openssl 2.2.0 → 2.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +84 -0
- data/ext/openssl/extconf.rb +30 -20
- data/ext/openssl/openssl_missing.h +5 -0
- data/ext/openssl/ossl.c +9 -2
- data/ext/openssl/ossl_bn.c +83 -21
- data/ext/openssl/ossl_bn.h +2 -1
- data/ext/openssl/ossl_digest.c +6 -2
- data/ext/openssl/ossl_ocsp.c +2 -1
- data/ext/openssl/ossl_pkey_ec.c +24 -20
- data/ext/openssl/ossl_ssl.c +96 -50
- data/ext/openssl/ossl_ts.c +30 -20
- data/ext/openssl/ossl_x509store.c +39 -20
- data/lib/openssl/buffering.rb +1 -1
- data/lib/openssl/ssl.rb +1 -1
- data/lib/openssl/version.rb +1 -1
- metadata +22 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f857af7f016a99c4fa63e230d6d600b9fe1218bbd9db4b48a4d199e238d88d54
|
4
|
+
data.tar.gz: f0a5d84c663e4bbf75ffee3f307e2fb8c2cad5ccddb10ce1a72717b7cd7c5b43
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6f8c9773928207f07f5f905b826ddc7f2cd5019f6dcba3c3a08e920131646156eeb400b4b8540e509d53d3016a25e7a886ed6410eafda030852aeaa28d511491
|
7
|
+
data.tar.gz: 9baeda7c395d5e8b2830f418186a28dbd3a6f8476eee3ba0b3926f7a5aeaa81cd0614138c1d98c41a1a0db3f10b5aabcd6c34ec4700898c6bca28edbbdf9809d
|
data/History.md
CHANGED
@@ -1,3 +1,41 @@
|
|
1
|
+
Version 2.2.3
|
2
|
+
=============
|
3
|
+
|
4
|
+
Bug fixes
|
5
|
+
---------
|
6
|
+
|
7
|
+
* Fix serveral methods in OpenSSL::PKey::EC::Point attempting to raise an error
|
8
|
+
with an incorrect class, which would end up with a TypeError.
|
9
|
+
[[GitHub #570]](https://github.com/ruby/openssl/pull/570)
|
10
|
+
* Fix OpenSSL::PKey::EC::Point#eql? and OpenSSL::PKey::EC::Group#eql?
|
11
|
+
incorrectly treated OpenSSL's internal errors as "not equal".
|
12
|
+
[[GitHub #564]](https://github.com/ruby/openssl/pull/564)
|
13
|
+
* Fix build with LibreSSL 3.5 or later.
|
14
|
+
|
15
|
+
|
16
|
+
Version 2.2.2
|
17
|
+
=============
|
18
|
+
|
19
|
+
Merged changes in 2.1.4.
|
20
|
+
|
21
|
+
|
22
|
+
Version 2.2.1
|
23
|
+
=============
|
24
|
+
|
25
|
+
Merged changes in 2.1.3. Additionally, the following issues are fixed by this
|
26
|
+
release.
|
27
|
+
|
28
|
+
Bug fixes
|
29
|
+
---------
|
30
|
+
|
31
|
+
* Fix crash in `OpenSSL::Timestamp::{Request,Response,TokenInfo}.new` when
|
32
|
+
invalid arguments are given.
|
33
|
+
[[GitHub #407]](https://github.com/ruby/openssl/pull/407)
|
34
|
+
* Fix `OpenSSL::Timestamp::Factory#create_timestamp` with LibreSSL on platforms
|
35
|
+
where `time_t` has a different size from `long`.
|
36
|
+
[[GitHub #454]](https://github.com/ruby/openssl/pull/454)
|
37
|
+
|
38
|
+
|
1
39
|
Version 2.2.0
|
2
40
|
=============
|
3
41
|
|
@@ -75,6 +113,52 @@ Notable changes
|
|
75
113
|
[[GitHub #297]](https://github.com/ruby/openssl/pull/297)
|
76
114
|
|
77
115
|
|
116
|
+
Version 2.1.4
|
117
|
+
=============
|
118
|
+
|
119
|
+
Bug fixes
|
120
|
+
---------
|
121
|
+
|
122
|
+
* Do not use pkg-config if --with-openssl-dir option is specified.
|
123
|
+
[[GitHub #486]](https://github.com/ruby/openssl/pull/486)
|
124
|
+
|
125
|
+
|
126
|
+
Version 2.1.3
|
127
|
+
=============
|
128
|
+
|
129
|
+
Bug fixes
|
130
|
+
---------
|
131
|
+
|
132
|
+
* Fix deprecation warnings on Ruby 3.0.
|
133
|
+
* Add ".include" directive support in `OpenSSL::Config`.
|
134
|
+
[[GitHub #216]](https://github.com/ruby/openssl/pull/216)
|
135
|
+
* Fix handling of IPv6 address SANs.
|
136
|
+
[[GitHub #185]](https://github.com/ruby/openssl/pull/185)
|
137
|
+
* Hostname verification failure with `OpenSSL::SSL::SSLContext#verify_hostname=`
|
138
|
+
sets a proper error code.
|
139
|
+
[[GitHub #350]](https://github.com/ruby/openssl/pull/350)
|
140
|
+
* Fix crash with `OpenSSL::BN.new(nil, 2)`.
|
141
|
+
[[Bug #15760]](https://bugs.ruby-lang.org/issues/15760)
|
142
|
+
* `OpenSSL::SSL::SSLSocket#sys{read,write}` prevent internal string buffers from
|
143
|
+
being modified by another thread.
|
144
|
+
[[GitHub #453]](https://github.com/ruby/openssl/pull/453)
|
145
|
+
* Fix misuse of input record separator in `OpenSSL::Buffering` where it was
|
146
|
+
for output.
|
147
|
+
* Fix wrong interger casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
|
148
|
+
[[GitHub #460]](https://github.com/ruby/openssl/pull/460)
|
149
|
+
* `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
|
150
|
+
newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
|
151
|
+
OpenSSL 3.0 API.
|
152
|
+
[[GitHub #458]](https://github.com/ruby/openssl/pull/458)
|
153
|
+
* Activate `digest` gem correctly. `digest` library could go into an
|
154
|
+
inconsistent state if there are multiple versions of `digest` is installed
|
155
|
+
and `openssl` is `require`d before `digest`.
|
156
|
+
[[GitHub #463]](https://github.com/ruby/openssl/pull/463)
|
157
|
+
* Fix GC.compact compatibility.
|
158
|
+
[[GitHub #464]](https://github.com/ruby/openssl/issues/464)
|
159
|
+
[[GitHub #465]](https://github.com/ruby/openssl/pull/465)
|
160
|
+
|
161
|
+
|
78
162
|
Version 2.1.2
|
79
163
|
=============
|
80
164
|
|
data/ext/openssl/extconf.rb
CHANGED
@@ -13,7 +13,7 @@
|
|
13
13
|
|
14
14
|
require "mkmf"
|
15
15
|
|
16
|
-
dir_config("openssl")
|
16
|
+
dir_config_given = dir_config("openssl").any?
|
17
17
|
dir_config("kerberos")
|
18
18
|
|
19
19
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
@@ -33,9 +33,6 @@ if $mswin || $mingw
|
|
33
33
|
have_library("ws2_32")
|
34
34
|
end
|
35
35
|
|
36
|
-
Logging::message "=== Checking for required stuff... ===\n"
|
37
|
-
result = pkg_config("openssl") && have_header("openssl/ssl.h")
|
38
|
-
|
39
36
|
if $mingw
|
40
37
|
append_cflags '-D_FORTIFY_SOURCE=2'
|
41
38
|
append_ldflags '-fstack-protector'
|
@@ -92,19 +89,33 @@ def find_openssl_library
|
|
92
89
|
return false
|
93
90
|
end
|
94
91
|
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
92
|
+
Logging::message "=== Checking for required stuff... ===\n"
|
93
|
+
pkg_config_found = !dir_config_given && pkg_config("openssl") && have_header("openssl/ssl.h")
|
94
|
+
|
95
|
+
if !pkg_config_found && !find_openssl_library
|
96
|
+
Logging::message "=== Checking for required stuff failed. ===\n"
|
97
|
+
Logging::message "Makefile wasn't created. Fix the errors above.\n"
|
98
|
+
raise "OpenSSL library could not be found. You might want to use " \
|
99
|
+
"--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
|
100
|
+
"is installed."
|
101
|
+
end
|
102
|
+
|
103
|
+
version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
104
|
+
is_libressl = true
|
105
|
+
checking_for("LibreSSL version >= 2.5.0") {
|
106
|
+
try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }
|
107
|
+
else
|
108
|
+
checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {
|
109
|
+
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&
|
110
|
+
!try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
|
111
|
+
end
|
112
|
+
unless version_ok
|
113
|
+
raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"
|
103
114
|
end
|
104
115
|
|
105
|
-
|
106
|
-
|
107
|
-
|
116
|
+
# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
|
117
|
+
if is_libressl && ($mswin || $mingw)
|
118
|
+
$defs.push("-DNOCRYPT")
|
108
119
|
end
|
109
120
|
|
110
121
|
Logging::message "=== Checking for OpenSSL features... ===\n"
|
@@ -116,10 +127,6 @@ engines.each { |name|
|
|
116
127
|
have_func("ENGINE_load_#{name}()", "openssl/engine.h")
|
117
128
|
}
|
118
129
|
|
119
|
-
if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
120
|
-
$defs.push("-DNOCRYPT")
|
121
|
-
end
|
122
|
-
|
123
130
|
# added in 1.0.2
|
124
131
|
have_func("EC_curve_nist2nid")
|
125
132
|
have_func("X509_REVOKED_dup")
|
@@ -169,13 +176,16 @@ have_func("SSL_SESSION_get_protocol_version")
|
|
169
176
|
have_func("TS_STATUS_INFO_get0_status")
|
170
177
|
have_func("TS_STATUS_INFO_get0_text")
|
171
178
|
have_func("TS_STATUS_INFO_get0_failure_info")
|
172
|
-
have_func("TS_VERIFY_CTS_set_certs")
|
179
|
+
have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h")
|
173
180
|
have_func("TS_VERIFY_CTX_set_store")
|
174
181
|
have_func("TS_VERIFY_CTX_add_flags")
|
175
182
|
have_func("TS_RESP_CTX_set_time_cb")
|
176
183
|
have_func("EVP_PBE_scrypt")
|
177
184
|
have_func("SSL_CTX_set_post_handshake_auth")
|
178
185
|
|
186
|
+
# added in 3.0.0
|
187
|
+
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
|
188
|
+
|
179
189
|
Logging::message "=== Checking done. ===\n"
|
180
190
|
|
181
191
|
create_header
|
@@ -254,4 +254,9 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
|
|
254
254
|
} while (0)
|
255
255
|
#endif
|
256
256
|
|
257
|
+
/* added in 3.0.0 */
|
258
|
+
#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
|
259
|
+
# define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
|
260
|
+
#endif
|
261
|
+
|
257
262
|
#endif /* _OSSL_OPENSSL_MISSING_H_ */
|
data/ext/openssl/ossl.c
CHANGED
@@ -497,8 +497,11 @@ print_mem_leaks(VALUE self)
|
|
497
497
|
int ret;
|
498
498
|
#endif
|
499
499
|
|
500
|
-
|
501
|
-
|
500
|
+
#ifndef HAVE_RB_EXT_RACTOR_SAFE
|
501
|
+
// for Ruby 2.x
|
502
|
+
void ossl_bn_ctx_free(void); // ossl_bn.c
|
503
|
+
ossl_bn_ctx_free();
|
504
|
+
#endif
|
502
505
|
|
503
506
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
504
507
|
ret = CRYPTO_mem_leaks_fp(stderr);
|
@@ -1126,6 +1129,10 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
1126
1129
|
void
|
1127
1130
|
Init_openssl(void)
|
1128
1131
|
{
|
1132
|
+
#if HAVE_RB_EXT_RACTOR_SAFE
|
1133
|
+
rb_ext_ractor_safe(true);
|
1134
|
+
#endif
|
1135
|
+
|
1129
1136
|
#undef rb_intern
|
1130
1137
|
/*
|
1131
1138
|
* Init timezone info
|
data/ext/openssl/ossl_bn.c
CHANGED
@@ -10,6 +10,10 @@
|
|
10
10
|
/* modified by Michal Rokos <m.rokos@sh.cvut.cz> */
|
11
11
|
#include "ossl.h"
|
12
12
|
|
13
|
+
#if HAVE_RB_EXT_RACTOR_SAFE
|
14
|
+
#include <ruby/ractor.h>
|
15
|
+
#endif
|
16
|
+
|
13
17
|
#define NewBN(klass) \
|
14
18
|
TypedData_Wrap_Struct((klass), &ossl_bn_type, 0)
|
15
19
|
#define SetBN(obj, bn) do { \
|
@@ -150,12 +154,58 @@ ossl_bn_value_ptr(volatile VALUE *ptr)
|
|
150
154
|
/*
|
151
155
|
* Private
|
152
156
|
*/
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
*
|
157
|
-
|
158
|
-
BN_CTX *
|
157
|
+
|
158
|
+
#if HAVE_RB_EXT_RACTOR_SAFE
|
159
|
+
void
|
160
|
+
ossl_bn_ctx_free(void *ptr)
|
161
|
+
{
|
162
|
+
BN_CTX *ctx = (BN_CTX *)ptr;
|
163
|
+
BN_CTX_free(ctx);
|
164
|
+
}
|
165
|
+
|
166
|
+
struct rb_ractor_local_storage_type ossl_bn_ctx_key_type = {
|
167
|
+
NULL, // mark
|
168
|
+
ossl_bn_ctx_free,
|
169
|
+
};
|
170
|
+
|
171
|
+
rb_ractor_local_key_t ossl_bn_ctx_key;
|
172
|
+
|
173
|
+
BN_CTX *
|
174
|
+
ossl_bn_ctx_get(void)
|
175
|
+
{
|
176
|
+
// stored in ractor local storage
|
177
|
+
|
178
|
+
BN_CTX *ctx = rb_ractor_local_storage_ptr(ossl_bn_ctx_key);
|
179
|
+
if (!ctx) {
|
180
|
+
if (!(ctx = BN_CTX_new())) {
|
181
|
+
ossl_raise(rb_eRuntimeError, "Cannot init BN_CTX");
|
182
|
+
}
|
183
|
+
rb_ractor_local_storage_ptr_set(ossl_bn_ctx_key, ctx);
|
184
|
+
}
|
185
|
+
return ctx;
|
186
|
+
}
|
187
|
+
#else
|
188
|
+
// for ruby 2.x
|
189
|
+
static BN_CTX *gv_ossl_bn_ctx;
|
190
|
+
|
191
|
+
BN_CTX *
|
192
|
+
ossl_bn_ctx_get(void)
|
193
|
+
{
|
194
|
+
if (gv_ossl_bn_ctx == NULL) {
|
195
|
+
if (!(gv_ossl_bn_ctx = BN_CTX_new())) {
|
196
|
+
ossl_raise(rb_eRuntimeError, "Cannot init BN_CTX");
|
197
|
+
}
|
198
|
+
}
|
199
|
+
return gv_ossl_bn_ctx;
|
200
|
+
}
|
201
|
+
|
202
|
+
void
|
203
|
+
ossl_bn_ctx_free(void)
|
204
|
+
{
|
205
|
+
BN_CTX_free(gv_ossl_bn_ctx);
|
206
|
+
gv_ossl_bn_ctx = NULL;
|
207
|
+
}
|
208
|
+
#endif
|
159
209
|
|
160
210
|
static VALUE
|
161
211
|
ossl_bn_alloc(VALUE klass)
|
@@ -403,7 +453,7 @@ ossl_bn_is_negative(VALUE self)
|
|
403
453
|
if (!(result = BN_new())) { \
|
404
454
|
ossl_raise(eBNError, NULL); \
|
405
455
|
} \
|
406
|
-
if (
|
456
|
+
if (BN_##func(result, bn, ossl_bn_ctx) <= 0) { \
|
407
457
|
BN_free(result); \
|
408
458
|
ossl_raise(eBNError, NULL); \
|
409
459
|
} \
|
@@ -429,7 +479,7 @@ BIGNUM_1c(sqr)
|
|
429
479
|
if (!(result = BN_new())) { \
|
430
480
|
ossl_raise(eBNError, NULL); \
|
431
481
|
} \
|
432
|
-
if (
|
482
|
+
if (BN_##func(result, bn1, bn2) <= 0) { \
|
433
483
|
BN_free(result); \
|
434
484
|
ossl_raise(eBNError, NULL); \
|
435
485
|
} \
|
@@ -462,7 +512,7 @@ BIGNUM_2(sub)
|
|
462
512
|
if (!(result = BN_new())) { \
|
463
513
|
ossl_raise(eBNError, NULL); \
|
464
514
|
} \
|
465
|
-
if (
|
515
|
+
if (BN_##func(result, bn1, bn2, ossl_bn_ctx) <= 0) { \
|
466
516
|
BN_free(result); \
|
467
517
|
ossl_raise(eBNError, NULL); \
|
468
518
|
} \
|
@@ -506,11 +556,21 @@ BIGNUM_2c(gcd)
|
|
506
556
|
BIGNUM_2c(mod_sqr)
|
507
557
|
|
508
558
|
/*
|
509
|
-
* Document-method: OpenSSL::BN#mod_inverse
|
510
559
|
* call-seq:
|
511
|
-
*
|
560
|
+
* bn.mod_inverse(bn2) => aBN
|
512
561
|
*/
|
513
|
-
|
562
|
+
static VALUE
|
563
|
+
ossl_bn_mod_inverse(VALUE self, VALUE other)
|
564
|
+
{
|
565
|
+
BIGNUM *bn1, *bn2 = GetBNPtr(other), *result;
|
566
|
+
VALUE obj;
|
567
|
+
GetBN(self, bn1);
|
568
|
+
obj = NewBN(rb_obj_class(self));
|
569
|
+
if (!(result = BN_mod_inverse(NULL, bn1, bn2, ossl_bn_ctx)))
|
570
|
+
ossl_raise(eBNError, "BN_mod_inverse");
|
571
|
+
SetBN(obj, result);
|
572
|
+
return obj;
|
573
|
+
}
|
514
574
|
|
515
575
|
/*
|
516
576
|
* call-seq:
|
@@ -559,7 +619,7 @@ ossl_bn_div(VALUE self, VALUE other)
|
|
559
619
|
if (!(result = BN_new())) { \
|
560
620
|
ossl_raise(eBNError, NULL); \
|
561
621
|
} \
|
562
|
-
if (
|
622
|
+
if (BN_##func(result, bn1, bn2, bn3, ossl_bn_ctx) <= 0) { \
|
563
623
|
BN_free(result); \
|
564
624
|
ossl_raise(eBNError, NULL); \
|
565
625
|
} \
|
@@ -601,7 +661,7 @@ BIGNUM_3c(mod_exp)
|
|
601
661
|
{ \
|
602
662
|
BIGNUM *bn; \
|
603
663
|
GetBN(self, bn); \
|
604
|
-
if (
|
664
|
+
if (BN_##func(bn, NUM2INT(bit)) <= 0) { \
|
605
665
|
ossl_raise(eBNError, NULL); \
|
606
666
|
} \
|
607
667
|
return self; \
|
@@ -661,7 +721,7 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit)
|
|
661
721
|
if (!(result = BN_new())) { \
|
662
722
|
ossl_raise(eBNError, NULL); \
|
663
723
|
} \
|
664
|
-
if (
|
724
|
+
if (BN_##func(result, bn, b) <= 0) { \
|
665
725
|
BN_free(result); \
|
666
726
|
ossl_raise(eBNError, NULL); \
|
667
727
|
} \
|
@@ -691,7 +751,7 @@ BIGNUM_SHIFT(rshift)
|
|
691
751
|
int b; \
|
692
752
|
b = NUM2INT(bits); \
|
693
753
|
GetBN(self, bn); \
|
694
|
-
if (
|
754
|
+
if (BN_##func(bn, bn, b) <= 0) \
|
695
755
|
ossl_raise(eBNError, NULL); \
|
696
756
|
return self; \
|
697
757
|
}
|
@@ -730,7 +790,7 @@ BIGNUM_SELF_SHIFT(rshift)
|
|
730
790
|
if (!(result = BN_new())) { \
|
731
791
|
ossl_raise(eBNError, NULL); \
|
732
792
|
} \
|
733
|
-
if (
|
793
|
+
if (BN_##func(result, b, top, bottom) <= 0) { \
|
734
794
|
BN_free(result); \
|
735
795
|
ossl_raise(eBNError, NULL); \
|
736
796
|
} \
|
@@ -759,7 +819,7 @@ BIGNUM_RAND(pseudo_rand)
|
|
759
819
|
if (!(result = BN_new())) { \
|
760
820
|
ossl_raise(eBNError, NULL); \
|
761
821
|
} \
|
762
|
-
if (
|
822
|
+
if (BN_##func##_range(result, bn) <= 0) { \
|
763
823
|
BN_free(result); \
|
764
824
|
ossl_raise(eBNError, NULL); \
|
765
825
|
} \
|
@@ -1092,9 +1152,11 @@ Init_ossl_bn(void)
|
|
1092
1152
|
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
1093
1153
|
#endif
|
1094
1154
|
|
1095
|
-
|
1096
|
-
|
1097
|
-
|
1155
|
+
#ifdef HAVE_RB_EXT_RACTOR_SAFE
|
1156
|
+
ossl_bn_ctx_key = rb_ractor_local_storage_ptr_newkey(&ossl_bn_ctx_key_type);
|
1157
|
+
#else
|
1158
|
+
ossl_bn_ctx_get();
|
1159
|
+
#endif
|
1098
1160
|
|
1099
1161
|
eBNError = rb_define_class_under(mOSSL, "BNError", eOSSLError);
|
1100
1162
|
|
data/ext/openssl/ossl_bn.h
CHANGED
data/ext/openssl/ossl_digest.c
CHANGED
@@ -313,8 +313,6 @@ ossl_digest_block_length(VALUE self)
|
|
313
313
|
void
|
314
314
|
Init_ossl_digest(void)
|
315
315
|
{
|
316
|
-
rb_require("digest");
|
317
|
-
|
318
316
|
#if 0
|
319
317
|
mOSSL = rb_define_module("OpenSSL");
|
320
318
|
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
@@ -398,6 +396,12 @@ Init_ossl_digest(void)
|
|
398
396
|
* digest2 = sha256.digest(data2)
|
399
397
|
*
|
400
398
|
*/
|
399
|
+
|
400
|
+
/*
|
401
|
+
* Digest::Class is defined by the digest library. rb_require() cannot be
|
402
|
+
* used here because it bypasses RubyGems.
|
403
|
+
*/
|
404
|
+
rb_funcall(Qnil, rb_intern_const("require"), 1, rb_str_new_cstr("digest"));
|
401
405
|
cDigest = rb_define_class_under(mOSSL, "Digest", rb_path2class("Digest::Class"));
|
402
406
|
/* Document-class: OpenSSL::Digest::DigestError
|
403
407
|
*
|
data/ext/openssl/ossl_ocsp.c
CHANGED
@@ -1069,7 +1069,8 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
|
|
1069
1069
|
x509st = GetX509StorePtr(store);
|
1070
1070
|
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
|
1071
1071
|
x509s = ossl_x509_ary2sk(certs);
|
1072
|
-
#if (OPENSSL_VERSION_NUMBER < 0x1000202fL) ||
|
1072
|
+
#if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || \
|
1073
|
+
defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000
|
1073
1074
|
/*
|
1074
1075
|
* OpenSSL had a bug that it doesn't use the certificates in x509s for
|
1075
1076
|
* verifying the chain. This can be a problem when the response is signed by
|
data/ext/openssl/ossl_pkey_ec.c
CHANGED
@@ -653,15 +653,15 @@ static VALUE ossl_ec_key_dsa_verify_asn1(VALUE self, VALUE data, VALUE sig)
|
|
653
653
|
StringValue(data);
|
654
654
|
StringValue(sig);
|
655
655
|
|
656
|
-
switch (ECDSA_verify(0, (unsigned char *)
|
657
|
-
|
658
|
-
|
659
|
-
|
656
|
+
switch (ECDSA_verify(0, (unsigned char *)RSTRING_PTR(data), RSTRING_LENINT(data),
|
657
|
+
(unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), ec)) {
|
658
|
+
case 1:
|
659
|
+
return Qtrue;
|
660
|
+
case 0:
|
661
|
+
return Qfalse;
|
662
|
+
default:
|
663
|
+
ossl_raise(eECError, "ECDSA_verify");
|
660
664
|
}
|
661
|
-
|
662
|
-
ossl_raise(eECError, "ECDSA_verify");
|
663
|
-
|
664
|
-
UNREACHABLE;
|
665
665
|
}
|
666
666
|
|
667
667
|
/*
|
@@ -860,10 +860,11 @@ static VALUE ossl_ec_group_eql(VALUE a, VALUE b)
|
|
860
860
|
GetECGroup(a, group1);
|
861
861
|
GetECGroup(b, group2);
|
862
862
|
|
863
|
-
|
864
|
-
|
865
|
-
|
866
|
-
|
863
|
+
switch (EC_GROUP_cmp(group1, group2, ossl_bn_ctx)) {
|
864
|
+
case 0: return Qtrue;
|
865
|
+
case 1: return Qfalse;
|
866
|
+
default: ossl_raise(eEC_GROUP, "EC_GROUP_cmp");
|
867
|
+
}
|
867
868
|
}
|
868
869
|
|
869
870
|
/*
|
@@ -1424,10 +1425,13 @@ static VALUE ossl_ec_point_eql(VALUE a, VALUE b)
|
|
1424
1425
|
GetECPoint(b, point2);
|
1425
1426
|
GetECGroup(group_v1, group);
|
1426
1427
|
|
1427
|
-
|
1428
|
-
|
1428
|
+
switch (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx)) {
|
1429
|
+
case 0: return Qtrue;
|
1430
|
+
case 1: return Qfalse;
|
1431
|
+
default: ossl_raise(eEC_POINT, "EC_POINT_cmp");
|
1432
|
+
}
|
1429
1433
|
|
1430
|
-
|
1434
|
+
UNREACHABLE;
|
1431
1435
|
}
|
1432
1436
|
|
1433
1437
|
/*
|
@@ -1445,7 +1449,7 @@ static VALUE ossl_ec_point_is_at_infinity(VALUE self)
|
|
1445
1449
|
switch (EC_POINT_is_at_infinity(group, point)) {
|
1446
1450
|
case 1: return Qtrue;
|
1447
1451
|
case 0: return Qfalse;
|
1448
|
-
default: ossl_raise(
|
1452
|
+
default: ossl_raise(eEC_POINT, "EC_POINT_is_at_infinity");
|
1449
1453
|
}
|
1450
1454
|
|
1451
1455
|
UNREACHABLE;
|
@@ -1466,7 +1470,7 @@ static VALUE ossl_ec_point_is_on_curve(VALUE self)
|
|
1466
1470
|
switch (EC_POINT_is_on_curve(group, point, ossl_bn_ctx)) {
|
1467
1471
|
case 1: return Qtrue;
|
1468
1472
|
case 0: return Qfalse;
|
1469
|
-
default: ossl_raise(
|
1473
|
+
default: ossl_raise(eEC_POINT, "EC_POINT_is_on_curve");
|
1470
1474
|
}
|
1471
1475
|
|
1472
1476
|
UNREACHABLE;
|
@@ -1485,7 +1489,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self)
|
|
1485
1489
|
GetECPointGroup(self, group);
|
1486
1490
|
|
1487
1491
|
if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1)
|
1488
|
-
ossl_raise(
|
1492
|
+
ossl_raise(eEC_POINT, "EC_POINT_make_affine");
|
1489
1493
|
|
1490
1494
|
return self;
|
1491
1495
|
}
|
@@ -1503,7 +1507,7 @@ static VALUE ossl_ec_point_invert(VALUE self)
|
|
1503
1507
|
GetECPointGroup(self, group);
|
1504
1508
|
|
1505
1509
|
if (EC_POINT_invert(group, point, ossl_bn_ctx) != 1)
|
1506
|
-
ossl_raise(
|
1510
|
+
ossl_raise(eEC_POINT, "EC_POINT_invert");
|
1507
1511
|
|
1508
1512
|
return self;
|
1509
1513
|
}
|
@@ -1521,7 +1525,7 @@ static VALUE ossl_ec_point_set_to_infinity(VALUE self)
|
|
1521
1525
|
GetECPointGroup(self, group);
|
1522
1526
|
|
1523
1527
|
if (EC_POINT_set_to_infinity(group, point) != 1)
|
1524
|
-
ossl_raise(
|
1528
|
+
ossl_raise(eEC_POINT, "EC_POINT_set_to_infinity");
|
1525
1529
|
|
1526
1530
|
return self;
|
1527
1531
|
}
|
data/ext/openssl/ossl_ssl.c
CHANGED
@@ -13,6 +13,12 @@
|
|
13
13
|
|
14
14
|
#define numberof(ary) (int)(sizeof(ary)/sizeof((ary)[0]))
|
15
15
|
|
16
|
+
#if !defined(TLS1_3_VERSION) && \
|
17
|
+
defined(LIBRESSL_VERSION_NUMBER) && \
|
18
|
+
LIBRESSL_VERSION_NUMBER >= 0x3020000fL
|
19
|
+
# define TLS1_3_VERSION 0x0304
|
20
|
+
#endif
|
21
|
+
|
16
22
|
#ifdef _WIN32
|
17
23
|
# define TO_SOCKET(s) _get_osfhandle(s)
|
18
24
|
#else
|
@@ -33,7 +39,7 @@ static VALUE eSSLErrorWaitReadable;
|
|
33
39
|
static VALUE eSSLErrorWaitWritable;
|
34
40
|
|
35
41
|
static ID id_call, ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback,
|
36
|
-
id_npn_protocols_encoded;
|
42
|
+
id_npn_protocols_encoded, id_each;
|
37
43
|
static VALUE sym_exception, sym_wait_readable, sym_wait_writable;
|
38
44
|
|
39
45
|
static ID id_i_cert_store, id_i_ca_file, id_i_ca_path, id_i_verify_mode,
|
@@ -53,6 +59,13 @@ static int ossl_sslctx_ex_ptr_idx;
|
|
53
59
|
static int ossl_sslctx_ex_store_p;
|
54
60
|
#endif
|
55
61
|
|
62
|
+
static void
|
63
|
+
ossl_sslctx_mark(void *ptr)
|
64
|
+
{
|
65
|
+
SSL_CTX *ctx = ptr;
|
66
|
+
rb_gc_mark((VALUE)SSL_CTX_get_ex_data(ctx, ossl_sslctx_ex_ptr_idx));
|
67
|
+
}
|
68
|
+
|
56
69
|
static void
|
57
70
|
ossl_sslctx_free(void *ptr)
|
58
71
|
{
|
@@ -67,7 +80,7 @@ ossl_sslctx_free(void *ptr)
|
|
67
80
|
static const rb_data_type_t ossl_sslctx_type = {
|
68
81
|
"OpenSSL/SSL/CTX",
|
69
82
|
{
|
70
|
-
|
83
|
+
ossl_sslctx_mark, ossl_sslctx_free,
|
71
84
|
},
|
72
85
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
73
86
|
};
|
@@ -616,7 +629,7 @@ static VALUE
|
|
616
629
|
ssl_encode_npn_protocols(VALUE protocols)
|
617
630
|
{
|
618
631
|
VALUE encoded = rb_str_new(NULL, 0);
|
619
|
-
|
632
|
+
rb_block_call(protocols, id_each, 0, 0, ssl_npn_encode_protocol_i, encoded);
|
620
633
|
return encoded;
|
621
634
|
}
|
622
635
|
|
@@ -686,7 +699,7 @@ static int
|
|
686
699
|
ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen,
|
687
700
|
void *arg)
|
688
701
|
{
|
689
|
-
VALUE protocols = (VALUE)arg;
|
702
|
+
VALUE protocols = rb_attr_get((VALUE)arg, id_npn_protocols_encoded);
|
690
703
|
|
691
704
|
*out = (const unsigned char *) RSTRING_PTR(protocols);
|
692
705
|
*outlen = RSTRING_LENINT(protocols);
|
@@ -908,7 +921,7 @@ ossl_sslctx_setup(VALUE self)
|
|
908
921
|
if (!NIL_P(val)) {
|
909
922
|
VALUE encoded = ssl_encode_npn_protocols(val);
|
910
923
|
rb_ivar_set(self, id_npn_protocols_encoded, encoded);
|
911
|
-
SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)
|
924
|
+
SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)self);
|
912
925
|
OSSL_Debug("SSL NPN advertise callback added");
|
913
926
|
}
|
914
927
|
if (RTEST(rb_attr_get(self, id_i_npn_select_cb))) {
|
@@ -1526,6 +1539,14 @@ ssl_started(SSL *ssl)
|
|
1526
1539
|
return SSL_get_fd(ssl) >= 0;
|
1527
1540
|
}
|
1528
1541
|
|
1542
|
+
static void
|
1543
|
+
ossl_ssl_mark(void *ptr)
|
1544
|
+
{
|
1545
|
+
SSL *ssl = ptr;
|
1546
|
+
rb_gc_mark((VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx));
|
1547
|
+
rb_gc_mark((VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_vcb_idx));
|
1548
|
+
}
|
1549
|
+
|
1529
1550
|
static void
|
1530
1551
|
ossl_ssl_free(void *ssl)
|
1531
1552
|
{
|
@@ -1535,7 +1556,7 @@ ossl_ssl_free(void *ssl)
|
|
1535
1556
|
const rb_data_type_t ossl_ssl_type = {
|
1536
1557
|
"OpenSSL/SSL",
|
1537
1558
|
{
|
1538
|
-
|
1559
|
+
ossl_ssl_mark, ossl_ssl_free,
|
1539
1560
|
},
|
1540
1561
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
1541
1562
|
};
|
@@ -1691,6 +1712,11 @@ ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, VALUE opts)
|
|
1691
1712
|
rb_io_wait_readable(fptr->fd);
|
1692
1713
|
continue;
|
1693
1714
|
case SSL_ERROR_SYSCALL:
|
1715
|
+
#ifdef __APPLE__
|
1716
|
+
/* See ossl_ssl_write_internal() */
|
1717
|
+
if (errno == EPROTOTYPE)
|
1718
|
+
continue;
|
1719
|
+
#endif
|
1694
1720
|
if (errno) rb_sys_fail(funcname);
|
1695
1721
|
ossl_raise(eSSLError, "%s SYSCALL returned=%d errno=%d state=%s", funcname, ret2, errno, SSL_state_string_long(ssl));
|
1696
1722
|
#if defined(SSL_R_CERTIFICATE_VERIFY_FAILED)
|
@@ -1847,26 +1873,36 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
|
|
1847
1873
|
io = rb_attr_get(self, id_i_io);
|
1848
1874
|
GetOpenFile(io, fptr);
|
1849
1875
|
if (ssl_started(ssl)) {
|
1850
|
-
|
1876
|
+
rb_str_locktmp(str);
|
1877
|
+
for (;;) {
|
1851
1878
|
nread = SSL_read(ssl, RSTRING_PTR(str), ilen);
|
1852
1879
|
switch(ssl_get_error(ssl, nread)){
|
1853
1880
|
case SSL_ERROR_NONE:
|
1881
|
+
rb_str_unlocktmp(str);
|
1854
1882
|
goto end;
|
1855
1883
|
case SSL_ERROR_ZERO_RETURN:
|
1884
|
+
rb_str_unlocktmp(str);
|
1856
1885
|
if (no_exception_p(opts)) { return Qnil; }
|
1857
1886
|
rb_eof_error();
|
1858
1887
|
case SSL_ERROR_WANT_WRITE:
|
1859
|
-
|
1860
|
-
|
1888
|
+
if (nonblock) {
|
1889
|
+
rb_str_unlocktmp(str);
|
1890
|
+
if (no_exception_p(opts)) { return sym_wait_writable; }
|
1891
|
+
write_would_block(nonblock);
|
1892
|
+
}
|
1861
1893
|
rb_io_wait_writable(fptr->fd);
|
1862
1894
|
continue;
|
1863
1895
|
case SSL_ERROR_WANT_READ:
|
1864
|
-
|
1865
|
-
|
1896
|
+
if (nonblock) {
|
1897
|
+
rb_str_unlocktmp(str);
|
1898
|
+
if (no_exception_p(opts)) { return sym_wait_readable; }
|
1899
|
+
read_would_block(nonblock);
|
1900
|
+
}
|
1866
1901
|
rb_io_wait_readable(fptr->fd);
|
1867
1902
|
continue;
|
1868
1903
|
case SSL_ERROR_SYSCALL:
|
1869
1904
|
if (!ERR_peek_error()) {
|
1905
|
+
rb_str_unlocktmp(str);
|
1870
1906
|
if (errno)
|
1871
1907
|
rb_sys_fail(0);
|
1872
1908
|
else {
|
@@ -1883,6 +1919,7 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
|
|
1883
1919
|
}
|
1884
1920
|
/* fall through */
|
1885
1921
|
default:
|
1922
|
+
rb_str_unlocktmp(str);
|
1886
1923
|
ossl_raise(eSSLError, "SSL_read");
|
1887
1924
|
}
|
1888
1925
|
}
|
@@ -1953,21 +1990,21 @@ ossl_ssl_write_internal(VALUE self, VALUE str, VALUE opts)
|
|
1953
1990
|
int nwrite = 0;
|
1954
1991
|
rb_io_t *fptr;
|
1955
1992
|
int nonblock = opts != Qfalse;
|
1956
|
-
VALUE io;
|
1993
|
+
VALUE tmp, io;
|
1957
1994
|
|
1958
|
-
StringValue(str);
|
1995
|
+
tmp = rb_str_new_frozen(StringValue(str));
|
1959
1996
|
GetSSL(self, ssl);
|
1960
1997
|
io = rb_attr_get(self, id_i_io);
|
1961
1998
|
GetOpenFile(io, fptr);
|
1962
1999
|
if (ssl_started(ssl)) {
|
1963
|
-
for (;;){
|
1964
|
-
int num = RSTRING_LENINT(
|
2000
|
+
for (;;) {
|
2001
|
+
int num = RSTRING_LENINT(tmp);
|
1965
2002
|
|
1966
2003
|
/* SSL_write(3ssl) manpage states num == 0 is undefined */
|
1967
2004
|
if (num == 0)
|
1968
2005
|
goto end;
|
1969
2006
|
|
1970
|
-
nwrite = SSL_write(ssl, RSTRING_PTR(
|
2007
|
+
nwrite = SSL_write(ssl, RSTRING_PTR(tmp), num);
|
1971
2008
|
switch(ssl_get_error(ssl, nwrite)){
|
1972
2009
|
case SSL_ERROR_NONE:
|
1973
2010
|
goto end;
|
@@ -1982,6 +2019,16 @@ ossl_ssl_write_internal(VALUE self, VALUE str, VALUE opts)
|
|
1982
2019
|
rb_io_wait_readable(fptr->fd);
|
1983
2020
|
continue;
|
1984
2021
|
case SSL_ERROR_SYSCALL:
|
2022
|
+
#ifdef __APPLE__
|
2023
|
+
/*
|
2024
|
+
* It appears that send syscall can return EPROTOTYPE if the
|
2025
|
+
* socket is being torn down. Retry to get a proper errno to
|
2026
|
+
* make the error handling in line with the socket library.
|
2027
|
+
* [Bug #14713] https://bugs.ruby-lang.org/issues/14713
|
2028
|
+
*/
|
2029
|
+
if (errno == EPROTOTYPE)
|
2030
|
+
continue;
|
2031
|
+
#endif
|
1985
2032
|
if (errno) rb_sys_fail(0);
|
1986
2033
|
default:
|
1987
2034
|
ossl_raise(eSSLError, "SSL_write");
|
@@ -2456,8 +2503,6 @@ ossl_ssl_tmp_key(VALUE self)
|
|
2456
2503
|
# endif /* defined(HAVE_SSL_GET_SERVER_TMP_KEY) */
|
2457
2504
|
#endif /* !defined(OPENSSL_NO_SOCK) */
|
2458
2505
|
|
2459
|
-
#undef rb_intern
|
2460
|
-
#define rb_intern(s) rb_intern_const(s)
|
2461
2506
|
void
|
2462
2507
|
Init_ossl_ssl(void)
|
2463
2508
|
{
|
@@ -2468,8 +2513,8 @@ Init_ossl_ssl(void)
|
|
2468
2513
|
rb_mWaitWritable = rb_define_module_under(rb_cIO, "WaitWritable");
|
2469
2514
|
#endif
|
2470
2515
|
|
2471
|
-
id_call =
|
2472
|
-
ID_callback_state =
|
2516
|
+
id_call = rb_intern_const("call");
|
2517
|
+
ID_callback_state = rb_intern_const("callback_state");
|
2473
2518
|
|
2474
2519
|
ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0, (void *)"ossl_ssl_ex_vcb_idx", 0, 0, 0);
|
2475
2520
|
if (ossl_ssl_ex_vcb_idx < 0)
|
@@ -2536,7 +2581,7 @@ Init_ossl_ssl(void)
|
|
2536
2581
|
* The _cert_, _key_, and _extra_chain_cert_ attributes are deprecated.
|
2537
2582
|
* It is recommended to use #add_certificate instead.
|
2538
2583
|
*/
|
2539
|
-
rb_attr(cSSLContext,
|
2584
|
+
rb_attr(cSSLContext, rb_intern_const("cert"), 1, 1, Qfalse);
|
2540
2585
|
|
2541
2586
|
/*
|
2542
2587
|
* Context private key
|
@@ -2544,29 +2589,29 @@ Init_ossl_ssl(void)
|
|
2544
2589
|
* The _cert_, _key_, and _extra_chain_cert_ attributes are deprecated.
|
2545
2590
|
* It is recommended to use #add_certificate instead.
|
2546
2591
|
*/
|
2547
|
-
rb_attr(cSSLContext,
|
2592
|
+
rb_attr(cSSLContext, rb_intern_const("key"), 1, 1, Qfalse);
|
2548
2593
|
|
2549
2594
|
/*
|
2550
2595
|
* A certificate or Array of certificates that will be sent to the client.
|
2551
2596
|
*/
|
2552
|
-
rb_attr(cSSLContext,
|
2597
|
+
rb_attr(cSSLContext, rb_intern_const("client_ca"), 1, 1, Qfalse);
|
2553
2598
|
|
2554
2599
|
/*
|
2555
2600
|
* The path to a file containing a PEM-format CA certificate
|
2556
2601
|
*/
|
2557
|
-
rb_attr(cSSLContext,
|
2602
|
+
rb_attr(cSSLContext, rb_intern_const("ca_file"), 1, 1, Qfalse);
|
2558
2603
|
|
2559
2604
|
/*
|
2560
2605
|
* The path to a directory containing CA certificates in PEM format.
|
2561
2606
|
*
|
2562
2607
|
* Files are looked up by subject's X509 name's hash value.
|
2563
2608
|
*/
|
2564
|
-
rb_attr(cSSLContext,
|
2609
|
+
rb_attr(cSSLContext, rb_intern_const("ca_path"), 1, 1, Qfalse);
|
2565
2610
|
|
2566
2611
|
/*
|
2567
2612
|
* Maximum session lifetime in seconds.
|
2568
2613
|
*/
|
2569
|
-
rb_attr(cSSLContext,
|
2614
|
+
rb_attr(cSSLContext, rb_intern_const("timeout"), 1, 1, Qfalse);
|
2570
2615
|
|
2571
2616
|
/*
|
2572
2617
|
* Session verification mode.
|
@@ -2579,12 +2624,12 @@ Init_ossl_ssl(void)
|
|
2579
2624
|
*
|
2580
2625
|
* See SSL_CTX_set_verify(3) for details.
|
2581
2626
|
*/
|
2582
|
-
rb_attr(cSSLContext,
|
2627
|
+
rb_attr(cSSLContext, rb_intern_const("verify_mode"), 1, 1, Qfalse);
|
2583
2628
|
|
2584
2629
|
/*
|
2585
2630
|
* Number of CA certificates to walk when verifying a certificate chain.
|
2586
2631
|
*/
|
2587
|
-
rb_attr(cSSLContext,
|
2632
|
+
rb_attr(cSSLContext, rb_intern_const("verify_depth"), 1, 1, Qfalse);
|
2588
2633
|
|
2589
2634
|
/*
|
2590
2635
|
* A callback for additional certificate verification. The callback is
|
@@ -2598,7 +2643,7 @@ Init_ossl_ssl(void)
|
|
2598
2643
|
* If the callback returns +false+, the chain verification is immediately
|
2599
2644
|
* stopped and a bad_certificate alert is then sent.
|
2600
2645
|
*/
|
2601
|
-
rb_attr(cSSLContext,
|
2646
|
+
rb_attr(cSSLContext, rb_intern_const("verify_callback"), 1, 1, Qfalse);
|
2602
2647
|
|
2603
2648
|
/*
|
2604
2649
|
* Whether to check the server certificate is valid for the hostname.
|
@@ -2606,12 +2651,12 @@ Init_ossl_ssl(void)
|
|
2606
2651
|
* In order to make this work, verify_mode must be set to VERIFY_PEER and
|
2607
2652
|
* the server hostname must be given by OpenSSL::SSL::SSLSocket#hostname=.
|
2608
2653
|
*/
|
2609
|
-
rb_attr(cSSLContext,
|
2654
|
+
rb_attr(cSSLContext, rb_intern_const("verify_hostname"), 1, 1, Qfalse);
|
2610
2655
|
|
2611
2656
|
/*
|
2612
2657
|
* An OpenSSL::X509::Store used for certificate verification.
|
2613
2658
|
*/
|
2614
|
-
rb_attr(cSSLContext,
|
2659
|
+
rb_attr(cSSLContext, rb_intern_const("cert_store"), 1, 1, Qfalse);
|
2615
2660
|
|
2616
2661
|
/*
|
2617
2662
|
* An Array of extra X509 certificates to be added to the certificate
|
@@ -2620,7 +2665,7 @@ Init_ossl_ssl(void)
|
|
2620
2665
|
* The _cert_, _key_, and _extra_chain_cert_ attributes are deprecated.
|
2621
2666
|
* It is recommended to use #add_certificate instead.
|
2622
2667
|
*/
|
2623
|
-
rb_attr(cSSLContext,
|
2668
|
+
rb_attr(cSSLContext, rb_intern_const("extra_chain_cert"), 1, 1, Qfalse);
|
2624
2669
|
|
2625
2670
|
/*
|
2626
2671
|
* A callback invoked when a client certificate is requested by a server
|
@@ -2630,7 +2675,7 @@ Init_ossl_ssl(void)
|
|
2630
2675
|
* containing an OpenSSL::X509::Certificate and an OpenSSL::PKey. If any
|
2631
2676
|
* other value is returned the handshake is suspended.
|
2632
2677
|
*/
|
2633
|
-
rb_attr(cSSLContext,
|
2678
|
+
rb_attr(cSSLContext, rb_intern_const("client_cert_cb"), 1, 1, Qfalse);
|
2634
2679
|
|
2635
2680
|
#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
|
2636
2681
|
/*
|
@@ -2643,7 +2688,7 @@ Init_ossl_ssl(void)
|
|
2643
2688
|
* The callback is deprecated. This does not work with recent versions of
|
2644
2689
|
* OpenSSL. Use OpenSSL::SSL::SSLContext#ecdh_curves= instead.
|
2645
2690
|
*/
|
2646
|
-
rb_attr(cSSLContext,
|
2691
|
+
rb_attr(cSSLContext, rb_intern_const("tmp_ecdh_callback"), 1, 1, Qfalse);
|
2647
2692
|
#endif
|
2648
2693
|
|
2649
2694
|
/*
|
@@ -2651,7 +2696,7 @@ Init_ossl_ssl(void)
|
|
2651
2696
|
* sessions for multiple applications to be distinguished, for example, by
|
2652
2697
|
* name.
|
2653
2698
|
*/
|
2654
|
-
rb_attr(cSSLContext,
|
2699
|
+
rb_attr(cSSLContext, rb_intern_const("session_id_context"), 1, 1, Qfalse);
|
2655
2700
|
|
2656
2701
|
/*
|
2657
2702
|
* A callback invoked on a server when a session is proposed by the client
|
@@ -2660,7 +2705,7 @@ Init_ossl_ssl(void)
|
|
2660
2705
|
* The callback is invoked with the SSLSocket and session id. The
|
2661
2706
|
* callback may return a Session from an external cache.
|
2662
2707
|
*/
|
2663
|
-
rb_attr(cSSLContext,
|
2708
|
+
rb_attr(cSSLContext, rb_intern_const("session_get_cb"), 1, 1, Qfalse);
|
2664
2709
|
|
2665
2710
|
/*
|
2666
2711
|
* A callback invoked when a new session was negotiated.
|
@@ -2668,7 +2713,7 @@ Init_ossl_ssl(void)
|
|
2668
2713
|
* The callback is invoked with an SSLSocket. If +false+ is returned the
|
2669
2714
|
* session will be removed from the internal cache.
|
2670
2715
|
*/
|
2671
|
-
rb_attr(cSSLContext,
|
2716
|
+
rb_attr(cSSLContext, rb_intern_const("session_new_cb"), 1, 1, Qfalse);
|
2672
2717
|
|
2673
2718
|
/*
|
2674
2719
|
* A callback invoked when a session is removed from the internal cache.
|
@@ -2679,7 +2724,7 @@ Init_ossl_ssl(void)
|
|
2679
2724
|
* multi-threaded application. The callback is called inside a global lock
|
2680
2725
|
* and it can randomly cause deadlock on Ruby thread switching.
|
2681
2726
|
*/
|
2682
|
-
rb_attr(cSSLContext,
|
2727
|
+
rb_attr(cSSLContext, rb_intern_const("session_remove_cb"), 1, 1, Qfalse);
|
2683
2728
|
|
2684
2729
|
rb_define_const(mSSLExtConfig, "HAVE_TLSEXT_HOST_NAME", Qtrue);
|
2685
2730
|
|
@@ -2702,7 +2747,7 @@ Init_ossl_ssl(void)
|
|
2702
2747
|
* raise RuntimeError, "Client renegotiation disabled"
|
2703
2748
|
* end
|
2704
2749
|
*/
|
2705
|
-
rb_attr(cSSLContext,
|
2750
|
+
rb_attr(cSSLContext, rb_intern_const("renegotiation_cb"), 1, 1, Qfalse);
|
2706
2751
|
#ifndef OPENSSL_NO_NEXTPROTONEG
|
2707
2752
|
/*
|
2708
2753
|
* An Enumerable of Strings. Each String represents a protocol to be
|
@@ -2715,7 +2760,7 @@ Init_ossl_ssl(void)
|
|
2715
2760
|
*
|
2716
2761
|
* ctx.npn_protocols = ["http/1.1", "spdy/2"]
|
2717
2762
|
*/
|
2718
|
-
rb_attr(cSSLContext,
|
2763
|
+
rb_attr(cSSLContext, rb_intern_const("npn_protocols"), 1, 1, Qfalse);
|
2719
2764
|
/*
|
2720
2765
|
* A callback invoked on the client side when the client needs to select
|
2721
2766
|
* a protocol from the list sent by the server. Supported in OpenSSL 1.0.1
|
@@ -2732,7 +2777,7 @@ Init_ossl_ssl(void)
|
|
2732
2777
|
* protocols.first
|
2733
2778
|
* end
|
2734
2779
|
*/
|
2735
|
-
rb_attr(cSSLContext,
|
2780
|
+
rb_attr(cSSLContext, rb_intern_const("npn_select_cb"), 1, 1, Qfalse);
|
2736
2781
|
#endif
|
2737
2782
|
|
2738
2783
|
#ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
|
@@ -2747,7 +2792,7 @@ Init_ossl_ssl(void)
|
|
2747
2792
|
*
|
2748
2793
|
* ctx.alpn_protocols = ["http/1.1", "spdy/2", "h2"]
|
2749
2794
|
*/
|
2750
|
-
rb_attr(cSSLContext,
|
2795
|
+
rb_attr(cSSLContext, rb_intern_const("alpn_protocols"), 1, 1, Qfalse);
|
2751
2796
|
/*
|
2752
2797
|
* A callback invoked on the server side when the server needs to select
|
2753
2798
|
* a protocol from the list sent by the client. Supported in OpenSSL 1.0.2
|
@@ -2764,7 +2809,7 @@ Init_ossl_ssl(void)
|
|
2764
2809
|
* protocols.first
|
2765
2810
|
* end
|
2766
2811
|
*/
|
2767
|
-
rb_attr(cSSLContext,
|
2812
|
+
rb_attr(cSSLContext, rb_intern_const("alpn_select_cb"), 1, 1, Qfalse);
|
2768
2813
|
#endif
|
2769
2814
|
|
2770
2815
|
rb_define_alias(cSSLContext, "ssl_timeout", "timeout");
|
@@ -2992,16 +3037,17 @@ Init_ossl_ssl(void)
|
|
2992
3037
|
#endif
|
2993
3038
|
|
2994
3039
|
|
2995
|
-
sym_exception = ID2SYM(
|
2996
|
-
sym_wait_readable = ID2SYM(
|
2997
|
-
sym_wait_writable = ID2SYM(
|
3040
|
+
sym_exception = ID2SYM(rb_intern_const("exception"));
|
3041
|
+
sym_wait_readable = ID2SYM(rb_intern_const("wait_readable"));
|
3042
|
+
sym_wait_writable = ID2SYM(rb_intern_const("wait_writable"));
|
2998
3043
|
|
2999
|
-
id_tmp_dh_callback =
|
3000
|
-
id_tmp_ecdh_callback =
|
3001
|
-
id_npn_protocols_encoded =
|
3044
|
+
id_tmp_dh_callback = rb_intern_const("tmp_dh_callback");
|
3045
|
+
id_tmp_ecdh_callback = rb_intern_const("tmp_ecdh_callback");
|
3046
|
+
id_npn_protocols_encoded = rb_intern_const("npn_protocols_encoded");
|
3047
|
+
id_each = rb_intern_const("each");
|
3002
3048
|
|
3003
3049
|
#define DefIVarID(name) do \
|
3004
|
-
id_i_##name =
|
3050
|
+
id_i_##name = rb_intern_const("@"#name); while (0)
|
3005
3051
|
|
3006
3052
|
DefIVarID(cert_store);
|
3007
3053
|
DefIVarID(ca_file);
|
data/ext/openssl/ossl_ts.c
CHANGED
@@ -68,9 +68,9 @@ static VALUE cTimestampRequest;
|
|
68
68
|
static VALUE cTimestampResponse;
|
69
69
|
static VALUE cTimestampTokenInfo;
|
70
70
|
static VALUE cTimestampFactory;
|
71
|
-
static
|
72
|
-
static
|
73
|
-
static
|
71
|
+
static VALUE sBAD_ALG, sBAD_REQUEST, sBAD_DATA_FORMAT, sTIME_NOT_AVAILABLE;
|
72
|
+
static VALUE sUNACCEPTED_POLICY, sUNACCEPTED_EXTENSION, sADD_INFO_NOT_AVAILABLE;
|
73
|
+
static VALUE sSYSTEM_FAILURE;
|
74
74
|
|
75
75
|
static void
|
76
76
|
ossl_ts_req_free(void *ptr)
|
@@ -205,8 +205,10 @@ ossl_ts_req_initialize(int argc, VALUE *argv, VALUE self)
|
|
205
205
|
in = ossl_obj2bio(&arg);
|
206
206
|
ts_req = d2i_TS_REQ_bio(in, &ts_req);
|
207
207
|
BIO_free(in);
|
208
|
-
if (!ts_req)
|
208
|
+
if (!ts_req) {
|
209
|
+
DATA_PTR(self) = NULL;
|
209
210
|
ossl_raise(eTimestampError, "Error when decoding the timestamp request");
|
211
|
+
}
|
210
212
|
DATA_PTR(self) = ts_req;
|
211
213
|
|
212
214
|
return self;
|
@@ -529,8 +531,10 @@ ossl_ts_resp_initialize(VALUE self, VALUE der)
|
|
529
531
|
in = ossl_obj2bio(&der);
|
530
532
|
ts_resp = d2i_TS_RESP_bio(in, &ts_resp);
|
531
533
|
BIO_free(in);
|
532
|
-
if (!ts_resp)
|
534
|
+
if (!ts_resp) {
|
535
|
+
DATA_PTR(self) = NULL;
|
533
536
|
ossl_raise(eTimestampError, "Error when decoding the timestamp response");
|
537
|
+
}
|
534
538
|
DATA_PTR(self) = ts_resp;
|
535
539
|
|
536
540
|
return self;
|
@@ -816,7 +820,7 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self)
|
|
816
820
|
X509_up_ref(cert);
|
817
821
|
}
|
818
822
|
|
819
|
-
|
823
|
+
TS_VERIFY_CTX_set_certs(ctx, x509inter);
|
820
824
|
TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE);
|
821
825
|
TS_VERIFY_CTX_set_store(ctx, x509st);
|
822
826
|
|
@@ -871,8 +875,10 @@ ossl_ts_token_info_initialize(VALUE self, VALUE der)
|
|
871
875
|
in = ossl_obj2bio(&der);
|
872
876
|
info = d2i_TS_TST_INFO_bio(in, &info);
|
873
877
|
BIO_free(in);
|
874
|
-
if (!info)
|
878
|
+
if (!info) {
|
879
|
+
DATA_PTR(self) = NULL;
|
875
880
|
ossl_raise(eTimestampError, "Error when decoding the timestamp token info");
|
881
|
+
}
|
876
882
|
DATA_PTR(self) = info;
|
877
883
|
|
878
884
|
return self;
|
@@ -1074,7 +1080,11 @@ ossl_tsfac_serial_cb(struct TS_resp_ctx *ctx, void *data)
|
|
1074
1080
|
}
|
1075
1081
|
|
1076
1082
|
static int
|
1083
|
+
#if !defined(LIBRESSL_VERSION_NUMBER)
|
1077
1084
|
ossl_tsfac_time_cb(struct TS_resp_ctx *ctx, void *data, long *sec, long *usec)
|
1085
|
+
#else
|
1086
|
+
ossl_tsfac_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec)
|
1087
|
+
#endif
|
1078
1088
|
{
|
1079
1089
|
*sec = *((long *)data);
|
1080
1090
|
*usec = 0;
|
@@ -1247,24 +1257,24 @@ Init_ossl_ts(void)
|
|
1247
1257
|
* timestamp server rejects the message imprint algorithm used in the
|
1248
1258
|
* +Request+
|
1249
1259
|
*/
|
1250
|
-
sBAD_ALG =
|
1260
|
+
sBAD_ALG = ID2SYM(rb_intern_const("BAD_ALG"));
|
1251
1261
|
|
1252
1262
|
/*
|
1253
1263
|
* Possible return value for +Response#failure_info+. Indicates that the
|
1254
1264
|
* timestamp server was not able to process the +Request+ properly.
|
1255
1265
|
*/
|
1256
|
-
sBAD_REQUEST =
|
1266
|
+
sBAD_REQUEST = ID2SYM(rb_intern_const("BAD_REQUEST"));
|
1257
1267
|
/*
|
1258
1268
|
* Possible return value for +Response#failure_info+. Indicates that the
|
1259
1269
|
* timestamp server was not able to parse certain data in the +Request+.
|
1260
1270
|
*/
|
1261
|
-
sBAD_DATA_FORMAT =
|
1271
|
+
sBAD_DATA_FORMAT = ID2SYM(rb_intern_const("BAD_DATA_FORMAT"));
|
1262
1272
|
|
1263
|
-
sTIME_NOT_AVAILABLE =
|
1264
|
-
sUNACCEPTED_POLICY =
|
1265
|
-
sUNACCEPTED_EXTENSION =
|
1266
|
-
sADD_INFO_NOT_AVAILABLE =
|
1267
|
-
sSYSTEM_FAILURE =
|
1273
|
+
sTIME_NOT_AVAILABLE = ID2SYM(rb_intern_const("TIME_NOT_AVAILABLE"));
|
1274
|
+
sUNACCEPTED_POLICY = ID2SYM(rb_intern_const("UNACCEPTED_POLICY"));
|
1275
|
+
sUNACCEPTED_EXTENSION = ID2SYM(rb_intern_const("UNACCEPTED_EXTENSION"));
|
1276
|
+
sADD_INFO_NOT_AVAILABLE = ID2SYM(rb_intern_const("ADD_INFO_NOT_AVAILABLE"));
|
1277
|
+
sSYSTEM_FAILURE = ID2SYM(rb_intern_const("SYSTEM_FAILURE"));
|
1268
1278
|
|
1269
1279
|
/* Document-class: OpenSSL::Timestamp
|
1270
1280
|
* Provides classes and methods to request, create and validate
|
@@ -1503,11 +1513,11 @@ Init_ossl_ts(void)
|
|
1503
1513
|
*
|
1504
1514
|
*/
|
1505
1515
|
cTimestampFactory = rb_define_class_under(mTimestamp, "Factory", rb_cObject);
|
1506
|
-
rb_attr(cTimestampFactory,
|
1507
|
-
rb_attr(cTimestampFactory,
|
1508
|
-
rb_attr(cTimestampFactory,
|
1509
|
-
rb_attr(cTimestampFactory,
|
1510
|
-
rb_attr(cTimestampFactory,
|
1516
|
+
rb_attr(cTimestampFactory, rb_intern_const("allowed_digests"), 1, 1, 0);
|
1517
|
+
rb_attr(cTimestampFactory, rb_intern_const("default_policy_id"), 1, 1, 0);
|
1518
|
+
rb_attr(cTimestampFactory, rb_intern_const("serial_number"), 1, 1, 0);
|
1519
|
+
rb_attr(cTimestampFactory, rb_intern_const("gen_time"), 1, 1, 0);
|
1520
|
+
rb_attr(cTimestampFactory, rb_intern_const("additional_certs"), 1, 1, 0);
|
1511
1521
|
rb_define_method(cTimestampFactory, "create_timestamp", ossl_tsfac_create_ts, 3);
|
1512
1522
|
}
|
1513
1523
|
|
@@ -105,6 +105,13 @@ VALUE cX509Store;
|
|
105
105
|
VALUE cX509StoreContext;
|
106
106
|
VALUE eX509StoreError;
|
107
107
|
|
108
|
+
static void
|
109
|
+
ossl_x509store_mark(void *ptr)
|
110
|
+
{
|
111
|
+
X509_STORE *store = ptr;
|
112
|
+
rb_gc_mark((VALUE)X509_STORE_get_ex_data(store, store_ex_verify_cb_idx));
|
113
|
+
}
|
114
|
+
|
108
115
|
static void
|
109
116
|
ossl_x509store_free(void *ptr)
|
110
117
|
{
|
@@ -114,7 +121,7 @@ ossl_x509store_free(void *ptr)
|
|
114
121
|
static const rb_data_type_t ossl_x509store_type = {
|
115
122
|
"OpenSSL/X509/STORE",
|
116
123
|
{
|
117
|
-
|
124
|
+
ossl_x509store_mark, ossl_x509store_free,
|
118
125
|
},
|
119
126
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
120
127
|
};
|
@@ -456,23 +463,16 @@ ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
|
|
456
463
|
return result;
|
457
464
|
}
|
458
465
|
|
459
|
-
/*
|
460
|
-
* Public Functions
|
461
|
-
*/
|
462
|
-
static void ossl_x509stctx_free(void*);
|
463
|
-
|
464
|
-
|
465
|
-
static const rb_data_type_t ossl_x509stctx_type = {
|
466
|
-
"OpenSSL/X509/STORE_CTX",
|
467
|
-
{
|
468
|
-
0, ossl_x509stctx_free,
|
469
|
-
},
|
470
|
-
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
471
|
-
};
|
472
|
-
|
473
466
|
/*
|
474
467
|
* Private functions
|
475
468
|
*/
|
469
|
+
static void
|
470
|
+
ossl_x509stctx_mark(void *ptr)
|
471
|
+
{
|
472
|
+
X509_STORE_CTX *ctx = ptr;
|
473
|
+
rb_gc_mark((VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx));
|
474
|
+
}
|
475
|
+
|
476
476
|
static void
|
477
477
|
ossl_x509stctx_free(void *ptr)
|
478
478
|
{
|
@@ -484,6 +484,14 @@ ossl_x509stctx_free(void *ptr)
|
|
484
484
|
X509_STORE_CTX_free(ctx);
|
485
485
|
}
|
486
486
|
|
487
|
+
static const rb_data_type_t ossl_x509stctx_type = {
|
488
|
+
"OpenSSL/X509/STORE_CTX",
|
489
|
+
{
|
490
|
+
ossl_x509stctx_mark, ossl_x509stctx_free,
|
491
|
+
},
|
492
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
493
|
+
};
|
494
|
+
|
487
495
|
static VALUE
|
488
496
|
ossl_x509stctx_alloc(VALUE klass)
|
489
497
|
{
|
@@ -517,7 +525,9 @@ static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
|
|
517
525
|
|
518
526
|
/*
|
519
527
|
* call-seq:
|
520
|
-
* StoreContext.new(store, cert = nil,
|
528
|
+
* StoreContext.new(store, cert = nil, untrusted = nil)
|
529
|
+
*
|
530
|
+
* Sets up a StoreContext for a verification of the X.509 certificate _cert_.
|
521
531
|
*/
|
522
532
|
static VALUE
|
523
533
|
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
|
@@ -527,15 +537,24 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
|
|
527
537
|
X509_STORE *x509st;
|
528
538
|
X509 *x509 = NULL;
|
529
539
|
STACK_OF(X509) *x509s = NULL;
|
540
|
+
int state;
|
530
541
|
|
531
542
|
rb_scan_args(argc, argv, "12", &store, &cert, &chain);
|
532
543
|
GetX509StCtx(self, ctx);
|
533
544
|
GetX509Store(store, x509st);
|
534
|
-
if(!NIL_P(cert))
|
535
|
-
|
536
|
-
if(
|
545
|
+
if (!NIL_P(cert))
|
546
|
+
x509 = DupX509CertPtr(cert); /* NEED TO DUP */
|
547
|
+
if (!NIL_P(chain)) {
|
548
|
+
x509s = ossl_protect_x509_ary2sk(chain, &state);
|
549
|
+
if (state) {
|
550
|
+
X509_free(x509);
|
551
|
+
rb_jump_tag(state);
|
552
|
+
}
|
553
|
+
}
|
554
|
+
if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
|
555
|
+
X509_free(x509);
|
537
556
|
sk_X509_pop_free(x509s, X509_free);
|
538
|
-
ossl_raise(eX509StoreError,
|
557
|
+
ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
|
539
558
|
}
|
540
559
|
if (!NIL_P(t = rb_iv_get(store, "@time")))
|
541
560
|
ossl_x509stctx_set_time(self, t);
|
data/lib/openssl/buffering.rb
CHANGED
data/lib/openssl/ssl.rb
CHANGED
data/lib/openssl/version.rb
CHANGED
metadata
CHANGED
@@ -1,32 +1,46 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openssl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Martin Bosslet
|
8
8
|
- SHIBATA Hiroshi
|
9
9
|
- Zachary Scott
|
10
10
|
- Kazuki Yamaguchi
|
11
|
-
autorequire:
|
11
|
+
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2022-12-23 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
|
-
name:
|
17
|
+
name: ipaddr
|
18
18
|
requirement: !ruby/object:Gem::Requirement
|
19
19
|
requirements:
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
22
|
version: '0'
|
23
|
-
type: :
|
23
|
+
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
28
28
|
- !ruby/object:Gem::Version
|
29
29
|
version: '0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: rake
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
requirements:
|
34
|
+
- - ">="
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: 11.2.0
|
37
|
+
type: :development
|
38
|
+
prerelease: false
|
39
|
+
version_requirements: !ruby/object:Gem::Requirement
|
40
|
+
requirements:
|
41
|
+
- - ">="
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: 11.2.0
|
30
44
|
- !ruby/object:Gem::Dependency
|
31
45
|
name: rake-compiler
|
32
46
|
requirement: !ruby/object:Gem::Requirement
|
@@ -158,7 +172,7 @@ licenses:
|
|
158
172
|
- Ruby
|
159
173
|
metadata:
|
160
174
|
msys2_mingw_dependencies: openssl
|
161
|
-
post_install_message:
|
175
|
+
post_install_message:
|
162
176
|
rdoc_options:
|
163
177
|
- "--main"
|
164
178
|
- README.md
|
@@ -175,8 +189,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
175
189
|
- !ruby/object:Gem::Version
|
176
190
|
version: '0'
|
177
191
|
requirements: []
|
178
|
-
rubygems_version: 3.
|
179
|
-
signing_key:
|
192
|
+
rubygems_version: 3.4.0.dev
|
193
|
+
signing_key:
|
180
194
|
specification_version: 4
|
181
195
|
summary: OpenSSL provides SSL, TLS and general purpose cryptography.
|
182
196
|
test_files: []
|