openssl 2.1.0.beta2 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +105 -2
  3. data/ext/openssl/deprecation.rb +5 -1
  4. data/ext/openssl/extconf.rb +34 -16
  5. data/ext/openssl/openssl_missing.h +3 -3
  6. data/ext/openssl/ossl.c +3 -2
  7. data/ext/openssl/ossl.h +1 -1
  8. data/ext/openssl/ossl_asn1.c +4 -3
  9. data/ext/openssl/ossl_bn.c +27 -14
  10. data/ext/openssl/ossl_cipher.c +2 -0
  11. data/ext/openssl/ossl_digest.c +6 -2
  12. data/ext/openssl/ossl_pkcs12.c +1 -0
  13. data/ext/openssl/ossl_pkcs7.c +1 -0
  14. data/ext/openssl/ossl_pkey.c +26 -3
  15. data/ext/openssl/ossl_pkey.h +6 -6
  16. data/ext/openssl/ossl_pkey_dh.c +1 -1
  17. data/ext/openssl/ossl_pkey_ec.c +72 -86
  18. data/ext/openssl/ossl_rand.c +0 -8
  19. data/ext/openssl/ossl_ssl.c +111 -38
  20. data/ext/openssl/ossl_version.h +1 -1
  21. data/ext/openssl/ossl_x509.c +91 -0
  22. data/ext/openssl/ossl_x509ext.c +1 -0
  23. data/ext/openssl/ossl_x509name.c +8 -7
  24. data/ext/openssl/ossl_x509store.c +40 -22
  25. data/lib/openssl/buffering.rb +5 -12
  26. data/lib/openssl/config.rb +36 -18
  27. data/lib/openssl/pkey.rb +23 -1
  28. data/lib/openssl/ssl.rb +6 -5
  29. metadata +22 -9
data/ext/openssl/ossl_x509.c CHANGED
@@ -44,7 +44,13 @@ Init_ossl_x509(void)
44
44
  Init_ossl_x509revoked();
45
45
  Init_ossl_x509store();
46
46
 
47
+ /* Constants are up-to-date with 1.1.1. */
48
+
49
+ /* Certificate verification error code */
47
50
  DefX509Const(V_OK);
51
+ #if defined(X509_V_ERR_UNSPECIFIED) /* 1.0.1r, 1.0.2f, 1.1.0 */
52
+ DefX509Const(V_ERR_UNSPECIFIED);
53
+ #endif
48
54
  DefX509Const(V_ERR_UNABLE_TO_GET_ISSUER_CERT);
49
55
  DefX509Const(V_ERR_UNABLE_TO_GET_CRL);
50
56
  DefX509Const(V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE);
@@ -76,8 +82,73 @@ Init_ossl_x509(void)
76
82
  DefX509Const(V_ERR_AKID_SKID_MISMATCH);
77
83
  DefX509Const(V_ERR_AKID_ISSUER_SERIAL_MISMATCH);
78
84
  DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
85
+ DefX509Const(V_ERR_UNABLE_TO_GET_CRL_ISSUER);
86
+ DefX509Const(V_ERR_UNHANDLED_CRITICAL_EXTENSION);
87
+ DefX509Const(V_ERR_KEYUSAGE_NO_CRL_SIGN);
88
+ DefX509Const(V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION);
89
+ DefX509Const(V_ERR_INVALID_NON_CA);
90
+ DefX509Const(V_ERR_PROXY_PATH_LENGTH_EXCEEDED);
91
+ DefX509Const(V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE);
92
+ DefX509Const(V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED);
93
+ DefX509Const(V_ERR_INVALID_EXTENSION);
94
+ DefX509Const(V_ERR_INVALID_POLICY_EXTENSION);
95
+ DefX509Const(V_ERR_NO_EXPLICIT_POLICY);
96
+ DefX509Const(V_ERR_DIFFERENT_CRL_SCOPE);
97
+ DefX509Const(V_ERR_UNSUPPORTED_EXTENSION_FEATURE);
98
+ DefX509Const(V_ERR_UNNESTED_RESOURCE);
99
+ DefX509Const(V_ERR_PERMITTED_VIOLATION);
100
+ DefX509Const(V_ERR_EXCLUDED_VIOLATION);
101
+ DefX509Const(V_ERR_SUBTREE_MINMAX);
79
102
  DefX509Const(V_ERR_APPLICATION_VERIFICATION);
103
+ DefX509Const(V_ERR_UNSUPPORTED_CONSTRAINT_TYPE);
104
+ DefX509Const(V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX);
105
+ DefX509Const(V_ERR_UNSUPPORTED_NAME_SYNTAX);
106
+ DefX509Const(V_ERR_CRL_PATH_VALIDATION_ERROR);
107
+ #if defined(X509_V_ERR_PATH_LOOP)
108
+ DefX509Const(V_ERR_PATH_LOOP);
109
+ #endif
110
+ #if defined(X509_V_ERR_SUITE_B_INVALID_VERSION)
111
+ DefX509Const(V_ERR_SUITE_B_INVALID_VERSION);
112
+ DefX509Const(V_ERR_SUITE_B_INVALID_ALGORITHM);
113
+ DefX509Const(V_ERR_SUITE_B_INVALID_CURVE);
114
+ DefX509Const(V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM);
115
+ DefX509Const(V_ERR_SUITE_B_LOS_NOT_ALLOWED);
116
+ DefX509Const(V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256);
117
+ #endif
118
+ #if defined(X509_V_ERR_HOSTNAME_MISMATCH)
119
+ DefX509Const(V_ERR_HOSTNAME_MISMATCH);
120
+ DefX509Const(V_ERR_EMAIL_MISMATCH);
121
+ DefX509Const(V_ERR_IP_ADDRESS_MISMATCH);
122
+ #endif
123
+ #if defined(X509_V_ERR_DANE_NO_MATCH)
124
+ DefX509Const(V_ERR_DANE_NO_MATCH);
125
+ #endif
126
+ #if defined(X509_V_ERR_EE_KEY_TOO_SMALL)
127
+ DefX509Const(V_ERR_EE_KEY_TOO_SMALL);
128
+ DefX509Const(V_ERR_CA_KEY_TOO_SMALL);
129
+ DefX509Const(V_ERR_CA_MD_TOO_WEAK);
130
+ #endif
131
+ #if defined(X509_V_ERR_INVALID_CALL)
132
+ DefX509Const(V_ERR_INVALID_CALL);
133
+ #endif
134
+ #if defined(X509_V_ERR_STORE_LOOKUP)
135
+ DefX509Const(V_ERR_STORE_LOOKUP);
136
+ #endif
137
+ #if defined(X509_V_ERR_NO_VALID_SCTS)
138
+ DefX509Const(V_ERR_NO_VALID_SCTS);
139
+ #endif
140
+ #if defined(X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION)
141
+ DefX509Const(V_ERR_PROXY_SUBJECT_NAME_VIOLATION);
142
+ #endif
143
+ #if defined(X509_V_ERR_OCSP_VERIFY_NEEDED)
144
+ DefX509Const(V_ERR_OCSP_VERIFY_NEEDED);
145
+ DefX509Const(V_ERR_OCSP_VERIFY_FAILED);
146
+ DefX509Const(V_ERR_OCSP_CERT_UNKNOWN);
147
+ #endif
80
148
 
149
+ /* Certificate verify flags */
150
+ /* Set by Store#flags= and StoreContext#flags=. */
151
+ DefX509Const(V_FLAG_USE_CHECK_TIME);
81
152
  /* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for the
82
153
  * certificate chain leaf. */
83
154
  DefX509Const(V_FLAG_CRL_CHECK);
@@ -122,6 +193,26 @@ Init_ossl_x509(void)
122
193
  * Enabled by default in OpenSSL >= 1.1.0. */
123
194
  DefX509Const(V_FLAG_TRUSTED_FIRST);
124
195
  #endif
196
+ #if defined(X509_V_FLAG_SUITEB_128_LOS_ONLY)
197
+ /* Set by Store#flags= and StoreContext#flags=.
198
+ * Enables Suite B 128 bit only mode. */
199
+ DefX509Const(V_FLAG_SUITEB_128_LOS_ONLY);
200
+ #endif
201
+ #if defined(X509_V_FLAG_SUITEB_192_LOS)
202
+ /* Set by Store#flags= and StoreContext#flags=.
203
+ * Enables Suite B 192 bit only mode. */
204
+ DefX509Const(V_FLAG_SUITEB_192_LOS);
205
+ #endif
206
+ #if defined(X509_V_FLAG_SUITEB_128_LOS)
207
+ /* Set by Store#flags= and StoreContext#flags=.
208
+ * Enables Suite B 128 bit mode allowing 192 bit algorithms. */
209
+ DefX509Const(V_FLAG_SUITEB_128_LOS);
210
+ #endif
211
+ #if defined(X509_V_FLAG_PARTIAL_CHAIN)
212
+ /* Set by Store#flags= and StoreContext#flags=.
213
+ * Allows partial chains if at least one certificate is in trusted store. */
214
+ DefX509Const(V_FLAG_PARTIAL_CHAIN);
215
+ #endif
125
216
  #if defined(X509_V_FLAG_NO_ALT_CHAINS)
126
217
  /* Set by Store#flags= and StoreContext#flags=. Suppresses searching for
127
218
  * a alternative chain. No effect in OpenSSL >= 1.1.0. */
data/ext/openssl/ossl_x509ext.c CHANGED
@@ -437,6 +437,7 @@ ossl_x509ext_to_der(VALUE obj)
437
437
  void
438
438
  Init_ossl_x509ext(void)
439
439
  {
440
+ #undef rb_intern
440
441
  #if 0
441
442
  mOSSL = rb_define_module("OpenSSL");
442
443
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
data/ext/openssl/ossl_x509name.c CHANGED
@@ -250,14 +250,12 @@ ossl_x509name_to_s_old(VALUE self)
250
250
  {
251
251
  X509_NAME *name;
252
252
  char *buf;
253
- VALUE str;
254
253
 
255
254
  GetX509Name(self, name);
256
255
  buf = X509_NAME_oneline(name, NULL, 0);
257
- str = rb_str_new2(buf);
258
- OPENSSL_free(buf);
259
-
260
- return str;
256
+ if (!buf)
257
+ ossl_raise(eX509NameError, "X509_NAME_oneline");
258
+ return ossl_buf2str(buf, rb_long2int(strlen(buf)));
261
259
  }
262
260
 
263
261
  static VALUE
@@ -265,12 +263,14 @@ x509name_print(VALUE self, unsigned long iflag)
265
263
  {
266
264
  X509_NAME *name;
267
265
  BIO *out;
266
+ int ret;
268
267
 
269
268
  GetX509Name(self, name);
270
269
  out = BIO_new(BIO_s_mem());
271
270
  if (!out)
272
271
  ossl_raise(eX509NameError, NULL);
273
- if (!X509_NAME_print_ex(out, name, 0, iflag)) {
272
+ ret = X509_NAME_print_ex(out, name, 0, iflag);
273
+ if (ret < 0 || (iflag == XN_FLAG_COMPAT && ret == 0)) {
274
274
  BIO_free(out);
275
275
  ossl_raise(eX509NameError, "X509_NAME_print_ex");
276
276
  }
@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
400
400
 
401
401
  result = ossl_x509name_cmp0(self, other);
402
402
  if (result < 0) return INT2FIX(-1);
403
- if (result > 1) return INT2FIX(1);
403
+ if (result > 0) return INT2FIX(1);
404
404
 
405
405
  return INT2FIX(0);
406
406
  }
@@ -502,6 +502,7 @@ ossl_x509name_to_der(VALUE self)
502
502
  void
503
503
  Init_ossl_x509name(void)
504
504
  {
505
+ #undef rb_intern
505
506
  VALUE utf8str, ptrstr, ia5str, hash;
506
507
 
507
508
  #if 0
data/ext/openssl/ossl_x509store.c CHANGED
@@ -105,6 +105,13 @@ VALUE cX509Store;
105
105
  VALUE cX509StoreContext;
106
106
  VALUE eX509StoreError;
107
107
 
108
+ static void
109
+ ossl_x509store_mark(void *ptr)
110
+ {
111
+ X509_STORE *store = ptr;
112
+ rb_gc_mark((VALUE)X509_STORE_get_ex_data(store, store_ex_verify_cb_idx));
113
+ }
114
+
108
115
  static void
109
116
  ossl_x509store_free(void *ptr)
110
117
  {
@@ -114,7 +121,7 @@ ossl_x509store_free(void *ptr)
114
121
  static const rb_data_type_t ossl_x509store_type = {
115
122
  "OpenSSL/X509/STORE",
116
123
  {
117
- 0, ossl_x509store_free,
124
+ ossl_x509store_mark, ossl_x509store_free,
118
125
  },
119
126
  0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
120
127
  };
@@ -304,7 +311,6 @@ ossl_x509store_add_file(VALUE self, VALUE file)
304
311
  char *path = NULL;
305
312
 
306
313
  if(file != Qnil){
307
- rb_check_safe_obj(file);
308
314
  path = StringValueCStr(file);
309
315
  }
310
316
  GetX509Store(self, store);
@@ -340,7 +346,6 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
340
346
  char *path = NULL;
341
347
 
342
348
  if(dir != Qnil){
343
- rb_check_safe_obj(dir);
344
349
  path = StringValueCStr(dir);
345
350
  }
346
351
  GetX509Store(self, store);
@@ -458,23 +463,16 @@ ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
458
463
  return result;
459
464
  }
460
465
 
461
- /*
462
- * Public Functions
463
- */
464
- static void ossl_x509stctx_free(void*);
465
-
466
-
467
- static const rb_data_type_t ossl_x509stctx_type = {
468
- "OpenSSL/X509/STORE_CTX",
469
- {
470
- 0, ossl_x509stctx_free,
471
- },
472
- 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
473
- };
474
-
475
466
  /*
476
467
  * Private functions
477
468
  */
469
+ static void
470
+ ossl_x509stctx_mark(void *ptr)
471
+ {
472
+ X509_STORE_CTX *ctx = ptr;
473
+ rb_gc_mark((VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx));
474
+ }
475
+
478
476
  static void
479
477
  ossl_x509stctx_free(void *ptr)
480
478
  {
@@ -486,6 +484,14 @@ ossl_x509stctx_free(void *ptr)
486
484
  X509_STORE_CTX_free(ctx);
487
485
  }
488
486
 
487
+ static const rb_data_type_t ossl_x509stctx_type = {
488
+ "OpenSSL/X509/STORE_CTX",
489
+ {
490
+ ossl_x509stctx_mark, ossl_x509stctx_free,
491
+ },
492
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
493
+ };
494
+
489
495
  static VALUE
490
496
  ossl_x509stctx_alloc(VALUE klass)
491
497
  {
@@ -519,7 +525,9 @@ static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
519
525
 
520
526
  /*
521
527
  * call-seq:
522
- * StoreContext.new(store, cert = nil, chain = nil)
528
+ * StoreContext.new(store, cert = nil, untrusted = nil)
529
+ *
530
+ * Sets up a StoreContext for a verification of the X.509 certificate _cert_.
523
531
  */
524
532
  static VALUE
525
533
  ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
@@ -529,15 +537,24 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
529
537
  X509_STORE *x509st;
530
538
  X509 *x509 = NULL;
531
539
  STACK_OF(X509) *x509s = NULL;
540
+ int state;
532
541
 
533
542
  rb_scan_args(argc, argv, "12", &store, &cert, &chain);
534
543
  GetX509StCtx(self, ctx);
535
544
  GetX509Store(store, x509st);
536
- if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
537
- if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
538
- if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
545
+ if (!NIL_P(cert))
546
+ x509 = DupX509CertPtr(cert); /* NEED TO DUP */
547
+ if (!NIL_P(chain)) {
548
+ x509s = ossl_protect_x509_ary2sk(chain, &state);
549
+ if (state) {
550
+ X509_free(x509);
551
+ rb_jump_tag(state);
552
+ }
553
+ }
554
+ if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
555
+ X509_free(x509);
539
556
  sk_X509_pop_free(x509s, X509_free);
540
- ossl_raise(eX509StoreError, NULL);
557
+ ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
541
558
  }
542
559
  if (!NIL_P(t = rb_iv_get(store, "@time")))
543
560
  ossl_x509stctx_set_time(self, t);
@@ -771,6 +788,7 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
771
788
  void
772
789
  Init_ossl_x509store(void)
773
790
  {
791
+ #undef rb_intern
774
792
  #if 0
775
793
  mOSSL = rb_define_module("OpenSSL");
776
794
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
data/lib/openssl/buffering.rb CHANGED
@@ -316,20 +316,15 @@ module OpenSSL::Buffering
316
316
  @wbuffer << s
317
317
  @wbuffer.force_encoding(Encoding::BINARY)
318
318
  @sync ||= false
319
- if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
320
- remain = idx ? idx + $/.size : @wbuffer.length
321
- nwritten = 0
322
- while remain > 0
323
- str = @wbuffer[nwritten,remain]
319
+ if @sync or @wbuffer.size > BLOCK_SIZE
320
+ until @wbuffer.empty?
324
321
  begin
325
- nwrote = syswrite(str)
322
+ nwrote = syswrite(@wbuffer)
326
323
  rescue Errno::EAGAIN
327
324
  retry
328
325
  end
329
- remain -= nwrote
330
- nwritten += nwrote
326
+ @wbuffer[0, nwrote] = ""
331
327
  end
332
- @wbuffer[0,nwritten] = ""
333
328
  end
334
329
  end
335
330
 
@@ -409,9 +404,7 @@ module OpenSSL::Buffering
409
404
  end
410
405
  args.each{|arg|
411
406
  s << arg.to_s
412
- if $/ && /\n\z/ !~ s
413
- s << "\n"
414
- end
407
+ s.sub!(/(?<!\n)\z/, "\n")
415
408
  }
416
409
  do_write(s)
417
410
  nil
data/lib/openssl/config.rb CHANGED
@@ -77,29 +77,44 @@ module OpenSSL
77
77
  def parse_config_lines(io)
78
78
  section = 'default'
79
79
  data = {section => {}}
80
- while definition = get_definition(io)
80
+ io_stack = [io]
81
+ while definition = get_definition(io_stack)
81
82
  definition = clear_comments(definition)
82
83
  next if definition.empty?
83
- if definition[0] == ?[
84
+ case definition
85
+ when /\A\[/
84
86
  if /\[([^\]]*)\]/ =~ definition
85
87
  section = $1.strip
86
88
  data[section] ||= {}
87
89
  else
88
90
  raise ConfigError, "missing close square bracket"
89
91
  end
90
- else
91
- if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
92
- if $2
93
- section = $1
94
- key = $2
95
- else
96
- key = $1
92
+ when /\A\.include (\s*=\s*)?(.+)\z/
93
+ path = $2
94
+ if File.directory?(path)
95
+ files = Dir.glob(File.join(path, "*.{cnf,conf}"), File::FNM_EXTGLOB)
96
+ else
97
+ files = [path]
98
+ end
99
+
100
+ files.each do |filename|
101
+ begin
102
+ io_stack << StringIO.new(File.read(filename))
103
+ rescue
104
+ raise ConfigError, "could not include file '%s'" % filename
97
105
  end
98
- value = unescape_value(data, section, $3)
99
- (data[section] ||= {})[key] = value.strip
106
+ end
107
+ when /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/
108
+ if $2
109
+ section = $1
110
+ key = $2
100
111
  else
101
- raise ConfigError, "missing equal sign"
112
+ key = $1
102
113
  end
114
+ value = unescape_value(data, section, $3)
115
+ (data[section] ||= {})[key] = value.strip
116
+ else
117
+ raise ConfigError, "missing equal sign"
103
118
  end
104
119
  end
105
120
  data
@@ -212,10 +227,10 @@ module OpenSSL
212
227
  scanned.join
213
228
  end
214
229
 
215
- def get_definition(io)
216
- if line = get_line(io)
230
+ def get_definition(io_stack)
231
+ if line = get_line(io_stack)
217
232
  while /[^\\]\\\z/ =~ line
218
- if extra = get_line(io)
233
+ if extra = get_line(io_stack)
219
234
  line += extra
220
235
  else
221
236
  break
@@ -225,9 +240,12 @@ module OpenSSL
225
240
  end
226
241
  end
227
242
 
228
- def get_line(io)
229
- if line = io.gets
230
- line.gsub(/[\r\n]*/, '')
243
+ def get_line(io_stack)
244
+ while io = io_stack.last
245
+ if line = io.gets
246
+ return line.gsub(/[\r\n]*/, '')
247
+ end
248
+ io_stack.pop
231
249
  end
232
250
  end
233
251
  end
data/lib/openssl/pkey.rb CHANGED
@@ -1,3 +1,25 @@
1
1
  # frozen_string_literal: false
2
- module OpenSSL
2
+ #--
3
+ # Ruby/OpenSSL Project
4
+ # Copyright (C) 2017 Ruby/OpenSSL Project Authors
5
+ #++
6
+
7
+ module OpenSSL::PKey
8
+ if defined?(EC)
9
+ class EC::Point
10
+ # :call-seq:
11
+ # point.to_bn([conversion_form]) -> OpenSSL::BN
12
+ #
13
+ # Returns the octet string representation of the EC point as an instance of
14
+ # OpenSSL::BN.
15
+ #
16
+ # If _conversion_form_ is not given, the _point_conversion_form_ attribute
17
+ # set to the group is used.
18
+ #
19
+ # See #to_octet_string for more information.
20
+ def to_bn(conversion_form = group.point_conversion_form)
21
+ OpenSSL::BN.new(to_octet_string(conversion_form), 2)
22
+ end
23
+ end
24
+ end
3
25
  end
data/lib/openssl/ssl.rb CHANGED
@@ -12,6 +12,7 @@
12
12
 
13
13
  require "openssl/buffering"
14
14
  require "io/nonblock"
15
+ require "ipaddr"
15
16
 
16
17
  module OpenSSL
17
18
  module SSL
@@ -272,11 +273,11 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
272
273
  return true if verify_hostname(hostname, san.value)
273
274
  when 7 # iPAddress in GeneralName (RFC5280)
274
275
  should_verify_common_name = false
275
- # follows GENERAL_NAME_print() in x509v3/v3_alt.c
276
- if san.value.size == 4
277
- return true if san.value.unpack('C*').join('.') == hostname
278
- elsif san.value.size == 16
279
- return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
276
+ if san.value.size == 4 || san.value.size == 16
277
+ begin
278
+ return true if san.value == IPAddr.new(hostname).hton
279
+ rescue IPAddr::InvalidAddressError
280
+ end
280
281
  end
281
282
  end
282
283
  }
metadata CHANGED
@@ -1,18 +1,32 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0.beta2
4
+ version: 2.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Martin Bosslet
8
8
  - SHIBATA Hiroshi
9
9
  - Zachary Scott
10
10
  - Kazuki Yamaguchi
11
- autorequire:
11
+ autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2017-11-25 00:00:00.000000000 Z
14
+ date: 2021-10-16 00:00:00.000000000 Z
15
15
  dependencies:
16
+ - !ruby/object:Gem::Dependency
17
+ name: ipaddr
18
+ requirement: !ruby/object:Gem::Requirement
19
+ requirements:
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: '0'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
16
30
  - !ruby/object:Gem::Dependency
17
31
  name: rake
18
32
  requirement: !ruby/object:Gem::Requirement
@@ -155,7 +169,7 @@ licenses:
155
169
  - Ruby
156
170
  metadata:
157
171
  msys2_mingw_dependencies: openssl
158
- post_install_message:
172
+ post_install_message:
159
173
  rdoc_options:
160
174
  - "--main"
161
175
  - README.md
@@ -168,13 +182,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
168
182
  version: 2.3.0
169
183
  required_rubygems_version: !ruby/object:Gem::Requirement
170
184
  requirements:
171
- - - ">"
185
+ - - ">="
172
186
  - !ruby/object:Gem::Version
173
- version: 1.3.1
187
+ version: '0'
174
188
  requirements: []
175
- rubyforge_project:
176
- rubygems_version: 2.7.2
177
- signing_key:
189
+ rubygems_version: 3.3.0.dev
190
+ signing_key:
178
191
  specification_version: 4
179
192
  summary: OpenSSL provides SSL, TLS and general purpose cryptography.
180
193
  test_files: []