openssl 2.2.1 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +33 -45
  3. data/History.md +248 -1
  4. data/README.md +36 -19
  5. data/ext/openssl/extconf.rb +101 -68
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +26 -45
  8. data/ext/openssl/ossl.c +128 -237
  9. data/ext/openssl/ossl.h +31 -12
  10. data/ext/openssl/ossl_asn1.c +26 -13
  11. data/ext/openssl/ossl_bn.c +213 -139
  12. data/ext/openssl/ossl_cipher.c +13 -14
  13. data/ext/openssl/ossl_config.c +412 -41
  14. data/ext/openssl/ossl_config.h +4 -7
  15. data/ext/openssl/ossl_digest.c +10 -10
  16. data/ext/openssl/ossl_engine.c +17 -16
  17. data/ext/openssl/ossl_hmac.c +57 -136
  18. data/ext/openssl/ossl_kdf.c +12 -4
  19. data/ext/openssl/ossl_ns_spki.c +1 -1
  20. data/ext/openssl/ossl_ocsp.c +11 -59
  21. data/ext/openssl/ossl_pkcs12.c +22 -4
  22. data/ext/openssl/ossl_pkcs7.c +45 -62
  23. data/ext/openssl/ossl_pkey.c +1320 -196
  24. data/ext/openssl/ossl_pkey.h +36 -73
  25. data/ext/openssl/ossl_pkey_dh.c +152 -347
  26. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  27. data/ext/openssl/ossl_pkey_ec.c +227 -343
  28. data/ext/openssl/ossl_pkey_rsa.c +159 -491
  29. data/ext/openssl/ossl_provider.c +211 -0
  30. data/ext/openssl/ossl_provider.h +5 -0
  31. data/ext/openssl/ossl_ssl.c +530 -450
  32. data/ext/openssl/ossl_ssl_session.c +29 -30
  33. data/ext/openssl/ossl_ts.c +38 -23
  34. data/ext/openssl/ossl_x509.c +0 -6
  35. data/ext/openssl/ossl_x509attr.c +1 -1
  36. data/ext/openssl/ossl_x509cert.c +168 -12
  37. data/ext/openssl/ossl_x509crl.c +14 -11
  38. data/ext/openssl/ossl_x509ext.c +14 -9
  39. data/ext/openssl/ossl_x509name.c +10 -3
  40. data/ext/openssl/ossl_x509req.c +14 -11
  41. data/ext/openssl/ossl_x509revoked.c +4 -4
  42. data/ext/openssl/ossl_x509store.c +166 -75
  43. data/lib/openssl/buffering.rb +9 -3
  44. data/lib/openssl/digest.rb +1 -5
  45. data/lib/openssl/hmac.rb +65 -0
  46. data/lib/openssl/pkey.rb +429 -0
  47. data/lib/openssl/ssl.rb +22 -17
  48. data/lib/openssl/version.rb +1 -1
  49. data/lib/openssl/x509.rb +22 -0
  50. data/lib/openssl.rb +0 -1
  51. metadata +10 -79
  52. data/ext/openssl/ruby_missing.h +0 -24
  53. data/lib/openssl/config.rb +0 -501
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 64981d6d16c53d08f9f88d54e28340769b26651ac6b4b1325f085b125255a60e
4
- data.tar.gz: 5f0eff4a8e8610696fbd755c081a94793ec8c28384adb167a22ffe910a3f662e
3
+ metadata.gz: 5040b959a35f5692d6d19e2bf520e1123da8133fff2f878cfc21c2ff0f145d6e
4
+ data.tar.gz: dfee6ebd76e423511aa0fc4630f8120edce8fe79d4f40ee7105ccad12c2d3340
5
5
  SHA512:
6
- metadata.gz: 02d5dd3dc0c04f98b25a24c00eb2a5bbad34ff0688c7a0e3c331c3c33e7d1662fcceef4d38f6d02d1fe2dc8e711f8232512731e1c3e6bfcf793f4993b0eb8071
7
- data.tar.gz: 06c1a0f3aab1e27d3b5898652789ff299d53f30464b67e4bc015895d15ef3af70503cf79320af2061bee768b9671e2a1268e3133e66018b60aa76f6ca86a26d6
6
+ metadata.gz: f542ec360be844382829f4bcc46b5cffdfcaf675b02ecdc1cd15a6e80c061476ee4582fdb201ef2dd0f430806d74036233eef3a5c23e5b4028560ad075ed706b
7
+ data.tar.gz: 0173033ebe6efb76b747cc80835cc9530dd664d038256bbdf963d4940b5f3bfad90be313554f548a911ac0977d4bdc33c088dfd3b6fb8e46db7bcd5d2ec34a8c
data/CONTRIBUTING.md CHANGED
@@ -12,16 +12,17 @@ If you think you found a bug, file a ticket on GitHub. Please DO NOT report
12
12
  security issues here, there is a separate procedure which is described on
13
13
  ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
14
14
 
15
- When reporting a bug, please make sure you include:
16
- * Ruby version
17
- * OpenSSL gem version
18
- * OpenSSL library version
19
- * A sample file that illustrates the problem or link to the repository or
15
+ When reporting a bug, please make sure you include:
16
+
17
+ * Ruby version (`ruby -v`)
18
+ * `openssl` gem version (`gem list openssl` and `OpenSSL::VERSION`)
19
+ * OpenSSL library version (`OpenSSL::OPENSSL_VERSION`)
20
+ * A sample file that illustrates the problem or link to the repository or
20
21
  gem that is associated with the bug.
21
22
 
22
23
  There are a number of unresolved issues and feature requests for openssl that
23
24
  need review. Before submitting a new ticket, it is recommended to check
24
- [known issues] and [bugs.ruby-lang.org], the previous issue tracker.
25
+ [known issues].
25
26
 
26
27
  ## Submitting patches
27
28
 
@@ -34,62 +35,50 @@ Make sure that your branch does:
34
35
  * Have good commit messages
35
36
  * Follow Ruby's coding style ([DeveloperHowTo])
36
37
  * Pass the test suite successfully (see "Testing")
37
- * Add an entry to [History.md] if necessary
38
38
 
39
39
  ## Testing
40
40
 
41
41
  We have a test suite!
42
42
 
43
43
  Test cases are located under the
44
- [`test/`](https://github.com/ruby/openssl/tree/master/test) directory.
44
+ [`test/openssl`](https://github.com/ruby/openssl/tree/master/test/openssl)
45
+ directory.
45
46
 
46
47
  You can run it with the following three commands:
47
48
 
48
49
  ```
49
- $ rake install_dependencies # installs rake-compiler, test-unit, ...
50
- $ rake compile
51
- $ rake test
50
+ $ bundle install # installs rake-compiler, test-unit, ...
51
+ $ bundle exec rake compile
52
+ $ bundle exec rake test
52
53
  ```
53
54
 
54
- ### Docker
55
-
56
- You can also use Docker Compose to run tests. It can be used to check that your
57
- changes work correctly with various supported versions of Ruby and OpenSSL.
58
-
59
- First, you need to install [Docker](https://www.docker.com/products/docker) and
60
- [Docker Compose](https://www.docker.com/products/docker-compose) on your
61
- computer.
55
+ ### With different versions of OpenSSL
62
56
 
63
- If you're on MacOS or Windows, we recommended to use the official [Docker
64
- Toolbox](https://www.docker.com/products/docker-toolbox). On Linux, follow the
65
- instructions for your package manager. For further information, please check
66
- the [official documentation](https://docs.docker.com/).
57
+ Ruby OpenSSL supports various versions of OpenSSL library. The test suite needs
58
+ to pass on all supported combinations.
67
59
 
68
- Once you have Docker and Docker Compose, running the following commands will
69
- build the container and execute the openssl tests. In this example, we will use
70
- Ruby version 2.3 with OpenSSL version 1.0.2.
60
+ Similarly to when installing `openssl` gem via the `gem` command,
61
+ you can pass a `--with-openssl-dir` argument to `rake compile`
62
+ to specify the OpenSSL library to build against.
71
63
 
72
64
  ```
73
- $ docker-compose build
74
- $ export RUBY_VERSION=ruby-2.3
75
- $ export OPENSSL_VERSION=openssl-1.0.2
76
- $ docker-compose run test
77
-
78
- # You may want an interactive shell for dubugging
79
- $ docker-compose run debug
65
+ $ ( curl -OL https://ftp.openssl.org/source/openssl-3.0.1.tar.gz &&
66
+ tar xf openssl-3.0.1.tar.gz &&
67
+ cd openssl-3.0.1 &&
68
+ ./config --prefix=$HOME/.openssl/openssl-3.0.1 --libdir=lib &&
69
+ make -j4 &&
70
+ make install )
71
+
72
+ $ # in Ruby/OpenSSL's source directory
73
+ $ bundle exec rake clean
74
+ $ bundle exec rake compile -- --with-openssl-dir=$HOME/.openssl/openssl-3.0.1
75
+ $ bundle exec rake test
80
76
  ```
81
77
 
82
- All possible values for `RUBY_VERSION` and `OPENSSL_VERSION` can be found in
83
- [`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml).
84
-
85
- **NOTE**: these commands must be run from the openssl repository root, in order
86
- to use the
87
- [`docker-compose.yml`](https://github.com/ruby/openssl/blob/master/docker-compose.yml)
88
- file we have provided.
89
-
90
- This Docker image is built using the
91
- [Dockerfile](https://github.com/ruby/openssl/tree/master/tool/ruby-openssl-docker)
92
- provided in the repository.
78
+ The GitHub Actions workflow file
79
+ [`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml)
80
+ contains useful information for building OpenSSL/LibreSSL and testing against
81
+ them.
93
82
 
94
83
 
95
84
  ## Relation with Ruby source tree
@@ -124,7 +113,6 @@ _Thanks for your contributions!_
124
113
 
125
114
  [GitHub]: https://github.com/ruby/openssl
126
115
  [known issues]: https://github.com/ruby/openssl/issues
127
- [bugs.ruby-lang.org]: https://bugs.ruby-lang.org/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%3D&v%5Bassigned_to_id%5D%5B%5D=7150&f%5B%5D=&c%5B%5D=project&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&group_by=&t%5B%5D=
128
116
  [DeveloperHowTo]: https://bugs.ruby-lang.org/projects/ruby/wiki/DeveloperHowto
129
117
  [HackerOne]: https://hackerone.com/ruby
130
118
  [Security]: https://www.ruby-lang.org/en/security/
data/History.md CHANGED
@@ -1,3 +1,240 @@
1
+ Version 3.2.0
2
+ =============
3
+
4
+ Compatibility
5
+ -------------
6
+
7
+ * Ruby >= 2.7
8
+ - Support for Ruby 2.6 has been removed. Note that Ruby 2.6 reached the
9
+ end-of-life in 2022-04.
10
+ [[GitHub #639]](https://github.com/ruby/openssl/pull/639)
11
+ * OpenSSL >= 1.0.2 or LibreSSL >= 3.1
12
+
13
+ Notable changes
14
+ ---------------
15
+
16
+ * Add a stub gemspec for JRuby, which depends on the `jruby-openssl` gem.
17
+ [[GitHub #598]](https://github.com/ruby/openssl/pull/598)
18
+ * Add support for the FIPS module in OpenSSL 3.0/3.1.
19
+ [[GitHub #608]](https://github.com/ruby/openssl/pull/608)
20
+ * Rework `OpenSSL::PKey` routines for loading DER or PEM encoded keys for better
21
+ compatibility with OpenSSL 3.0/3.1 with the FIPS module.
22
+ [[GitHub #615]](https://github.com/ruby/openssl/pull/615)
23
+ [[GitHub #669]](https://github.com/ruby/openssl/pull/669)
24
+ * Add `OpenSSL::Provider` module for loading and unloading OpenSSL 3 providers.
25
+ [[GitHub #635]](https://github.com/ruby/openssl/pull/635)
26
+ * Add `OpenSSL::PKey.new_raw_private_key`, `.new_raw_public_key`,
27
+ `OpenSSL::PKey::PKey#raw_private_key`, and `#raw_public_key` for public key
28
+ algorithms that use "raw private/public key", such as X25519 and Ed25519.
29
+ [[GitHub #646]](https://github.com/ruby/openssl/pull/646)
30
+ * Improve OpenSSL error messages to include additional information when
31
+ it is available in OpenSSL's error queue.
32
+ [[GitHub #648]](https://github.com/ruby/openssl/pull/648)
33
+ * Change `OpenSSL::SSL::SSLContext#ca_file=` and `#ca_path=` to raise
34
+ `OpenSSL::SSL::SSLError` instead of printing a warning message.
35
+ [[GitHub #659]](https://github.com/ruby/openssl/pull/659)
36
+ * Allow `OpenSSL::X509::ExtensionFactory#create_extension` to take OIDs in the
37
+ dotted-decimal notation.
38
+ [[GitHub #141]](https://github.com/ruby/openssl/pull/141)
39
+
40
+
41
+ Version 3.1.0
42
+ =============
43
+
44
+ Ruby/OpenSSL 3.1 will be maintained for the lifetime of Ruby 3.2.
45
+
46
+ Merged bug fixes in 2.2.3 and 3.0.2. Among the new features and changes are:
47
+
48
+ Notable changes
49
+ ---------------
50
+
51
+ * Add `OpenSSL::SSL::SSLContext#ciphersuites=` to allow setting TLS 1.3 cipher
52
+ suites.
53
+ [[GitHub #493]](https://github.com/ruby/openssl/pull/493)
54
+ * Add `OpenSSL::SSL::SSLSocket#export_keying_material` for exporting keying
55
+ material of the session, as defined in RFC 5705.
56
+ [[GitHub #530]](https://github.com/ruby/openssl/pull/530)
57
+ * Add `OpenSSL::SSL::SSLContext#keylog_cb=` for setting the TLS key logging
58
+ callback, which is useful for supporting NSS's SSLKEYLOGFILE debugging output.
59
+ [[GitHub #536]](https://github.com/ruby/openssl/pull/536)
60
+ * Remove the default digest algorithm from `OpenSSL::OCSP::BasicResponse#sign`
61
+ and `OpenSSL::OCSP::Request#sign`. Omitting the 5th parameter of these
62
+ methods used to be equivalent of specifying SHA-1. This default value is now
63
+ removed and we will let the underlying OpenSSL library decide instead.
64
+ [[GitHub #507]](https://github.com/ruby/openssl/pull/507)
65
+ * Add `OpenSSL::BN#mod_sqrt`.
66
+ [[GitHub #553]](https://github.com/ruby/openssl/pull/553)
67
+ * Allow calling `OpenSSL::Cipher#update` with an empty string. This was
68
+ prohibited to workaround an ancient bug in OpenSSL.
69
+ [[GitHub #568]](https://github.com/ruby/openssl/pull/568)
70
+ * Fix build on platforms without socket support, such as WASI. `OpenSSL::SSL`
71
+ will not be defined if OpenSSL is compiled with `OPENSSL_NO_SOCK`.
72
+ [[GitHub #558]](https://github.com/ruby/openssl/pull/558)
73
+ * Improve support for recent LibreSSL versions. This includes HKDF support in
74
+ LibreSSL 3.6 and Ed25519 support in LibreSSL 3.7.
75
+
76
+
77
+ Version 3.0.2
78
+ =============
79
+
80
+ Merged changes in 2.2.3. Additionally, the following issues are fixed by this
81
+ release.
82
+
83
+ Bug fixes
84
+ ---------
85
+
86
+ * Fix OpenSSL::PKey::EC#check_key not working correctly on OpenSSL 3.0.
87
+ [[GitHub #563]](https://github.com/ruby/openssl/issues/563)
88
+ [[GitHub #580]](https://github.com/ruby/openssl/pull/580)
89
+
90
+
91
+ Version 3.0.1
92
+ =============
93
+
94
+ Merged changes in 2.1.4 and 2.2.2. Additionally, the following issues are fixed
95
+ by this release.
96
+
97
+ Bug fixes
98
+ ---------
99
+
100
+ * Add missing type check in OpenSSL::PKey::PKey#sign's optional parameters.
101
+ [[GitHub #531]](https://github.com/ruby/openssl/pull/531)
102
+ * Work around OpenSSL 3.0's HMAC issues with a zero-length key.
103
+ [[GitHub #538]](https://github.com/ruby/openssl/pull/538)
104
+ * Fix a regression in OpenSSL::PKey::DSA.generate's default of 'q' size.
105
+ [[GitHub #483]](https://github.com/ruby/openssl/issues/483)
106
+ [[GitHub #539]](https://github.com/ruby/openssl/pull/539)
107
+ * Restore OpenSSL::PKey.read's ability to decode "openssl ecparam -genkey"
108
+ output when linked against OpenSSL 3.0.
109
+ [[GitHub #535]](https://github.com/ruby/openssl/pull/535)
110
+ [[GitHub #540]](https://github.com/ruby/openssl/pull/540)
111
+ * Restore error checks in OpenSSL::PKey::EC#{to_der,to_pem}.
112
+ [[GitHub #541]](https://github.com/ruby/openssl/pull/541)
113
+
114
+
115
+ Version 3.0.0
116
+ =============
117
+
118
+ Compatibility notes
119
+ -------------------
120
+
121
+ * OpenSSL 1.0.1 and Ruby 2.3-2.5 are no longer supported.
122
+ [[GitHub #396]](https://github.com/ruby/openssl/pull/396)
123
+ [[GitHub #466]](https://github.com/ruby/openssl/pull/466)
124
+
125
+ * OpenSSL 3.0 support is added. It is the first major version bump from OpenSSL
126
+ 1.1 and contains incompatible changes that affect Ruby/OpenSSL.
127
+ Note that OpenSSL 3.0 support is preliminary and not all features are
128
+ currently available:
129
+ [[GitHub #369]](https://github.com/ruby/openssl/issues/369)
130
+
131
+ - Deprecate the ability to modify `OpenSSL::PKey::PKey` instances. OpenSSL 3.0
132
+ made EVP_PKEY structure immutable, and hence the following methods are not
133
+ available when Ruby/OpenSSL is linked against OpenSSL 3.0.
134
+ [[GitHub #480]](https://github.com/ruby/openssl/pull/480)
135
+
136
+ - `OpenSSL::PKey::RSA#set_key`, `#set_factors`, `#set_crt_params`
137
+ - `OpenSSL::PKey::DSA#set_pqg`, `#set_key`
138
+ - `OpenSSL::PKey::DH#set_pqg`, `#set_key`, `#generate_key!`
139
+ - `OpenSSL::PKey::EC#private_key=`, `#public_key=`, `#group=`, `#generate_key!`
140
+
141
+ - Deprecate `OpenSSL::Engine`. The ENGINE API has been deprecated in OpenSSL 3.0
142
+ in favor of the new "provider" concept and will be removed in a future
143
+ version.
144
+ [[GitHub #481]](https://github.com/ruby/openssl/pull/481)
145
+
146
+ * `OpenSSL::SSL::SSLContext#tmp_ecdh_callback` has been removed. It has been
147
+ deprecated since v2.0.0 because it is incompatible with modern OpenSSL
148
+ versions.
149
+ [[GitHub #394]](https://github.com/ruby/openssl/pull/394)
150
+
151
+ * `OpenSSL::SSL::SSLSocket#read` and `#write` now raise `OpenSSL::SSL::SSLError`
152
+ if called before a TLS connection is established. Historically, they
153
+ read/wrote unencrypted data to the underlying socket directly in that case.
154
+ [[GitHub #9]](https://github.com/ruby/openssl/issues/9)
155
+ [[GitHub #469]](https://github.com/ruby/openssl/pull/469)
156
+
157
+
158
+ Notable changes
159
+ ---------------
160
+
161
+ * Enhance OpenSSL::PKey's common interface.
162
+ [[GitHub #370]](https://github.com/ruby/openssl/issues/370)
163
+
164
+ - Key deserialization: Enhance `OpenSSL::PKey.read` to handle PEM encoding of
165
+ DH parameters, which used to be only deserialized by `OpenSSL::PKey::DH.new`.
166
+ [[GitHub #328]](https://github.com/ruby/openssl/issues/328)
167
+ - Key generation: Add `OpenSSL::PKey.generate_parameters` and
168
+ `OpenSSL::PKey.generate_key`.
169
+ [[GitHub #329]](https://github.com/ruby/openssl/issues/329)
170
+ - Public key signing: Enhance `OpenSSL::PKey::PKey#sign` and `#verify` to use
171
+ the new EVP_DigestSign() family to enable PureEdDSA support on OpenSSL 1.1.1
172
+ or later. They also now take optional algorithm-specific parameters for more
173
+ control.
174
+ [[GitHub #329]](https://github.com/ruby/openssl/issues/329)
175
+ - Low-level public key signing and verification: Add
176
+ `OpenSSL::PKey::PKey#sign_raw`, `#verify_raw`, and `#verify_recover`.
177
+ [[GitHub #382]](https://github.com/ruby/openssl/issues/382)
178
+ - Public key encryption: Add `OpenSSL::PKey::PKey#encrypt` and `#decrypt`.
179
+ [[GitHub #382]](https://github.com/ruby/openssl/issues/382)
180
+ - Key agreement: Add `OpenSSL::PKey::PKey#derive`.
181
+ [[GitHub #329]](https://github.com/ruby/openssl/issues/329)
182
+ - Key comparison: Add `OpenSSL::PKey::PKey#compare?` to conveniently check
183
+ that two keys have common parameters and a public key.
184
+ [[GitHub #383]](https://github.com/ruby/openssl/issues/383)
185
+
186
+ * Add `OpenSSL::BN#set_flags` and `#get_flags`. This can be used in combination
187
+ with `OpenSSL::BN::CONSTTIME` to force constant-time computation.
188
+ [[GitHub #417]](https://github.com/ruby/openssl/issues/417)
189
+
190
+ * Add `OpenSSL::BN#abs` to get the absolute value of the BIGNUM.
191
+ [[GitHub #430]](https://github.com/ruby/openssl/issues/430)
192
+
193
+ * Add `OpenSSL::SSL::SSLSocket#getbyte`.
194
+ [[GitHub #438]](https://github.com/ruby/openssl/issues/438)
195
+
196
+ * Add `OpenSSL::SSL::SSLContext#tmp_dh=`.
197
+ [[GitHub #459]](https://github.com/ruby/openssl/pull/459)
198
+
199
+ * Add `OpenSSL::X509::Certificate.load` to load a PEM-encoded and concatenated
200
+ list of X.509 certificates at once.
201
+ [[GitHub #441]](https://github.com/ruby/openssl/pull/441)
202
+
203
+ * Change `OpenSSL::X509::Certificate.new` to attempt to deserialize the given
204
+ string first as DER encoding first and then as PEM encoding to ensure the
205
+ round-trip consistency.
206
+ [[GitHub #442]](https://github.com/ruby/openssl/pull/442)
207
+
208
+ * Update various part of the code base to use the modern API. No breaking
209
+ changes are intended with this. This includes:
210
+
211
+ - `OpenSSL::HMAC` uses the EVP API.
212
+ [[GitHub #371]](https://github.com/ruby/openssl/issues/371)
213
+ - `OpenSSL::Config` uses native OpenSSL API to parse config files.
214
+ [[GitHub #342]](https://github.com/ruby/openssl/issues/342)
215
+
216
+
217
+ Version 2.2.3
218
+ =============
219
+
220
+ Bug fixes
221
+ ---------
222
+
223
+ * Fix serveral methods in OpenSSL::PKey::EC::Point attempting to raise an error
224
+ with an incorrect class, which would end up with a TypeError.
225
+ [[GitHub #570]](https://github.com/ruby/openssl/pull/570)
226
+ * Fix OpenSSL::PKey::EC::Point#eql? and OpenSSL::PKey::EC::Group#eql?
227
+ incorrectly treated OpenSSL's internal errors as "not equal".
228
+ [[GitHub #564]](https://github.com/ruby/openssl/pull/564)
229
+ * Fix build with LibreSSL 3.5 or later.
230
+
231
+
232
+ Version 2.2.2
233
+ =============
234
+
235
+ Merged changes in 2.1.4.
236
+
237
+
1
238
  Version 2.2.1
2
239
  =============
3
240
 
@@ -92,6 +329,16 @@ Notable changes
92
329
  [[GitHub #297]](https://github.com/ruby/openssl/pull/297)
93
330
 
94
331
 
332
+ Version 2.1.4
333
+ =============
334
+
335
+ Bug fixes
336
+ ---------
337
+
338
+ * Do not use pkg-config if --with-openssl-dir option is specified.
339
+ [[GitHub #486]](https://github.com/ruby/openssl/pull/486)
340
+
341
+
95
342
  Version 2.1.3
96
343
  =============
97
344
 
@@ -113,7 +360,7 @@ Bug fixes
113
360
  [[GitHub #453]](https://github.com/ruby/openssl/pull/453)
114
361
  * Fix misuse of input record separator in `OpenSSL::Buffering` where it was
115
362
  for output.
116
- * Fix wrong interger casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
363
+ * Fix wrong integer casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
117
364
  [[GitHub #460]](https://github.com/ruby/openssl/pull/460)
118
365
  * `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
119
366
  newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
data/README.md CHANGED
@@ -2,26 +2,53 @@
2
2
 
3
3
  [![Actions Status](https://github.com/ruby/openssl/workflows/CI/badge.svg)](https://github.com/ruby/openssl/actions?workflow=CI)
4
4
 
5
+ **OpenSSL for Ruby** provides access to SSL/TLS and general-purpose
6
+ cryptography based on the OpenSSL library.
5
7
 
6
- OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
7
- OpenSSL library.
8
+ OpenSSL for Ruby is sometimes referred to as **openssl** in all lowercase
9
+ or **Ruby/OpenSSL** for disambiguation.
10
+
11
+ ## Compatibility and maintenance policy
12
+
13
+ OpenSSL for Ruby is released as a RubyGems gem. At the same time, it is part of
14
+ the standard library of Ruby. This is called a [default gem].
15
+
16
+ Each stable branch of OpenSSL for Ruby will remain supported as long as it is
17
+ included as a default gem in [supported Ruby branches][Ruby Maintenance Branches].
18
+
19
+ |Version|Maintenance status |Ruby compatibility|OpenSSL compatibility |
20
+ |-------|-------------------------------|------------------|--------------------------------------------|
21
+ |3.2.x |normal maintenance (Ruby 3.3) |Ruby 2.7+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
22
+ |3.1.x |normal maintenance (Ruby 3.2) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
23
+ |3.0.x |normal maintenance (Ruby 3.1) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
24
+ |2.2.x |security maintenance (Ruby 3.0)|Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.9+ |
25
+ |2.1.x |end-of-life (Ruby 2.5-2.7) |Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.5+ |
26
+ |2.0.x |end-of-life (Ruby 2.4) |Ruby 2.3+ |OpenSSL 0.9.8-1.1.1 or LibreSSL 2.3+ |
27
+
28
+ [default gem]: https://docs.ruby-lang.org/en/master/standard_library_rdoc.html
29
+ [Ruby Maintenance Branches]: https://www.ruby-lang.org/en/downloads/branches/
8
30
 
9
31
  ## Installation
10
32
 
11
- The openssl gem is available at [rubygems.org](https://rubygems.org/gems/openssl).
12
- You can install with:
33
+ > **Note**
34
+ > The openssl gem is included with Ruby by default, but you may wish to upgrade
35
+ > it to a newer version available at
36
+ > [rubygems.org](https://rubygems.org/gems/openssl).
37
+
38
+ To upgrade it, you can use RubyGems:
13
39
 
14
40
  ```
15
41
  gem install openssl
16
42
  ```
17
43
 
18
- You may need to specify the path where OpenSSL is installed.
44
+ In some cases, it may be necessary to specify the path to the installation
45
+ directory of the OpenSSL library.
19
46
 
20
47
  ```
21
48
  gem install openssl -- --with-openssl-dir=/opt/openssl
22
49
  ```
23
50
 
24
- Alternatively, you can install the gem with `bundler`:
51
+ Alternatively, you can install the gem with Bundler:
25
52
 
26
53
  ```ruby
27
54
  # Gemfile
@@ -30,7 +57,7 @@ gem 'openssl'
30
57
  gem 'openssl', git: 'https://github.com/ruby/openssl'
31
58
  ```
32
59
 
33
- After doing `bundle install`, you should have the gem installed in your bundle.
60
+ After running `bundle install`, you should have the gem installed in your bundle.
34
61
 
35
62
  ## Usage
36
63
 
@@ -40,15 +67,6 @@ Once installed, you can require "openssl" in your application.
40
67
  require "openssl"
41
68
  ```
42
69
 
43
- **NOTE**: If you are using Ruby 2.3 (and not Bundler), you **must** activate
44
- the gem version of openssl, otherwise the default gem packaged with the Ruby
45
- installation will be used:
46
-
47
- ```ruby
48
- gem "openssl"
49
- require "openssl"
50
- ```
51
-
52
70
  ## Documentation
53
71
 
54
72
  See https://ruby.github.io/openssl/.
@@ -57,10 +75,9 @@ See https://ruby.github.io/openssl/.
57
75
 
58
76
  Please read our [CONTRIBUTING.md] for instructions.
59
77
 
78
+ [CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
79
+
60
80
  ## Security
61
81
 
62
82
  Security issues should be reported to ruby-core by following the process
63
83
  described on ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
64
-
65
-
66
- [CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md