openssl 2.2.1 → 2.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +31 -0
- data/ext/openssl/extconf.rb +6 -3
- data/ext/openssl/openssl_missing.h +5 -0
- data/ext/openssl/ossl_ocsp.c +2 -1
- data/ext/openssl/ossl_pkey_ec.c +16 -12
- data/ext/openssl/ossl_ts.c +1 -1
- data/lib/openssl/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f857af7f016a99c4fa63e230d6d600b9fe1218bbd9db4b48a4d199e238d88d54
|
|
4
|
+
data.tar.gz: f0a5d84c663e4bbf75ffee3f307e2fb8c2cad5ccddb10ce1a72717b7cd7c5b43
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f8c9773928207f07f5f905b826ddc7f2cd5019f6dcba3c3a08e920131646156eeb400b4b8540e509d53d3016a25e7a886ed6410eafda030852aeaa28d511491
|
|
7
|
+
data.tar.gz: 9baeda7c395d5e8b2830f418186a28dbd3a6f8476eee3ba0b3926f7a5aeaa81cd0614138c1d98c41a1a0db3f10b5aabcd6c34ec4700898c6bca28edbbdf9809d
|
data/History.md
CHANGED
|
@@ -1,3 +1,24 @@
|
|
|
1
|
+
Version 2.2.3
|
|
2
|
+
=============
|
|
3
|
+
|
|
4
|
+
Bug fixes
|
|
5
|
+
---------
|
|
6
|
+
|
|
7
|
+
* Fix serveral methods in OpenSSL::PKey::EC::Point attempting to raise an error
|
|
8
|
+
with an incorrect class, which would end up with a TypeError.
|
|
9
|
+
[[GitHub #570]](https://github.com/ruby/openssl/pull/570)
|
|
10
|
+
* Fix OpenSSL::PKey::EC::Point#eql? and OpenSSL::PKey::EC::Group#eql?
|
|
11
|
+
incorrectly treated OpenSSL's internal errors as "not equal".
|
|
12
|
+
[[GitHub #564]](https://github.com/ruby/openssl/pull/564)
|
|
13
|
+
* Fix build with LibreSSL 3.5 or later.
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
Version 2.2.2
|
|
17
|
+
=============
|
|
18
|
+
|
|
19
|
+
Merged changes in 2.1.4.
|
|
20
|
+
|
|
21
|
+
|
|
1
22
|
Version 2.2.1
|
|
2
23
|
=============
|
|
3
24
|
|
|
@@ -92,6 +113,16 @@ Notable changes
|
|
|
92
113
|
[[GitHub #297]](https://github.com/ruby/openssl/pull/297)
|
|
93
114
|
|
|
94
115
|
|
|
116
|
+
Version 2.1.4
|
|
117
|
+
=============
|
|
118
|
+
|
|
119
|
+
Bug fixes
|
|
120
|
+
---------
|
|
121
|
+
|
|
122
|
+
* Do not use pkg-config if --with-openssl-dir option is specified.
|
|
123
|
+
[[GitHub #486]](https://github.com/ruby/openssl/pull/486)
|
|
124
|
+
|
|
125
|
+
|
|
95
126
|
Version 2.1.3
|
|
96
127
|
=============
|
|
97
128
|
|
data/ext/openssl/extconf.rb
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
|
|
14
14
|
require "mkmf"
|
|
15
15
|
|
|
16
|
-
dir_config("openssl")
|
|
16
|
+
dir_config_given = dir_config("openssl").any?
|
|
17
17
|
dir_config("kerberos")
|
|
18
18
|
|
|
19
19
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
|
@@ -90,7 +90,7 @@ def find_openssl_library
|
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
Logging::message "=== Checking for required stuff... ===\n"
|
|
93
|
-
pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
|
|
93
|
+
pkg_config_found = !dir_config_given && pkg_config("openssl") && have_header("openssl/ssl.h")
|
|
94
94
|
|
|
95
95
|
if !pkg_config_found && !find_openssl_library
|
|
96
96
|
Logging::message "=== Checking for required stuff failed. ===\n"
|
|
@@ -176,13 +176,16 @@ have_func("SSL_SESSION_get_protocol_version")
|
|
|
176
176
|
have_func("TS_STATUS_INFO_get0_status")
|
|
177
177
|
have_func("TS_STATUS_INFO_get0_text")
|
|
178
178
|
have_func("TS_STATUS_INFO_get0_failure_info")
|
|
179
|
-
have_func("TS_VERIFY_CTS_set_certs")
|
|
179
|
+
have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h")
|
|
180
180
|
have_func("TS_VERIFY_CTX_set_store")
|
|
181
181
|
have_func("TS_VERIFY_CTX_add_flags")
|
|
182
182
|
have_func("TS_RESP_CTX_set_time_cb")
|
|
183
183
|
have_func("EVP_PBE_scrypt")
|
|
184
184
|
have_func("SSL_CTX_set_post_handshake_auth")
|
|
185
185
|
|
|
186
|
+
# added in 3.0.0
|
|
187
|
+
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
|
|
188
|
+
|
|
186
189
|
Logging::message "=== Checking done. ===\n"
|
|
187
190
|
|
|
188
191
|
create_header
|
|
@@ -254,4 +254,9 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
|
|
|
254
254
|
} while (0)
|
|
255
255
|
#endif
|
|
256
256
|
|
|
257
|
+
/* added in 3.0.0 */
|
|
258
|
+
#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
|
|
259
|
+
# define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
|
|
260
|
+
#endif
|
|
261
|
+
|
|
257
262
|
#endif /* _OSSL_OPENSSL_MISSING_H_ */
|
data/ext/openssl/ossl_ocsp.c
CHANGED
|
@@ -1069,7 +1069,8 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
|
|
|
1069
1069
|
x509st = GetX509StorePtr(store);
|
|
1070
1070
|
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
|
|
1071
1071
|
x509s = ossl_x509_ary2sk(certs);
|
|
1072
|
-
#if (OPENSSL_VERSION_NUMBER < 0x1000202fL) ||
|
|
1072
|
+
#if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || \
|
|
1073
|
+
defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000
|
|
1073
1074
|
/*
|
|
1074
1075
|
* OpenSSL had a bug that it doesn't use the certificates in x509s for
|
|
1075
1076
|
* verifying the chain. This can be a problem when the response is signed by
|
data/ext/openssl/ossl_pkey_ec.c
CHANGED
|
@@ -860,10 +860,11 @@ static VALUE ossl_ec_group_eql(VALUE a, VALUE b)
|
|
|
860
860
|
GetECGroup(a, group1);
|
|
861
861
|
GetECGroup(b, group2);
|
|
862
862
|
|
|
863
|
-
|
|
864
|
-
|
|
865
|
-
|
|
866
|
-
|
|
863
|
+
switch (EC_GROUP_cmp(group1, group2, ossl_bn_ctx)) {
|
|
864
|
+
case 0: return Qtrue;
|
|
865
|
+
case 1: return Qfalse;
|
|
866
|
+
default: ossl_raise(eEC_GROUP, "EC_GROUP_cmp");
|
|
867
|
+
}
|
|
867
868
|
}
|
|
868
869
|
|
|
869
870
|
/*
|
|
@@ -1424,10 +1425,13 @@ static VALUE ossl_ec_point_eql(VALUE a, VALUE b)
|
|
|
1424
1425
|
GetECPoint(b, point2);
|
|
1425
1426
|
GetECGroup(group_v1, group);
|
|
1426
1427
|
|
|
1427
|
-
|
|
1428
|
-
|
|
1428
|
+
switch (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx)) {
|
|
1429
|
+
case 0: return Qtrue;
|
|
1430
|
+
case 1: return Qfalse;
|
|
1431
|
+
default: ossl_raise(eEC_POINT, "EC_POINT_cmp");
|
|
1432
|
+
}
|
|
1429
1433
|
|
|
1430
|
-
|
|
1434
|
+
UNREACHABLE;
|
|
1431
1435
|
}
|
|
1432
1436
|
|
|
1433
1437
|
/*
|
|
@@ -1445,7 +1449,7 @@ static VALUE ossl_ec_point_is_at_infinity(VALUE self)
|
|
|
1445
1449
|
switch (EC_POINT_is_at_infinity(group, point)) {
|
|
1446
1450
|
case 1: return Qtrue;
|
|
1447
1451
|
case 0: return Qfalse;
|
|
1448
|
-
default: ossl_raise(
|
|
1452
|
+
default: ossl_raise(eEC_POINT, "EC_POINT_is_at_infinity");
|
|
1449
1453
|
}
|
|
1450
1454
|
|
|
1451
1455
|
UNREACHABLE;
|
|
@@ -1466,7 +1470,7 @@ static VALUE ossl_ec_point_is_on_curve(VALUE self)
|
|
|
1466
1470
|
switch (EC_POINT_is_on_curve(group, point, ossl_bn_ctx)) {
|
|
1467
1471
|
case 1: return Qtrue;
|
|
1468
1472
|
case 0: return Qfalse;
|
|
1469
|
-
default: ossl_raise(
|
|
1473
|
+
default: ossl_raise(eEC_POINT, "EC_POINT_is_on_curve");
|
|
1470
1474
|
}
|
|
1471
1475
|
|
|
1472
1476
|
UNREACHABLE;
|
|
@@ -1485,7 +1489,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self)
|
|
|
1485
1489
|
GetECPointGroup(self, group);
|
|
1486
1490
|
|
|
1487
1491
|
if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1)
|
|
1488
|
-
ossl_raise(
|
|
1492
|
+
ossl_raise(eEC_POINT, "EC_POINT_make_affine");
|
|
1489
1493
|
|
|
1490
1494
|
return self;
|
|
1491
1495
|
}
|
|
@@ -1503,7 +1507,7 @@ static VALUE ossl_ec_point_invert(VALUE self)
|
|
|
1503
1507
|
GetECPointGroup(self, group);
|
|
1504
1508
|
|
|
1505
1509
|
if (EC_POINT_invert(group, point, ossl_bn_ctx) != 1)
|
|
1506
|
-
ossl_raise(
|
|
1510
|
+
ossl_raise(eEC_POINT, "EC_POINT_invert");
|
|
1507
1511
|
|
|
1508
1512
|
return self;
|
|
1509
1513
|
}
|
|
@@ -1521,7 +1525,7 @@ static VALUE ossl_ec_point_set_to_infinity(VALUE self)
|
|
|
1521
1525
|
GetECPointGroup(self, group);
|
|
1522
1526
|
|
|
1523
1527
|
if (EC_POINT_set_to_infinity(group, point) != 1)
|
|
1524
|
-
ossl_raise(
|
|
1528
|
+
ossl_raise(eEC_POINT, "EC_POINT_set_to_infinity");
|
|
1525
1529
|
|
|
1526
1530
|
return self;
|
|
1527
1531
|
}
|
data/ext/openssl/ossl_ts.c
CHANGED
|
@@ -820,7 +820,7 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self)
|
|
|
820
820
|
X509_up_ref(cert);
|
|
821
821
|
}
|
|
822
822
|
|
|
823
|
-
|
|
823
|
+
TS_VERIFY_CTX_set_certs(ctx, x509inter);
|
|
824
824
|
TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE);
|
|
825
825
|
TS_VERIFY_CTX_set_store(ctx, x509st);
|
|
826
826
|
|
data/lib/openssl/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openssl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Martin Bosslet
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date:
|
|
14
|
+
date: 2022-12-23 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: ipaddr
|
|
@@ -33,14 +33,14 @@ dependencies:
|
|
|
33
33
|
requirements:
|
|
34
34
|
- - ">="
|
|
35
35
|
- !ruby/object:Gem::Version
|
|
36
|
-
version:
|
|
36
|
+
version: 11.2.0
|
|
37
37
|
type: :development
|
|
38
38
|
prerelease: false
|
|
39
39
|
version_requirements: !ruby/object:Gem::Requirement
|
|
40
40
|
requirements:
|
|
41
41
|
- - ">="
|
|
42
42
|
- !ruby/object:Gem::Version
|
|
43
|
-
version:
|
|
43
|
+
version: 11.2.0
|
|
44
44
|
- !ruby/object:Gem::Dependency
|
|
45
45
|
name: rake-compiler
|
|
46
46
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -189,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
189
189
|
- !ruby/object:Gem::Version
|
|
190
190
|
version: '0'
|
|
191
191
|
requirements: []
|
|
192
|
-
rubygems_version: 3.
|
|
192
|
+
rubygems_version: 3.4.0.dev
|
|
193
193
|
signing_key:
|
|
194
194
|
specification_version: 4
|
|
195
195
|
summary: OpenSSL provides SSL, TLS and general purpose cryptography.
|