openssl 2.2.1 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +33 -45
  3. data/History.md +248 -1
  4. data/README.md +36 -19
  5. data/ext/openssl/extconf.rb +101 -68
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +26 -45
  8. data/ext/openssl/ossl.c +128 -237
  9. data/ext/openssl/ossl.h +31 -12
  10. data/ext/openssl/ossl_asn1.c +26 -13
  11. data/ext/openssl/ossl_bn.c +213 -139
  12. data/ext/openssl/ossl_cipher.c +13 -14
  13. data/ext/openssl/ossl_config.c +412 -41
  14. data/ext/openssl/ossl_config.h +4 -7
  15. data/ext/openssl/ossl_digest.c +10 -10
  16. data/ext/openssl/ossl_engine.c +17 -16
  17. data/ext/openssl/ossl_hmac.c +57 -136
  18. data/ext/openssl/ossl_kdf.c +12 -4
  19. data/ext/openssl/ossl_ns_spki.c +1 -1
  20. data/ext/openssl/ossl_ocsp.c +11 -59
  21. data/ext/openssl/ossl_pkcs12.c +22 -4
  22. data/ext/openssl/ossl_pkcs7.c +45 -62
  23. data/ext/openssl/ossl_pkey.c +1320 -196
  24. data/ext/openssl/ossl_pkey.h +36 -73
  25. data/ext/openssl/ossl_pkey_dh.c +152 -347
  26. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  27. data/ext/openssl/ossl_pkey_ec.c +227 -343
  28. data/ext/openssl/ossl_pkey_rsa.c +159 -491
  29. data/ext/openssl/ossl_provider.c +211 -0
  30. data/ext/openssl/ossl_provider.h +5 -0
  31. data/ext/openssl/ossl_ssl.c +530 -450
  32. data/ext/openssl/ossl_ssl_session.c +29 -30
  33. data/ext/openssl/ossl_ts.c +38 -23
  34. data/ext/openssl/ossl_x509.c +0 -6
  35. data/ext/openssl/ossl_x509attr.c +1 -1
  36. data/ext/openssl/ossl_x509cert.c +168 -12
  37. data/ext/openssl/ossl_x509crl.c +14 -11
  38. data/ext/openssl/ossl_x509ext.c +14 -9
  39. data/ext/openssl/ossl_x509name.c +10 -3
  40. data/ext/openssl/ossl_x509req.c +14 -11
  41. data/ext/openssl/ossl_x509revoked.c +4 -4
  42. data/ext/openssl/ossl_x509store.c +166 -75
  43. data/lib/openssl/buffering.rb +9 -3
  44. data/lib/openssl/digest.rb +1 -5
  45. data/lib/openssl/hmac.rb +65 -0
  46. data/lib/openssl/pkey.rb +429 -0
  47. data/lib/openssl/ssl.rb +22 -17
  48. data/lib/openssl/version.rb +1 -1
  49. data/lib/openssl/x509.rb +22 -0
  50. data/lib/openssl.rb +0 -1
  51. metadata +10 -79
  52. data/ext/openssl/ruby_missing.h +0 -24
  53. data/lib/openssl/config.rb +0 -501
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 64981d6d16c53d08f9f88d54e28340769b26651ac6b4b1325f085b125255a60e
4
- data.tar.gz: 5f0eff4a8e8610696fbd755c081a94793ec8c28384adb167a22ffe910a3f662e
3
+ metadata.gz: 5040b959a35f5692d6d19e2bf520e1123da8133fff2f878cfc21c2ff0f145d6e
4
+ data.tar.gz: dfee6ebd76e423511aa0fc4630f8120edce8fe79d4f40ee7105ccad12c2d3340
5
5
  SHA512:
6
- metadata.gz: 02d5dd3dc0c04f98b25a24c00eb2a5bbad34ff0688c7a0e3c331c3c33e7d1662fcceef4d38f6d02d1fe2dc8e711f8232512731e1c3e6bfcf793f4993b0eb8071
7
- data.tar.gz: 06c1a0f3aab1e27d3b5898652789ff299d53f30464b67e4bc015895d15ef3af70503cf79320af2061bee768b9671e2a1268e3133e66018b60aa76f6ca86a26d6
6
+ metadata.gz: f542ec360be844382829f4bcc46b5cffdfcaf675b02ecdc1cd15a6e80c061476ee4582fdb201ef2dd0f430806d74036233eef3a5c23e5b4028560ad075ed706b
7
+ data.tar.gz: 0173033ebe6efb76b747cc80835cc9530dd664d038256bbdf963d4940b5f3bfad90be313554f548a911ac0977d4bdc33c088dfd3b6fb8e46db7bcd5d2ec34a8c
data/CONTRIBUTING.md CHANGED
@@ -12,16 +12,17 @@ If you think you found a bug, file a ticket on GitHub. Please DO NOT report
12
12
  security issues here, there is a separate procedure which is described on
13
13
  ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
14
14
 
15
- When reporting a bug, please make sure you include:
16
- * Ruby version
17
- * OpenSSL gem version
18
- * OpenSSL library version
19
- * A sample file that illustrates the problem or link to the repository or
15
+ When reporting a bug, please make sure you include:
16
+
17
+ * Ruby version (`ruby -v`)
18
+ * `openssl` gem version (`gem list openssl` and `OpenSSL::VERSION`)
19
+ * OpenSSL library version (`OpenSSL::OPENSSL_VERSION`)
20
+ * A sample file that illustrates the problem or link to the repository or
20
21
  gem that is associated with the bug.
21
22
 
22
23
  There are a number of unresolved issues and feature requests for openssl that
23
24
  need review. Before submitting a new ticket, it is recommended to check
24
- [known issues] and [bugs.ruby-lang.org], the previous issue tracker.
25
+ [known issues].
25
26
 
26
27
  ## Submitting patches
27
28
 
@@ -34,62 +35,50 @@ Make sure that your branch does:
34
35
  * Have good commit messages
35
36
  * Follow Ruby's coding style ([DeveloperHowTo])
36
37
  * Pass the test suite successfully (see "Testing")
37
- * Add an entry to [History.md] if necessary
38
38
 
39
39
  ## Testing
40
40
 
41
41
  We have a test suite!
42
42
 
43
43
  Test cases are located under the
44
- [`test/`](https://github.com/ruby/openssl/tree/master/test) directory.
44
+ [`test/openssl`](https://github.com/ruby/openssl/tree/master/test/openssl)
45
+ directory.
45
46
 
46
47
  You can run it with the following three commands:
47
48
 
48
49
  ```
49
- $ rake install_dependencies # installs rake-compiler, test-unit, ...
50
- $ rake compile
51
- $ rake test
50
+ $ bundle install # installs rake-compiler, test-unit, ...
51
+ $ bundle exec rake compile
52
+ $ bundle exec rake test
52
53
  ```
53
54
 
54
- ### Docker
55
-
56
- You can also use Docker Compose to run tests. It can be used to check that your
57
- changes work correctly with various supported versions of Ruby and OpenSSL.
58
-
59
- First, you need to install [Docker](https://www.docker.com/products/docker) and
60
- [Docker Compose](https://www.docker.com/products/docker-compose) on your
61
- computer.
55
+ ### With different versions of OpenSSL
62
56
 
63
- If you're on MacOS or Windows, we recommended to use the official [Docker
64
- Toolbox](https://www.docker.com/products/docker-toolbox). On Linux, follow the
65
- instructions for your package manager. For further information, please check
66
- the [official documentation](https://docs.docker.com/).
57
+ Ruby OpenSSL supports various versions of OpenSSL library. The test suite needs
58
+ to pass on all supported combinations.
67
59
 
68
- Once you have Docker and Docker Compose, running the following commands will
69
- build the container and execute the openssl tests. In this example, we will use
70
- Ruby version 2.3 with OpenSSL version 1.0.2.
60
+ Similarly to when installing `openssl` gem via the `gem` command,
61
+ you can pass a `--with-openssl-dir` argument to `rake compile`
62
+ to specify the OpenSSL library to build against.
71
63
 
72
64
  ```
73
- $ docker-compose build
74
- $ export RUBY_VERSION=ruby-2.3
75
- $ export OPENSSL_VERSION=openssl-1.0.2
76
- $ docker-compose run test
77
-
78
- # You may want an interactive shell for dubugging
79
- $ docker-compose run debug
65
+ $ ( curl -OL https://ftp.openssl.org/source/openssl-3.0.1.tar.gz &&
66
+ tar xf openssl-3.0.1.tar.gz &&
67
+ cd openssl-3.0.1 &&
68
+ ./config --prefix=$HOME/.openssl/openssl-3.0.1 --libdir=lib &&
69
+ make -j4 &&
70
+ make install )
71
+
72
+ $ # in Ruby/OpenSSL's source directory
73
+ $ bundle exec rake clean
74
+ $ bundle exec rake compile -- --with-openssl-dir=$HOME/.openssl/openssl-3.0.1
75
+ $ bundle exec rake test
80
76
  ```
81
77
 
82
- All possible values for `RUBY_VERSION` and `OPENSSL_VERSION` can be found in
83
- [`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml).
84
-
85
- **NOTE**: these commands must be run from the openssl repository root, in order
86
- to use the
87
- [`docker-compose.yml`](https://github.com/ruby/openssl/blob/master/docker-compose.yml)
88
- file we have provided.
89
-
90
- This Docker image is built using the
91
- [Dockerfile](https://github.com/ruby/openssl/tree/master/tool/ruby-openssl-docker)
92
- provided in the repository.
78
+ The GitHub Actions workflow file
79
+ [`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml)
80
+ contains useful information for building OpenSSL/LibreSSL and testing against
81
+ them.
93
82
 
94
83
 
95
84
  ## Relation with Ruby source tree
@@ -124,7 +113,6 @@ _Thanks for your contributions!_
124
113
 
125
114
  [GitHub]: https://github.com/ruby/openssl
126
115
  [known issues]: https://github.com/ruby/openssl/issues
127
- [bugs.ruby-lang.org]: https://bugs.ruby-lang.org/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%3D&v%5Bassigned_to_id%5D%5B%5D=7150&f%5B%5D=&c%5B%5D=project&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&group_by=&t%5B%5D=
128
116
  [DeveloperHowTo]: https://bugs.ruby-lang.org/projects/ruby/wiki/DeveloperHowto
129
117
  [HackerOne]: https://hackerone.com/ruby
130
118
  [Security]: https://www.ruby-lang.org/en/security/
data/History.md CHANGED
@@ -1,3 +1,240 @@
1
+ Version 3.2.0
2
+ =============
3
+
4
+ Compatibility
5
+ -------------
6
+
7
+ * Ruby >= 2.7
8
+ - Support for Ruby 2.6 has been removed. Note that Ruby 2.6 reached the
9
+ end-of-life in 2022-04.
10
+ [[GitHub #639]](https://github.com/ruby/openssl/pull/639)
11
+ * OpenSSL >= 1.0.2 or LibreSSL >= 3.1
12
+
13
+ Notable changes
14
+ ---------------
15
+
16
+ * Add a stub gemspec for JRuby, which depends on the `jruby-openssl` gem.
17
+ [[GitHub #598]](https://github.com/ruby/openssl/pull/598)
18
+ * Add support for the FIPS module in OpenSSL 3.0/3.1.
19
+ [[GitHub #608]](https://github.com/ruby/openssl/pull/608)
20
+ * Rework `OpenSSL::PKey` routines for loading DER or PEM encoded keys for better
21
+ compatibility with OpenSSL 3.0/3.1 with the FIPS module.
22
+ [[GitHub #615]](https://github.com/ruby/openssl/pull/615)
23
+ [[GitHub #669]](https://github.com/ruby/openssl/pull/669)
24
+ * Add `OpenSSL::Provider` module for loading and unloading OpenSSL 3 providers.
25
+ [[GitHub #635]](https://github.com/ruby/openssl/pull/635)
26
+ * Add `OpenSSL::PKey.new_raw_private_key`, `.new_raw_public_key`,
27
+ `OpenSSL::PKey::PKey#raw_private_key`, and `#raw_public_key` for public key
28
+ algorithms that use "raw private/public key", such as X25519 and Ed25519.
29
+ [[GitHub #646]](https://github.com/ruby/openssl/pull/646)
30
+ * Improve OpenSSL error messages to include additional information when
31
+ it is available in OpenSSL's error queue.
32
+ [[GitHub #648]](https://github.com/ruby/openssl/pull/648)
33
+ * Change `OpenSSL::SSL::SSLContext#ca_file=` and `#ca_path=` to raise
34
+ `OpenSSL::SSL::SSLError` instead of printing a warning message.
35
+ [[GitHub #659]](https://github.com/ruby/openssl/pull/659)
36
+ * Allow `OpenSSL::X509::ExtensionFactory#create_extension` to take OIDs in the
37
+ dotted-decimal notation.
38
+ [[GitHub #141]](https://github.com/ruby/openssl/pull/141)
39
+
40
+
41
+ Version 3.1.0
42
+ =============
43
+
44
+ Ruby/OpenSSL 3.1 will be maintained for the lifetime of Ruby 3.2.
45
+
46
+ Merged bug fixes in 2.2.3 and 3.0.2. Among the new features and changes are:
47
+
48
+ Notable changes
49
+ ---------------
50
+
51
+ * Add `OpenSSL::SSL::SSLContext#ciphersuites=` to allow setting TLS 1.3 cipher
52
+ suites.
53
+ [[GitHub #493]](https://github.com/ruby/openssl/pull/493)
54
+ * Add `OpenSSL::SSL::SSLSocket#export_keying_material` for exporting keying
55
+ material of the session, as defined in RFC 5705.
56
+ [[GitHub #530]](https://github.com/ruby/openssl/pull/530)
57
+ * Add `OpenSSL::SSL::SSLContext#keylog_cb=` for setting the TLS key logging
58
+ callback, which is useful for supporting NSS's SSLKEYLOGFILE debugging output.
59
+ [[GitHub #536]](https://github.com/ruby/openssl/pull/536)
60
+ * Remove the default digest algorithm from `OpenSSL::OCSP::BasicResponse#sign`
61
+ and `OpenSSL::OCSP::Request#sign`. Omitting the 5th parameter of these
62
+ methods used to be equivalent of specifying SHA-1. This default value is now
63
+ removed and we will let the underlying OpenSSL library decide instead.
64
+ [[GitHub #507]](https://github.com/ruby/openssl/pull/507)
65
+ * Add `OpenSSL::BN#mod_sqrt`.
66
+ [[GitHub #553]](https://github.com/ruby/openssl/pull/553)
67
+ * Allow calling `OpenSSL::Cipher#update` with an empty string. This was
68
+ prohibited to workaround an ancient bug in OpenSSL.
69
+ [[GitHub #568]](https://github.com/ruby/openssl/pull/568)
70
+ * Fix build on platforms without socket support, such as WASI. `OpenSSL::SSL`
71
+ will not be defined if OpenSSL is compiled with `OPENSSL_NO_SOCK`.
72
+ [[GitHub #558]](https://github.com/ruby/openssl/pull/558)
73
+ * Improve support for recent LibreSSL versions. This includes HKDF support in
74
+ LibreSSL 3.6 and Ed25519 support in LibreSSL 3.7.
75
+
76
+
77
+ Version 3.0.2
78
+ =============
79
+
80
+ Merged changes in 2.2.3. Additionally, the following issues are fixed by this
81
+ release.
82
+
83
+ Bug fixes
84
+ ---------
85
+
86
+ * Fix OpenSSL::PKey::EC#check_key not working correctly on OpenSSL 3.0.
87
+ [[GitHub #563]](https://github.com/ruby/openssl/issues/563)
88
+ [[GitHub #580]](https://github.com/ruby/openssl/pull/580)
89
+
90
+
91
+ Version 3.0.1
92
+ =============
93
+
94
+ Merged changes in 2.1.4 and 2.2.2. Additionally, the following issues are fixed
95
+ by this release.
96
+
97
+ Bug fixes
98
+ ---------
99
+
100
+ * Add missing type check in OpenSSL::PKey::PKey#sign's optional parameters.
101
+ [[GitHub #531]](https://github.com/ruby/openssl/pull/531)
102
+ * Work around OpenSSL 3.0's HMAC issues with a zero-length key.
103
+ [[GitHub #538]](https://github.com/ruby/openssl/pull/538)
104
+ * Fix a regression in OpenSSL::PKey::DSA.generate's default of 'q' size.
105
+ [[GitHub #483]](https://github.com/ruby/openssl/issues/483)
106
+ [[GitHub #539]](https://github.com/ruby/openssl/pull/539)
107
+ * Restore OpenSSL::PKey.read's ability to decode "openssl ecparam -genkey"
108
+ output when linked against OpenSSL 3.0.
109
+ [[GitHub #535]](https://github.com/ruby/openssl/pull/535)
110
+ [[GitHub #540]](https://github.com/ruby/openssl/pull/540)
111
+ * Restore error checks in OpenSSL::PKey::EC#{to_der,to_pem}.
112
+ [[GitHub #541]](https://github.com/ruby/openssl/pull/541)
113
+
114
+
115
+ Version 3.0.0
116
+ =============
117
+
118
+ Compatibility notes
119
+ -------------------
120
+
121
+ * OpenSSL 1.0.1 and Ruby 2.3-2.5 are no longer supported.
122
+ [[GitHub #396]](https://github.com/ruby/openssl/pull/396)
123
+ [[GitHub #466]](https://github.com/ruby/openssl/pull/466)
124
+
125
+ * OpenSSL 3.0 support is added. It is the first major version bump from OpenSSL
126
+ 1.1 and contains incompatible changes that affect Ruby/OpenSSL.
127
+ Note that OpenSSL 3.0 support is preliminary and not all features are
128
+ currently available:
129
+ [[GitHub #369]](https://github.com/ruby/openssl/issues/369)
130
+
131
+ - Deprecate the ability to modify `OpenSSL::PKey::PKey` instances. OpenSSL 3.0
132
+ made EVP_PKEY structure immutable, and hence the following methods are not
133
+ available when Ruby/OpenSSL is linked against OpenSSL 3.0.
134
+ [[GitHub #480]](https://github.com/ruby/openssl/pull/480)
135
+
136
+ - `OpenSSL::PKey::RSA#set_key`, `#set_factors`, `#set_crt_params`
137
+ - `OpenSSL::PKey::DSA#set_pqg`, `#set_key`
138
+ - `OpenSSL::PKey::DH#set_pqg`, `#set_key`, `#generate_key!`
139
+ - `OpenSSL::PKey::EC#private_key=`, `#public_key=`, `#group=`, `#generate_key!`
140
+
141
+ - Deprecate `OpenSSL::Engine`. The ENGINE API has been deprecated in OpenSSL 3.0
142
+ in favor of the new "provider" concept and will be removed in a future
143
+ version.
144
+ [[GitHub #481]](https://github.com/ruby/openssl/pull/481)
145
+
146
+ * `OpenSSL::SSL::SSLContext#tmp_ecdh_callback` has been removed. It has been
147
+ deprecated since v2.0.0 because it is incompatible with modern OpenSSL
148
+ versions.
149
+ [[GitHub #394]](https://github.com/ruby/openssl/pull/394)
150
+
151
+ * `OpenSSL::SSL::SSLSocket#read` and `#write` now raise `OpenSSL::SSL::SSLError`
152
+ if called before a TLS connection is established. Historically, they
153
+ read/wrote unencrypted data to the underlying socket directly in that case.
154
+ [[GitHub #9]](https://github.com/ruby/openssl/issues/9)
155
+ [[GitHub #469]](https://github.com/ruby/openssl/pull/469)
156
+
157
+
158
+ Notable changes
159
+ ---------------
160
+
161
+ * Enhance OpenSSL::PKey's common interface.
162
+ [[GitHub #370]](https://github.com/ruby/openssl/issues/370)
163
+
164
+ - Key deserialization: Enhance `OpenSSL::PKey.read` to handle PEM encoding of
165
+ DH parameters, which used to be only deserialized by `OpenSSL::PKey::DH.new`.
166
+ [[GitHub #328]](https://github.com/ruby/openssl/issues/328)
167
+ - Key generation: Add `OpenSSL::PKey.generate_parameters` and
168
+ `OpenSSL::PKey.generate_key`.
169
+ [[GitHub #329]](https://github.com/ruby/openssl/issues/329)
170
+ - Public key signing: Enhance `OpenSSL::PKey::PKey#sign` and `#verify` to use
171
+ the new EVP_DigestSign() family to enable PureEdDSA support on OpenSSL 1.1.1
172
+ or later. They also now take optional algorithm-specific parameters for more
173
+ control.
174
+ [[GitHub #329]](https://github.com/ruby/openssl/issues/329)
175
+ - Low-level public key signing and verification: Add
176
+ `OpenSSL::PKey::PKey#sign_raw`, `#verify_raw`, and `#verify_recover`.
177
+ [[GitHub #382]](https://github.com/ruby/openssl/issues/382)
178
+ - Public key encryption: Add `OpenSSL::PKey::PKey#encrypt` and `#decrypt`.
179
+ [[GitHub #382]](https://github.com/ruby/openssl/issues/382)
180
+ - Key agreement: Add `OpenSSL::PKey::PKey#derive`.
181
+ [[GitHub #329]](https://github.com/ruby/openssl/issues/329)
182
+ - Key comparison: Add `OpenSSL::PKey::PKey#compare?` to conveniently check
183
+ that two keys have common parameters and a public key.
184
+ [[GitHub #383]](https://github.com/ruby/openssl/issues/383)
185
+
186
+ * Add `OpenSSL::BN#set_flags` and `#get_flags`. This can be used in combination
187
+ with `OpenSSL::BN::CONSTTIME` to force constant-time computation.
188
+ [[GitHub #417]](https://github.com/ruby/openssl/issues/417)
189
+
190
+ * Add `OpenSSL::BN#abs` to get the absolute value of the BIGNUM.
191
+ [[GitHub #430]](https://github.com/ruby/openssl/issues/430)
192
+
193
+ * Add `OpenSSL::SSL::SSLSocket#getbyte`.
194
+ [[GitHub #438]](https://github.com/ruby/openssl/issues/438)
195
+
196
+ * Add `OpenSSL::SSL::SSLContext#tmp_dh=`.
197
+ [[GitHub #459]](https://github.com/ruby/openssl/pull/459)
198
+
199
+ * Add `OpenSSL::X509::Certificate.load` to load a PEM-encoded and concatenated
200
+ list of X.509 certificates at once.
201
+ [[GitHub #441]](https://github.com/ruby/openssl/pull/441)
202
+
203
+ * Change `OpenSSL::X509::Certificate.new` to attempt to deserialize the given
204
+ string first as DER encoding first and then as PEM encoding to ensure the
205
+ round-trip consistency.
206
+ [[GitHub #442]](https://github.com/ruby/openssl/pull/442)
207
+
208
+ * Update various part of the code base to use the modern API. No breaking
209
+ changes are intended with this. This includes:
210
+
211
+ - `OpenSSL::HMAC` uses the EVP API.
212
+ [[GitHub #371]](https://github.com/ruby/openssl/issues/371)
213
+ - `OpenSSL::Config` uses native OpenSSL API to parse config files.
214
+ [[GitHub #342]](https://github.com/ruby/openssl/issues/342)
215
+
216
+
217
+ Version 2.2.3
218
+ =============
219
+
220
+ Bug fixes
221
+ ---------
222
+
223
+ * Fix serveral methods in OpenSSL::PKey::EC::Point attempting to raise an error
224
+ with an incorrect class, which would end up with a TypeError.
225
+ [[GitHub #570]](https://github.com/ruby/openssl/pull/570)
226
+ * Fix OpenSSL::PKey::EC::Point#eql? and OpenSSL::PKey::EC::Group#eql?
227
+ incorrectly treated OpenSSL's internal errors as "not equal".
228
+ [[GitHub #564]](https://github.com/ruby/openssl/pull/564)
229
+ * Fix build with LibreSSL 3.5 or later.
230
+
231
+
232
+ Version 2.2.2
233
+ =============
234
+
235
+ Merged changes in 2.1.4.
236
+
237
+
1
238
  Version 2.2.1
2
239
  =============
3
240
 
@@ -92,6 +329,16 @@ Notable changes
92
329
  [[GitHub #297]](https://github.com/ruby/openssl/pull/297)
93
330
 
94
331
 
332
+ Version 2.1.4
333
+ =============
334
+
335
+ Bug fixes
336
+ ---------
337
+
338
+ * Do not use pkg-config if --with-openssl-dir option is specified.
339
+ [[GitHub #486]](https://github.com/ruby/openssl/pull/486)
340
+
341
+
95
342
  Version 2.1.3
96
343
  =============
97
344
 
@@ -113,7 +360,7 @@ Bug fixes
113
360
  [[GitHub #453]](https://github.com/ruby/openssl/pull/453)
114
361
  * Fix misuse of input record separator in `OpenSSL::Buffering` where it was
115
362
  for output.
116
- * Fix wrong interger casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
363
+ * Fix wrong integer casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
117
364
  [[GitHub #460]](https://github.com/ruby/openssl/pull/460)
118
365
  * `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
119
366
  newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
data/README.md CHANGED
@@ -2,26 +2,53 @@
2
2
 
3
3
  [![Actions Status](https://github.com/ruby/openssl/workflows/CI/badge.svg)](https://github.com/ruby/openssl/actions?workflow=CI)
4
4
 
5
+ **OpenSSL for Ruby** provides access to SSL/TLS and general-purpose
6
+ cryptography based on the OpenSSL library.
5
7
 
6
- OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
7
- OpenSSL library.
8
+ OpenSSL for Ruby is sometimes referred to as **openssl** in all lowercase
9
+ or **Ruby/OpenSSL** for disambiguation.
10
+
11
+ ## Compatibility and maintenance policy
12
+
13
+ OpenSSL for Ruby is released as a RubyGems gem. At the same time, it is part of
14
+ the standard library of Ruby. This is called a [default gem].
15
+
16
+ Each stable branch of OpenSSL for Ruby will remain supported as long as it is
17
+ included as a default gem in [supported Ruby branches][Ruby Maintenance Branches].
18
+
19
+ |Version|Maintenance status |Ruby compatibility|OpenSSL compatibility |
20
+ |-------|-------------------------------|------------------|--------------------------------------------|
21
+ |3.2.x |normal maintenance (Ruby 3.3) |Ruby 2.7+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
22
+ |3.1.x |normal maintenance (Ruby 3.2) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
23
+ |3.0.x |normal maintenance (Ruby 3.1) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
24
+ |2.2.x |security maintenance (Ruby 3.0)|Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.9+ |
25
+ |2.1.x |end-of-life (Ruby 2.5-2.7) |Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.5+ |
26
+ |2.0.x |end-of-life (Ruby 2.4) |Ruby 2.3+ |OpenSSL 0.9.8-1.1.1 or LibreSSL 2.3+ |
27
+
28
+ [default gem]: https://docs.ruby-lang.org/en/master/standard_library_rdoc.html
29
+ [Ruby Maintenance Branches]: https://www.ruby-lang.org/en/downloads/branches/
8
30
 
9
31
  ## Installation
10
32
 
11
- The openssl gem is available at [rubygems.org](https://rubygems.org/gems/openssl).
12
- You can install with:
33
+ > **Note**
34
+ > The openssl gem is included with Ruby by default, but you may wish to upgrade
35
+ > it to a newer version available at
36
+ > [rubygems.org](https://rubygems.org/gems/openssl).
37
+
38
+ To upgrade it, you can use RubyGems:
13
39
 
14
40
  ```
15
41
  gem install openssl
16
42
  ```
17
43
 
18
- You may need to specify the path where OpenSSL is installed.
44
+ In some cases, it may be necessary to specify the path to the installation
45
+ directory of the OpenSSL library.
19
46
 
20
47
  ```
21
48
  gem install openssl -- --with-openssl-dir=/opt/openssl
22
49
  ```
23
50
 
24
- Alternatively, you can install the gem with `bundler`:
51
+ Alternatively, you can install the gem with Bundler:
25
52
 
26
53
  ```ruby
27
54
  # Gemfile
@@ -30,7 +57,7 @@ gem 'openssl'
30
57
  gem 'openssl', git: 'https://github.com/ruby/openssl'
31
58
  ```
32
59
 
33
- After doing `bundle install`, you should have the gem installed in your bundle.
60
+ After running `bundle install`, you should have the gem installed in your bundle.
34
61
 
35
62
  ## Usage
36
63
 
@@ -40,15 +67,6 @@ Once installed, you can require "openssl" in your application.
40
67
  require "openssl"
41
68
  ```
42
69
 
43
- **NOTE**: If you are using Ruby 2.3 (and not Bundler), you **must** activate
44
- the gem version of openssl, otherwise the default gem packaged with the Ruby
45
- installation will be used:
46
-
47
- ```ruby
48
- gem "openssl"
49
- require "openssl"
50
- ```
51
-
52
70
  ## Documentation
53
71
 
54
72
  See https://ruby.github.io/openssl/.
@@ -57,10 +75,9 @@ See https://ruby.github.io/openssl/.
57
75
 
58
76
  Please read our [CONTRIBUTING.md] for instructions.
59
77
 
78
+ [CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
79
+
60
80
  ## Security
61
81
 
62
82
  Security issues should be reported to ruby-core by following the process
63
83
  described on ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
64
-
65
-
66
- [CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md