jruby-openssl 0.9.21-java → 0.10.0-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e87052a06d037261241a3833d07f02f7c974238f
4
- data.tar.gz: fbf9ff734c95504b5c562765bbcee6b09fe0889a
3
+ metadata.gz: d93b285d36ec67e3b61f243a65384bf348cf95bf
4
+ data.tar.gz: 18cbb5707579086acf731bc4fe1c33ecd20ed80f
5
5
  SHA512:
6
- metadata.gz: 0ea15dc9d8bb3504bb752e0a556d9639261090d29879f10206c72e904140d4627e9c46cdbcd5fbbd2786898ac0132bcab8940a650165602a56dff53a1102d775
7
- data.tar.gz: d052da3f78a6b0c5236ce796e52f47ed88fe2cc54271b2e25453a41000cc6a8d286b8fe15dacc8074bc66d59b3c325edb67fbc598e215ef05325dd6babd0b635
6
+ metadata.gz: 4eb2b1cc22129cce2992317b5731703a392530fa5b8ab7b64cfb2c33763c7923694fbc6591985a7001681ce4df24c64f59e55a2288911026666600a6363a86d0
7
+ data.tar.gz: 7dadbafd95149c82c1b2669f3e264c59ce2e23d28acc9edc2b8d3d6a18d37a78d412a6bec078b59a44adb78ce348c4b514da1b8bbaed9e66d2b5c85833b8a74d
data/History.md CHANGED
@@ -1,3 +1,27 @@
1
+ ## 0.10.0
2
+
3
+ **NOTE:** dropped support for anything below ~ JRuby 1.7.20
4
+
5
+ * drop support for Java 1.6 and compile using Java 7
6
+ * improve java.version detection for Java 9/10 (pre-releases)
7
+ * subject alt name parsing fixes (#140) - thanks @roadrunner2
8
+ * fix loading of Subject/Issuer-Alt-Name extensions. (#144)
9
+ * normalize all constants in CipherStrings as public (#146)
10
+ * upgrade BC to **1.59** and dropped support for BC < 1.55
11
+ * include BC's JSSE provider as we're planning on using it, eventually
12
+ * setup OpenSSL::ExtConfig emulation - mostly (conservative) guesses
13
+ * at last, do BN comparison `==` vs `eql?` properly - just like MRI
14
+ * get `BN.new("...", 0)` working as OpenSSL does - using MPI format
15
+ * allow for SSLContext#dup to work (copy-ing Ruby level i-vars only)
16
+ * fix signature-alg to default to NULL and report it as 0.0 (like MRI)
17
+ * account for ASN1Integers when transforming issuer serial numbers
18
+ to_text in AuthorityKeyIdentifier extensions (#147) - thanks @lampad
19
+ * copy bytes since it might be a shared (unsafe) buffer (#150)
20
+ * don't use padding for streaming cipher modes (#155) - thanks @dgolombek
21
+ * avoid ByteList#length() usage for forward (JRuby 9.2) compatibility
22
+ * prepare for using BC's JSSE implementation as an SSL support backend
23
+ allow to set SSL provider name (-Djruby.openssl.ssl.provider=...)
24
+
1
25
  ## 0.9.21
2
26
 
3
27
  * adjust X.509 value handling to parse subjectAltName recursively (#134)
@@ -18,7 +18,7 @@ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
18
18
  DEALINGS IN THE SOFTWARE.
19
19
 
20
20
  Copyright (C) 2007-2009 Ola Bini <ola.bini@gmail.com>
21
- Copyright (C) 2009-2017 The JRuby Team
21
+ Copyright (C) 2009-2018 The JRuby Team
22
22
 
23
23
  Alternatively, the contents of this file may be used under the terms of
24
24
  either of the GNU General Public License Version 2 or later (the "GPL"),
data/Mavenfile CHANGED
@@ -10,7 +10,7 @@ distribution_management do
10
10
  repository :id => :ossrh, :url => 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
11
11
  end
12
12
 
13
- java_target = '1.6'
13
+ java_target = '1.7'
14
14
  gen_sources = '${basedir}/target/generated-sources' # hard-coded in AnnotationBinder
15
15
 
16
16
  plugin( 'org.codehaus.mojo:exec-maven-plugin', '1.3.2' ) do
@@ -49,7 +49,7 @@ plugin( 'org.codehaus.mojo:build-helper-maven-plugin', '1.9' ) do
49
49
  end
50
50
 
51
51
  plugin( :compiler, '3.1',
52
- :source => '1.6', :target => java_target,
52
+ :source => '1.7', :target => java_target,
53
53
  :encoding => 'UTF-8', :debug => true,
54
54
  :showWarnings => true, :showDeprecation => true,
55
55
 
@@ -100,20 +100,20 @@ plugin :deploy, '2.8.1' do
100
100
  execute_goals( :deploy, :skip => false )
101
101
  end
102
102
 
103
- supported_bc_versions = %w{ 1.51 1.52 1.53 1.54 } # due EC support dropped <= 1.50
103
+ supported_bc_versions = %w{ 1.55 1.56 1.57 1.58 1.59 }
104
104
 
105
105
  default_bc_version = File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
106
106
  default_bc_version = default_bc_version[/BOUNCY_CASTLE_VERSION\s?=\s?'(.*?)'/, 1]
107
107
 
108
108
  properties( 'jruby.plugins.version' => '1.0.10',
109
- 'jruby.versions' => '1.7.18',
109
+ 'jruby.versions' => '1.7.20',
110
110
  'bc.versions' => default_bc_version,
111
111
  'invoker.test' => '${bc.versions}',
112
112
  # allow to skip all tests with -Dmaven.test.skip
113
113
  'invoker.skip' => '${maven.test.skip}',
114
114
  'runit.dir' => 'src/test/ruby/**/test_*.rb',
115
115
  # use this version of jruby for ALL the jruby-maven-plugins
116
- 'jruby.version' => '1.7.18',
116
+ 'jruby.version' => '1.7.20',
117
117
  # dump pom.xml as readonly when running 'rmvn'
118
118
  'polyglot.dump.pom' => 'pom.xml',
119
119
  'polyglot.dump.readonly' => true,
@@ -141,24 +141,23 @@ invoker_run_options = {
141
141
  'runit.dir' => '${runit.dir}' }
142
142
  }
143
143
 
144
- profile :id => 'test-1.6.8' do
145
- plugin :invoker, '1.8' do
146
- execute_goals( :install, :run, invoker_run_options )
147
- end
148
- properties 'jruby.versions' => '1.6.8', 'jruby.modes' => '1.8,1.9',
149
- 'bc.versions' => supported_bc_versions.join(',')
150
- end
151
-
152
- profile :id => 'test-1.7.4' do
153
- plugin :invoker, '1.8' do
154
- execute_goals( :install, :run, invoker_run_options )
155
- end
156
- properties 'jruby.versions' => '1.7.4', 'jruby.modes' => '1.8,1.9',
157
- 'bc.versions' => supported_bc_versions.join(',')
158
- end
159
-
160
- jruby_1_7_versions = %w{ 1.7.13 1.7.15 1.7.16 1.7.18 1.7.20 1.7.22 1.7.23 }
161
- jruby_1_7_versions += %w{ 1.7.24 1.7.25 1.7.26 1.7.27 }
144
+ # profile :id => 'test-1.6.8' do
145
+ # plugin :invoker, '1.8' do
146
+ # execute_goals( :install, :run, invoker_run_options )
147
+ # end
148
+ # properties 'jruby.versions' => '1.6.8', 'jruby.modes' => '1.8,1.9',
149
+ # 'bc.versions' => supported_bc_versions.join(',')
150
+ # end
151
+ #
152
+ # profile :id => 'test-1.7.4' do
153
+ # plugin :invoker, '1.8' do
154
+ # execute_goals( :install, :run, invoker_run_options )
155
+ # end
156
+ # properties 'jruby.versions' => '1.7.4', 'jruby.modes' => '1.8,1.9',
157
+ # 'bc.versions' => supported_bc_versions.join(',')
158
+ # end
159
+
160
+ jruby_1_7_versions = %w{ 1.7.18 1.7.20 1.7.22 1.7.23 1.7.24 1.7.25 1.7.26 1.7.27 }
162
161
 
163
162
  jruby_1_7_versions.each { |version|
164
163
 
@@ -166,13 +165,13 @@ profile :id => "test-#{version}" do
166
165
  plugin :invoker, '1.8' do
167
166
  execute_goals( :install, :run, invoker_run_options )
168
167
  end
169
- properties 'jruby.versions' => version, 'jruby.modes' => '1.8,1.9,2.0',
168
+ properties 'jruby.versions' => version, 'jruby.modes' => '1.9,2.0',
170
169
  'bc.versions' => supported_bc_versions.join(',')
171
170
  end
172
171
 
173
172
  }
174
173
 
175
- jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 }
174
+ jruby_9_K_versions = %w{ 9.0.1.0 9.0.5.0 9.1.2.0 9.1.5.0 9.1.8.0 9.1.12.0 9.1.13.0 9.1.16.0 9.1.17.0 }
176
175
 
177
176
  jruby_9_K_versions.each { |version|
178
177
  profile :id => "test-#{version}" do
data/README.md CHANGED
@@ -16,12 +16,13 @@ the JRuby [mailing list][1] or the [bug tracker][2].
16
16
 
17
17
  | JRuby-OpenSSL | JRuby compat | JVM compat | supported BC |
18
18
  | ------------- |:-------------:| ----------:| ------------:|
19
- | 0.9.6 | 1.6.8-9.0.2 | Java 6-8 | 1.47-1.50 |
20
- | 0.9.12 | 1.6.8-9.0.5 | Java 6-8 | 1.47-1.52 |
21
- | 0.9.13 | 1.6.8-9.1.2 | Java 6-8 | 1.49-1.52 |
22
- | 0.9.14 | 1.6.8-9.1.5 | Java 6-8 | 1.49-1.54 |
23
- | 0.9.17 | 1.6.8-9.1.5 | Java 6-8 | 1.50-1.54 |
24
- | 0.9.18 | 1.6.8-9.1.7 | Java 6-8 | 1.50-1.55 |
19
+ | 0.9.6 | 1.6.8-9.0.2 | Java 6-8 | 1.47-1.50 |
20
+ | 0.9.12 | 1.6.8-9.0.5 | Java 6-8 | 1.47-1.52 |
21
+ | 0.9.13 | 1.6.8-9.1.2 | Java 6-8 | 1.49-1.52 |
22
+ | 0.9.14 | 1.6.8-9.1.5 | Java 6-8 | 1.49-1.54 |
23
+ | 0.9.17 | 1.6.8-9.1.5 | Java 6-8 | 1.50-1.54 |
24
+ | ~>0.9.18 | 1.6.8-9.1.x | Java 6-8 | 1.50-1.55 |
25
+ | 0.10.0 | 1.7.20-9.2.x | Java 7-10 | 1.55-1.59 |
25
26
 
26
27
  NOTE: backwards JRuby compatibility was not handled for versions <= **0.9.6**
27
28
 
@@ -62,7 +63,7 @@ NOTE: you can pick any jruby version which is on [central][4] or on [ci.jruby][5
62
63
 
63
64
  ## License
64
65
 
65
- (c) 2009-2017 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1
66
+ (c) 2009-2018 JRuby distributed under EPL 1.0/GPL 2.0/LGPL 2.1
66
67
 
67
68
  [0]: https://secure.travis-ci.org/jruby/jruby-openssl.svg
68
69
  [1]: http://xircles.codehaus.org/projects/jruby/lists
Binary file
@@ -1,23 +1,28 @@
1
- warn 'Loading jruby-openssl in a non-JRuby interpreter' unless defined? JRUBY_VERSION
1
+ warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUBY_VERSION
2
2
 
3
3
  require 'java'
4
4
  require 'jopenssl/version'
5
5
 
6
+ warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{Jopenssl::VERSION}" if JRUBY_VERSION < '1.7.20'
7
+
6
8
  # NOTE: assuming user does pull in BC .jars from somewhere else on the CP
7
9
  unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
8
- version = Jopenssl::Version::BOUNCY_CASTLE_VERSION
10
+ version = Jopenssl::BOUNCY_CASTLE_VERSION
9
11
  bc_jars = nil
10
12
  begin
11
13
  require 'jar-dependencies'
12
14
  # if we have jar-dependencies we let it track the jars
13
- require_jar( 'org.bouncycastle', 'bcpkix-jdk15on', version )
14
15
  require_jar( 'org.bouncycastle', 'bcprov-jdk15on', version )
16
+ require_jar( 'org.bouncycastle', 'bcpkix-jdk15on', version )
17
+ require_jar( 'org.bouncycastle', 'bctls-jdk15on', version )
15
18
  bc_jars = true
16
19
  rescue LoadError
20
+ bc_jars = false
17
21
  end
18
22
  unless bc_jars
19
- load "org/bouncycastle/bcpkix-jdk15on/#{version}/bcpkix-jdk15on-#{version}.jar"
20
23
  load "org/bouncycastle/bcprov-jdk15on/#{version}/bcprov-jdk15on-#{version}.jar"
24
+ load "org/bouncycastle/bcpkix-jdk15on/#{version}/bcpkix-jdk15on-#{version}.jar"
25
+ load "org/bouncycastle/bctls-jdk15on/#{version}/bctls-jdk15on-#{version}.jar"
21
26
  end
22
27
  end
23
28
 
@@ -32,10 +37,8 @@ elsif RUBY_VERSION > '2.2'
32
37
  load 'jopenssl22/openssl.rb'
33
38
  elsif RUBY_VERSION > '2.1'
34
39
  load 'jopenssl21/openssl.rb'
35
- elsif RUBY_VERSION > '1.9'
36
- load 'jopenssl19/openssl.rb'
37
40
  else
38
- load 'jopenssl18/openssl.rb'
41
+ load 'jopenssl19/openssl.rb'
39
42
  end
40
43
 
41
44
  require 'openssl/pkcs12'
@@ -1,11 +1,4 @@
1
1
  module Jopenssl
2
- VERSION = '0.9.21'
3
- BOUNCY_CASTLE_VERSION = '1.56'
4
- # @deprecated
5
- module Version
6
- # @private
7
- VERSION = Jopenssl::VERSION
8
- # @private
9
- BOUNCY_CASTLE_VERSION = Jopenssl::BOUNCY_CASTLE_VERSION
10
- end
2
+ VERSION = '0.10.0'
3
+ BOUNCY_CASTLE_VERSION = '1.59'
11
4
  end
@@ -71,7 +71,7 @@ module OpenSSL
71
71
  end
72
72
  end
73
73
 
74
- private
74
+ private
75
75
 
76
76
  def parse_config_lines(io)
77
77
  section = 'default'
@@ -110,10 +110,10 @@ module OpenSSL
110
110
  QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
111
111
  # escaped char map
112
112
  ESCAPE_MAP = {
113
- "r" => "\r",
114
- "n" => "\n",
115
- "b" => "\b",
116
- "t" => "\t",
113
+ "r" => "\r",
114
+ "n" => "\n",
115
+ "b" => "\b",
116
+ "t" => "\t",
117
117
  }
118
118
 
119
119
  def unescape_value(data, section, value)
@@ -123,36 +123,36 @@ module OpenSSL
123
123
  c = m[0]
124
124
  value = m.post_match
125
125
  case c
126
- when "'"
127
- if m = value.match(QUOTE_REGEXP_SQ)
128
- scanned << m[1].gsub(/\\(.)/, '\\1')
129
- value = m.post_match
130
- else
131
- break
132
- end
133
- when '"'
134
- if m = value.match(QUOTE_REGEXP_DQ)
135
- scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
136
- value = m.post_match
137
- else
138
- break
139
- end
140
- when "\\"
141
- c = value.slice!(0, 1)
142
- scanned << (ESCAPE_MAP[c] || c)
143
- when "$"
144
- ref, value = extract_reference(value)
145
- refsec = section
146
- if ref.index('::')
147
- refsec, ref = ref.split('::', 2)
148
- end
149
- if v = get_key_string(data, refsec, ref)
150
- scanned << v
126
+ when "'"
127
+ if m = value.match(QUOTE_REGEXP_SQ)
128
+ scanned << m[1].gsub(/\\(.)/, '\\1')
129
+ value = m.post_match
130
+ else
131
+ break
132
+ end
133
+ when '"'
134
+ if m = value.match(QUOTE_REGEXP_DQ)
135
+ scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
136
+ value = m.post_match
137
+ else
138
+ break
139
+ end
140
+ when "\\"
141
+ c = value.slice!(0, 1)
142
+ scanned << (ESCAPE_MAP[c] || c)
143
+ when "$"
144
+ ref, value = extract_reference(value)
145
+ refsec = section
146
+ if ref.index('::')
147
+ refsec, ref = ref.split('::', 2)
148
+ end
149
+ if v = get_key_string(data, refsec, ref)
150
+ scanned << v
151
+ else
152
+ raise ConfigError, "variable has no value"
153
+ end
151
154
  else
152
- raise ConfigError, "variable has no value"
153
- end
154
- else
155
- raise 'must not reaced'
155
+ raise 'must not reaced'
156
156
  end
157
157
  end
158
158
  scanned << value
@@ -186,25 +186,25 @@ module OpenSSL
186
186
  c = m[0]
187
187
  line = m.post_match
188
188
  case c
189
- when '#'
190
- line = nil
191
- break
192
- when "'", '"'
193
- regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
194
- scanned << c
195
- if m = line.match(regexp)
196
- scanned << m[0]
197
- line = m.post_match
198
- else
199
- scanned << line
189
+ when '#'
200
190
  line = nil
201
191
  break
202
- end
203
- when "\\"
204
- scanned << c
205
- scanned << line.slice!(0, 1)
206
- else
207
- raise 'must not reaced'
192
+ when "'", '"'
193
+ regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
194
+ scanned << c
195
+ if m = line.match(regexp)
196
+ scanned << m[0]
197
+ line = m.post_match
198
+ else
199
+ scanned << line
200
+ line = nil
201
+ break
202
+ end
203
+ when "\\"
204
+ scanned << c
205
+ scanned << line.slice!(0, 1)
206
+ else
207
+ raise 'must not reaced'
208
208
  end
209
209
  end
210
210
  scanned << line
@@ -450,13 +450,13 @@ module OpenSSL
450
450
  "#<#{self.class.name} sections=#{sections.inspect}>"
451
451
  end
452
452
 
453
- protected
453
+ protected
454
454
 
455
455
  def data # :nodoc:
456
456
  @data
457
457
  end
458
458
 
459
- private
459
+ private
460
460
 
461
461
  def initialize_copy(other)
462
462
  @data = other.data.dup
@@ -17,9 +17,9 @@ module OpenSSL
17
17
  module SSL
18
18
  class SSLContext
19
19
  DEFAULT_PARAMS = {
20
- :ssl_version => "SSLv23",
21
- :verify_mode => OpenSSL::SSL::VERIFY_PEER,
22
- :ciphers => %w{
20
+ :ssl_version => "SSLv23",
21
+ :verify_mode => OpenSSL::SSL::VERIFY_PEER,
22
+ :ciphers => %w{
23
23
  ECDHE-ECDSA-AES128-GCM-SHA256
24
24
  ECDHE-RSA-AES128-GCM-SHA256
25
25
  ECDHE-ECDSA-AES256-GCM-SHA384
@@ -54,32 +54,32 @@ module OpenSSL
54
54
  ECDHE-RSA-RC4-SHA
55
55
  RC4-SHA
56
56
  }.join(":"),
57
- :options => -> {
58
- opts = OpenSSL::SSL::OP_ALL
59
- opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
60
- opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
61
- opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
62
- opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
63
- opts
64
- }.call
65
- } unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
66
-
67
- unless const_defined? :DEFAULT_CERT_STORE # JRuby specific
68
- DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
69
- DEFAULT_CERT_STORE.set_default_paths
70
- if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
71
- DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
72
- end
73
- end
57
+ :options => -> {
58
+ opts = OpenSSL::SSL::OP_ALL
59
+ opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
60
+ opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
61
+ opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
62
+ opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
63
+ opts
64
+ }.call
65
+ } unless const_defined? :DEFAULT_PARAMS # JRuby
66
+
67
+ begin
68
+ DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
69
+ DEFAULT_CERT_STORE.set_default_paths
70
+ if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
71
+ DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
72
+ end
73
+ end unless const_defined? :DEFAULT_CERT_STORE # JRuby
74
74
 
75
75
  INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
76
- "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
77
- "verify_callback", "cert_store", "extra_chain_cert",
78
- "client_cert_cb", "session_id_context", "tmp_dh_callback",
79
- "session_get_cb", "session_new_cb", "session_remove_cb",
80
- "tmp_ecdh_callback", "servername_cb", "npn_protocols",
81
- "alpn_protocols", "alpn_select_cb",
82
- "npn_select_cb"].map { |x| "@#{x}" }
76
+ "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
77
+ "verify_callback", "cert_store", "extra_chain_cert",
78
+ "client_cert_cb", "session_id_context", "tmp_dh_callback",
79
+ "session_get_cb", "session_new_cb", "session_remove_cb",
80
+ "tmp_ecdh_callback", "servername_cb", "npn_protocols",
81
+ "alpn_protocols", "alpn_select_cb",
82
+ "npn_select_cb"].map { |x| "@#{x}" }
83
83
 
84
84
  # A callback invoked when DH parameters are required.
85
85
  #
@@ -92,14 +92,14 @@ module OpenSSL
92
92
 
93
93
  attr_accessor :tmp_dh_callback
94
94
 
95
- #if ExtConfig::HAVE_TLSEXT_HOST_NAME
95
+ if ExtConfig::HAVE_TLSEXT_HOST_NAME
96
96
  # A callback invoked at connect time to distinguish between multiple
97
97
  # server names.
98
98
  #
99
99
  # The callback is invoked with an SSLSocket and a server name. The
100
100
  # callback must return an SSLContext for the server name or nil.
101
101
  attr_accessor :servername_cb
102
- #end
102
+ end
103
103
 
104
104
  # call-seq:
105
105
  # SSLContext.new => ctx
@@ -108,9 +108,10 @@ module OpenSSL
108
108
  #
109
109
  # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
110
110
  def initialize(version = nil)
111
- self.options |= OpenSSL::SSL::OP_ALL
111
+ INIT_VARS.each { |v| instance_variable_set v, nil }
112
+ self.options = self.options | OpenSSL::SSL::OP_ALL
112
113
  self.ssl_version = version if version
113
- end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
114
+ end unless defined? JRUBY_VERSION # JRuby
114
115
 
115
116
  ##
116
117
  # Sets the parameters for this SSL context to the values in +params+.
@@ -129,7 +130,7 @@ module OpenSSL
129
130
  end
130
131
  end
131
132
  return params
132
- end unless method_defined? :set_params # JRuby: hooked up in "native" Java
133
+ end unless method_defined? :set_params # JRuby
133
134
  end
134
135
 
135
136
  module SocketForwarder
@@ -245,8 +246,8 @@ module OpenSSL
245
246
  return false if domain_component.start_with?("xn--") && san_component != "*"
246
247
 
247
248
  parts[0].length + parts[1].length < domain_component.length &&
248
- domain_component.start_with?(parts[0]) &&
249
- domain_component.end_with?(parts[1])
249
+ domain_component.start_with?(parts[0]) &&
250
+ domain_component.end_with?(parts[1])
250
251
  end
251
252
  module_function :verify_wildcard
252
253
 
@@ -254,52 +255,55 @@ module OpenSSL
254
255
  include Buffering
255
256
  include SocketForwarder
256
257
 
257
- if ExtConfig::OPENSSL_NO_SOCK
258
- def initialize(io, ctx = nil); raise NotImplementedError; end
259
- else
260
- if ExtConfig::HAVE_TLSEXT_HOST_NAME
261
- attr_accessor :hostname
262
- end
263
-
264
- attr_reader :io, :context
265
- attr_accessor :sync_close
266
- alias :to_io :io
267
-
268
- # call-seq:
269
- # SSLSocket.new(io) => aSSLSocket
270
- # SSLSocket.new(io, ctx) => aSSLSocket
271
- #
272
- # Creates a new SSL socket from +io+ which must be a real ruby object (not an
273
- # IO-like object that responds to read/write).
274
- #
275
- # If +ctx+ is provided the SSL Sockets initial params will be taken from
276
- # the context.
277
- #
278
- # The OpenSSL::Buffering module provides additional IO methods.
279
- #
280
- # This method will freeze the SSLContext if one is provided;
281
- # however, session management is still allowed in the frozen SSLContext.
282
-
283
- def initialize(io, context = OpenSSL::SSL::SSLContext.new)
284
- @io = io
285
- @context = context
286
- @sync_close = false
287
- @hostname = nil
288
- @io.nonblock = true if @io.respond_to?(:nonblock=)
289
- context.setup
290
- super()
291
- end
292
- end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
258
+ # if ExtConfig::OPENSSL_NO_SOCK
259
+ # def initialize(io, ctx = nil); raise NotImplementedError; end
260
+ # else
261
+ # if ExtConfig::HAVE_TLSEXT_HOST_NAME
262
+ # attr_accessor :hostname
263
+ # end
264
+ #
265
+ # attr_reader :io, :context
266
+ # attr_accessor :sync_close
267
+ # alias :to_io :io
268
+ #
269
+ # # call-seq:
270
+ # # SSLSocket.new(io) => aSSLSocket
271
+ # # SSLSocket.new(io, ctx) => aSSLSocket
272
+ # #
273
+ # # Creates a new SSL socket from +io+ which must be a real ruby object (not an
274
+ # # IO-like object that responds to read/write).
275
+ # #
276
+ # # If +ctx+ is provided the SSL Sockets initial params will be taken from
277
+ # # the context.
278
+ # #
279
+ # # The OpenSSL::Buffering module provides additional IO methods.
280
+ # #
281
+ # # This method will freeze the SSLContext if one is provided;
282
+ # # however, session management is still allowed in the frozen SSLContext.
283
+ #
284
+ # def initialize(io, context = OpenSSL::SSL::SSLContext.new)
285
+ # @io = io
286
+ # @context = context
287
+ # @sync_close = false
288
+ # @hostname = nil
289
+ # @io.nonblock = true if @io.respond_to?(:nonblock=)
290
+ # context.setup
291
+ # super()
292
+ # end
293
+ # end
293
294
 
294
295
  # call-seq:
295
296
  # ssl.sysclose => nil
296
297
  #
297
- # Shuts down the SSL connection and prepares it for another connection.
298
+ # Sends "close notify" to the peer and tries to shut down the SSL
299
+ # connection gracefully.
300
+ #
301
+ # If sync_close is set to +true+, the underlying IO is also closed.
298
302
  def sysclose
299
303
  return if closed?
300
304
  stop
301
305
  io.close if sync_close
302
- end unless defined? JRUBY_VERSION # JRuby: handled in "native" Java
306
+ end unless method_defined? :sysclose # JRuby
303
307
 
304
308
  ##
305
309
  # Perform hostname verification after an SSL connection is established
@@ -321,11 +325,11 @@ module OpenSSL
321
325
  return true
322
326
  end
323
327
 
324
- #def session
325
- # SSL::Session.new(self)
326
- #rescue SSL::Session::SessionError
327
- # nil
328
- #end
328
+ def session
329
+ SSL::Session.new(self)
330
+ rescue SSL::Session::SessionError
331
+ nil
332
+ end unless method_defined? :session # JRuby
329
333
 
330
334
  private
331
335