openssl 2.2.1 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +33 -45
- data/History.md +248 -1
- data/README.md +36 -19
- data/ext/openssl/extconf.rb +101 -68
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +26 -45
- data/ext/openssl/ossl.c +128 -237
- data/ext/openssl/ossl.h +31 -12
- data/ext/openssl/ossl_asn1.c +26 -13
- data/ext/openssl/ossl_bn.c +213 -139
- data/ext/openssl/ossl_cipher.c +13 -14
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +10 -10
- data/ext/openssl/ossl_engine.c +17 -16
- data/ext/openssl/ossl_hmac.c +57 -136
- data/ext/openssl/ossl_kdf.c +12 -4
- data/ext/openssl/ossl_ns_spki.c +1 -1
- data/ext/openssl/ossl_ocsp.c +11 -59
- data/ext/openssl/ossl_pkcs12.c +22 -4
- data/ext/openssl/ossl_pkcs7.c +45 -62
- data/ext/openssl/ossl_pkey.c +1320 -196
- data/ext/openssl/ossl_pkey.h +36 -73
- data/ext/openssl/ossl_pkey_dh.c +152 -347
- data/ext/openssl/ossl_pkey_dsa.c +157 -413
- data/ext/openssl/ossl_pkey_ec.c +227 -343
- data/ext/openssl/ossl_pkey_rsa.c +159 -491
- data/ext/openssl/ossl_provider.c +211 -0
- data/ext/openssl/ossl_provider.h +5 -0
- data/ext/openssl/ossl_ssl.c +530 -450
- data/ext/openssl/ossl_ssl_session.c +29 -30
- data/ext/openssl/ossl_ts.c +38 -23
- data/ext/openssl/ossl_x509.c +0 -6
- data/ext/openssl/ossl_x509attr.c +1 -1
- data/ext/openssl/ossl_x509cert.c +168 -12
- data/ext/openssl/ossl_x509crl.c +14 -11
- data/ext/openssl/ossl_x509ext.c +14 -9
- data/ext/openssl/ossl_x509name.c +10 -3
- data/ext/openssl/ossl_x509req.c +14 -11
- data/ext/openssl/ossl_x509revoked.c +4 -4
- data/ext/openssl/ossl_x509store.c +166 -75
- data/lib/openssl/buffering.rb +9 -3
- data/lib/openssl/digest.rb +1 -5
- data/lib/openssl/hmac.rb +65 -0
- data/lib/openssl/pkey.rb +429 -0
- data/lib/openssl/ssl.rb +22 -17
- data/lib/openssl/version.rb +1 -1
- data/lib/openssl/x509.rb +22 -0
- data/lib/openssl.rb +0 -1
- metadata +10 -79
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -501
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5040b959a35f5692d6d19e2bf520e1123da8133fff2f878cfc21c2ff0f145d6e
|
4
|
+
data.tar.gz: dfee6ebd76e423511aa0fc4630f8120edce8fe79d4f40ee7105ccad12c2d3340
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f542ec360be844382829f4bcc46b5cffdfcaf675b02ecdc1cd15a6e80c061476ee4582fdb201ef2dd0f430806d74036233eef3a5c23e5b4028560ad075ed706b
|
7
|
+
data.tar.gz: 0173033ebe6efb76b747cc80835cc9530dd664d038256bbdf963d4940b5f3bfad90be313554f548a911ac0977d4bdc33c088dfd3b6fb8e46db7bcd5d2ec34a8c
|
data/CONTRIBUTING.md
CHANGED
@@ -12,16 +12,17 @@ If you think you found a bug, file a ticket on GitHub. Please DO NOT report
|
|
12
12
|
security issues here, there is a separate procedure which is described on
|
13
13
|
["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
|
14
14
|
|
15
|
-
When reporting a bug, please make sure you include:
|
16
|
-
|
17
|
-
*
|
18
|
-
*
|
19
|
-
*
|
15
|
+
When reporting a bug, please make sure you include:
|
16
|
+
|
17
|
+
* Ruby version (`ruby -v`)
|
18
|
+
* `openssl` gem version (`gem list openssl` and `OpenSSL::VERSION`)
|
19
|
+
* OpenSSL library version (`OpenSSL::OPENSSL_VERSION`)
|
20
|
+
* A sample file that illustrates the problem or link to the repository or
|
20
21
|
gem that is associated with the bug.
|
21
22
|
|
22
23
|
There are a number of unresolved issues and feature requests for openssl that
|
23
24
|
need review. Before submitting a new ticket, it is recommended to check
|
24
|
-
[known issues]
|
25
|
+
[known issues].
|
25
26
|
|
26
27
|
## Submitting patches
|
27
28
|
|
@@ -34,62 +35,50 @@ Make sure that your branch does:
|
|
34
35
|
* Have good commit messages
|
35
36
|
* Follow Ruby's coding style ([DeveloperHowTo])
|
36
37
|
* Pass the test suite successfully (see "Testing")
|
37
|
-
* Add an entry to [History.md] if necessary
|
38
38
|
|
39
39
|
## Testing
|
40
40
|
|
41
41
|
We have a test suite!
|
42
42
|
|
43
43
|
Test cases are located under the
|
44
|
-
[`test
|
44
|
+
[`test/openssl`](https://github.com/ruby/openssl/tree/master/test/openssl)
|
45
|
+
directory.
|
45
46
|
|
46
47
|
You can run it with the following three commands:
|
47
48
|
|
48
49
|
```
|
49
|
-
$
|
50
|
-
$ rake compile
|
51
|
-
$ rake test
|
50
|
+
$ bundle install # installs rake-compiler, test-unit, ...
|
51
|
+
$ bundle exec rake compile
|
52
|
+
$ bundle exec rake test
|
52
53
|
```
|
53
54
|
|
54
|
-
###
|
55
|
-
|
56
|
-
You can also use Docker Compose to run tests. It can be used to check that your
|
57
|
-
changes work correctly with various supported versions of Ruby and OpenSSL.
|
58
|
-
|
59
|
-
First, you need to install [Docker](https://www.docker.com/products/docker) and
|
60
|
-
[Docker Compose](https://www.docker.com/products/docker-compose) on your
|
61
|
-
computer.
|
55
|
+
### With different versions of OpenSSL
|
62
56
|
|
63
|
-
|
64
|
-
|
65
|
-
instructions for your package manager. For further information, please check
|
66
|
-
the [official documentation](https://docs.docker.com/).
|
57
|
+
Ruby OpenSSL supports various versions of OpenSSL library. The test suite needs
|
58
|
+
to pass on all supported combinations.
|
67
59
|
|
68
|
-
|
69
|
-
|
70
|
-
|
60
|
+
Similarly to when installing `openssl` gem via the `gem` command,
|
61
|
+
you can pass a `--with-openssl-dir` argument to `rake compile`
|
62
|
+
to specify the OpenSSL library to build against.
|
71
63
|
|
72
64
|
```
|
73
|
-
$
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
65
|
+
$ ( curl -OL https://ftp.openssl.org/source/openssl-3.0.1.tar.gz &&
|
66
|
+
tar xf openssl-3.0.1.tar.gz &&
|
67
|
+
cd openssl-3.0.1 &&
|
68
|
+
./config --prefix=$HOME/.openssl/openssl-3.0.1 --libdir=lib &&
|
69
|
+
make -j4 &&
|
70
|
+
make install )
|
71
|
+
|
72
|
+
$ # in Ruby/OpenSSL's source directory
|
73
|
+
$ bundle exec rake clean
|
74
|
+
$ bundle exec rake compile -- --with-openssl-dir=$HOME/.openssl/openssl-3.0.1
|
75
|
+
$ bundle exec rake test
|
80
76
|
```
|
81
77
|
|
82
|
-
|
83
|
-
[`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml)
|
84
|
-
|
85
|
-
|
86
|
-
to use the
|
87
|
-
[`docker-compose.yml`](https://github.com/ruby/openssl/blob/master/docker-compose.yml)
|
88
|
-
file we have provided.
|
89
|
-
|
90
|
-
This Docker image is built using the
|
91
|
-
[Dockerfile](https://github.com/ruby/openssl/tree/master/tool/ruby-openssl-docker)
|
92
|
-
provided in the repository.
|
78
|
+
The GitHub Actions workflow file
|
79
|
+
[`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml)
|
80
|
+
contains useful information for building OpenSSL/LibreSSL and testing against
|
81
|
+
them.
|
93
82
|
|
94
83
|
|
95
84
|
## Relation with Ruby source tree
|
@@ -124,7 +113,6 @@ _Thanks for your contributions!_
|
|
124
113
|
|
125
114
|
[GitHub]: https://github.com/ruby/openssl
|
126
115
|
[known issues]: https://github.com/ruby/openssl/issues
|
127
|
-
[bugs.ruby-lang.org]: https://bugs.ruby-lang.org/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%3D&v%5Bassigned_to_id%5D%5B%5D=7150&f%5B%5D=&c%5B%5D=project&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&group_by=&t%5B%5D=
|
128
116
|
[DeveloperHowTo]: https://bugs.ruby-lang.org/projects/ruby/wiki/DeveloperHowto
|
129
117
|
[HackerOne]: https://hackerone.com/ruby
|
130
118
|
[Security]: https://www.ruby-lang.org/en/security/
|
data/History.md
CHANGED
@@ -1,3 +1,240 @@
|
|
1
|
+
Version 3.2.0
|
2
|
+
=============
|
3
|
+
|
4
|
+
Compatibility
|
5
|
+
-------------
|
6
|
+
|
7
|
+
* Ruby >= 2.7
|
8
|
+
- Support for Ruby 2.6 has been removed. Note that Ruby 2.6 reached the
|
9
|
+
end-of-life in 2022-04.
|
10
|
+
[[GitHub #639]](https://github.com/ruby/openssl/pull/639)
|
11
|
+
* OpenSSL >= 1.0.2 or LibreSSL >= 3.1
|
12
|
+
|
13
|
+
Notable changes
|
14
|
+
---------------
|
15
|
+
|
16
|
+
* Add a stub gemspec for JRuby, which depends on the `jruby-openssl` gem.
|
17
|
+
[[GitHub #598]](https://github.com/ruby/openssl/pull/598)
|
18
|
+
* Add support for the FIPS module in OpenSSL 3.0/3.1.
|
19
|
+
[[GitHub #608]](https://github.com/ruby/openssl/pull/608)
|
20
|
+
* Rework `OpenSSL::PKey` routines for loading DER or PEM encoded keys for better
|
21
|
+
compatibility with OpenSSL 3.0/3.1 with the FIPS module.
|
22
|
+
[[GitHub #615]](https://github.com/ruby/openssl/pull/615)
|
23
|
+
[[GitHub #669]](https://github.com/ruby/openssl/pull/669)
|
24
|
+
* Add `OpenSSL::Provider` module for loading and unloading OpenSSL 3 providers.
|
25
|
+
[[GitHub #635]](https://github.com/ruby/openssl/pull/635)
|
26
|
+
* Add `OpenSSL::PKey.new_raw_private_key`, `.new_raw_public_key`,
|
27
|
+
`OpenSSL::PKey::PKey#raw_private_key`, and `#raw_public_key` for public key
|
28
|
+
algorithms that use "raw private/public key", such as X25519 and Ed25519.
|
29
|
+
[[GitHub #646]](https://github.com/ruby/openssl/pull/646)
|
30
|
+
* Improve OpenSSL error messages to include additional information when
|
31
|
+
it is available in OpenSSL's error queue.
|
32
|
+
[[GitHub #648]](https://github.com/ruby/openssl/pull/648)
|
33
|
+
* Change `OpenSSL::SSL::SSLContext#ca_file=` and `#ca_path=` to raise
|
34
|
+
`OpenSSL::SSL::SSLError` instead of printing a warning message.
|
35
|
+
[[GitHub #659]](https://github.com/ruby/openssl/pull/659)
|
36
|
+
* Allow `OpenSSL::X509::ExtensionFactory#create_extension` to take OIDs in the
|
37
|
+
dotted-decimal notation.
|
38
|
+
[[GitHub #141]](https://github.com/ruby/openssl/pull/141)
|
39
|
+
|
40
|
+
|
41
|
+
Version 3.1.0
|
42
|
+
=============
|
43
|
+
|
44
|
+
Ruby/OpenSSL 3.1 will be maintained for the lifetime of Ruby 3.2.
|
45
|
+
|
46
|
+
Merged bug fixes in 2.2.3 and 3.0.2. Among the new features and changes are:
|
47
|
+
|
48
|
+
Notable changes
|
49
|
+
---------------
|
50
|
+
|
51
|
+
* Add `OpenSSL::SSL::SSLContext#ciphersuites=` to allow setting TLS 1.3 cipher
|
52
|
+
suites.
|
53
|
+
[[GitHub #493]](https://github.com/ruby/openssl/pull/493)
|
54
|
+
* Add `OpenSSL::SSL::SSLSocket#export_keying_material` for exporting keying
|
55
|
+
material of the session, as defined in RFC 5705.
|
56
|
+
[[GitHub #530]](https://github.com/ruby/openssl/pull/530)
|
57
|
+
* Add `OpenSSL::SSL::SSLContext#keylog_cb=` for setting the TLS key logging
|
58
|
+
callback, which is useful for supporting NSS's SSLKEYLOGFILE debugging output.
|
59
|
+
[[GitHub #536]](https://github.com/ruby/openssl/pull/536)
|
60
|
+
* Remove the default digest algorithm from `OpenSSL::OCSP::BasicResponse#sign`
|
61
|
+
and `OpenSSL::OCSP::Request#sign`. Omitting the 5th parameter of these
|
62
|
+
methods used to be equivalent of specifying SHA-1. This default value is now
|
63
|
+
removed and we will let the underlying OpenSSL library decide instead.
|
64
|
+
[[GitHub #507]](https://github.com/ruby/openssl/pull/507)
|
65
|
+
* Add `OpenSSL::BN#mod_sqrt`.
|
66
|
+
[[GitHub #553]](https://github.com/ruby/openssl/pull/553)
|
67
|
+
* Allow calling `OpenSSL::Cipher#update` with an empty string. This was
|
68
|
+
prohibited to workaround an ancient bug in OpenSSL.
|
69
|
+
[[GitHub #568]](https://github.com/ruby/openssl/pull/568)
|
70
|
+
* Fix build on platforms without socket support, such as WASI. `OpenSSL::SSL`
|
71
|
+
will not be defined if OpenSSL is compiled with `OPENSSL_NO_SOCK`.
|
72
|
+
[[GitHub #558]](https://github.com/ruby/openssl/pull/558)
|
73
|
+
* Improve support for recent LibreSSL versions. This includes HKDF support in
|
74
|
+
LibreSSL 3.6 and Ed25519 support in LibreSSL 3.7.
|
75
|
+
|
76
|
+
|
77
|
+
Version 3.0.2
|
78
|
+
=============
|
79
|
+
|
80
|
+
Merged changes in 2.2.3. Additionally, the following issues are fixed by this
|
81
|
+
release.
|
82
|
+
|
83
|
+
Bug fixes
|
84
|
+
---------
|
85
|
+
|
86
|
+
* Fix OpenSSL::PKey::EC#check_key not working correctly on OpenSSL 3.0.
|
87
|
+
[[GitHub #563]](https://github.com/ruby/openssl/issues/563)
|
88
|
+
[[GitHub #580]](https://github.com/ruby/openssl/pull/580)
|
89
|
+
|
90
|
+
|
91
|
+
Version 3.0.1
|
92
|
+
=============
|
93
|
+
|
94
|
+
Merged changes in 2.1.4 and 2.2.2. Additionally, the following issues are fixed
|
95
|
+
by this release.
|
96
|
+
|
97
|
+
Bug fixes
|
98
|
+
---------
|
99
|
+
|
100
|
+
* Add missing type check in OpenSSL::PKey::PKey#sign's optional parameters.
|
101
|
+
[[GitHub #531]](https://github.com/ruby/openssl/pull/531)
|
102
|
+
* Work around OpenSSL 3.0's HMAC issues with a zero-length key.
|
103
|
+
[[GitHub #538]](https://github.com/ruby/openssl/pull/538)
|
104
|
+
* Fix a regression in OpenSSL::PKey::DSA.generate's default of 'q' size.
|
105
|
+
[[GitHub #483]](https://github.com/ruby/openssl/issues/483)
|
106
|
+
[[GitHub #539]](https://github.com/ruby/openssl/pull/539)
|
107
|
+
* Restore OpenSSL::PKey.read's ability to decode "openssl ecparam -genkey"
|
108
|
+
output when linked against OpenSSL 3.0.
|
109
|
+
[[GitHub #535]](https://github.com/ruby/openssl/pull/535)
|
110
|
+
[[GitHub #540]](https://github.com/ruby/openssl/pull/540)
|
111
|
+
* Restore error checks in OpenSSL::PKey::EC#{to_der,to_pem}.
|
112
|
+
[[GitHub #541]](https://github.com/ruby/openssl/pull/541)
|
113
|
+
|
114
|
+
|
115
|
+
Version 3.0.0
|
116
|
+
=============
|
117
|
+
|
118
|
+
Compatibility notes
|
119
|
+
-------------------
|
120
|
+
|
121
|
+
* OpenSSL 1.0.1 and Ruby 2.3-2.5 are no longer supported.
|
122
|
+
[[GitHub #396]](https://github.com/ruby/openssl/pull/396)
|
123
|
+
[[GitHub #466]](https://github.com/ruby/openssl/pull/466)
|
124
|
+
|
125
|
+
* OpenSSL 3.0 support is added. It is the first major version bump from OpenSSL
|
126
|
+
1.1 and contains incompatible changes that affect Ruby/OpenSSL.
|
127
|
+
Note that OpenSSL 3.0 support is preliminary and not all features are
|
128
|
+
currently available:
|
129
|
+
[[GitHub #369]](https://github.com/ruby/openssl/issues/369)
|
130
|
+
|
131
|
+
- Deprecate the ability to modify `OpenSSL::PKey::PKey` instances. OpenSSL 3.0
|
132
|
+
made EVP_PKEY structure immutable, and hence the following methods are not
|
133
|
+
available when Ruby/OpenSSL is linked against OpenSSL 3.0.
|
134
|
+
[[GitHub #480]](https://github.com/ruby/openssl/pull/480)
|
135
|
+
|
136
|
+
- `OpenSSL::PKey::RSA#set_key`, `#set_factors`, `#set_crt_params`
|
137
|
+
- `OpenSSL::PKey::DSA#set_pqg`, `#set_key`
|
138
|
+
- `OpenSSL::PKey::DH#set_pqg`, `#set_key`, `#generate_key!`
|
139
|
+
- `OpenSSL::PKey::EC#private_key=`, `#public_key=`, `#group=`, `#generate_key!`
|
140
|
+
|
141
|
+
- Deprecate `OpenSSL::Engine`. The ENGINE API has been deprecated in OpenSSL 3.0
|
142
|
+
in favor of the new "provider" concept and will be removed in a future
|
143
|
+
version.
|
144
|
+
[[GitHub #481]](https://github.com/ruby/openssl/pull/481)
|
145
|
+
|
146
|
+
* `OpenSSL::SSL::SSLContext#tmp_ecdh_callback` has been removed. It has been
|
147
|
+
deprecated since v2.0.0 because it is incompatible with modern OpenSSL
|
148
|
+
versions.
|
149
|
+
[[GitHub #394]](https://github.com/ruby/openssl/pull/394)
|
150
|
+
|
151
|
+
* `OpenSSL::SSL::SSLSocket#read` and `#write` now raise `OpenSSL::SSL::SSLError`
|
152
|
+
if called before a TLS connection is established. Historically, they
|
153
|
+
read/wrote unencrypted data to the underlying socket directly in that case.
|
154
|
+
[[GitHub #9]](https://github.com/ruby/openssl/issues/9)
|
155
|
+
[[GitHub #469]](https://github.com/ruby/openssl/pull/469)
|
156
|
+
|
157
|
+
|
158
|
+
Notable changes
|
159
|
+
---------------
|
160
|
+
|
161
|
+
* Enhance OpenSSL::PKey's common interface.
|
162
|
+
[[GitHub #370]](https://github.com/ruby/openssl/issues/370)
|
163
|
+
|
164
|
+
- Key deserialization: Enhance `OpenSSL::PKey.read` to handle PEM encoding of
|
165
|
+
DH parameters, which used to be only deserialized by `OpenSSL::PKey::DH.new`.
|
166
|
+
[[GitHub #328]](https://github.com/ruby/openssl/issues/328)
|
167
|
+
- Key generation: Add `OpenSSL::PKey.generate_parameters` and
|
168
|
+
`OpenSSL::PKey.generate_key`.
|
169
|
+
[[GitHub #329]](https://github.com/ruby/openssl/issues/329)
|
170
|
+
- Public key signing: Enhance `OpenSSL::PKey::PKey#sign` and `#verify` to use
|
171
|
+
the new EVP_DigestSign() family to enable PureEdDSA support on OpenSSL 1.1.1
|
172
|
+
or later. They also now take optional algorithm-specific parameters for more
|
173
|
+
control.
|
174
|
+
[[GitHub #329]](https://github.com/ruby/openssl/issues/329)
|
175
|
+
- Low-level public key signing and verification: Add
|
176
|
+
`OpenSSL::PKey::PKey#sign_raw`, `#verify_raw`, and `#verify_recover`.
|
177
|
+
[[GitHub #382]](https://github.com/ruby/openssl/issues/382)
|
178
|
+
- Public key encryption: Add `OpenSSL::PKey::PKey#encrypt` and `#decrypt`.
|
179
|
+
[[GitHub #382]](https://github.com/ruby/openssl/issues/382)
|
180
|
+
- Key agreement: Add `OpenSSL::PKey::PKey#derive`.
|
181
|
+
[[GitHub #329]](https://github.com/ruby/openssl/issues/329)
|
182
|
+
- Key comparison: Add `OpenSSL::PKey::PKey#compare?` to conveniently check
|
183
|
+
that two keys have common parameters and a public key.
|
184
|
+
[[GitHub #383]](https://github.com/ruby/openssl/issues/383)
|
185
|
+
|
186
|
+
* Add `OpenSSL::BN#set_flags` and `#get_flags`. This can be used in combination
|
187
|
+
with `OpenSSL::BN::CONSTTIME` to force constant-time computation.
|
188
|
+
[[GitHub #417]](https://github.com/ruby/openssl/issues/417)
|
189
|
+
|
190
|
+
* Add `OpenSSL::BN#abs` to get the absolute value of the BIGNUM.
|
191
|
+
[[GitHub #430]](https://github.com/ruby/openssl/issues/430)
|
192
|
+
|
193
|
+
* Add `OpenSSL::SSL::SSLSocket#getbyte`.
|
194
|
+
[[GitHub #438]](https://github.com/ruby/openssl/issues/438)
|
195
|
+
|
196
|
+
* Add `OpenSSL::SSL::SSLContext#tmp_dh=`.
|
197
|
+
[[GitHub #459]](https://github.com/ruby/openssl/pull/459)
|
198
|
+
|
199
|
+
* Add `OpenSSL::X509::Certificate.load` to load a PEM-encoded and concatenated
|
200
|
+
list of X.509 certificates at once.
|
201
|
+
[[GitHub #441]](https://github.com/ruby/openssl/pull/441)
|
202
|
+
|
203
|
+
* Change `OpenSSL::X509::Certificate.new` to attempt to deserialize the given
|
204
|
+
string first as DER encoding first and then as PEM encoding to ensure the
|
205
|
+
round-trip consistency.
|
206
|
+
[[GitHub #442]](https://github.com/ruby/openssl/pull/442)
|
207
|
+
|
208
|
+
* Update various part of the code base to use the modern API. No breaking
|
209
|
+
changes are intended with this. This includes:
|
210
|
+
|
211
|
+
- `OpenSSL::HMAC` uses the EVP API.
|
212
|
+
[[GitHub #371]](https://github.com/ruby/openssl/issues/371)
|
213
|
+
- `OpenSSL::Config` uses native OpenSSL API to parse config files.
|
214
|
+
[[GitHub #342]](https://github.com/ruby/openssl/issues/342)
|
215
|
+
|
216
|
+
|
217
|
+
Version 2.2.3
|
218
|
+
=============
|
219
|
+
|
220
|
+
Bug fixes
|
221
|
+
---------
|
222
|
+
|
223
|
+
* Fix serveral methods in OpenSSL::PKey::EC::Point attempting to raise an error
|
224
|
+
with an incorrect class, which would end up with a TypeError.
|
225
|
+
[[GitHub #570]](https://github.com/ruby/openssl/pull/570)
|
226
|
+
* Fix OpenSSL::PKey::EC::Point#eql? and OpenSSL::PKey::EC::Group#eql?
|
227
|
+
incorrectly treated OpenSSL's internal errors as "not equal".
|
228
|
+
[[GitHub #564]](https://github.com/ruby/openssl/pull/564)
|
229
|
+
* Fix build with LibreSSL 3.5 or later.
|
230
|
+
|
231
|
+
|
232
|
+
Version 2.2.2
|
233
|
+
=============
|
234
|
+
|
235
|
+
Merged changes in 2.1.4.
|
236
|
+
|
237
|
+
|
1
238
|
Version 2.2.1
|
2
239
|
=============
|
3
240
|
|
@@ -92,6 +329,16 @@ Notable changes
|
|
92
329
|
[[GitHub #297]](https://github.com/ruby/openssl/pull/297)
|
93
330
|
|
94
331
|
|
332
|
+
Version 2.1.4
|
333
|
+
=============
|
334
|
+
|
335
|
+
Bug fixes
|
336
|
+
---------
|
337
|
+
|
338
|
+
* Do not use pkg-config if --with-openssl-dir option is specified.
|
339
|
+
[[GitHub #486]](https://github.com/ruby/openssl/pull/486)
|
340
|
+
|
341
|
+
|
95
342
|
Version 2.1.3
|
96
343
|
=============
|
97
344
|
|
@@ -113,7 +360,7 @@ Bug fixes
|
|
113
360
|
[[GitHub #453]](https://github.com/ruby/openssl/pull/453)
|
114
361
|
* Fix misuse of input record separator in `OpenSSL::Buffering` where it was
|
115
362
|
for output.
|
116
|
-
* Fix wrong
|
363
|
+
* Fix wrong integer casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
|
117
364
|
[[GitHub #460]](https://github.com/ruby/openssl/pull/460)
|
118
365
|
* `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
|
119
366
|
newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
|
data/README.md
CHANGED
@@ -2,26 +2,53 @@
|
|
2
2
|
|
3
3
|
[](https://github.com/ruby/openssl/actions?workflow=CI)
|
4
4
|
|
5
|
+
**OpenSSL for Ruby** provides access to SSL/TLS and general-purpose
|
6
|
+
cryptography based on the OpenSSL library.
|
5
7
|
|
6
|
-
OpenSSL
|
7
|
-
OpenSSL
|
8
|
+
OpenSSL for Ruby is sometimes referred to as **openssl** in all lowercase
|
9
|
+
or **Ruby/OpenSSL** for disambiguation.
|
10
|
+
|
11
|
+
## Compatibility and maintenance policy
|
12
|
+
|
13
|
+
OpenSSL for Ruby is released as a RubyGems gem. At the same time, it is part of
|
14
|
+
the standard library of Ruby. This is called a [default gem].
|
15
|
+
|
16
|
+
Each stable branch of OpenSSL for Ruby will remain supported as long as it is
|
17
|
+
included as a default gem in [supported Ruby branches][Ruby Maintenance Branches].
|
18
|
+
|
19
|
+
|Version|Maintenance status |Ruby compatibility|OpenSSL compatibility |
|
20
|
+
|-------|-------------------------------|------------------|--------------------------------------------|
|
21
|
+
|3.2.x |normal maintenance (Ruby 3.3) |Ruby 2.7+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
|
22
|
+
|3.1.x |normal maintenance (Ruby 3.2) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
|
23
|
+
|3.0.x |normal maintenance (Ruby 3.1) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
|
24
|
+
|2.2.x |security maintenance (Ruby 3.0)|Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.9+ |
|
25
|
+
|2.1.x |end-of-life (Ruby 2.5-2.7) |Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.5+ |
|
26
|
+
|2.0.x |end-of-life (Ruby 2.4) |Ruby 2.3+ |OpenSSL 0.9.8-1.1.1 or LibreSSL 2.3+ |
|
27
|
+
|
28
|
+
[default gem]: https://docs.ruby-lang.org/en/master/standard_library_rdoc.html
|
29
|
+
[Ruby Maintenance Branches]: https://www.ruby-lang.org/en/downloads/branches/
|
8
30
|
|
9
31
|
## Installation
|
10
32
|
|
11
|
-
|
12
|
-
|
33
|
+
> **Note**
|
34
|
+
> The openssl gem is included with Ruby by default, but you may wish to upgrade
|
35
|
+
> it to a newer version available at
|
36
|
+
> [rubygems.org](https://rubygems.org/gems/openssl).
|
37
|
+
|
38
|
+
To upgrade it, you can use RubyGems:
|
13
39
|
|
14
40
|
```
|
15
41
|
gem install openssl
|
16
42
|
```
|
17
43
|
|
18
|
-
|
44
|
+
In some cases, it may be necessary to specify the path to the installation
|
45
|
+
directory of the OpenSSL library.
|
19
46
|
|
20
47
|
```
|
21
48
|
gem install openssl -- --with-openssl-dir=/opt/openssl
|
22
49
|
```
|
23
50
|
|
24
|
-
Alternatively, you can install the gem with
|
51
|
+
Alternatively, you can install the gem with Bundler:
|
25
52
|
|
26
53
|
```ruby
|
27
54
|
# Gemfile
|
@@ -30,7 +57,7 @@ gem 'openssl'
|
|
30
57
|
gem 'openssl', git: 'https://github.com/ruby/openssl'
|
31
58
|
```
|
32
59
|
|
33
|
-
After
|
60
|
+
After running `bundle install`, you should have the gem installed in your bundle.
|
34
61
|
|
35
62
|
## Usage
|
36
63
|
|
@@ -40,15 +67,6 @@ Once installed, you can require "openssl" in your application.
|
|
40
67
|
require "openssl"
|
41
68
|
```
|
42
69
|
|
43
|
-
**NOTE**: If you are using Ruby 2.3 (and not Bundler), you **must** activate
|
44
|
-
the gem version of openssl, otherwise the default gem packaged with the Ruby
|
45
|
-
installation will be used:
|
46
|
-
|
47
|
-
```ruby
|
48
|
-
gem "openssl"
|
49
|
-
require "openssl"
|
50
|
-
```
|
51
|
-
|
52
70
|
## Documentation
|
53
71
|
|
54
72
|
See https://ruby.github.io/openssl/.
|
@@ -57,10 +75,9 @@ See https://ruby.github.io/openssl/.
|
|
57
75
|
|
58
76
|
Please read our [CONTRIBUTING.md] for instructions.
|
59
77
|
|
78
|
+
[CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
|
79
|
+
|
60
80
|
## Security
|
61
81
|
|
62
82
|
Security issues should be reported to ruby-core by following the process
|
63
83
|
described on ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
|
64
|
-
|
65
|
-
|
66
|
-
[CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
|