openssl 3.0.2 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +1 -1
  3. data/History.md +76 -0
  4. data/README.md +36 -19
  5. data/ext/openssl/extconf.rb +89 -55
  6. data/ext/openssl/ossl.c +73 -195
  7. data/ext/openssl/ossl.h +11 -6
  8. data/ext/openssl/ossl_asn1.c +11 -10
  9. data/ext/openssl/ossl_bn.c +25 -13
  10. data/ext/openssl/ossl_cipher.c +2 -3
  11. data/ext/openssl/ossl_config.c +1 -1
  12. data/ext/openssl/ossl_digest.c +1 -1
  13. data/ext/openssl/ossl_engine.c +1 -1
  14. data/ext/openssl/ossl_hmac.c +1 -1
  15. data/ext/openssl/ossl_kdf.c +4 -4
  16. data/ext/openssl/ossl_ns_spki.c +1 -1
  17. data/ext/openssl/ossl_ocsp.c +8 -8
  18. data/ext/openssl/ossl_pkcs12.c +1 -1
  19. data/ext/openssl/ossl_pkcs7.c +3 -3
  20. data/ext/openssl/ossl_pkey.c +219 -46
  21. data/ext/openssl/ossl_pkey.h +1 -1
  22. data/ext/openssl/ossl_pkey_dh.c +28 -13
  23. data/ext/openssl/ossl_pkey_dsa.c +64 -15
  24. data/ext/openssl/ossl_pkey_ec.c +73 -17
  25. data/ext/openssl/ossl_pkey_rsa.c +74 -19
  26. data/ext/openssl/ossl_provider.c +211 -0
  27. data/ext/openssl/ossl_provider.h +5 -0
  28. data/ext/openssl/ossl_ssl.c +292 -113
  29. data/ext/openssl/ossl_ssl_session.c +5 -1
  30. data/ext/openssl/ossl_ts.c +3 -3
  31. data/ext/openssl/ossl_x509attr.c +1 -1
  32. data/ext/openssl/ossl_x509cert.c +1 -1
  33. data/ext/openssl/ossl_x509crl.c +1 -1
  34. data/ext/openssl/ossl_x509ext.c +13 -7
  35. data/ext/openssl/ossl_x509name.c +1 -1
  36. data/ext/openssl/ossl_x509req.c +1 -1
  37. data/ext/openssl/ossl_x509revoked.c +1 -1
  38. data/ext/openssl/ossl_x509store.c +12 -5
  39. data/lib/openssl/buffering.rb +2 -5
  40. data/lib/openssl/digest.rb +1 -5
  41. data/lib/openssl/pkey.rb +8 -4
  42. data/lib/openssl/ssl.rb +15 -10
  43. data/lib/openssl/version.rb +1 -1
  44. metadata +9 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b8568ca84395c137b32a22127dcaa2125265d1f5b61a62ba1d56e2373b7a96c4
4
- data.tar.gz: 1cef2e5798b482c3096826306a3264b82626f6d6cb23f53d9a71025f5afa46b3
3
+ metadata.gz: 5040b959a35f5692d6d19e2bf520e1123da8133fff2f878cfc21c2ff0f145d6e
4
+ data.tar.gz: dfee6ebd76e423511aa0fc4630f8120edce8fe79d4f40ee7105ccad12c2d3340
5
5
  SHA512:
6
- metadata.gz: 1bb9f6a40f535f4331097321296028fc2bdc8e5f90e6366c8db5c8e6dca771b55932c01479f667bd0751940917c83a9c98ca9ea70d7c622688cbb24432afdb36
7
- data.tar.gz: d9905167ac9e1ffc3201155d39d947e5b0e923797a09ba172a443d4a4040a5d8663edfdb30c935a6d2fa71438e8f8a0fec025c21b5af9290eb76b02a8c100326
6
+ metadata.gz: f542ec360be844382829f4bcc46b5cffdfcaf675b02ecdc1cd15a6e80c061476ee4582fdb201ef2dd0f430806d74036233eef3a5c23e5b4028560ad075ed706b
7
+ data.tar.gz: 0173033ebe6efb76b747cc80835cc9530dd664d038256bbdf963d4940b5f3bfad90be313554f548a911ac0977d4bdc33c088dfd3b6fb8e46db7bcd5d2ec34a8c
data/CONTRIBUTING.md CHANGED
@@ -17,7 +17,7 @@ When reporting a bug, please make sure you include:
17
17
  * Ruby version (`ruby -v`)
18
18
  * `openssl` gem version (`gem list openssl` and `OpenSSL::VERSION`)
19
19
  * OpenSSL library version (`OpenSSL::OPENSSL_VERSION`)
20
- * A sample file that illustrates the problem or link to the repository or
20
+ * A sample file that illustrates the problem or link to the repository or
21
21
  gem that is associated with the bug.
22
22
 
23
23
  There are a number of unresolved issues and feature requests for openssl that
data/History.md CHANGED
@@ -1,3 +1,79 @@
1
+ Version 3.2.0
2
+ =============
3
+
4
+ Compatibility
5
+ -------------
6
+
7
+ * Ruby >= 2.7
8
+ - Support for Ruby 2.6 has been removed. Note that Ruby 2.6 reached the
9
+ end-of-life in 2022-04.
10
+ [[GitHub #639]](https://github.com/ruby/openssl/pull/639)
11
+ * OpenSSL >= 1.0.2 or LibreSSL >= 3.1
12
+
13
+ Notable changes
14
+ ---------------
15
+
16
+ * Add a stub gemspec for JRuby, which depends on the `jruby-openssl` gem.
17
+ [[GitHub #598]](https://github.com/ruby/openssl/pull/598)
18
+ * Add support for the FIPS module in OpenSSL 3.0/3.1.
19
+ [[GitHub #608]](https://github.com/ruby/openssl/pull/608)
20
+ * Rework `OpenSSL::PKey` routines for loading DER or PEM encoded keys for better
21
+ compatibility with OpenSSL 3.0/3.1 with the FIPS module.
22
+ [[GitHub #615]](https://github.com/ruby/openssl/pull/615)
23
+ [[GitHub #669]](https://github.com/ruby/openssl/pull/669)
24
+ * Add `OpenSSL::Provider` module for loading and unloading OpenSSL 3 providers.
25
+ [[GitHub #635]](https://github.com/ruby/openssl/pull/635)
26
+ * Add `OpenSSL::PKey.new_raw_private_key`, `.new_raw_public_key`,
27
+ `OpenSSL::PKey::PKey#raw_private_key`, and `#raw_public_key` for public key
28
+ algorithms that use "raw private/public key", such as X25519 and Ed25519.
29
+ [[GitHub #646]](https://github.com/ruby/openssl/pull/646)
30
+ * Improve OpenSSL error messages to include additional information when
31
+ it is available in OpenSSL's error queue.
32
+ [[GitHub #648]](https://github.com/ruby/openssl/pull/648)
33
+ * Change `OpenSSL::SSL::SSLContext#ca_file=` and `#ca_path=` to raise
34
+ `OpenSSL::SSL::SSLError` instead of printing a warning message.
35
+ [[GitHub #659]](https://github.com/ruby/openssl/pull/659)
36
+ * Allow `OpenSSL::X509::ExtensionFactory#create_extension` to take OIDs in the
37
+ dotted-decimal notation.
38
+ [[GitHub #141]](https://github.com/ruby/openssl/pull/141)
39
+
40
+
41
+ Version 3.1.0
42
+ =============
43
+
44
+ Ruby/OpenSSL 3.1 will be maintained for the lifetime of Ruby 3.2.
45
+
46
+ Merged bug fixes in 2.2.3 and 3.0.2. Among the new features and changes are:
47
+
48
+ Notable changes
49
+ ---------------
50
+
51
+ * Add `OpenSSL::SSL::SSLContext#ciphersuites=` to allow setting TLS 1.3 cipher
52
+ suites.
53
+ [[GitHub #493]](https://github.com/ruby/openssl/pull/493)
54
+ * Add `OpenSSL::SSL::SSLSocket#export_keying_material` for exporting keying
55
+ material of the session, as defined in RFC 5705.
56
+ [[GitHub #530]](https://github.com/ruby/openssl/pull/530)
57
+ * Add `OpenSSL::SSL::SSLContext#keylog_cb=` for setting the TLS key logging
58
+ callback, which is useful for supporting NSS's SSLKEYLOGFILE debugging output.
59
+ [[GitHub #536]](https://github.com/ruby/openssl/pull/536)
60
+ * Remove the default digest algorithm from `OpenSSL::OCSP::BasicResponse#sign`
61
+ and `OpenSSL::OCSP::Request#sign`. Omitting the 5th parameter of these
62
+ methods used to be equivalent of specifying SHA-1. This default value is now
63
+ removed and we will let the underlying OpenSSL library decide instead.
64
+ [[GitHub #507]](https://github.com/ruby/openssl/pull/507)
65
+ * Add `OpenSSL::BN#mod_sqrt`.
66
+ [[GitHub #553]](https://github.com/ruby/openssl/pull/553)
67
+ * Allow calling `OpenSSL::Cipher#update` with an empty string. This was
68
+ prohibited to workaround an ancient bug in OpenSSL.
69
+ [[GitHub #568]](https://github.com/ruby/openssl/pull/568)
70
+ * Fix build on platforms without socket support, such as WASI. `OpenSSL::SSL`
71
+ will not be defined if OpenSSL is compiled with `OPENSSL_NO_SOCK`.
72
+ [[GitHub #558]](https://github.com/ruby/openssl/pull/558)
73
+ * Improve support for recent LibreSSL versions. This includes HKDF support in
74
+ LibreSSL 3.6 and Ed25519 support in LibreSSL 3.7.
75
+
76
+
1
77
  Version 3.0.2
2
78
  =============
3
79
 
data/README.md CHANGED
@@ -2,26 +2,53 @@
2
2
 
3
3
  [![Actions Status](https://github.com/ruby/openssl/workflows/CI/badge.svg)](https://github.com/ruby/openssl/actions?workflow=CI)
4
4
 
5
+ **OpenSSL for Ruby** provides access to SSL/TLS and general-purpose
6
+ cryptography based on the OpenSSL library.
5
7
 
6
- OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
7
- OpenSSL library.
8
+ OpenSSL for Ruby is sometimes referred to as **openssl** in all lowercase
9
+ or **Ruby/OpenSSL** for disambiguation.
10
+
11
+ ## Compatibility and maintenance policy
12
+
13
+ OpenSSL for Ruby is released as a RubyGems gem. At the same time, it is part of
14
+ the standard library of Ruby. This is called a [default gem].
15
+
16
+ Each stable branch of OpenSSL for Ruby will remain supported as long as it is
17
+ included as a default gem in [supported Ruby branches][Ruby Maintenance Branches].
18
+
19
+ |Version|Maintenance status |Ruby compatibility|OpenSSL compatibility |
20
+ |-------|-------------------------------|------------------|--------------------------------------------|
21
+ |3.2.x |normal maintenance (Ruby 3.3) |Ruby 2.7+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
22
+ |3.1.x |normal maintenance (Ruby 3.2) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
23
+ |3.0.x |normal maintenance (Ruby 3.1) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
24
+ |2.2.x |security maintenance (Ruby 3.0)|Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.9+ |
25
+ |2.1.x |end-of-life (Ruby 2.5-2.7) |Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.5+ |
26
+ |2.0.x |end-of-life (Ruby 2.4) |Ruby 2.3+ |OpenSSL 0.9.8-1.1.1 or LibreSSL 2.3+ |
27
+
28
+ [default gem]: https://docs.ruby-lang.org/en/master/standard_library_rdoc.html
29
+ [Ruby Maintenance Branches]: https://www.ruby-lang.org/en/downloads/branches/
8
30
 
9
31
  ## Installation
10
32
 
11
- The openssl gem is available at [rubygems.org](https://rubygems.org/gems/openssl).
12
- You can install with:
33
+ > **Note**
34
+ > The openssl gem is included with Ruby by default, but you may wish to upgrade
35
+ > it to a newer version available at
36
+ > [rubygems.org](https://rubygems.org/gems/openssl).
37
+
38
+ To upgrade it, you can use RubyGems:
13
39
 
14
40
  ```
15
41
  gem install openssl
16
42
  ```
17
43
 
18
- You may need to specify the path where OpenSSL is installed.
44
+ In some cases, it may be necessary to specify the path to the installation
45
+ directory of the OpenSSL library.
19
46
 
20
47
  ```
21
48
  gem install openssl -- --with-openssl-dir=/opt/openssl
22
49
  ```
23
50
 
24
- Alternatively, you can install the gem with `bundler`:
51
+ Alternatively, you can install the gem with Bundler:
25
52
 
26
53
  ```ruby
27
54
  # Gemfile
@@ -30,7 +57,7 @@ gem 'openssl'
30
57
  gem 'openssl', git: 'https://github.com/ruby/openssl'
31
58
  ```
32
59
 
33
- After doing `bundle install`, you should have the gem installed in your bundle.
60
+ After running `bundle install`, you should have the gem installed in your bundle.
34
61
 
35
62
  ## Usage
36
63
 
@@ -40,15 +67,6 @@ Once installed, you can require "openssl" in your application.
40
67
  require "openssl"
41
68
  ```
42
69
 
43
- **NOTE**: If you are using Ruby 2.3 (and not Bundler), you **must** activate
44
- the gem version of openssl, otherwise the default gem packaged with the Ruby
45
- installation will be used:
46
-
47
- ```ruby
48
- gem "openssl"
49
- require "openssl"
50
- ```
51
-
52
70
  ## Documentation
53
71
 
54
72
  See https://ruby.github.io/openssl/.
@@ -57,10 +75,9 @@ See https://ruby.github.io/openssl/.
57
75
 
58
76
  Please read our [CONTRIBUTING.md] for instructions.
59
77
 
78
+ [CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
79
+
60
80
  ## Security
61
81
 
62
82
  Security issues should be reported to ruby-core by following the process
63
83
  described on ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
64
-
65
-
66
- [CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
@@ -13,20 +13,42 @@
13
13
 
14
14
  require "mkmf"
15
15
 
16
- dir_config_given = dir_config("openssl").any?
16
+ ssl_dirs = nil
17
+ if defined?(::TruffleRuby)
18
+ # Always respect the openssl prefix chosen by truffle/openssl-prefix
19
+ require 'truffle/openssl-prefix'
20
+ ssl_dirs = dir_config("openssl", ENV["OPENSSL_PREFIX"])
21
+ else
22
+ ssl_dirs = dir_config("openssl")
23
+ end
24
+ dir_config_given = ssl_dirs.any?
25
+
26
+ _, ssl_ldir = ssl_dirs
27
+ if ssl_ldir&.split(File::PATH_SEPARATOR)&.none? { |dir| File.directory?(dir) }
28
+ # According to the `mkmf.rb#dir_config`, the `--with-openssl-dir=<dir>` uses
29
+ # the value of the `File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])` as a
30
+ # loaded library directory name.
31
+ ruby_ldir_name = File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])
32
+
33
+ raise "OpenSSL library directory could not be found in '#{ssl_ldir}'. " \
34
+ "You might want to fix this error in one of the following ways.\n" \
35
+ " * Recompile OpenSSL by configuring it with --libdir=#{ruby_ldir_name} " \
36
+ " to specify the OpenSSL library directory.\n" \
37
+ " * Recompile Ruby by configuring it with --libdir=<dir> to specify the " \
38
+ "Ruby library directory.\n" \
39
+ " * Compile this openssl gem with --with-openssl-include=<dir> and " \
40
+ "--with-openssl-lib=<dir> options to specify the OpenSSL include and " \
41
+ "library directories."
42
+ end
43
+
17
44
  dir_config("kerberos")
18
45
 
19
46
  Logging::message "=== OpenSSL for Ruby configurator ===\n"
20
47
 
21
- ##
22
- # Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
23
- # To turn it on, use: --with-debug or --enable-debug
24
- #
25
- if with_config("debug") or enable_config("debug")
26
- $defs.push("-DOSSL_DEBUG")
27
- end
48
+ $defs.push("-D""OPENSSL_SUPPRESS_DEPRECATED")
28
49
 
29
- have_func("rb_io_maybe_wait") # Ruby 3.1
50
+ have_func("rb_io_descriptor")
51
+ have_func("rb_io_maybe_wait(0, Qnil, Qnil, Qnil)", "ruby/io.h") # Ruby 3.1
30
52
 
31
53
  Logging::message "=== Checking for system dependent stuff... ===\n"
32
54
  have_library("nsl", "t_open")
@@ -120,8 +142,13 @@ if is_libressl && ($mswin || $mingw)
120
142
  end
121
143
 
122
144
  Logging::message "=== Checking for OpenSSL features... ===\n"
145
+ evp_h = "openssl/evp.h".freeze
146
+ x509_h = "openssl/x509.h".freeze
147
+ ts_h = "openssl/ts.h".freeze
148
+ ssl_h = "openssl/ssl.h".freeze
149
+
123
150
  # compile options
124
- have_func("RAND_egd")
151
+ have_func("RAND_egd()", "openssl/rand.h")
125
152
  engines = %w{dynamic 4758cca aep atalla chil
126
153
  cswift nuron sureware ubsec padlock capi gmp gost cryptodev}
127
154
  engines.each { |name|
@@ -132,58 +159,65 @@ engines.each { |name|
132
159
  if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || is_libressl
133
160
  $defs.push("-DHAVE_OPAQUE_OPENSSL")
134
161
  end
135
- have_func("EVP_MD_CTX_new")
136
- have_func("EVP_MD_CTX_free")
137
- have_func("EVP_MD_CTX_pkey_ctx")
138
- have_func("X509_STORE_get_ex_data")
139
- have_func("X509_STORE_set_ex_data")
140
- have_func("X509_STORE_get_ex_new_index")
141
- have_func("X509_CRL_get0_signature")
142
- have_func("X509_REQ_get0_signature")
143
- have_func("X509_REVOKED_get0_serialNumber")
144
- have_func("X509_REVOKED_get0_revocationDate")
145
- have_func("X509_get0_tbs_sigalg")
146
- have_func("X509_STORE_CTX_get0_untrusted")
147
- have_func("X509_STORE_CTX_get0_cert")
148
- have_func("X509_STORE_CTX_get0_chain")
149
- have_func("OCSP_SINGLERESP_get0_id")
150
- have_func("SSL_CTX_get_ciphers")
151
- have_func("X509_up_ref")
152
- have_func("X509_CRL_up_ref")
153
- have_func("X509_STORE_up_ref")
154
- have_func("SSL_SESSION_up_ref")
155
- have_func("EVP_PKEY_up_ref")
156
- have_func("SSL_CTX_set_min_proto_version(NULL, 0)", "openssl/ssl.h")
157
- have_func("SSL_CTX_get_security_level")
158
- have_func("X509_get0_notBefore")
159
- have_func("SSL_SESSION_get_protocol_version")
160
- have_func("TS_STATUS_INFO_get0_status")
161
- have_func("TS_STATUS_INFO_get0_text")
162
- have_func("TS_STATUS_INFO_get0_failure_info")
163
- have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h")
164
- have_func("TS_VERIFY_CTX_set_store")
165
- have_func("TS_VERIFY_CTX_add_flags")
166
- have_func("TS_RESP_CTX_set_time_cb")
167
- have_func("EVP_PBE_scrypt")
168
- have_func("SSL_CTX_set_post_handshake_auth")
162
+ have_func("EVP_MD_CTX_new()", evp_h)
163
+ have_func("EVP_MD_CTX_free(NULL)", evp_h)
164
+ have_func("EVP_MD_CTX_pkey_ctx(NULL)", evp_h)
165
+ have_func("X509_STORE_get_ex_data(NULL, 0)", x509_h)
166
+ have_func("X509_STORE_set_ex_data(NULL, 0, NULL)", x509_h)
167
+ have_func("X509_STORE_get_ex_new_index(0, NULL, NULL, NULL, NULL)", x509_h)
168
+ have_func("X509_CRL_get0_signature(NULL, NULL, NULL)", x509_h)
169
+ have_func("X509_REQ_get0_signature(NULL, NULL, NULL)", x509_h)
170
+ have_func("X509_REVOKED_get0_serialNumber(NULL)", x509_h)
171
+ have_func("X509_REVOKED_get0_revocationDate(NULL)", x509_h)
172
+ have_func("X509_get0_tbs_sigalg(NULL)", x509_h)
173
+ have_func("X509_STORE_CTX_get0_untrusted(NULL)", x509_h)
174
+ have_func("X509_STORE_CTX_get0_cert(NULL)", x509_h)
175
+ have_func("X509_STORE_CTX_get0_chain(NULL)", x509_h)
176
+ have_func("OCSP_SINGLERESP_get0_id(NULL)", "openssl/ocsp.h")
177
+ have_func("SSL_CTX_get_ciphers(NULL)", ssl_h)
178
+ have_func("X509_up_ref(NULL)", x509_h)
179
+ have_func("X509_CRL_up_ref(NULL)", x509_h)
180
+ have_func("X509_STORE_up_ref(NULL)", x509_h)
181
+ have_func("SSL_SESSION_up_ref(NULL)", ssl_h)
182
+ have_func("EVP_PKEY_up_ref(NULL)", evp_h)
183
+ have_func("SSL_CTX_set_min_proto_version(NULL, 0)", ssl_h)
184
+ have_func("SSL_CTX_get_security_level(NULL)", ssl_h)
185
+ have_func("X509_get0_notBefore(NULL)", x509_h)
186
+ have_func("SSL_SESSION_get_protocol_version(NULL)", ssl_h)
187
+ have_func("TS_STATUS_INFO_get0_status(NULL)", ts_h)
188
+ have_func("TS_STATUS_INFO_get0_text(NULL)", ts_h)
189
+ have_func("TS_STATUS_INFO_get0_failure_info(NULL)", ts_h)
190
+ have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", ts_h)
191
+ have_func("TS_VERIFY_CTX_set_store(NULL, NULL)", ts_h)
192
+ have_func("TS_VERIFY_CTX_add_flags(NULL, 0)", ts_h)
193
+ have_func("TS_RESP_CTX_set_time_cb(NULL, NULL, NULL)", ts_h)
194
+ have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h)
195
+ have_func("SSL_CTX_set_post_handshake_auth(NULL, 0)", ssl_h)
169
196
 
170
197
  # added in 1.1.1
171
- have_func("EVP_PKEY_check")
172
- have_func("EVP_PKEY_new_raw_private_key")
198
+ have_func("EVP_PKEY_check(NULL)", evp_h)
199
+ have_func("EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)\"\", 0)", evp_h)
200
+ have_func("SSL_CTX_set_ciphersuites(NULL, \"\")", ssl_h)
173
201
 
174
202
  # added in 3.0.0
175
- have_func("SSL_set0_tmp_dh_pkey")
176
- have_func("ERR_get_error_all")
177
- have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
178
- have_func("SSL_CTX_load_verify_file")
179
- have_func("BN_check_prime")
180
- have_func("EVP_MD_CTX_get0_md")
181
- have_func("EVP_MD_CTX_get_pkey_ctx")
182
- have_func("EVP_PKEY_eq")
183
- have_func("EVP_PKEY_dup")
203
+ have_func("SSL_set0_tmp_dh_pkey(NULL, NULL)", ssl_h)
204
+ have_func("ERR_get_error_all(NULL, NULL, NULL, NULL, NULL)", "openssl/err.h")
205
+ have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", ts_h)
206
+ have_func("SSL_CTX_load_verify_file(NULL, \"\")", ssl_h)
207
+ have_func("BN_check_prime(NULL, NULL, NULL)", "openssl/bn.h")
208
+ have_func("EVP_MD_CTX_get0_md(NULL)", evp_h)
209
+ have_func("EVP_MD_CTX_get_pkey_ctx(NULL)", evp_h)
210
+ have_func("EVP_PKEY_eq(NULL, NULL)", evp_h)
211
+ have_func("EVP_PKEY_dup(NULL)", evp_h)
184
212
 
185
213
  Logging::message "=== Checking done. ===\n"
186
214
 
215
+ # Append flags from environment variables.
216
+ extcflags = ENV["RUBY_OPENSSL_EXTCFLAGS"]
217
+ append_cflags(extcflags.split) if extcflags
218
+ extldflags = ENV["RUBY_OPENSSL_EXTLDFLAGS"]
219
+ append_ldflags(extldflags.split) if extldflags
220
+
187
221
  create_header
188
222
  create_makefile("openssl")
189
223
  Logging::message "Done.\n"