jruby-openssl 0.9.21-java → 0.10.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e87052a06d037261241a3833d07f02f7c974238f
-  data.tar.gz: fbf9ff734c95504b5c562765bbcee6b09fe0889a
+  metadata.gz: d93b285d36ec67e3b61f243a65384bf348cf95bf
+  data.tar.gz: 18cbb5707579086acf731bc4fe1c33ecd20ed80f
 SHA512:
-  metadata.gz: 0ea15dc9d8bb3504bb752e0a556d9639261090d29879f10206c72e904140d4627e9c46cdbcd5fbbd2786898ac0132bcab8940a650165602a56dff53a1102d775
-  data.tar.gz: d052da3f78a6b0c5236ce796e52f47ed88fe2cc54271b2e25453a41000cc6a8d286b8fe15dacc8074bc66d59b3c325edb67fbc598e215ef05325dd6babd0b635
+  metadata.gz: 4eb2b1cc22129cce2992317b5731703a392530fa5b8ab7b64cfb2c33763c7923694fbc6591985a7001681ce4df24c64f59e55a2288911026666600a6363a86d0
+  data.tar.gz: 7dadbafd95149c82c1b2669f3e264c59ce2e23d28acc9edc2b8d3d6a18d37a78d412a6bec078b59a44adb78ce348c4b514da1b8bbaed9e66d2b5c85833b8a74d

data/History.md

@@ -1,3 +1,27 @@
+## 0.10.0
+
+**NOTE:** dropped support for anything below ~ JRuby 1.7.20
+
+* drop support for Java 1.6 and compile using Java 7
+* improve java.version detection for Java 9/10 (pre-releases)
+* subject alt name parsing fixes (#140) - thanks @roadrunner2
+* fix loading of Subject/Issuer-Alt-Name extensions. (#144)
+* normalize all constants in CipherStrings as public (#146)
+* upgrade BC to **1.59** and dropped support for BC < 1.55
+* include BC's JSSE provider as we're planning on using it, eventually
+* setup OpenSSL::ExtConfig emulation - mostly (conservative) guesses
+* at last, do BN comparison `==` vs `eql?` properly - just like MRI
+* get `BN.new("...", 0)` working as OpenSSL does - using MPI format
+* allow for SSLContext#dup to work (copy-ing Ruby level i-vars only)
+* fix signature-alg to default to NULL and report it as 0.0 (like MRI)
+* account for ASN1Integers when transforming issuer serial numbers 
+  to_text in AuthorityKeyIdentifier extensions (#147) - thanks @lampad
+* copy bytes since it might be a shared (unsafe) buffer (#150)
+* don't use padding for streaming cipher modes (#155) - thanks @dgolombek
+* avoid ByteList#length() usage for forward (JRuby 9.2) compatibility
+* prepare for using BC's JSSE implementation as an SSL support backend
+  allow to set SSL provider name (-Djruby.openssl.ssl.provider=...)
+
 ## 0.9.21
 
 * adjust X.509 value handling to parse subjectAltName recursively (#134)

data/LICENSE.txt

@@ -18,7 +18,7 @@ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 DEALINGS IN THE SOFTWARE.
 
   Copyright (C) 2007-2009 Ola Bini <ola.bini@gmail.com>
-  Copyright (C) 2009-2017 The JRuby Team
+  Copyright (C) 2009-2018 The JRuby Team
 
 Alternatively, the contents of this file may be used under the terms of
 either of the GNU General Public License Version 2 or later (the "GPL"),

data/Mavenfile

@@ -10,7 +10,7 @@ distribution_management do
   repository :id => :ossrh, :url => 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
 end
 
-java_target = '1.6'
+java_target = '1.7'
 gen_sources = '${basedir}/target/generated-sources' # hard-coded in AnnotationBinder
 
 plugin( 'org.codehaus.mojo:exec-maven-plugin', '1.3.2' ) do
@@ -49,7 +49,7 @@ plugin( 'org.codehaus.mojo:build-helper-maven-plugin', '1.9' ) do
 end
 
 plugin( :compiler, '3.1',
-        :source => '1.6', :target => java_target,
+        :source => '1.7', :target => java_target,
         :encoding => 'UTF-8', :debug => true,
         :showWarnings => true, :showDeprecation => true,
 
@@ -100,20 +100,20 @@ plugin :deploy, '2.8.1' do
   execute_goals( :deploy, :skip => false )
 end
 
-supported_bc_versions = %w{ 1.51 1.52 1.53 1.54 } # due EC support dropped <= 1.50
+supported_bc_versions = %w{ 1.55 1.56 1.57 1.58 1.59 }
 
 default_bc_version = File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
 default_bc_version = default_bc_version[/BOUNCY_CASTLE_VERSION\s?=\s?'(.*?)'/, 1]
 
 properties( 'jruby.plugins.version' => '1.0.10',
-            'jruby.versions' => '1.7.18',
+            'jruby.versions' => '1.7.20',
             'bc.versions' => default_bc_version,
             'invoker.test' => '${bc.versions}',
             # allow to skip all tests with -Dmaven.test.skip
             'invoker.skip' => '${maven.test.skip}',
             'runit.dir' => 'src/test/ruby/**/test_*.rb',
             # use this version of jruby for ALL the jruby-maven-plugins
-            'jruby.version' => '1.7.18',
+            'jruby.version' => '1.7.20',
             # dump pom.xml as readonly when running 'rmvn'
             'polyglot.dump.pom' => 'pom.xml',
             'polyglot.dump.readonly' => true,
@@ -141,24 +141,23 @@ invoker_run_options = {
       'runit.dir' => '${runit.dir}' }
 }
 
-profile :id => 'test-1.6.8' do
-  plugin :invoker, '1.8' do
-    execute_goals( :install, :run, invoker_run_options )
-  end
-  properties 'jruby.versions' => '1.6.8', 'jruby.modes' => '1.8,1.9',
-             'bc.versions' => supported_bc_versions.join(',')
-end
-
-profile :id => 'test-1.7.4' do
-  plugin :invoker, '1.8' do
-    execute_goals( :install, :run, invoker_run_options )
-  end
-  properties 'jruby.versions' => '1.7.4', 'jruby.modes' => '1.8,1.9',
-             'bc.versions' => supported_bc_versions.join(',')
-end
-
-jruby_1_7_versions = %w{ 1.7.13 1.7.15 1.7.16 1.7.18 1.7.20 1.7.22 1.7.23 }
-jruby_1_7_versions += %w{ 1.7.24 1.7.25 1.7.26 1.7.27 }
+# profile :id => 'test-1.6.8' do
+#   plugin :invoker, '1.8' do
+#     execute_goals( :install, :run, invoker_run_options )
+#   end
+#   properties 'jruby.versions' => '1.6.8', 'jruby.modes' => '1.8,1.9',
+#              'bc.versions' => supported_bc_versions.join(',')
+# end
+#
+# profile :id => 'test-1.7.4' do
+#   plugin :invoker, '1.8' do
+#     execute_goals( :install, :run, invoker_run_options )
+#   end
+#   properties 'jruby.versions' => '1.7.4', 'jruby.modes' => '1.8,1.9',
+#              'bc.versions' => supported_bc_versions.join(',')
+# end
+
+jruby_1_7_versions = %w{ 1.7.18 1.7.20 1.7.22 1.7.23 1.7.24 1.7.25 1.7.26 1.7.27 }
 
 jruby_1_7_versions.each { |version|
 
@@ -166,13 +165,13 @@ profile :id => "test-#{version}" do
   plugin :invoker, '1.8' do
     execute_goals( :install, :run, invoker_run_options )
   end
-  properties 'jruby.versions' => version, 'jruby.modes' => '1.8,1.9,2.0',
+  properties 'jruby.versions' => version, 'jruby.modes' => '1.9,2.0',
              'bc.versions' => supported_bc_versions.join(',')
 end
 
 }
 
-jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 }
+jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 9.1.13.0 9.1.16.0 9.1.17.0 }
 
 jruby_9_K_versions.each { |version|
 profile :id => "test-#{version}" do

data/README.md

@@ -16,12 +16,13 @@ the JRuby [mailing list][1] or the [bug tracker][2].
 
 | JRuby-OpenSSL | JRuby compat  | JVM compat | supported BC |
 | ------------- |:-------------:| ----------:| ------------:|
-|         0.9.6 |   1.6.8-9.0.2 |   Java 6-8 |    1.47-1.50 |
-|        0.9.12 |   1.6.8-9.0.5 |   Java 6-8 |    1.47-1.52 |
-|        0.9.13 |   1.6.8-9.1.2 |   Java 6-8 |    1.49-1.52 |
-|        0.9.14 |   1.6.8-9.1.5 |   Java 6-8 |    1.49-1.54 |
-|        0.9.17 |   1.6.8-9.1.5 |   Java 6-8 |    1.50-1.54 |
-|        0.9.18 |   1.6.8-9.1.7 |   Java 6-8 |    1.50-1.55 |
+|         0.9.6 |   1.6.8-9.0.2 |  Java 6-8  |    1.47-1.50 |
+|        0.9.12 |   1.6.8-9.0.5 |  Java 6-8  |    1.47-1.52 |
+|        0.9.13 |   1.6.8-9.1.2 |  Java 6-8  |    1.49-1.52 |
+|        0.9.14 |   1.6.8-9.1.5 |  Java 6-8  |    1.49-1.54 |
+|        0.9.17 |   1.6.8-9.1.5 |  Java 6-8  |    1.50-1.54 |
+|      ~>0.9.18 |   1.6.8-9.1.x |  Java 6-8  |    1.50-1.55 |
+|        0.10.0 |  1.7.20-9.2.x |  Java 7-10 |    1.55-1.59 |
 
 NOTE: backwards JRuby compatibility was not handled for versions <= **0.9.6** 
 
@@ -62,7 +63,7 @@ NOTE: you can pick any jruby version which is on [central][4] or on [ci.jruby][5
 
 ## License
 
-(c) 2009-2017 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1
+(c) 2009-2018 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1
 
 [0]: https://secure.travis-ci.org/jruby/jruby-openssl.svg
 [1]: http://xircles.codehaus.org/projects/jruby/lists

data/lib/jopenssl/load.rb

@@ -1,23 +1,28 @@
-warn 'Loading jruby-openssl in a non-JRuby interpreter' unless defined? JRUBY_VERSION
+warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUBY_VERSION
 
 require 'java'
 require 'jopenssl/version'
 
+warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{Jopenssl::VERSION}" if JRUBY_VERSION < '1.7.20'
+
 # NOTE: assuming user does pull in BC .jars from somewhere else on the CP
 unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
-  version = Jopenssl::Version::BOUNCY_CASTLE_VERSION
+  version = Jopenssl::BOUNCY_CASTLE_VERSION
   bc_jars = nil
   begin
     require 'jar-dependencies'
     # if we have jar-dependencies we let it track the jars
-    require_jar( 'org.bouncycastle', 'bcpkix-jdk15on', version )
     require_jar( 'org.bouncycastle', 'bcprov-jdk15on', version )
+    require_jar( 'org.bouncycastle', 'bcpkix-jdk15on', version )
+    require_jar( 'org.bouncycastle', 'bctls-jdk15on',  version )
     bc_jars = true
   rescue LoadError
+    bc_jars = false
   end
   unless bc_jars
-    load "org/bouncycastle/bcpkix-jdk15on/#{version}/bcpkix-jdk15on-#{version}.jar"
     load "org/bouncycastle/bcprov-jdk15on/#{version}/bcprov-jdk15on-#{version}.jar"
+    load "org/bouncycastle/bcpkix-jdk15on/#{version}/bcpkix-jdk15on-#{version}.jar"
+    load "org/bouncycastle/bctls-jdk15on/#{version}/bctls-jdk15on-#{version}.jar"
   end
 end
 
@@ -32,10 +37,8 @@ elsif RUBY_VERSION > '2.2'
   load 'jopenssl22/openssl.rb'
 elsif RUBY_VERSION > '2.1'
   load 'jopenssl21/openssl.rb'
-elsif RUBY_VERSION > '1.9'
-  load 'jopenssl19/openssl.rb'
 else
-  load 'jopenssl18/openssl.rb'
+  load 'jopenssl19/openssl.rb'
 end
 
 require 'openssl/pkcs12'

data/lib/jopenssl/version.rb

@@ -1,11 +1,4 @@
 module Jopenssl
-  VERSION = '0.9.21'
-  BOUNCY_CASTLE_VERSION = '1.56'
-  # @deprecated
-  module Version
-    # @private
-    VERSION = Jopenssl::VERSION
-    # @private
-    BOUNCY_CASTLE_VERSION = Jopenssl::BOUNCY_CASTLE_VERSION
-  end
+  VERSION = '0.10.0'
+  BOUNCY_CASTLE_VERSION = '1.59'
 end

data/lib/jopenssl23/openssl/config.rb

@@ -71,7 +71,7 @@ module OpenSSL
         end
       end
 
-    private
+      private
 
       def parse_config_lines(io)
         section = 'default'
@@ -110,10 +110,10 @@ module OpenSSL
       QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
       # escaped char map
       ESCAPE_MAP = {
-        "r" => "\r",
-        "n" => "\n",
-        "b" => "\b",
-        "t" => "\t",
+          "r" => "\r",
+          "n" => "\n",
+          "b" => "\b",
+          "t" => "\t",
       }
 
       def unescape_value(data, section, value)
@@ -123,36 +123,36 @@ module OpenSSL
           c = m[0]
           value = m.post_match
           case c
-          when "'"
-            if m = value.match(QUOTE_REGEXP_SQ)
-              scanned << m[1].gsub(/\\(.)/, '\\1')
-              value = m.post_match
-            else
-              break
-            end
-          when '"'
-            if m = value.match(QUOTE_REGEXP_DQ)
-              scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
-              value = m.post_match
-            else
-              break
-            end
-          when "\\"
-            c = value.slice!(0, 1)
-            scanned << (ESCAPE_MAP[c] || c)
-          when "$"
-            ref, value = extract_reference(value)
-            refsec = section
-            if ref.index('::')
-              refsec, ref = ref.split('::', 2)
-            end
-            if v = get_key_string(data, refsec, ref)
-              scanned << v
+            when "'"
+              if m = value.match(QUOTE_REGEXP_SQ)
+                scanned << m[1].gsub(/\\(.)/, '\\1')
+                value = m.post_match
+              else
+                break
+              end
+            when '"'
+              if m = value.match(QUOTE_REGEXP_DQ)
+                scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
+                value = m.post_match
+              else
+                break
+              end
+            when "\\"
+              c = value.slice!(0, 1)
+              scanned << (ESCAPE_MAP[c] || c)
+            when "$"
+              ref, value = extract_reference(value)
+              refsec = section
+              if ref.index('::')
+                refsec, ref = ref.split('::', 2)
+              end
+              if v = get_key_string(data, refsec, ref)
+                scanned << v
+              else
+                raise ConfigError, "variable has no value"
+              end
             else
-              raise ConfigError, "variable has no value"
-            end
-          else
-            raise 'must not reaced'
+              raise 'must not reaced'
           end
         end
         scanned << value
@@ -186,25 +186,25 @@ module OpenSSL
           c = m[0]
           line = m.post_match
           case c
-          when '#'
-            line = nil
-            break
-          when "'", '"'
-            regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
-            scanned << c
-            if m = line.match(regexp)
-              scanned << m[0]
-              line = m.post_match
-            else
-              scanned << line
+            when '#'
               line = nil
               break
-            end
-          when "\\"
-            scanned << c
-            scanned << line.slice!(0, 1)
-          else
-            raise 'must not reaced'
+            when "'", '"'
+              regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
+              scanned << c
+              if m = line.match(regexp)
+                scanned << m[0]
+                line = m.post_match
+              else
+                scanned << line
+                line = nil
+                break
+              end
+            when "\\"
+              scanned << c
+              scanned << line.slice!(0, 1)
+            else
+              raise 'must not reaced'
           end
         end
         scanned << line
@@ -450,13 +450,13 @@ module OpenSSL
       "#<#{self.class.name} sections=#{sections.inspect}>"
     end
 
-  protected
+    protected
 
     def data # :nodoc:
       @data
     end
 
-  private
+    private
 
     def initialize_copy(other)
       @data = other.data.dup

data/lib/jopenssl23/openssl/ssl.rb

@@ -17,9 +17,9 @@ module OpenSSL
   module SSL
     class SSLContext
       DEFAULT_PARAMS = {
-        :ssl_version => "SSLv23",
-        :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-        :ciphers => %w{
+          :ssl_version => "SSLv23",
+          :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+          :ciphers => %w{
           ECDHE-ECDSA-AES128-GCM-SHA256
           ECDHE-RSA-AES128-GCM-SHA256
           ECDHE-ECDSA-AES256-GCM-SHA384
@@ -54,32 +54,32 @@ module OpenSSL
           ECDHE-RSA-RC4-SHA
           RC4-SHA
         }.join(":"),
-        :options => -> {
-          opts = OpenSSL::SSL::OP_ALL
-          opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
-          opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
-          opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
-          opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
-          opts
-        }.call
-      } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
-
-      unless const_defined? :DEFAULT_CERT_STORE # JRuby specific
-      DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
-      DEFAULT_CERT_STORE.set_default_paths
-      if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
-        DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-      end
-      end
+          :options => -> {
+            opts = OpenSSL::SSL::OP_ALL
+            opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+            opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+            opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+            opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
+            opts
+          }.call
+      } unless const_defined? :DEFAULT_PARAMS # JRuby
+
+      begin
+        DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
+        DEFAULT_CERT_STORE.set_default_paths
+        if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+          DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+        end
+      end unless const_defined? :DEFAULT_CERT_STORE # JRuby
 
       INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
-        "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
-        "verify_callback", "cert_store", "extra_chain_cert",
-        "client_cert_cb", "session_id_context", "tmp_dh_callback",
-        "session_get_cb", "session_new_cb", "session_remove_cb",
-        "tmp_ecdh_callback", "servername_cb", "npn_protocols",
-        "alpn_protocols", "alpn_select_cb",
-        "npn_select_cb"].map { |x| "@#{x}" }
+                   "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
+                   "verify_callback", "cert_store", "extra_chain_cert",
+                   "client_cert_cb", "session_id_context", "tmp_dh_callback",
+                   "session_get_cb", "session_new_cb", "session_remove_cb",
+                   "tmp_ecdh_callback", "servername_cb", "npn_protocols",
+                   "alpn_protocols", "alpn_select_cb",
+                   "npn_select_cb"].map { |x| "@#{x}" }
 
       # A callback invoked when DH parameters are required.
       #
@@ -92,14 +92,14 @@ module OpenSSL
 
       attr_accessor :tmp_dh_callback
 
-      #if ExtConfig::HAVE_TLSEXT_HOST_NAME
+      if ExtConfig::HAVE_TLSEXT_HOST_NAME
         # A callback invoked at connect time to distinguish between multiple
         # server names.
         #
         # The callback is invoked with an SSLSocket and a server name.  The
         # callback must return an SSLContext for the server name or nil.
         attr_accessor :servername_cb
-      #end
+      end
 
       # call-seq:
       #    SSLContext.new => ctx
@@ -108,9 +108,10 @@ module OpenSSL
       #
       # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
       def initialize(version = nil)
-        self.options |= OpenSSL::SSL::OP_ALL
+        INIT_VARS.each { |v| instance_variable_set v, nil }
+        self.options = self.options | OpenSSL::SSL::OP_ALL
         self.ssl_version = version if version
-      end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
+      end unless defined? JRUBY_VERSION # JRuby
 
       ##
       # Sets the parameters for this SSL context to the values in +params+.
@@ -129,7 +130,7 @@ module OpenSSL
           end
         end
         return params
-      end unless method_defined? :set_params # JRuby: hooked up in "native" Java
+      end unless method_defined? :set_params # JRuby
     end
 
     module SocketForwarder
@@ -245,8 +246,8 @@ module OpenSSL
       return false if domain_component.start_with?("xn--") && san_component != "*"
 
       parts[0].length + parts[1].length < domain_component.length &&
-      domain_component.start_with?(parts[0]) &&
-      domain_component.end_with?(parts[1])
+          domain_component.start_with?(parts[0]) &&
+          domain_component.end_with?(parts[1])
     end
     module_function :verify_wildcard
 
@@ -254,52 +255,55 @@ module OpenSSL
       include Buffering
       include SocketForwarder
 
-      if ExtConfig::OPENSSL_NO_SOCK
-        def initialize(io, ctx = nil); raise NotImplementedError; end
-      else
-        if ExtConfig::HAVE_TLSEXT_HOST_NAME
-          attr_accessor :hostname
-        end
-
-        attr_reader :io, :context
-        attr_accessor :sync_close
-        alias :to_io :io
-
-        # call-seq:
-        #    SSLSocket.new(io) => aSSLSocket
-        #    SSLSocket.new(io, ctx) => aSSLSocket
-        #
-        # Creates a new SSL socket from +io+ which must be a real ruby object (not an
-        # IO-like object that responds to read/write).
-        #
-        # If +ctx+ is provided the SSL Sockets initial params will be taken from
-        # the context.
-        #
-        # The OpenSSL::Buffering module provides additional IO methods.
-        #
-        # This method will freeze the SSLContext if one is provided;
-        # however, session management is still allowed in the frozen SSLContext.
-
-        def initialize(io, context = OpenSSL::SSL::SSLContext.new)
-          @io         = io
-          @context    = context
-          @sync_close = false
-          @hostname   = nil
-          @io.nonblock = true if @io.respond_to?(:nonblock=)
-          context.setup
-          super()
-        end
-      end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
+      # if ExtConfig::OPENSSL_NO_SOCK
+      #   def initialize(io, ctx = nil); raise NotImplementedError; end
+      # else
+      #   if ExtConfig::HAVE_TLSEXT_HOST_NAME
+      #     attr_accessor :hostname
+      #   end
+      #
+      #   attr_reader :io, :context
+      #   attr_accessor :sync_close
+      #   alias :to_io :io
+      #
+      #   # call-seq:
+      #   #    SSLSocket.new(io) => aSSLSocket
+      #   #    SSLSocket.new(io, ctx) => aSSLSocket
+      #   #
+      #   # Creates a new SSL socket from +io+ which must be a real ruby object (not an
+      #   # IO-like object that responds to read/write).
+      #   #
+      #   # If +ctx+ is provided the SSL Sockets initial params will be taken from
+      #   # the context.
+      #   #
+      #   # The OpenSSL::Buffering module provides additional IO methods.
+      #   #
+      #   # This method will freeze the SSLContext if one is provided;
+      #   # however, session management is still allowed in the frozen SSLContext.
+      #
+      #   def initialize(io, context = OpenSSL::SSL::SSLContext.new)
+      #     @io         = io
+      #     @context    = context
+      #     @sync_close = false
+      #     @hostname   = nil
+      #     @io.nonblock = true if @io.respond_to?(:nonblock=)
+      #     context.setup
+      #     super()
+      #   end
+      # end
 
       # call-seq:
       #    ssl.sysclose => nil
       #
-      # Shuts down the SSL connection and prepares it for another connection.
+      # Sends "close notify" to the peer and tries to shut down the SSL
+      # connection gracefully.
+      #
+      # If sync_close is set to +true+, the underlying IO is also closed.
       def sysclose
         return if closed?
         stop
         io.close if sync_close
-      end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
+      end unless method_defined? :sysclose # JRuby
 
       ##
       # Perform hostname verification after an SSL connection is established
@@ -321,11 +325,11 @@ module OpenSSL
         return true
       end
 
-      #def session
-      #  SSL::Session.new(self)
-      #rescue SSL::Session::SessionError
-      #  nil
-      #end
+      def session
+        SSL::Session.new(self)
+      rescue SSL::Session::SessionError
+        nil
+      end unless method_defined? :session # JRuby
 
       private