openssl 2.1.0.beta2 → 2.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/History.md +105 -2
- data/ext/openssl/deprecation.rb +5 -1
- data/ext/openssl/extconf.rb +34 -16
- data/ext/openssl/openssl_missing.h +3 -3
- data/ext/openssl/ossl.c +3 -2
- data/ext/openssl/ossl.h +1 -1
- data/ext/openssl/ossl_asn1.c +4 -3
- data/ext/openssl/ossl_bn.c +27 -14
- data/ext/openssl/ossl_cipher.c +2 -0
- data/ext/openssl/ossl_digest.c +6 -2
- data/ext/openssl/ossl_pkcs12.c +1 -0
- data/ext/openssl/ossl_pkcs7.c +1 -0
- data/ext/openssl/ossl_pkey.c +26 -3
- data/ext/openssl/ossl_pkey.h +6 -6
- data/ext/openssl/ossl_pkey_dh.c +1 -1
- data/ext/openssl/ossl_pkey_ec.c +72 -86
- data/ext/openssl/ossl_rand.c +0 -8
- data/ext/openssl/ossl_ssl.c +111 -38
- data/ext/openssl/ossl_version.h +1 -1
- data/ext/openssl/ossl_x509.c +91 -0
- data/ext/openssl/ossl_x509ext.c +1 -0
- data/ext/openssl/ossl_x509name.c +8 -7
- data/ext/openssl/ossl_x509store.c +40 -22
- data/lib/openssl/buffering.rb +5 -12
- data/lib/openssl/config.rb +36 -18
- data/lib/openssl/pkey.rb +23 -1
- data/lib/openssl/ssl.rb +6 -5
- metadata +22 -9
data/ext/openssl/ossl_x509.c
CHANGED
@@ -44,7 +44,13 @@ Init_ossl_x509(void)
|
|
44
44
|
Init_ossl_x509revoked();
|
45
45
|
Init_ossl_x509store();
|
46
46
|
|
47
|
+
/* Constants are up-to-date with 1.1.1. */
|
48
|
+
|
49
|
+
/* Certificate verification error code */
|
47
50
|
DefX509Const(V_OK);
|
51
|
+
#if defined(X509_V_ERR_UNSPECIFIED) /* 1.0.1r, 1.0.2f, 1.1.0 */
|
52
|
+
DefX509Const(V_ERR_UNSPECIFIED);
|
53
|
+
#endif
|
48
54
|
DefX509Const(V_ERR_UNABLE_TO_GET_ISSUER_CERT);
|
49
55
|
DefX509Const(V_ERR_UNABLE_TO_GET_CRL);
|
50
56
|
DefX509Const(V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE);
|
@@ -76,8 +82,73 @@ Init_ossl_x509(void)
|
|
76
82
|
DefX509Const(V_ERR_AKID_SKID_MISMATCH);
|
77
83
|
DefX509Const(V_ERR_AKID_ISSUER_SERIAL_MISMATCH);
|
78
84
|
DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
|
85
|
+
DefX509Const(V_ERR_UNABLE_TO_GET_CRL_ISSUER);
|
86
|
+
DefX509Const(V_ERR_UNHANDLED_CRITICAL_EXTENSION);
|
87
|
+
DefX509Const(V_ERR_KEYUSAGE_NO_CRL_SIGN);
|
88
|
+
DefX509Const(V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION);
|
89
|
+
DefX509Const(V_ERR_INVALID_NON_CA);
|
90
|
+
DefX509Const(V_ERR_PROXY_PATH_LENGTH_EXCEEDED);
|
91
|
+
DefX509Const(V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE);
|
92
|
+
DefX509Const(V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED);
|
93
|
+
DefX509Const(V_ERR_INVALID_EXTENSION);
|
94
|
+
DefX509Const(V_ERR_INVALID_POLICY_EXTENSION);
|
95
|
+
DefX509Const(V_ERR_NO_EXPLICIT_POLICY);
|
96
|
+
DefX509Const(V_ERR_DIFFERENT_CRL_SCOPE);
|
97
|
+
DefX509Const(V_ERR_UNSUPPORTED_EXTENSION_FEATURE);
|
98
|
+
DefX509Const(V_ERR_UNNESTED_RESOURCE);
|
99
|
+
DefX509Const(V_ERR_PERMITTED_VIOLATION);
|
100
|
+
DefX509Const(V_ERR_EXCLUDED_VIOLATION);
|
101
|
+
DefX509Const(V_ERR_SUBTREE_MINMAX);
|
79
102
|
DefX509Const(V_ERR_APPLICATION_VERIFICATION);
|
103
|
+
DefX509Const(V_ERR_UNSUPPORTED_CONSTRAINT_TYPE);
|
104
|
+
DefX509Const(V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX);
|
105
|
+
DefX509Const(V_ERR_UNSUPPORTED_NAME_SYNTAX);
|
106
|
+
DefX509Const(V_ERR_CRL_PATH_VALIDATION_ERROR);
|
107
|
+
#if defined(X509_V_ERR_PATH_LOOP)
|
108
|
+
DefX509Const(V_ERR_PATH_LOOP);
|
109
|
+
#endif
|
110
|
+
#if defined(X509_V_ERR_SUITE_B_INVALID_VERSION)
|
111
|
+
DefX509Const(V_ERR_SUITE_B_INVALID_VERSION);
|
112
|
+
DefX509Const(V_ERR_SUITE_B_INVALID_ALGORITHM);
|
113
|
+
DefX509Const(V_ERR_SUITE_B_INVALID_CURVE);
|
114
|
+
DefX509Const(V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM);
|
115
|
+
DefX509Const(V_ERR_SUITE_B_LOS_NOT_ALLOWED);
|
116
|
+
DefX509Const(V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256);
|
117
|
+
#endif
|
118
|
+
#if defined(X509_V_ERR_HOSTNAME_MISMATCH)
|
119
|
+
DefX509Const(V_ERR_HOSTNAME_MISMATCH);
|
120
|
+
DefX509Const(V_ERR_EMAIL_MISMATCH);
|
121
|
+
DefX509Const(V_ERR_IP_ADDRESS_MISMATCH);
|
122
|
+
#endif
|
123
|
+
#if defined(X509_V_ERR_DANE_NO_MATCH)
|
124
|
+
DefX509Const(V_ERR_DANE_NO_MATCH);
|
125
|
+
#endif
|
126
|
+
#if defined(X509_V_ERR_EE_KEY_TOO_SMALL)
|
127
|
+
DefX509Const(V_ERR_EE_KEY_TOO_SMALL);
|
128
|
+
DefX509Const(V_ERR_CA_KEY_TOO_SMALL);
|
129
|
+
DefX509Const(V_ERR_CA_MD_TOO_WEAK);
|
130
|
+
#endif
|
131
|
+
#if defined(X509_V_ERR_INVALID_CALL)
|
132
|
+
DefX509Const(V_ERR_INVALID_CALL);
|
133
|
+
#endif
|
134
|
+
#if defined(X509_V_ERR_STORE_LOOKUP)
|
135
|
+
DefX509Const(V_ERR_STORE_LOOKUP);
|
136
|
+
#endif
|
137
|
+
#if defined(X509_V_ERR_NO_VALID_SCTS)
|
138
|
+
DefX509Const(V_ERR_NO_VALID_SCTS);
|
139
|
+
#endif
|
140
|
+
#if defined(X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION)
|
141
|
+
DefX509Const(V_ERR_PROXY_SUBJECT_NAME_VIOLATION);
|
142
|
+
#endif
|
143
|
+
#if defined(X509_V_ERR_OCSP_VERIFY_NEEDED)
|
144
|
+
DefX509Const(V_ERR_OCSP_VERIFY_NEEDED);
|
145
|
+
DefX509Const(V_ERR_OCSP_VERIFY_FAILED);
|
146
|
+
DefX509Const(V_ERR_OCSP_CERT_UNKNOWN);
|
147
|
+
#endif
|
80
148
|
|
149
|
+
/* Certificate verify flags */
|
150
|
+
/* Set by Store#flags= and StoreContext#flags=. */
|
151
|
+
DefX509Const(V_FLAG_USE_CHECK_TIME);
|
81
152
|
/* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for the
|
82
153
|
* certificate chain leaf. */
|
83
154
|
DefX509Const(V_FLAG_CRL_CHECK);
|
@@ -122,6 +193,26 @@ Init_ossl_x509(void)
|
|
122
193
|
* Enabled by default in OpenSSL >= 1.1.0. */
|
123
194
|
DefX509Const(V_FLAG_TRUSTED_FIRST);
|
124
195
|
#endif
|
196
|
+
#if defined(X509_V_FLAG_SUITEB_128_LOS_ONLY)
|
197
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
198
|
+
* Enables Suite B 128 bit only mode. */
|
199
|
+
DefX509Const(V_FLAG_SUITEB_128_LOS_ONLY);
|
200
|
+
#endif
|
201
|
+
#if defined(X509_V_FLAG_SUITEB_192_LOS)
|
202
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
203
|
+
* Enables Suite B 192 bit only mode. */
|
204
|
+
DefX509Const(V_FLAG_SUITEB_192_LOS);
|
205
|
+
#endif
|
206
|
+
#if defined(X509_V_FLAG_SUITEB_128_LOS)
|
207
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
208
|
+
* Enables Suite B 128 bit mode allowing 192 bit algorithms. */
|
209
|
+
DefX509Const(V_FLAG_SUITEB_128_LOS);
|
210
|
+
#endif
|
211
|
+
#if defined(X509_V_FLAG_PARTIAL_CHAIN)
|
212
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
213
|
+
* Allows partial chains if at least one certificate is in trusted store. */
|
214
|
+
DefX509Const(V_FLAG_PARTIAL_CHAIN);
|
215
|
+
#endif
|
125
216
|
#if defined(X509_V_FLAG_NO_ALT_CHAINS)
|
126
217
|
/* Set by Store#flags= and StoreContext#flags=. Suppresses searching for
|
127
218
|
* a alternative chain. No effect in OpenSSL >= 1.1.0. */
|
data/ext/openssl/ossl_x509ext.c
CHANGED
data/ext/openssl/ossl_x509name.c
CHANGED
@@ -250,14 +250,12 @@ ossl_x509name_to_s_old(VALUE self)
|
|
250
250
|
{
|
251
251
|
X509_NAME *name;
|
252
252
|
char *buf;
|
253
|
-
VALUE str;
|
254
253
|
|
255
254
|
GetX509Name(self, name);
|
256
255
|
buf = X509_NAME_oneline(name, NULL, 0);
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
return str;
|
256
|
+
if (!buf)
|
257
|
+
ossl_raise(eX509NameError, "X509_NAME_oneline");
|
258
|
+
return ossl_buf2str(buf, rb_long2int(strlen(buf)));
|
261
259
|
}
|
262
260
|
|
263
261
|
static VALUE
|
@@ -265,12 +263,14 @@ x509name_print(VALUE self, unsigned long iflag)
|
|
265
263
|
{
|
266
264
|
X509_NAME *name;
|
267
265
|
BIO *out;
|
266
|
+
int ret;
|
268
267
|
|
269
268
|
GetX509Name(self, name);
|
270
269
|
out = BIO_new(BIO_s_mem());
|
271
270
|
if (!out)
|
272
271
|
ossl_raise(eX509NameError, NULL);
|
273
|
-
|
272
|
+
ret = X509_NAME_print_ex(out, name, 0, iflag);
|
273
|
+
if (ret < 0 || (iflag == XN_FLAG_COMPAT && ret == 0)) {
|
274
274
|
BIO_free(out);
|
275
275
|
ossl_raise(eX509NameError, "X509_NAME_print_ex");
|
276
276
|
}
|
@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
|
|
400
400
|
|
401
401
|
result = ossl_x509name_cmp0(self, other);
|
402
402
|
if (result < 0) return INT2FIX(-1);
|
403
|
-
if (result >
|
403
|
+
if (result > 0) return INT2FIX(1);
|
404
404
|
|
405
405
|
return INT2FIX(0);
|
406
406
|
}
|
@@ -502,6 +502,7 @@ ossl_x509name_to_der(VALUE self)
|
|
502
502
|
void
|
503
503
|
Init_ossl_x509name(void)
|
504
504
|
{
|
505
|
+
#undef rb_intern
|
505
506
|
VALUE utf8str, ptrstr, ia5str, hash;
|
506
507
|
|
507
508
|
#if 0
|
@@ -105,6 +105,13 @@ VALUE cX509Store;
|
|
105
105
|
VALUE cX509StoreContext;
|
106
106
|
VALUE eX509StoreError;
|
107
107
|
|
108
|
+
static void
|
109
|
+
ossl_x509store_mark(void *ptr)
|
110
|
+
{
|
111
|
+
X509_STORE *store = ptr;
|
112
|
+
rb_gc_mark((VALUE)X509_STORE_get_ex_data(store, store_ex_verify_cb_idx));
|
113
|
+
}
|
114
|
+
|
108
115
|
static void
|
109
116
|
ossl_x509store_free(void *ptr)
|
110
117
|
{
|
@@ -114,7 +121,7 @@ ossl_x509store_free(void *ptr)
|
|
114
121
|
static const rb_data_type_t ossl_x509store_type = {
|
115
122
|
"OpenSSL/X509/STORE",
|
116
123
|
{
|
117
|
-
|
124
|
+
ossl_x509store_mark, ossl_x509store_free,
|
118
125
|
},
|
119
126
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
120
127
|
};
|
@@ -304,7 +311,6 @@ ossl_x509store_add_file(VALUE self, VALUE file)
|
|
304
311
|
char *path = NULL;
|
305
312
|
|
306
313
|
if(file != Qnil){
|
307
|
-
rb_check_safe_obj(file);
|
308
314
|
path = StringValueCStr(file);
|
309
315
|
}
|
310
316
|
GetX509Store(self, store);
|
@@ -340,7 +346,6 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
|
|
340
346
|
char *path = NULL;
|
341
347
|
|
342
348
|
if(dir != Qnil){
|
343
|
-
rb_check_safe_obj(dir);
|
344
349
|
path = StringValueCStr(dir);
|
345
350
|
}
|
346
351
|
GetX509Store(self, store);
|
@@ -458,23 +463,16 @@ ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
|
|
458
463
|
return result;
|
459
464
|
}
|
460
465
|
|
461
|
-
/*
|
462
|
-
* Public Functions
|
463
|
-
*/
|
464
|
-
static void ossl_x509stctx_free(void*);
|
465
|
-
|
466
|
-
|
467
|
-
static const rb_data_type_t ossl_x509stctx_type = {
|
468
|
-
"OpenSSL/X509/STORE_CTX",
|
469
|
-
{
|
470
|
-
0, ossl_x509stctx_free,
|
471
|
-
},
|
472
|
-
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
473
|
-
};
|
474
|
-
|
475
466
|
/*
|
476
467
|
* Private functions
|
477
468
|
*/
|
469
|
+
static void
|
470
|
+
ossl_x509stctx_mark(void *ptr)
|
471
|
+
{
|
472
|
+
X509_STORE_CTX *ctx = ptr;
|
473
|
+
rb_gc_mark((VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx));
|
474
|
+
}
|
475
|
+
|
478
476
|
static void
|
479
477
|
ossl_x509stctx_free(void *ptr)
|
480
478
|
{
|
@@ -486,6 +484,14 @@ ossl_x509stctx_free(void *ptr)
|
|
486
484
|
X509_STORE_CTX_free(ctx);
|
487
485
|
}
|
488
486
|
|
487
|
+
static const rb_data_type_t ossl_x509stctx_type = {
|
488
|
+
"OpenSSL/X509/STORE_CTX",
|
489
|
+
{
|
490
|
+
ossl_x509stctx_mark, ossl_x509stctx_free,
|
491
|
+
},
|
492
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
493
|
+
};
|
494
|
+
|
489
495
|
static VALUE
|
490
496
|
ossl_x509stctx_alloc(VALUE klass)
|
491
497
|
{
|
@@ -519,7 +525,9 @@ static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
|
|
519
525
|
|
520
526
|
/*
|
521
527
|
* call-seq:
|
522
|
-
* StoreContext.new(store, cert = nil,
|
528
|
+
* StoreContext.new(store, cert = nil, untrusted = nil)
|
529
|
+
*
|
530
|
+
* Sets up a StoreContext for a verification of the X.509 certificate _cert_.
|
523
531
|
*/
|
524
532
|
static VALUE
|
525
533
|
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
|
@@ -529,15 +537,24 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
|
|
529
537
|
X509_STORE *x509st;
|
530
538
|
X509 *x509 = NULL;
|
531
539
|
STACK_OF(X509) *x509s = NULL;
|
540
|
+
int state;
|
532
541
|
|
533
542
|
rb_scan_args(argc, argv, "12", &store, &cert, &chain);
|
534
543
|
GetX509StCtx(self, ctx);
|
535
544
|
GetX509Store(store, x509st);
|
536
|
-
if(!NIL_P(cert))
|
537
|
-
|
538
|
-
if(
|
545
|
+
if (!NIL_P(cert))
|
546
|
+
x509 = DupX509CertPtr(cert); /* NEED TO DUP */
|
547
|
+
if (!NIL_P(chain)) {
|
548
|
+
x509s = ossl_protect_x509_ary2sk(chain, &state);
|
549
|
+
if (state) {
|
550
|
+
X509_free(x509);
|
551
|
+
rb_jump_tag(state);
|
552
|
+
}
|
553
|
+
}
|
554
|
+
if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
|
555
|
+
X509_free(x509);
|
539
556
|
sk_X509_pop_free(x509s, X509_free);
|
540
|
-
ossl_raise(eX509StoreError,
|
557
|
+
ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
|
541
558
|
}
|
542
559
|
if (!NIL_P(t = rb_iv_get(store, "@time")))
|
543
560
|
ossl_x509stctx_set_time(self, t);
|
@@ -771,6 +788,7 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
|
|
771
788
|
void
|
772
789
|
Init_ossl_x509store(void)
|
773
790
|
{
|
791
|
+
#undef rb_intern
|
774
792
|
#if 0
|
775
793
|
mOSSL = rb_define_module("OpenSSL");
|
776
794
|
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
data/lib/openssl/buffering.rb
CHANGED
@@ -316,20 +316,15 @@ module OpenSSL::Buffering
|
|
316
316
|
@wbuffer << s
|
317
317
|
@wbuffer.force_encoding(Encoding::BINARY)
|
318
318
|
@sync ||= false
|
319
|
-
if @sync or @wbuffer.size > BLOCK_SIZE
|
320
|
-
|
321
|
-
nwritten = 0
|
322
|
-
while remain > 0
|
323
|
-
str = @wbuffer[nwritten,remain]
|
319
|
+
if @sync or @wbuffer.size > BLOCK_SIZE
|
320
|
+
until @wbuffer.empty?
|
324
321
|
begin
|
325
|
-
nwrote = syswrite(
|
322
|
+
nwrote = syswrite(@wbuffer)
|
326
323
|
rescue Errno::EAGAIN
|
327
324
|
retry
|
328
325
|
end
|
329
|
-
|
330
|
-
nwritten += nwrote
|
326
|
+
@wbuffer[0, nwrote] = ""
|
331
327
|
end
|
332
|
-
@wbuffer[0,nwritten] = ""
|
333
328
|
end
|
334
329
|
end
|
335
330
|
|
@@ -409,9 +404,7 @@ module OpenSSL::Buffering
|
|
409
404
|
end
|
410
405
|
args.each{|arg|
|
411
406
|
s << arg.to_s
|
412
|
-
|
413
|
-
s << "\n"
|
414
|
-
end
|
407
|
+
s.sub!(/(?<!\n)\z/, "\n")
|
415
408
|
}
|
416
409
|
do_write(s)
|
417
410
|
nil
|
data/lib/openssl/config.rb
CHANGED
@@ -77,29 +77,44 @@ module OpenSSL
|
|
77
77
|
def parse_config_lines(io)
|
78
78
|
section = 'default'
|
79
79
|
data = {section => {}}
|
80
|
-
|
80
|
+
io_stack = [io]
|
81
|
+
while definition = get_definition(io_stack)
|
81
82
|
definition = clear_comments(definition)
|
82
83
|
next if definition.empty?
|
83
|
-
|
84
|
+
case definition
|
85
|
+
when /\A\[/
|
84
86
|
if /\[([^\]]*)\]/ =~ definition
|
85
87
|
section = $1.strip
|
86
88
|
data[section] ||= {}
|
87
89
|
else
|
88
90
|
raise ConfigError, "missing close square bracket"
|
89
91
|
end
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
92
|
+
when /\A\.include (\s*=\s*)?(.+)\z/
|
93
|
+
path = $2
|
94
|
+
if File.directory?(path)
|
95
|
+
files = Dir.glob(File.join(path, "*.{cnf,conf}"), File::FNM_EXTGLOB)
|
96
|
+
else
|
97
|
+
files = [path]
|
98
|
+
end
|
99
|
+
|
100
|
+
files.each do |filename|
|
101
|
+
begin
|
102
|
+
io_stack << StringIO.new(File.read(filename))
|
103
|
+
rescue
|
104
|
+
raise ConfigError, "could not include file '%s'" % filename
|
97
105
|
end
|
98
|
-
|
99
|
-
|
106
|
+
end
|
107
|
+
when /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/
|
108
|
+
if $2
|
109
|
+
section = $1
|
110
|
+
key = $2
|
100
111
|
else
|
101
|
-
|
112
|
+
key = $1
|
102
113
|
end
|
114
|
+
value = unescape_value(data, section, $3)
|
115
|
+
(data[section] ||= {})[key] = value.strip
|
116
|
+
else
|
117
|
+
raise ConfigError, "missing equal sign"
|
103
118
|
end
|
104
119
|
end
|
105
120
|
data
|
@@ -212,10 +227,10 @@ module OpenSSL
|
|
212
227
|
scanned.join
|
213
228
|
end
|
214
229
|
|
215
|
-
def get_definition(
|
216
|
-
if line = get_line(
|
230
|
+
def get_definition(io_stack)
|
231
|
+
if line = get_line(io_stack)
|
217
232
|
while /[^\\]\\\z/ =~ line
|
218
|
-
if extra = get_line(
|
233
|
+
if extra = get_line(io_stack)
|
219
234
|
line += extra
|
220
235
|
else
|
221
236
|
break
|
@@ -225,9 +240,12 @@ module OpenSSL
|
|
225
240
|
end
|
226
241
|
end
|
227
242
|
|
228
|
-
def get_line(
|
229
|
-
|
230
|
-
line.
|
243
|
+
def get_line(io_stack)
|
244
|
+
while io = io_stack.last
|
245
|
+
if line = io.gets
|
246
|
+
return line.gsub(/[\r\n]*/, '')
|
247
|
+
end
|
248
|
+
io_stack.pop
|
231
249
|
end
|
232
250
|
end
|
233
251
|
end
|
data/lib/openssl/pkey.rb
CHANGED
@@ -1,3 +1,25 @@
|
|
1
1
|
# frozen_string_literal: false
|
2
|
-
|
2
|
+
#--
|
3
|
+
# Ruby/OpenSSL Project
|
4
|
+
# Copyright (C) 2017 Ruby/OpenSSL Project Authors
|
5
|
+
#++
|
6
|
+
|
7
|
+
module OpenSSL::PKey
|
8
|
+
if defined?(EC)
|
9
|
+
class EC::Point
|
10
|
+
# :call-seq:
|
11
|
+
# point.to_bn([conversion_form]) -> OpenSSL::BN
|
12
|
+
#
|
13
|
+
# Returns the octet string representation of the EC point as an instance of
|
14
|
+
# OpenSSL::BN.
|
15
|
+
#
|
16
|
+
# If _conversion_form_ is not given, the _point_conversion_form_ attribute
|
17
|
+
# set to the group is used.
|
18
|
+
#
|
19
|
+
# See #to_octet_string for more information.
|
20
|
+
def to_bn(conversion_form = group.point_conversion_form)
|
21
|
+
OpenSSL::BN.new(to_octet_string(conversion_form), 2)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
3
25
|
end
|
data/lib/openssl/ssl.rb
CHANGED
@@ -12,6 +12,7 @@
|
|
12
12
|
|
13
13
|
require "openssl/buffering"
|
14
14
|
require "io/nonblock"
|
15
|
+
require "ipaddr"
|
15
16
|
|
16
17
|
module OpenSSL
|
17
18
|
module SSL
|
@@ -272,11 +273,11 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
|
|
272
273
|
return true if verify_hostname(hostname, san.value)
|
273
274
|
when 7 # iPAddress in GeneralName (RFC5280)
|
274
275
|
should_verify_common_name = false
|
275
|
-
|
276
|
-
|
277
|
-
|
278
|
-
|
279
|
-
|
276
|
+
if san.value.size == 4 || san.value.size == 16
|
277
|
+
begin
|
278
|
+
return true if san.value == IPAddr.new(hostname).hton
|
279
|
+
rescue IPAddr::InvalidAddressError
|
280
|
+
end
|
280
281
|
end
|
281
282
|
end
|
282
283
|
}
|
metadata
CHANGED
@@ -1,18 +1,32 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openssl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.
|
4
|
+
version: 2.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Martin Bosslet
|
8
8
|
- SHIBATA Hiroshi
|
9
9
|
- Zachary Scott
|
10
10
|
- Kazuki Yamaguchi
|
11
|
-
autorequire:
|
11
|
+
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2021-10-16 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
|
+
- !ruby/object:Gem::Dependency
|
17
|
+
name: ipaddr
|
18
|
+
requirement: !ruby/object:Gem::Requirement
|
19
|
+
requirements:
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '0'
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
16
30
|
- !ruby/object:Gem::Dependency
|
17
31
|
name: rake
|
18
32
|
requirement: !ruby/object:Gem::Requirement
|
@@ -155,7 +169,7 @@ licenses:
|
|
155
169
|
- Ruby
|
156
170
|
metadata:
|
157
171
|
msys2_mingw_dependencies: openssl
|
158
|
-
post_install_message:
|
172
|
+
post_install_message:
|
159
173
|
rdoc_options:
|
160
174
|
- "--main"
|
161
175
|
- README.md
|
@@ -168,13 +182,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
168
182
|
version: 2.3.0
|
169
183
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
170
184
|
requirements:
|
171
|
-
- - "
|
185
|
+
- - ">="
|
172
186
|
- !ruby/object:Gem::Version
|
173
|
-
version:
|
187
|
+
version: '0'
|
174
188
|
requirements: []
|
175
|
-
|
176
|
-
|
177
|
-
signing_key:
|
189
|
+
rubygems_version: 3.3.0.dev
|
190
|
+
signing_key:
|
178
191
|
specification_version: 4
|
179
192
|
summary: OpenSSL provides SSL, TLS and general purpose cryptography.
|
180
193
|
test_files: []
|