +0 -241
- data/lib/jopenssl18/openssl/cipher.rb +0 -28
- data/lib/jopenssl18/openssl/config.rb +0 -316
- data/lib/jopenssl18/openssl/digest.rb +0 -32
- data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
- data/lib/jopenssl18/openssl/ssl-internal.rb +0 -112
- data/lib/jopenssl18/openssl/ssl.rb +0 -1
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -110
- data/lib/jopenssl18/openssl/x509.rb +0 -1
- data/lib/jopenssl18/openssl.rb +0 -23
- data/lib/jopenssl24.rb +0 -112
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.56/bcpkix-jdk15on-1.56.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.56/bcprov-jdk15on-1.56.jar +0 -0
@@ -16,70 +16,82 @@ require "io/nonblock"
|
|
16
16
|
module OpenSSL
|
17
17
|
module SSL
|
18
18
|
class SSLContext
|
19
|
-
DEFAULT_PARAMS
|
20
|
-
|
19
|
+
unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
|
20
|
+
DEFAULT_PARAMS = { # :nodoc:
|
21
|
+
:min_version => OpenSSL::SSL::TLS1_VERSION,
|
21
22
|
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
22
|
-
:
|
23
|
-
ECDHE-ECDSA-AES128-GCM-SHA256
|
24
|
-
ECDHE-RSA-AES128-GCM-SHA256
|
25
|
-
ECDHE-ECDSA-AES256-GCM-SHA384
|
26
|
-
ECDHE-RSA-AES256-GCM-SHA384
|
27
|
-
DHE-RSA-AES128-GCM-SHA256
|
28
|
-
DHE-DSS-AES128-GCM-SHA256
|
29
|
-
DHE-RSA-AES256-GCM-SHA384
|
30
|
-
DHE-DSS-AES256-GCM-SHA384
|
31
|
-
ECDHE-ECDSA-AES128-SHA256
|
32
|
-
ECDHE-RSA-AES128-SHA256
|
33
|
-
ECDHE-ECDSA-AES128-SHA
|
34
|
-
ECDHE-RSA-AES128-SHA
|
35
|
-
ECDHE-ECDSA-AES256-SHA384
|
36
|
-
ECDHE-RSA-AES256-SHA384
|
37
|
-
ECDHE-ECDSA-AES256-SHA
|
38
|
-
ECDHE-RSA-AES256-SHA
|
39
|
-
DHE-RSA-AES128-SHA256
|
40
|
-
DHE-RSA-AES256-SHA256
|
41
|
-
DHE-RSA-AES128-SHA
|
42
|
-
DHE-RSA-AES256-SHA
|
43
|
-
DHE-DSS-AES128-SHA256
|
44
|
-
DHE-DSS-AES256-SHA256
|
45
|
-
DHE-DSS-AES128-SHA
|
46
|
-
DHE-DSS-AES256-SHA
|
47
|
-
AES128-GCM-SHA256
|
48
|
-
AES256-GCM-SHA384
|
49
|
-
AES128-SHA256
|
50
|
-
AES256-SHA256
|
51
|
-
AES128-SHA
|
52
|
-
AES256-SHA
|
53
|
-
ECDHE-ECDSA-RC4-SHA
|
54
|
-
ECDHE-RSA-RC4-SHA
|
55
|
-
RC4-SHA
|
56
|
-
}.join(":"),
|
23
|
+
:verify_hostname => true,
|
57
24
|
:options => -> {
|
58
25
|
opts = OpenSSL::SSL::OP_ALL
|
59
|
-
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
|
60
|
-
opts |= OpenSSL::SSL::OP_NO_COMPRESSION
|
61
|
-
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
62
|
-
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
26
|
+
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
|
27
|
+
opts |= OpenSSL::SSL::OP_NO_COMPRESSION
|
63
28
|
opts
|
64
29
|
}.call
|
65
|
-
}
|
30
|
+
}
|
66
31
|
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
32
|
+
if !(OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL") &&
|
33
|
+
OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000)
|
34
|
+
DEFAULT_PARAMS.merge!(
|
35
|
+
ciphers: %w{
|
36
|
+
ECDHE-ECDSA-AES128-GCM-SHA256
|
37
|
+
ECDHE-RSA-AES128-GCM-SHA256
|
38
|
+
ECDHE-ECDSA-AES256-GCM-SHA384
|
39
|
+
ECDHE-RSA-AES256-GCM-SHA384
|
40
|
+
DHE-RSA-AES128-GCM-SHA256
|
41
|
+
DHE-DSS-AES128-GCM-SHA256
|
42
|
+
DHE-RSA-AES256-GCM-SHA384
|
43
|
+
DHE-DSS-AES256-GCM-SHA384
|
44
|
+
ECDHE-ECDSA-AES128-SHA256
|
45
|
+
ECDHE-RSA-AES128-SHA256
|
46
|
+
ECDHE-ECDSA-AES128-SHA
|
47
|
+
ECDHE-RSA-AES128-SHA
|
48
|
+
ECDHE-ECDSA-AES256-SHA384
|
49
|
+
ECDHE-RSA-AES256-SHA384
|
50
|
+
ECDHE-ECDSA-AES256-SHA
|
51
|
+
ECDHE-RSA-AES256-SHA
|
52
|
+
DHE-RSA-AES128-SHA256
|
53
|
+
DHE-RSA-AES256-SHA256
|
54
|
+
DHE-RSA-AES128-SHA
|
55
|
+
DHE-RSA-AES256-SHA
|
56
|
+
DHE-DSS-AES128-SHA256
|
57
|
+
DHE-DSS-AES256-SHA256
|
58
|
+
DHE-DSS-AES128-SHA
|
59
|
+
DHE-DSS-AES256-SHA
|
60
|
+
AES128-GCM-SHA256
|
61
|
+
AES256-GCM-SHA384
|
62
|
+
AES128-SHA256
|
63
|
+
AES256-SHA256
|
64
|
+
AES128-SHA
|
65
|
+
AES256-SHA
|
66
|
+
}.join(":"),
|
67
|
+
)
|
68
|
+
end
|
72
69
|
end
|
70
|
+
|
71
|
+
if defined?(OpenSSL::PKey::DH)
|
72
|
+
DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
|
73
|
+
-----BEGIN DH PARAMETERS-----
|
74
|
+
MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY
|
75
|
+
JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab
|
76
|
+
VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6
|
77
|
+
YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
|
78
|
+
1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD
|
79
|
+
7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg==
|
80
|
+
-----END DH PARAMETERS-----
|
81
|
+
_end_of_pem_
|
82
|
+
private_constant :DEFAULT_2048
|
83
|
+
|
84
|
+
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
|
85
|
+
warn "using default DH parameters." if $VERBOSE
|
86
|
+
DEFAULT_2048
|
87
|
+
}
|
73
88
|
end
|
74
89
|
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
|
81
|
-
"alpn_protocols", "alpn_select_cb",
|
82
|
-
"npn_select_cb"].map { |x| "@#{x}" }
|
90
|
+
begin
|
91
|
+
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
|
92
|
+
DEFAULT_CERT_STORE.set_default_paths
|
93
|
+
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
94
|
+
end unless const_defined? :DEFAULT_CERT_STORE # JRuby
|
83
95
|
|
84
96
|
# A callback invoked when DH parameters are required.
|
85
97
|
#
|
@@ -92,44 +104,130 @@ module OpenSSL
|
|
92
104
|
|
93
105
|
attr_accessor :tmp_dh_callback
|
94
106
|
|
95
|
-
#
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
attr_accessor :servername_cb
|
102
|
-
#end
|
107
|
+
# A callback invoked at connect time to distinguish between multiple
|
108
|
+
# server names.
|
109
|
+
#
|
110
|
+
# The callback is invoked with an SSLSocket and a server name. The
|
111
|
+
# callback must return an SSLContext for the server name or nil.
|
112
|
+
attr_accessor :servername_cb
|
103
113
|
|
104
114
|
# call-seq:
|
105
|
-
# SSLContext.new
|
106
|
-
# SSLContext.new(:TLSv1)
|
107
|
-
# SSLContext.new("
|
115
|
+
# SSLContext.new -> ctx
|
116
|
+
# SSLContext.new(:TLSv1) -> ctx
|
117
|
+
# SSLContext.new("SSLv23") -> ctx
|
118
|
+
#
|
119
|
+
# Creates a new SSL context.
|
108
120
|
#
|
109
|
-
#
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
121
|
+
# If an argument is given, #ssl_version= is called with the value. Note
|
122
|
+
# that this form is deprecated. New applications should use #min_version=
|
123
|
+
# and #max_version= as necessary.
|
124
|
+
# def initialize(version = nil)
|
125
|
+
# self.options |= OpenSSL::SSL::OP_ALL
|
126
|
+
# self.ssl_version = version if version
|
127
|
+
# end
|
114
128
|
|
115
129
|
##
|
116
|
-
#
|
117
|
-
#
|
130
|
+
# call-seq:
|
131
|
+
# ctx.set_params(params = {}) -> params
|
132
|
+
#
|
133
|
+
# Sets saner defaults optimized for the use with HTTP-like protocols.
|
134
|
+
#
|
135
|
+
# If a Hash _params_ is given, the parameters are overridden with it.
|
136
|
+
# The keys in _params_ must be assignment methods on SSLContext.
|
118
137
|
#
|
119
138
|
# If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
|
120
139
|
# cert_store are not set then the system default certificate store is
|
121
140
|
# used.
|
122
|
-
|
123
141
|
def set_params(params={})
|
124
142
|
params = DEFAULT_PARAMS.merge(params)
|
125
|
-
|
143
|
+
# TODO JRuby: need to support SSLContext#options (since Ruby 2.5)
|
144
|
+
#self.options = params.delete(:options) # set before min_version/max_version
|
145
|
+
params.each { |name, value| self.__send__("#{name}=", value) }
|
126
146
|
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
127
147
|
unless self.ca_file or self.ca_path or self.cert_store
|
128
148
|
self.cert_store = DEFAULT_CERT_STORE
|
129
149
|
end
|
130
150
|
end
|
131
151
|
return params
|
132
|
-
end unless method_defined? :set_params
|
152
|
+
end unless method_defined? :set_params
|
153
|
+
|
154
|
+
# call-seq:
|
155
|
+
# ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
|
156
|
+
# ctx.min_version = :TLS1_2
|
157
|
+
# ctx.min_version = nil
|
158
|
+
#
|
159
|
+
# Sets the lower bound on the supported SSL/TLS protocol version. The
|
160
|
+
# version may be specified by an integer constant named
|
161
|
+
# OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
|
162
|
+
#
|
163
|
+
# Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
|
164
|
+
# options by #options= once you have called #min_version= or
|
165
|
+
# #max_version=.
|
166
|
+
#
|
167
|
+
# === Example
|
168
|
+
# ctx = OpenSSL::SSL::SSLContext.new
|
169
|
+
# ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
|
170
|
+
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
171
|
+
#
|
172
|
+
# sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
|
173
|
+
# sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
|
174
|
+
def min_version=(version)
|
175
|
+
set_minmax_proto_version(version, @max_proto_version ||= nil)
|
176
|
+
@min_proto_version = version
|
177
|
+
end
|
178
|
+
|
179
|
+
# call-seq:
|
180
|
+
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
181
|
+
# ctx.max_version = :TLS1_2
|
182
|
+
# ctx.max_version = nil
|
183
|
+
#
|
184
|
+
# Sets the upper bound of the supported SSL/TLS protocol version. See
|
185
|
+
# #min_version= for the possible values.
|
186
|
+
def max_version=(version)
|
187
|
+
set_minmax_proto_version(@min_proto_version ||= nil, version)
|
188
|
+
@max_proto_version = version
|
189
|
+
end
|
190
|
+
|
191
|
+
# call-seq:
|
192
|
+
# ctx.ssl_version = :TLSv1
|
193
|
+
# ctx.ssl_version = "SSLv23"
|
194
|
+
#
|
195
|
+
# Sets the SSL/TLS protocol version for the context. This forces
|
196
|
+
# connections to use only the specified protocol version. This is
|
197
|
+
# deprecated and only provided for backwards compatibility. Use
|
198
|
+
# #min_version= and #max_version= instead.
|
199
|
+
#
|
200
|
+
# === History
|
201
|
+
# As the name hints, this used to call the SSL_CTX_set_ssl_version()
|
202
|
+
# function which sets the SSL method used for connections created from
|
203
|
+
# the context. As of Ruby/OpenSSL 2.1, this accessor method is
|
204
|
+
# implemented to call #min_version= and #max_version= instead.
|
205
|
+
def ssl_version=(meth)
|
206
|
+
meth = meth.to_s if meth.is_a?(Symbol)
|
207
|
+
if /(?<type>_client|_server)\z/ =~ meth
|
208
|
+
meth = $`
|
209
|
+
if $VERBOSE
|
210
|
+
warn "#{caller(1, 1)[0]}: method type #{type.inspect} is ignored"
|
211
|
+
end
|
212
|
+
end
|
213
|
+
version = METHODS_MAP[meth.intern] or
|
214
|
+
raise ArgumentError, "unknown SSL method `%s'" % meth
|
215
|
+
set_minmax_proto_version(version, version)
|
216
|
+
@min_proto_version = @max_proto_version = version
|
217
|
+
end unless method_defined? :ssl_version=
|
218
|
+
|
219
|
+
METHODS_MAP = {
|
220
|
+
SSLv23: 0,
|
221
|
+
SSLv2: OpenSSL::SSL::SSL2_VERSION,
|
222
|
+
SSLv3: OpenSSL::SSL::SSL3_VERSION,
|
223
|
+
TLSv1: OpenSSL::SSL::TLS1_VERSION,
|
224
|
+
TLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,
|
225
|
+
TLSv1_2: OpenSSL::SSL::TLS1_2_VERSION,
|
226
|
+
}.freeze
|
227
|
+
private_constant :METHODS_MAP
|
228
|
+
|
229
|
+
# METHODS setup from native (JRuby)
|
230
|
+
# deprecate_constant :METHODS
|
133
231
|
end
|
134
232
|
|
135
233
|
module SocketForwarder
|
@@ -254,55 +352,36 @@ module OpenSSL
|
|
254
352
|
include Buffering
|
255
353
|
include SocketForwarder
|
256
354
|
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
# SSLSocket.new(io) => aSSLSocket
|
270
|
-
# SSLSocket.new(io, ctx) => aSSLSocket
|
271
|
-
#
|
272
|
-
# Creates a new SSL socket from +io+ which must be a real ruby object (not an
|
273
|
-
# IO-like object that responds to read/write).
|
274
|
-
#
|
275
|
-
# If +ctx+ is provided the SSL Sockets initial params will be taken from
|
276
|
-
# the context.
|
277
|
-
#
|
278
|
-
# The OpenSSL::Buffering module provides additional IO methods.
|
279
|
-
#
|
280
|
-
# This method will freeze the SSLContext if one is provided;
|
281
|
-
# however, session management is still allowed in the frozen SSLContext.
|
282
|
-
|
283
|
-
def initialize(io, context = OpenSSL::SSL::SSLContext.new)
|
284
|
-
@io = io
|
285
|
-
@context = context
|
286
|
-
@sync_close = false
|
287
|
-
@hostname = nil
|
288
|
-
@io.nonblock = true if @io.respond_to?(:nonblock=)
|
289
|
-
context.setup
|
290
|
-
super()
|
291
|
-
end
|
292
|
-
end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
|
355
|
+
# attr_reader :hostname
|
356
|
+
#
|
357
|
+
# # The underlying IO object.
|
358
|
+
# attr_reader :io
|
359
|
+
# alias :to_io :io
|
360
|
+
#
|
361
|
+
# # The SSLContext object used in this connection.
|
362
|
+
# attr_reader :context
|
363
|
+
#
|
364
|
+
# # Whether to close the underlying socket as well, when the SSL/TLS
|
365
|
+
# # connection is shut down. This defaults to +false+.
|
366
|
+
# attr_accessor :sync_close
|
293
367
|
|
294
368
|
# call-seq:
|
295
369
|
# ssl.sysclose => nil
|
296
370
|
#
|
297
|
-
#
|
371
|
+
# Sends "close notify" to the peer and tries to shut down the SSL
|
372
|
+
# connection gracefully.
|
373
|
+
#
|
374
|
+
# If sync_close is set to +true+, the underlying IO is also closed.
|
298
375
|
def sysclose
|
299
376
|
return if closed?
|
300
377
|
stop
|
301
378
|
io.close if sync_close
|
302
|
-
end unless
|
379
|
+
end unless method_defined? :sysclose
|
303
380
|
|
304
|
-
|
305
|
-
#
|
381
|
+
# call-seq:
|
382
|
+
# ssl.post_connection_check(hostname) -> true
|
383
|
+
#
|
384
|
+
# Perform hostname verification following RFC 6125.
|
306
385
|
#
|
307
386
|
# This method MUST be called after calling #connect to ensure that the
|
308
387
|
# hostname of a remote peer has been verified.
|
@@ -310,7 +389,8 @@ module OpenSSL
|
|
310
389
|
if peer_cert.nil?
|
311
390
|
msg = "Peer verification enabled, but no certificate received."
|
312
391
|
if using_anon_cipher?
|
313
|
-
msg += " Anonymous cipher suite #{cipher[0]} was negotiated.
|
392
|
+
msg += " Anonymous cipher suite #{cipher[0]} was negotiated. " \
|
393
|
+
"Anonymous suites must be disabled to use peer verification."
|
314
394
|
end
|
315
395
|
raise SSLError, msg
|
316
396
|
end
|
@@ -321,11 +401,16 @@ module OpenSSL
|
|
321
401
|
return true
|
322
402
|
end
|
323
403
|
|
324
|
-
#
|
325
|
-
#
|
326
|
-
#
|
327
|
-
#
|
328
|
-
#
|
404
|
+
# call-seq:
|
405
|
+
# ssl.session -> aSession
|
406
|
+
#
|
407
|
+
# Returns the SSLSession object currently used, or nil if the session is
|
408
|
+
# not established.
|
409
|
+
def session
|
410
|
+
SSL::Session.new(self)
|
411
|
+
rescue SSL::Session::SessionError
|
412
|
+
nil
|
413
|
+
end unless method_defined? :session # JRuby
|
329
414
|
|
330
415
|
private
|
331
416
|
|
@@ -340,7 +425,7 @@ module OpenSSL
|
|
340
425
|
end
|
341
426
|
|
342
427
|
def tmp_dh_callback
|
343
|
-
@context.tmp_dh_callback || OpenSSL::
|
428
|
+
@context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
|
344
429
|
end
|
345
430
|
|
346
431
|
def tmp_ecdh_callback
|
@@ -364,8 +449,8 @@ module OpenSSL
|
|
364
449
|
attr_accessor :start_immediately
|
365
450
|
|
366
451
|
# Creates a new instance of SSLServer.
|
367
|
-
# *
|
368
|
-
# *
|
452
|
+
# * _srv_ is an instance of TCPServer.
|
453
|
+
# * _ctx_ is an instance of OpenSSL::SSL::SSLContext.
|
369
454
|
def initialize(svr, ctx)
|
370
455
|
@svr = svr
|
371
456
|
@ctx = ctx
|
@@ -14,6 +14,54 @@
|
|
14
14
|
|
15
15
|
module OpenSSL
|
16
16
|
module X509
|
17
|
+
# class ExtensionFactory
|
18
|
+
# def create_extension(*arg)
|
19
|
+
# if arg.size > 1
|
20
|
+
# create_ext(*arg)
|
21
|
+
# else
|
22
|
+
# send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
|
23
|
+
# end
|
24
|
+
# end
|
25
|
+
#
|
26
|
+
# def create_ext_from_array(ary)
|
27
|
+
# raise ExtensionError, "unexpected array form" if ary.size > 3
|
28
|
+
# create_ext(ary[0], ary[1], ary[2])
|
29
|
+
# end
|
30
|
+
#
|
31
|
+
# def create_ext_from_string(str) # "oid = critical, value"
|
32
|
+
# oid, value = str.split(/=/, 2)
|
33
|
+
# oid.strip!
|
34
|
+
# value.strip!
|
35
|
+
# create_ext(oid, value)
|
36
|
+
# end
|
37
|
+
#
|
38
|
+
# def create_ext_from_hash(hash)
|
39
|
+
# create_ext(hash["oid"], hash["value"], hash["critical"])
|
40
|
+
# end
|
41
|
+
# end
|
42
|
+
#
|
43
|
+
# class Extension
|
44
|
+
# def ==(other)
|
45
|
+
# return false unless Extension === other
|
46
|
+
# to_der == other.to_der
|
47
|
+
# end
|
48
|
+
#
|
49
|
+
# def to_s # "oid = critical, value"
|
50
|
+
# str = self.oid
|
51
|
+
# str << " = "
|
52
|
+
# str << "critical, " if self.critical?
|
53
|
+
# str << self.value.gsub(/\n/, ", ")
|
54
|
+
# end
|
55
|
+
#
|
56
|
+
# def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
|
57
|
+
# {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
|
58
|
+
# end
|
59
|
+
#
|
60
|
+
# def to_a
|
61
|
+
# [ self.oid, self.value, self.critical? ]
|
62
|
+
# end
|
63
|
+
# end
|
64
|
+
|
17
65
|
class Name
|
18
66
|
module RFC2253DN
|
19
67
|
Special = ',=+<>#;'
|
@@ -96,7 +144,13 @@ module OpenSSL
|
|
96
144
|
end
|
97
145
|
|
98
146
|
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
|
99
|
-
|
147
|
+
if str.start_with?("/")
|
148
|
+
# /A=B/C=D format
|
149
|
+
ary = str[1..-1].split("/").map { |i| i.split("=", 2) }
|
150
|
+
else
|
151
|
+
# Comma-separated
|
152
|
+
ary = str.split(",").map { |i| i.strip.split("=", 2) }
|
153
|
+
end
|
100
154
|
self.new(ary, template)
|
101
155
|
end
|
102
156
|
|
@@ -111,6 +165,13 @@ module OpenSSL
|
|
111
165
|
end
|
112
166
|
end
|
113
167
|
|
168
|
+
# class Attribute
|
169
|
+
# def ==(other)
|
170
|
+
# return false unless Attribute === other
|
171
|
+
# to_der == other.to_der
|
172
|
+
# end
|
173
|
+
# end
|
174
|
+
|
114
175
|
class StoreContext
|
115
176
|
def cleanup
|
116
177
|
warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
|
@@ -129,5 +190,19 @@ module OpenSSL
|
|
129
190
|
}
|
130
191
|
end
|
131
192
|
end
|
193
|
+
|
194
|
+
# class CRL
|
195
|
+
# def ==(other)
|
196
|
+
# return false unless CRL === other
|
197
|
+
# to_der == other.to_der
|
198
|
+
# end
|
199
|
+
# end
|
200
|
+
|
201
|
+
# class Request
|
202
|
+
# def ==(other)
|
203
|
+
# return false unless Request === other
|
204
|
+
# to_der == other.to_der
|
205
|
+
# end
|
206
|
+
# end
|
132
207
|
end
|
133
208
|
end
|
data/lib/jopenssl23/openssl.rb
CHANGED
data/lib/openssl/bn.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
data/lib/openssl/buffering.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
data/lib/openssl/cipher.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
data/lib/openssl/config.rb
CHANGED
@@ -4,8 +4,14 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
11
|
-
end
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
|
+
end
|
10
|
+
|
11
|
+
# @note moved from JOpenSSL native bits.
|
12
|
+
module OpenSSL
|
13
|
+
class Config
|
14
|
+
DEFAULT_CONFIG_FILE = nil
|
15
|
+
end
|
16
|
+
class ConfigError < OpenSSLError; end
|
17
|
+
end
|
data/lib/openssl/digest.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
data/lib/openssl/pkcs12.rb
CHANGED
@@ -28,10 +28,8 @@ module OpenSSL
|
|
28
28
|
@der = str
|
29
29
|
end
|
30
30
|
|
31
|
-
p12_input_stream = java.io.StringBufferInputStream.new(@der)
|
32
|
-
|
33
31
|
store = SecurityHelper.getKeyStore("PKCS12")
|
34
|
-
store.load(
|
32
|
+
store.load(java.io.ByteArrayInputStream.new(@der.to_java_bytes), password.to_java.to_char_array)
|
35
33
|
|
36
34
|
aliases = store.aliases
|
37
35
|
aliases.each do |alias_name|
|
@@ -0,0 +1,22 @@
|
|
1
|
+
#--
|
2
|
+
# Ruby/OpenSSL Project
|
3
|
+
# Copyright (C) 2017 Ruby/OpenSSL Project Authors
|
4
|
+
#++
|
5
|
+
|
6
|
+
# JOpenSSL has these - here for explicit require 'openssl/pkcs5' compatibility
|
7
|
+
|
8
|
+
# module OpenSSL
|
9
|
+
# module PKCS5
|
10
|
+
# module_function
|
11
|
+
#
|
12
|
+
# # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
|
13
|
+
# # This method is provided for backwards compatibility.
|
14
|
+
# def pbkdf2_hmac(pass, salt, iter, keylen, digest)
|
15
|
+
# OpenSSL::KDF.pbkdf2_hmac(pass, salt: salt, iterations: iter, length: keylen, hash: digest)
|
16
|
+
# end
|
17
|
+
#
|
18
|
+
# def pbkdf2_hmac_sha1(pass, salt, iter, keylen)
|
19
|
+
# pbkdf2_hmac(pass, salt, iter, keylen, "sha1")
|
20
|
+
# end
|
21
|
+
# end
|
22
|
+
# end
|
data/lib/openssl/ssl-internal.rb
CHANGED
@@ -1,7 +1,5 @@
|
|
1
1
|
if RUBY_VERSION > '2.1'
|
2
2
|
raise LoadError, "no such library in #{RUBY_VERSION}: openssl/ssl-internal.rb"
|
3
|
-
elsif RUBY_VERSION > '1.9'
|
4
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
5
3
|
else
|
6
|
-
load "
|
4
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
7
5
|
end
|
data/lib/openssl/ssl.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
@@ -1,7 +1,5 @@
|
|
1
1
|
if RUBY_VERSION > '2.1'
|
2
2
|
raise LoadError, "no such library in #{RUBY_VERSION}: openssl/x509-internal.rb"
|
3
|
-
elsif RUBY_VERSION > '1.9'
|
4
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
5
3
|
else
|
6
|
-
load "
|
4
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
7
5
|
end
|
data/lib/openssl/x509.rb
CHANGED
@@ -4,8 +4,6 @@ elsif RUBY_VERSION > '2.2'
|
|
4
4
|
load "jopenssl22/openssl/#{File.basename(__FILE__)}"
|
5
5
|
elsif RUBY_VERSION > '2.1'
|
6
6
|
load "jopenssl21/openssl/#{File.basename(__FILE__)}"
|
7
|
-
elsif RUBY_VERSION > '1.9'
|
8
|
-
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
9
7
|
else
|
10
|
-
load "
|
8
|
+
load "jopenssl19/openssl/#{File.basename(__FILE__)}"
|
11
9
|
end
|
Binary file
|