jruby-openssl 0.9.21-java → 0.10.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/History.md +24 -0
- data/LICENSE.txt +1 -1
- data/Mavenfile +24 -25
- data/README.md +8 -7
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/load.rb +10 -7
- data/lib/jopenssl/version.rb +2 -9
- data/lib/jopenssl23/openssl/config.rb +53 -53
- data/lib/jopenssl23/openssl/ssl.rb +81 -77
- data/lib/org/bouncycastle/bcpkix-jdk15on/{1.56/bcpkix-jdk15on-1.56.jar → 1.59/bcpkix-jdk15on-1.59.jar} +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/{1.56/bcprov-jdk15on-1.56.jar → 1.59/bcprov-jdk15on-1.59.jar} +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.59/bctls-jdk15on-1.59.jar +0 -0
- data/pom.xml +82 -153
- metadata +12 -21
- data/lib/jopenssl18/openssl.rb +0 -23
- data/lib/jopenssl18/openssl/bn.rb +0 -25
- data/lib/jopenssl18/openssl/buffering.rb +0 -241
- data/lib/jopenssl18/openssl/cipher.rb +0 -28
- data/lib/jopenssl18/openssl/config.rb +0 -316
- data/lib/jopenssl18/openssl/digest.rb +0 -32
- data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
- data/lib/jopenssl18/openssl/ssl-internal.rb +0 -112
- data/lib/jopenssl18/openssl/ssl.rb +0 -1
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -110
- data/lib/jopenssl18/openssl/x509.rb +0 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d93b285d36ec67e3b61f243a65384bf348cf95bf
|
4
|
+
data.tar.gz: 18cbb5707579086acf731bc4fe1c33ecd20ed80f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4eb2b1cc22129cce2992317b5731703a392530fa5b8ab7b64cfb2c33763c7923694fbc6591985a7001681ce4df24c64f59e55a2288911026666600a6363a86d0
|
7
|
+
data.tar.gz: 7dadbafd95149c82c1b2669f3e264c59ce2e23d28acc9edc2b8d3d6a18d37a78d412a6bec078b59a44adb78ce348c4b514da1b8bbaed9e66d2b5c85833b8a74d
|
data/History.md
CHANGED
@@ -1,3 +1,27 @@
|
|
1
|
+
## 0.10.0
|
2
|
+
|
3
|
+
**NOTE:** dropped support for anything below ~ JRuby 1.7.20
|
4
|
+
|
5
|
+
* drop support for Java 1.6 and compile using Java 7
|
6
|
+
* improve java.version detection for Java 9/10 (pre-releases)
|
7
|
+
* subject alt name parsing fixes (#140) - thanks @roadrunner2
|
8
|
+
* fix loading of Subject/Issuer-Alt-Name extensions. (#144)
|
9
|
+
* normalize all constants in CipherStrings as public (#146)
|
10
|
+
* upgrade BC to **1.59** and dropped support for BC < 1.55
|
11
|
+
* include BC's JSSE provider as we're planning on using it, eventually
|
12
|
+
* setup OpenSSL::ExtConfig emulation - mostly (conservative) guesses
|
13
|
+
* at last, do BN comparison `==` vs `eql?` properly - just like MRI
|
14
|
+
* get `BN.new("...", 0)` working as OpenSSL does - using MPI format
|
15
|
+
* allow for SSLContext#dup to work (copy-ing Ruby level i-vars only)
|
16
|
+
* fix signature-alg to default to NULL and report it as 0.0 (like MRI)
|
17
|
+
* account for ASN1Integers when transforming issuer serial numbers
|
18
|
+
to_text in AuthorityKeyIdentifier extensions (#147) - thanks @lampad
|
19
|
+
* copy bytes since it might be a shared (unsafe) buffer (#150)
|
20
|
+
* don't use padding for streaming cipher modes (#155) - thanks @dgolombek
|
21
|
+
* avoid ByteList#length() usage for forward (JRuby 9.2) compatibility
|
22
|
+
* prepare for using BC's JSSE implementation as an SSL support backend
|
23
|
+
allow to set SSL provider name (-Djruby.openssl.ssl.provider=...)
|
24
|
+
|
1
25
|
## 0.9.21
|
2
26
|
|
3
27
|
* adjust X.509 value handling to parse subjectAltName recursively (#134)
|
data/LICENSE.txt
CHANGED
@@ -18,7 +18,7 @@ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
18
18
|
DEALINGS IN THE SOFTWARE.
|
19
19
|
|
20
20
|
Copyright (C) 2007-2009 Ola Bini <ola.bini@gmail.com>
|
21
|
-
Copyright (C) 2009-
|
21
|
+
Copyright (C) 2009-2018 The JRuby Team
|
22
22
|
|
23
23
|
Alternatively, the contents of this file may be used under the terms of
|
24
24
|
either of the GNU General Public License Version 2 or later (the "GPL"),
|
data/Mavenfile
CHANGED
@@ -10,7 +10,7 @@ distribution_management do
|
|
10
10
|
repository :id => :ossrh, :url => 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
|
11
11
|
end
|
12
12
|
|
13
|
-
java_target = '1.
|
13
|
+
java_target = '1.7'
|
14
14
|
gen_sources = '${basedir}/target/generated-sources' # hard-coded in AnnotationBinder
|
15
15
|
|
16
16
|
plugin( 'org.codehaus.mojo:exec-maven-plugin', '1.3.2' ) do
|
@@ -49,7 +49,7 @@ plugin( 'org.codehaus.mojo:build-helper-maven-plugin', '1.9' ) do
|
|
49
49
|
end
|
50
50
|
|
51
51
|
plugin( :compiler, '3.1',
|
52
|
-
:source => '1.
|
52
|
+
:source => '1.7', :target => java_target,
|
53
53
|
:encoding => 'UTF-8', :debug => true,
|
54
54
|
:showWarnings => true, :showDeprecation => true,
|
55
55
|
|
@@ -100,20 +100,20 @@ plugin :deploy, '2.8.1' do
|
|
100
100
|
execute_goals( :deploy, :skip => false )
|
101
101
|
end
|
102
102
|
|
103
|
-
supported_bc_versions = %w{ 1.
|
103
|
+
supported_bc_versions = %w{ 1.55 1.56 1.57 1.58 1.59 }
|
104
104
|
|
105
105
|
default_bc_version = File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
|
106
106
|
default_bc_version = default_bc_version[/BOUNCY_CASTLE_VERSION\s?=\s?'(.*?)'/, 1]
|
107
107
|
|
108
108
|
properties( 'jruby.plugins.version' => '1.0.10',
|
109
|
-
'jruby.versions' => '1.7.
|
109
|
+
'jruby.versions' => '1.7.20',
|
110
110
|
'bc.versions' => default_bc_version,
|
111
111
|
'invoker.test' => '${bc.versions}',
|
112
112
|
# allow to skip all tests with -Dmaven.test.skip
|
113
113
|
'invoker.skip' => '${maven.test.skip}',
|
114
114
|
'runit.dir' => 'src/test/ruby/**/test_*.rb',
|
115
115
|
# use this version of jruby for ALL the jruby-maven-plugins
|
116
|
-
'jruby.version' => '1.7.
|
116
|
+
'jruby.version' => '1.7.20',
|
117
117
|
# dump pom.xml as readonly when running 'rmvn'
|
118
118
|
'polyglot.dump.pom' => 'pom.xml',
|
119
119
|
'polyglot.dump.readonly' => true,
|
@@ -141,24 +141,23 @@ invoker_run_options = {
|
|
141
141
|
'runit.dir' => '${runit.dir}' }
|
142
142
|
}
|
143
143
|
|
144
|
-
profile :id => 'test-1.6.8' do
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
end
|
151
|
-
|
152
|
-
profile :id => 'test-1.7.4' do
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
end
|
159
|
-
|
160
|
-
jruby_1_7_versions = %w{ 1.7.
|
161
|
-
jruby_1_7_versions += %w{ 1.7.24 1.7.25 1.7.26 1.7.27 }
|
144
|
+
# profile :id => 'test-1.6.8' do
|
145
|
+
# plugin :invoker, '1.8' do
|
146
|
+
# execute_goals( :install, :run, invoker_run_options )
|
147
|
+
# end
|
148
|
+
# properties 'jruby.versions' => '1.6.8', 'jruby.modes' => '1.8,1.9',
|
149
|
+
# 'bc.versions' => supported_bc_versions.join(',')
|
150
|
+
# end
|
151
|
+
#
|
152
|
+
# profile :id => 'test-1.7.4' do
|
153
|
+
# plugin :invoker, '1.8' do
|
154
|
+
# execute_goals( :install, :run, invoker_run_options )
|
155
|
+
# end
|
156
|
+
# properties 'jruby.versions' => '1.7.4', 'jruby.modes' => '1.8,1.9',
|
157
|
+
# 'bc.versions' => supported_bc_versions.join(',')
|
158
|
+
# end
|
159
|
+
|
160
|
+
jruby_1_7_versions = %w{ 1.7.18 1.7.20 1.7.22 1.7.23 1.7.24 1.7.25 1.7.26 1.7.27 }
|
162
161
|
|
163
162
|
jruby_1_7_versions.each { |version|
|
164
163
|
|
@@ -166,13 +165,13 @@ profile :id => "test-#{version}" do
|
|
166
165
|
plugin :invoker, '1.8' do
|
167
166
|
execute_goals( :install, :run, invoker_run_options )
|
168
167
|
end
|
169
|
-
properties 'jruby.versions' => version, 'jruby.modes' => '1.
|
168
|
+
properties 'jruby.versions' => version, 'jruby.modes' => '1.9,2.0',
|
170
169
|
'bc.versions' => supported_bc_versions.join(',')
|
171
170
|
end
|
172
171
|
|
173
172
|
}
|
174
173
|
|
175
|
-
jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 }
|
174
|
+
jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 9.1.13.0 9.1.16.0 9.1.17.0 }
|
176
175
|
|
177
176
|
jruby_9_K_versions.each { |version|
|
178
177
|
profile :id => "test-#{version}" do
|
data/README.md
CHANGED
@@ -16,12 +16,13 @@ the JRuby [mailing list][1] or the [bug tracker][2].
|
|
16
16
|
|
17
17
|
| JRuby-OpenSSL | JRuby compat | JVM compat | supported BC |
|
18
18
|
| ------------- |:-------------:| ----------:| ------------:|
|
19
|
-
| 0.9.6 | 1.6.8-9.0.2 |
|
20
|
-
| 0.9.12 | 1.6.8-9.0.5 |
|
21
|
-
| 0.9.13 | 1.6.8-9.1.2 |
|
22
|
-
| 0.9.14 | 1.6.8-9.1.5 |
|
23
|
-
| 0.9.17 | 1.6.8-9.1.5 |
|
24
|
-
|
|
19
|
+
| 0.9.6 | 1.6.8-9.0.2 | Java 6-8 | 1.47-1.50 |
|
20
|
+
| 0.9.12 | 1.6.8-9.0.5 | Java 6-8 | 1.47-1.52 |
|
21
|
+
| 0.9.13 | 1.6.8-9.1.2 | Java 6-8 | 1.49-1.52 |
|
22
|
+
| 0.9.14 | 1.6.8-9.1.5 | Java 6-8 | 1.49-1.54 |
|
23
|
+
| 0.9.17 | 1.6.8-9.1.5 | Java 6-8 | 1.50-1.54 |
|
24
|
+
| ~>0.9.18 | 1.6.8-9.1.x | Java 6-8 | 1.50-1.55 |
|
25
|
+
| 0.10.0 | 1.7.20-9.2.x | Java 7-10 | 1.55-1.59 |
|
25
26
|
|
26
27
|
NOTE: backwards JRuby compatibility was not handled for versions <= **0.9.6**
|
27
28
|
|
@@ -62,7 +63,7 @@ NOTE: you can pick any jruby version which is on [central][4] or on [ci.jruby][5
|
|
62
63
|
|
63
64
|
## License
|
64
65
|
|
65
|
-
(c) 2009-
|
66
|
+
(c) 2009-2018 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1
|
66
67
|
|
67
68
|
[0]: https://secure.travis-ci.org/jruby/jruby-openssl.svg
|
68
69
|
[1]: http://xircles.codehaus.org/projects/jruby/lists
|
data/lib/jopenssl.jar
CHANGED
Binary file
|
data/lib/jopenssl/load.rb
CHANGED
@@ -1,23 +1,28 @@
|
|
1
|
-
warn 'Loading jruby-openssl in a non-JRuby interpreter' unless defined? JRUBY_VERSION
|
1
|
+
warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUBY_VERSION
|
2
2
|
|
3
3
|
require 'java'
|
4
4
|
require 'jopenssl/version'
|
5
5
|
|
6
|
+
warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{Jopenssl::VERSION}" if JRUBY_VERSION < '1.7.20'
|
7
|
+
|
6
8
|
# NOTE: assuming user does pull in BC .jars from somewhere else on the CP
|
7
9
|
unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
|
8
|
-
version = Jopenssl::
|
10
|
+
version = Jopenssl::BOUNCY_CASTLE_VERSION
|
9
11
|
bc_jars = nil
|
10
12
|
begin
|
11
13
|
require 'jar-dependencies'
|
12
14
|
# if we have jar-dependencies we let it track the jars
|
13
|
-
require_jar( 'org.bouncycastle', 'bcpkix-jdk15on', version )
|
14
15
|
require_jar( 'org.bouncycastle', 'bcprov-jdk15on', version )
|
16
|
+
require_jar( 'org.bouncycastle', 'bcpkix-jdk15on', version )
|
17
|
+
require_jar( 'org.bouncycastle', 'bctls-jdk15on', version )
|
15
18
|
bc_jars = true
|
16
19
|
rescue LoadError
|
20
|
+
bc_jars = false
|
17
21
|
end
|
18
22
|
unless bc_jars
|
19
|
-
load "org/bouncycastle/bcpkix-jdk15on/#{version}/bcpkix-jdk15on-#{version}.jar"
|
20
23
|
load "org/bouncycastle/bcprov-jdk15on/#{version}/bcprov-jdk15on-#{version}.jar"
|
24
|
+
load "org/bouncycastle/bcpkix-jdk15on/#{version}/bcpkix-jdk15on-#{version}.jar"
|
25
|
+
load "org/bouncycastle/bctls-jdk15on/#{version}/bctls-jdk15on-#{version}.jar"
|
21
26
|
end
|
22
27
|
end
|
23
28
|
|
@@ -32,10 +37,8 @@ elsif RUBY_VERSION > '2.2'
|
|
32
37
|
load 'jopenssl22/openssl.rb'
|
33
38
|
elsif RUBY_VERSION > '2.1'
|
34
39
|
load 'jopenssl21/openssl.rb'
|
35
|
-
elsif RUBY_VERSION > '1.9'
|
36
|
-
load 'jopenssl19/openssl.rb'
|
37
40
|
else
|
38
|
-
load '
|
41
|
+
load 'jopenssl19/openssl.rb'
|
39
42
|
end
|
40
43
|
|
41
44
|
require 'openssl/pkcs12'
|
data/lib/jopenssl/version.rb
CHANGED
@@ -1,11 +1,4 @@
|
|
1
1
|
module Jopenssl
|
2
|
-
VERSION = '0.
|
3
|
-
BOUNCY_CASTLE_VERSION = '1.
|
4
|
-
# @deprecated
|
5
|
-
module Version
|
6
|
-
# @private
|
7
|
-
VERSION = Jopenssl::VERSION
|
8
|
-
# @private
|
9
|
-
BOUNCY_CASTLE_VERSION = Jopenssl::BOUNCY_CASTLE_VERSION
|
10
|
-
end
|
2
|
+
VERSION = '0.10.0'
|
3
|
+
BOUNCY_CASTLE_VERSION = '1.59'
|
11
4
|
end
|
@@ -71,7 +71,7 @@ module OpenSSL
|
|
71
71
|
end
|
72
72
|
end
|
73
73
|
|
74
|
-
|
74
|
+
private
|
75
75
|
|
76
76
|
def parse_config_lines(io)
|
77
77
|
section = 'default'
|
@@ -110,10 +110,10 @@ module OpenSSL
|
|
110
110
|
QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
|
111
111
|
# escaped char map
|
112
112
|
ESCAPE_MAP = {
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
113
|
+
"r" => "\r",
|
114
|
+
"n" => "\n",
|
115
|
+
"b" => "\b",
|
116
|
+
"t" => "\t",
|
117
117
|
}
|
118
118
|
|
119
119
|
def unescape_value(data, section, value)
|
@@ -123,36 +123,36 @@ module OpenSSL
|
|
123
123
|
c = m[0]
|
124
124
|
value = m.post_match
|
125
125
|
case c
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
126
|
+
when "'"
|
127
|
+
if m = value.match(QUOTE_REGEXP_SQ)
|
128
|
+
scanned << m[1].gsub(/\\(.)/, '\\1')
|
129
|
+
value = m.post_match
|
130
|
+
else
|
131
|
+
break
|
132
|
+
end
|
133
|
+
when '"'
|
134
|
+
if m = value.match(QUOTE_REGEXP_DQ)
|
135
|
+
scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
|
136
|
+
value = m.post_match
|
137
|
+
else
|
138
|
+
break
|
139
|
+
end
|
140
|
+
when "\\"
|
141
|
+
c = value.slice!(0, 1)
|
142
|
+
scanned << (ESCAPE_MAP[c] || c)
|
143
|
+
when "$"
|
144
|
+
ref, value = extract_reference(value)
|
145
|
+
refsec = section
|
146
|
+
if ref.index('::')
|
147
|
+
refsec, ref = ref.split('::', 2)
|
148
|
+
end
|
149
|
+
if v = get_key_string(data, refsec, ref)
|
150
|
+
scanned << v
|
151
|
+
else
|
152
|
+
raise ConfigError, "variable has no value"
|
153
|
+
end
|
151
154
|
else
|
152
|
-
raise
|
153
|
-
end
|
154
|
-
else
|
155
|
-
raise 'must not reaced'
|
155
|
+
raise 'must not reaced'
|
156
156
|
end
|
157
157
|
end
|
158
158
|
scanned << value
|
@@ -186,25 +186,25 @@ module OpenSSL
|
|
186
186
|
c = m[0]
|
187
187
|
line = m.post_match
|
188
188
|
case c
|
189
|
-
|
190
|
-
line = nil
|
191
|
-
break
|
192
|
-
when "'", '"'
|
193
|
-
regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
|
194
|
-
scanned << c
|
195
|
-
if m = line.match(regexp)
|
196
|
-
scanned << m[0]
|
197
|
-
line = m.post_match
|
198
|
-
else
|
199
|
-
scanned << line
|
189
|
+
when '#'
|
200
190
|
line = nil
|
201
191
|
break
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
192
|
+
when "'", '"'
|
193
|
+
regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
|
194
|
+
scanned << c
|
195
|
+
if m = line.match(regexp)
|
196
|
+
scanned << m[0]
|
197
|
+
line = m.post_match
|
198
|
+
else
|
199
|
+
scanned << line
|
200
|
+
line = nil
|
201
|
+
break
|
202
|
+
end
|
203
|
+
when "\\"
|
204
|
+
scanned << c
|
205
|
+
scanned << line.slice!(0, 1)
|
206
|
+
else
|
207
|
+
raise 'must not reaced'
|
208
208
|
end
|
209
209
|
end
|
210
210
|
scanned << line
|
@@ -450,13 +450,13 @@ module OpenSSL
|
|
450
450
|
"#<#{self.class.name} sections=#{sections.inspect}>"
|
451
451
|
end
|
452
452
|
|
453
|
-
|
453
|
+
protected
|
454
454
|
|
455
455
|
def data # :nodoc:
|
456
456
|
@data
|
457
457
|
end
|
458
458
|
|
459
|
-
|
459
|
+
private
|
460
460
|
|
461
461
|
def initialize_copy(other)
|
462
462
|
@data = other.data.dup
|
@@ -17,9 +17,9 @@ module OpenSSL
|
|
17
17
|
module SSL
|
18
18
|
class SSLContext
|
19
19
|
DEFAULT_PARAMS = {
|
20
|
-
|
21
|
-
|
22
|
-
|
20
|
+
:ssl_version => "SSLv23",
|
21
|
+
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
22
|
+
:ciphers => %w{
|
23
23
|
ECDHE-ECDSA-AES128-GCM-SHA256
|
24
24
|
ECDHE-RSA-AES128-GCM-SHA256
|
25
25
|
ECDHE-ECDSA-AES256-GCM-SHA384
|
@@ -54,32 +54,32 @@ module OpenSSL
|
|
54
54
|
ECDHE-RSA-RC4-SHA
|
55
55
|
RC4-SHA
|
56
56
|
}.join(":"),
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
} unless const_defined? :DEFAULT_PARAMS # JRuby
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
end
|
57
|
+
:options => -> {
|
58
|
+
opts = OpenSSL::SSL::OP_ALL
|
59
|
+
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
60
|
+
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
|
61
|
+
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
62
|
+
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
63
|
+
opts
|
64
|
+
}.call
|
65
|
+
} unless const_defined? :DEFAULT_PARAMS # JRuby
|
66
|
+
|
67
|
+
begin
|
68
|
+
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
69
|
+
DEFAULT_CERT_STORE.set_default_paths
|
70
|
+
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
71
|
+
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
72
|
+
end
|
73
|
+
end unless const_defined? :DEFAULT_CERT_STORE # JRuby
|
74
74
|
|
75
75
|
INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
76
|
+
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
|
77
|
+
"verify_callback", "cert_store", "extra_chain_cert",
|
78
|
+
"client_cert_cb", "session_id_context", "tmp_dh_callback",
|
79
|
+
"session_get_cb", "session_new_cb", "session_remove_cb",
|
80
|
+
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
|
81
|
+
"alpn_protocols", "alpn_select_cb",
|
82
|
+
"npn_select_cb"].map { |x| "@#{x}" }
|
83
83
|
|
84
84
|
# A callback invoked when DH parameters are required.
|
85
85
|
#
|
@@ -92,14 +92,14 @@ module OpenSSL
|
|
92
92
|
|
93
93
|
attr_accessor :tmp_dh_callback
|
94
94
|
|
95
|
-
|
95
|
+
if ExtConfig::HAVE_TLSEXT_HOST_NAME
|
96
96
|
# A callback invoked at connect time to distinguish between multiple
|
97
97
|
# server names.
|
98
98
|
#
|
99
99
|
# The callback is invoked with an SSLSocket and a server name. The
|
100
100
|
# callback must return an SSLContext for the server name or nil.
|
101
101
|
attr_accessor :servername_cb
|
102
|
-
|
102
|
+
end
|
103
103
|
|
104
104
|
# call-seq:
|
105
105
|
# SSLContext.new => ctx
|
@@ -108,9 +108,10 @@ module OpenSSL
|
|
108
108
|
#
|
109
109
|
# You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
|
110
110
|
def initialize(version = nil)
|
111
|
-
|
111
|
+
INIT_VARS.each { |v| instance_variable_set v, nil }
|
112
|
+
self.options = self.options | OpenSSL::SSL::OP_ALL
|
112
113
|
self.ssl_version = version if version
|
113
|
-
end unless defined? JRUBY_VERSION # JRuby
|
114
|
+
end unless defined? JRUBY_VERSION # JRuby
|
114
115
|
|
115
116
|
##
|
116
117
|
# Sets the parameters for this SSL context to the values in +params+.
|
@@ -129,7 +130,7 @@ module OpenSSL
|
|
129
130
|
end
|
130
131
|
end
|
131
132
|
return params
|
132
|
-
end unless method_defined? :set_params # JRuby
|
133
|
+
end unless method_defined? :set_params # JRuby
|
133
134
|
end
|
134
135
|
|
135
136
|
module SocketForwarder
|
@@ -245,8 +246,8 @@ module OpenSSL
|
|
245
246
|
return false if domain_component.start_with?("xn--") && san_component != "*"
|
246
247
|
|
247
248
|
parts[0].length + parts[1].length < domain_component.length &&
|
248
|
-
|
249
|
-
|
249
|
+
domain_component.start_with?(parts[0]) &&
|
250
|
+
domain_component.end_with?(parts[1])
|
250
251
|
end
|
251
252
|
module_function :verify_wildcard
|
252
253
|
|
@@ -254,52 +255,55 @@ module OpenSSL
|
|
254
255
|
include Buffering
|
255
256
|
include SocketForwarder
|
256
257
|
|
257
|
-
if ExtConfig::OPENSSL_NO_SOCK
|
258
|
-
|
259
|
-
else
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
258
|
+
# if ExtConfig::OPENSSL_NO_SOCK
|
259
|
+
# def initialize(io, ctx = nil); raise NotImplementedError; end
|
260
|
+
# else
|
261
|
+
# if ExtConfig::HAVE_TLSEXT_HOST_NAME
|
262
|
+
# attr_accessor :hostname
|
263
|
+
# end
|
264
|
+
#
|
265
|
+
# attr_reader :io, :context
|
266
|
+
# attr_accessor :sync_close
|
267
|
+
# alias :to_io :io
|
268
|
+
#
|
269
|
+
# # call-seq:
|
270
|
+
# # SSLSocket.new(io) => aSSLSocket
|
271
|
+
# # SSLSocket.new(io, ctx) => aSSLSocket
|
272
|
+
# #
|
273
|
+
# # Creates a new SSL socket from +io+ which must be a real ruby object (not an
|
274
|
+
# # IO-like object that responds to read/write).
|
275
|
+
# #
|
276
|
+
# # If +ctx+ is provided the SSL Sockets initial params will be taken from
|
277
|
+
# # the context.
|
278
|
+
# #
|
279
|
+
# # The OpenSSL::Buffering module provides additional IO methods.
|
280
|
+
# #
|
281
|
+
# # This method will freeze the SSLContext if one is provided;
|
282
|
+
# # however, session management is still allowed in the frozen SSLContext.
|
283
|
+
#
|
284
|
+
# def initialize(io, context = OpenSSL::SSL::SSLContext.new)
|
285
|
+
# @io = io
|
286
|
+
# @context = context
|
287
|
+
# @sync_close = false
|
288
|
+
# @hostname = nil
|
289
|
+
# @io.nonblock = true if @io.respond_to?(:nonblock=)
|
290
|
+
# context.setup
|
291
|
+
# super()
|
292
|
+
# end
|
293
|
+
# end
|
293
294
|
|
294
295
|
# call-seq:
|
295
296
|
# ssl.sysclose => nil
|
296
297
|
#
|
297
|
-
#
|
298
|
+
# Sends "close notify" to the peer and tries to shut down the SSL
|
299
|
+
# connection gracefully.
|
300
|
+
#
|
301
|
+
# If sync_close is set to +true+, the underlying IO is also closed.
|
298
302
|
def sysclose
|
299
303
|
return if closed?
|
300
304
|
stop
|
301
305
|
io.close if sync_close
|
302
|
-
end unless
|
306
|
+
end unless method_defined? :sysclose # JRuby
|
303
307
|
|
304
308
|
##
|
305
309
|
# Perform hostname verification after an SSL connection is established
|
@@ -321,11 +325,11 @@ module OpenSSL
|
|
321
325
|
return true
|
322
326
|
end
|
323
327
|
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
|
328
|
-
#
|
328
|
+
def session
|
329
|
+
SSL::Session.new(self)
|
330
|
+
rescue SSL::Session::SessionError
|
331
|
+
nil
|
332
|
+
end unless method_defined? :session # JRuby
|
329
333
|
|
330
334
|
private
|
331
335
|
|