openssl 3.0.2 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +1 -1
- data/History.md +76 -0
- data/README.md +36 -19
- data/ext/openssl/extconf.rb +89 -55
- data/ext/openssl/ossl.c +73 -195
- data/ext/openssl/ossl.h +11 -6
- data/ext/openssl/ossl_asn1.c +11 -10
- data/ext/openssl/ossl_bn.c +25 -13
- data/ext/openssl/ossl_cipher.c +2 -3
- data/ext/openssl/ossl_config.c +1 -1
- data/ext/openssl/ossl_digest.c +1 -1
- data/ext/openssl/ossl_engine.c +1 -1
- data/ext/openssl/ossl_hmac.c +1 -1
- data/ext/openssl/ossl_kdf.c +4 -4
- data/ext/openssl/ossl_ns_spki.c +1 -1
- data/ext/openssl/ossl_ocsp.c +8 -8
- data/ext/openssl/ossl_pkcs12.c +1 -1
- data/ext/openssl/ossl_pkcs7.c +3 -3
- data/ext/openssl/ossl_pkey.c +219 -46
- data/ext/openssl/ossl_pkey.h +1 -1
- data/ext/openssl/ossl_pkey_dh.c +28 -13
- data/ext/openssl/ossl_pkey_dsa.c +64 -15
- data/ext/openssl/ossl_pkey_ec.c +73 -17
- data/ext/openssl/ossl_pkey_rsa.c +74 -19
- data/ext/openssl/ossl_provider.c +211 -0
- data/ext/openssl/ossl_provider.h +5 -0
- data/ext/openssl/ossl_ssl.c +292 -113
- data/ext/openssl/ossl_ssl_session.c +5 -1
- data/ext/openssl/ossl_ts.c +3 -3
- data/ext/openssl/ossl_x509attr.c +1 -1
- data/ext/openssl/ossl_x509cert.c +1 -1
- data/ext/openssl/ossl_x509crl.c +1 -1
- data/ext/openssl/ossl_x509ext.c +13 -7
- data/ext/openssl/ossl_x509name.c +1 -1
- data/ext/openssl/ossl_x509req.c +1 -1
- data/ext/openssl/ossl_x509revoked.c +1 -1
- data/ext/openssl/ossl_x509store.c +12 -5
- data/lib/openssl/buffering.rb +2 -5
- data/lib/openssl/digest.rb +1 -5
- data/lib/openssl/pkey.rb +8 -4
- data/lib/openssl/ssl.rb +15 -10
- data/lib/openssl/version.rb +1 -1
- metadata +9 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5040b959a35f5692d6d19e2bf520e1123da8133fff2f878cfc21c2ff0f145d6e
|
4
|
+
data.tar.gz: dfee6ebd76e423511aa0fc4630f8120edce8fe79d4f40ee7105ccad12c2d3340
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f542ec360be844382829f4bcc46b5cffdfcaf675b02ecdc1cd15a6e80c061476ee4582fdb201ef2dd0f430806d74036233eef3a5c23e5b4028560ad075ed706b
|
7
|
+
data.tar.gz: 0173033ebe6efb76b747cc80835cc9530dd664d038256bbdf963d4940b5f3bfad90be313554f548a911ac0977d4bdc33c088dfd3b6fb8e46db7bcd5d2ec34a8c
|
data/CONTRIBUTING.md
CHANGED
@@ -17,7 +17,7 @@ When reporting a bug, please make sure you include:
|
|
17
17
|
* Ruby version (`ruby -v`)
|
18
18
|
* `openssl` gem version (`gem list openssl` and `OpenSSL::VERSION`)
|
19
19
|
* OpenSSL library version (`OpenSSL::OPENSSL_VERSION`)
|
20
|
-
* A sample file that illustrates the problem or link to the repository or
|
20
|
+
* A sample file that illustrates the problem or link to the repository or
|
21
21
|
gem that is associated with the bug.
|
22
22
|
|
23
23
|
There are a number of unresolved issues and feature requests for openssl that
|
data/History.md
CHANGED
@@ -1,3 +1,79 @@
|
|
1
|
+
Version 3.2.0
|
2
|
+
=============
|
3
|
+
|
4
|
+
Compatibility
|
5
|
+
-------------
|
6
|
+
|
7
|
+
* Ruby >= 2.7
|
8
|
+
- Support for Ruby 2.6 has been removed. Note that Ruby 2.6 reached the
|
9
|
+
end-of-life in 2022-04.
|
10
|
+
[[GitHub #639]](https://github.com/ruby/openssl/pull/639)
|
11
|
+
* OpenSSL >= 1.0.2 or LibreSSL >= 3.1
|
12
|
+
|
13
|
+
Notable changes
|
14
|
+
---------------
|
15
|
+
|
16
|
+
* Add a stub gemspec for JRuby, which depends on the `jruby-openssl` gem.
|
17
|
+
[[GitHub #598]](https://github.com/ruby/openssl/pull/598)
|
18
|
+
* Add support for the FIPS module in OpenSSL 3.0/3.1.
|
19
|
+
[[GitHub #608]](https://github.com/ruby/openssl/pull/608)
|
20
|
+
* Rework `OpenSSL::PKey` routines for loading DER or PEM encoded keys for better
|
21
|
+
compatibility with OpenSSL 3.0/3.1 with the FIPS module.
|
22
|
+
[[GitHub #615]](https://github.com/ruby/openssl/pull/615)
|
23
|
+
[[GitHub #669]](https://github.com/ruby/openssl/pull/669)
|
24
|
+
* Add `OpenSSL::Provider` module for loading and unloading OpenSSL 3 providers.
|
25
|
+
[[GitHub #635]](https://github.com/ruby/openssl/pull/635)
|
26
|
+
* Add `OpenSSL::PKey.new_raw_private_key`, `.new_raw_public_key`,
|
27
|
+
`OpenSSL::PKey::PKey#raw_private_key`, and `#raw_public_key` for public key
|
28
|
+
algorithms that use "raw private/public key", such as X25519 and Ed25519.
|
29
|
+
[[GitHub #646]](https://github.com/ruby/openssl/pull/646)
|
30
|
+
* Improve OpenSSL error messages to include additional information when
|
31
|
+
it is available in OpenSSL's error queue.
|
32
|
+
[[GitHub #648]](https://github.com/ruby/openssl/pull/648)
|
33
|
+
* Change `OpenSSL::SSL::SSLContext#ca_file=` and `#ca_path=` to raise
|
34
|
+
`OpenSSL::SSL::SSLError` instead of printing a warning message.
|
35
|
+
[[GitHub #659]](https://github.com/ruby/openssl/pull/659)
|
36
|
+
* Allow `OpenSSL::X509::ExtensionFactory#create_extension` to take OIDs in the
|
37
|
+
dotted-decimal notation.
|
38
|
+
[[GitHub #141]](https://github.com/ruby/openssl/pull/141)
|
39
|
+
|
40
|
+
|
41
|
+
Version 3.1.0
|
42
|
+
=============
|
43
|
+
|
44
|
+
Ruby/OpenSSL 3.1 will be maintained for the lifetime of Ruby 3.2.
|
45
|
+
|
46
|
+
Merged bug fixes in 2.2.3 and 3.0.2. Among the new features and changes are:
|
47
|
+
|
48
|
+
Notable changes
|
49
|
+
---------------
|
50
|
+
|
51
|
+
* Add `OpenSSL::SSL::SSLContext#ciphersuites=` to allow setting TLS 1.3 cipher
|
52
|
+
suites.
|
53
|
+
[[GitHub #493]](https://github.com/ruby/openssl/pull/493)
|
54
|
+
* Add `OpenSSL::SSL::SSLSocket#export_keying_material` for exporting keying
|
55
|
+
material of the session, as defined in RFC 5705.
|
56
|
+
[[GitHub #530]](https://github.com/ruby/openssl/pull/530)
|
57
|
+
* Add `OpenSSL::SSL::SSLContext#keylog_cb=` for setting the TLS key logging
|
58
|
+
callback, which is useful for supporting NSS's SSLKEYLOGFILE debugging output.
|
59
|
+
[[GitHub #536]](https://github.com/ruby/openssl/pull/536)
|
60
|
+
* Remove the default digest algorithm from `OpenSSL::OCSP::BasicResponse#sign`
|
61
|
+
and `OpenSSL::OCSP::Request#sign`. Omitting the 5th parameter of these
|
62
|
+
methods used to be equivalent of specifying SHA-1. This default value is now
|
63
|
+
removed and we will let the underlying OpenSSL library decide instead.
|
64
|
+
[[GitHub #507]](https://github.com/ruby/openssl/pull/507)
|
65
|
+
* Add `OpenSSL::BN#mod_sqrt`.
|
66
|
+
[[GitHub #553]](https://github.com/ruby/openssl/pull/553)
|
67
|
+
* Allow calling `OpenSSL::Cipher#update` with an empty string. This was
|
68
|
+
prohibited to workaround an ancient bug in OpenSSL.
|
69
|
+
[[GitHub #568]](https://github.com/ruby/openssl/pull/568)
|
70
|
+
* Fix build on platforms without socket support, such as WASI. `OpenSSL::SSL`
|
71
|
+
will not be defined if OpenSSL is compiled with `OPENSSL_NO_SOCK`.
|
72
|
+
[[GitHub #558]](https://github.com/ruby/openssl/pull/558)
|
73
|
+
* Improve support for recent LibreSSL versions. This includes HKDF support in
|
74
|
+
LibreSSL 3.6 and Ed25519 support in LibreSSL 3.7.
|
75
|
+
|
76
|
+
|
1
77
|
Version 3.0.2
|
2
78
|
=============
|
3
79
|
|
data/README.md
CHANGED
@@ -2,26 +2,53 @@
|
|
2
2
|
|
3
3
|
[](https://github.com/ruby/openssl/actions?workflow=CI)
|
4
4
|
|
5
|
+
**OpenSSL for Ruby** provides access to SSL/TLS and general-purpose
|
6
|
+
cryptography based on the OpenSSL library.
|
5
7
|
|
6
|
-
OpenSSL
|
7
|
-
OpenSSL
|
8
|
+
OpenSSL for Ruby is sometimes referred to as **openssl** in all lowercase
|
9
|
+
or **Ruby/OpenSSL** for disambiguation.
|
10
|
+
|
11
|
+
## Compatibility and maintenance policy
|
12
|
+
|
13
|
+
OpenSSL for Ruby is released as a RubyGems gem. At the same time, it is part of
|
14
|
+
the standard library of Ruby. This is called a [default gem].
|
15
|
+
|
16
|
+
Each stable branch of OpenSSL for Ruby will remain supported as long as it is
|
17
|
+
included as a default gem in [supported Ruby branches][Ruby Maintenance Branches].
|
18
|
+
|
19
|
+
|Version|Maintenance status |Ruby compatibility|OpenSSL compatibility |
|
20
|
+
|-------|-------------------------------|------------------|--------------------------------------------|
|
21
|
+
|3.2.x |normal maintenance (Ruby 3.3) |Ruby 2.7+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
|
22
|
+
|3.1.x |normal maintenance (Ruby 3.2) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
|
23
|
+
|3.0.x |normal maintenance (Ruby 3.1) |Ruby 2.6+ |OpenSSL 1.0.2-3.1 (current) or LibreSSL 3.1+|
|
24
|
+
|2.2.x |security maintenance (Ruby 3.0)|Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.9+ |
|
25
|
+
|2.1.x |end-of-life (Ruby 2.5-2.7) |Ruby 2.3+ |OpenSSL 1.0.1-1.1.1 or LibreSSL 2.5+ |
|
26
|
+
|2.0.x |end-of-life (Ruby 2.4) |Ruby 2.3+ |OpenSSL 0.9.8-1.1.1 or LibreSSL 2.3+ |
|
27
|
+
|
28
|
+
[default gem]: https://docs.ruby-lang.org/en/master/standard_library_rdoc.html
|
29
|
+
[Ruby Maintenance Branches]: https://www.ruby-lang.org/en/downloads/branches/
|
8
30
|
|
9
31
|
## Installation
|
10
32
|
|
11
|
-
|
12
|
-
|
33
|
+
> **Note**
|
34
|
+
> The openssl gem is included with Ruby by default, but you may wish to upgrade
|
35
|
+
> it to a newer version available at
|
36
|
+
> [rubygems.org](https://rubygems.org/gems/openssl).
|
37
|
+
|
38
|
+
To upgrade it, you can use RubyGems:
|
13
39
|
|
14
40
|
```
|
15
41
|
gem install openssl
|
16
42
|
```
|
17
43
|
|
18
|
-
|
44
|
+
In some cases, it may be necessary to specify the path to the installation
|
45
|
+
directory of the OpenSSL library.
|
19
46
|
|
20
47
|
```
|
21
48
|
gem install openssl -- --with-openssl-dir=/opt/openssl
|
22
49
|
```
|
23
50
|
|
24
|
-
Alternatively, you can install the gem with
|
51
|
+
Alternatively, you can install the gem with Bundler:
|
25
52
|
|
26
53
|
```ruby
|
27
54
|
# Gemfile
|
@@ -30,7 +57,7 @@ gem 'openssl'
|
|
30
57
|
gem 'openssl', git: 'https://github.com/ruby/openssl'
|
31
58
|
```
|
32
59
|
|
33
|
-
After
|
60
|
+
After running `bundle install`, you should have the gem installed in your bundle.
|
34
61
|
|
35
62
|
## Usage
|
36
63
|
|
@@ -40,15 +67,6 @@ Once installed, you can require "openssl" in your application.
|
|
40
67
|
require "openssl"
|
41
68
|
```
|
42
69
|
|
43
|
-
**NOTE**: If you are using Ruby 2.3 (and not Bundler), you **must** activate
|
44
|
-
the gem version of openssl, otherwise the default gem packaged with the Ruby
|
45
|
-
installation will be used:
|
46
|
-
|
47
|
-
```ruby
|
48
|
-
gem "openssl"
|
49
|
-
require "openssl"
|
50
|
-
```
|
51
|
-
|
52
70
|
## Documentation
|
53
71
|
|
54
72
|
See https://ruby.github.io/openssl/.
|
@@ -57,10 +75,9 @@ See https://ruby.github.io/openssl/.
|
|
57
75
|
|
58
76
|
Please read our [CONTRIBUTING.md] for instructions.
|
59
77
|
|
78
|
+
[CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
|
79
|
+
|
60
80
|
## Security
|
61
81
|
|
62
82
|
Security issues should be reported to ruby-core by following the process
|
63
83
|
described on ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
|
64
|
-
|
65
|
-
|
66
|
-
[CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
|
data/ext/openssl/extconf.rb
CHANGED
@@ -13,20 +13,42 @@
|
|
13
13
|
|
14
14
|
require "mkmf"
|
15
15
|
|
16
|
-
|
16
|
+
ssl_dirs = nil
|
17
|
+
if defined?(::TruffleRuby)
|
18
|
+
# Always respect the openssl prefix chosen by truffle/openssl-prefix
|
19
|
+
require 'truffle/openssl-prefix'
|
20
|
+
ssl_dirs = dir_config("openssl", ENV["OPENSSL_PREFIX"])
|
21
|
+
else
|
22
|
+
ssl_dirs = dir_config("openssl")
|
23
|
+
end
|
24
|
+
dir_config_given = ssl_dirs.any?
|
25
|
+
|
26
|
+
_, ssl_ldir = ssl_dirs
|
27
|
+
if ssl_ldir&.split(File::PATH_SEPARATOR)&.none? { |dir| File.directory?(dir) }
|
28
|
+
# According to the `mkmf.rb#dir_config`, the `--with-openssl-dir=<dir>` uses
|
29
|
+
# the value of the `File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])` as a
|
30
|
+
# loaded library directory name.
|
31
|
+
ruby_ldir_name = File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])
|
32
|
+
|
33
|
+
raise "OpenSSL library directory could not be found in '#{ssl_ldir}'. " \
|
34
|
+
"You might want to fix this error in one of the following ways.\n" \
|
35
|
+
" * Recompile OpenSSL by configuring it with --libdir=#{ruby_ldir_name} " \
|
36
|
+
" to specify the OpenSSL library directory.\n" \
|
37
|
+
" * Recompile Ruby by configuring it with --libdir=<dir> to specify the " \
|
38
|
+
"Ruby library directory.\n" \
|
39
|
+
" * Compile this openssl gem with --with-openssl-include=<dir> and " \
|
40
|
+
"--with-openssl-lib=<dir> options to specify the OpenSSL include and " \
|
41
|
+
"library directories."
|
42
|
+
end
|
43
|
+
|
17
44
|
dir_config("kerberos")
|
18
45
|
|
19
46
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
20
47
|
|
21
|
-
|
22
|
-
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
|
23
|
-
# To turn it on, use: --with-debug or --enable-debug
|
24
|
-
#
|
25
|
-
if with_config("debug") or enable_config("debug")
|
26
|
-
$defs.push("-DOSSL_DEBUG")
|
27
|
-
end
|
48
|
+
$defs.push("-D""OPENSSL_SUPPRESS_DEPRECATED")
|
28
49
|
|
29
|
-
have_func("
|
50
|
+
have_func("rb_io_descriptor")
|
51
|
+
have_func("rb_io_maybe_wait(0, Qnil, Qnil, Qnil)", "ruby/io.h") # Ruby 3.1
|
30
52
|
|
31
53
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
32
54
|
have_library("nsl", "t_open")
|
@@ -120,8 +142,13 @@ if is_libressl && ($mswin || $mingw)
|
|
120
142
|
end
|
121
143
|
|
122
144
|
Logging::message "=== Checking for OpenSSL features... ===\n"
|
145
|
+
evp_h = "openssl/evp.h".freeze
|
146
|
+
x509_h = "openssl/x509.h".freeze
|
147
|
+
ts_h = "openssl/ts.h".freeze
|
148
|
+
ssl_h = "openssl/ssl.h".freeze
|
149
|
+
|
123
150
|
# compile options
|
124
|
-
have_func("RAND_egd")
|
151
|
+
have_func("RAND_egd()", "openssl/rand.h")
|
125
152
|
engines = %w{dynamic 4758cca aep atalla chil
|
126
153
|
cswift nuron sureware ubsec padlock capi gmp gost cryptodev}
|
127
154
|
engines.each { |name|
|
@@ -132,58 +159,65 @@ engines.each { |name|
|
|
132
159
|
if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || is_libressl
|
133
160
|
$defs.push("-DHAVE_OPAQUE_OPENSSL")
|
134
161
|
end
|
135
|
-
have_func("EVP_MD_CTX_new")
|
136
|
-
have_func("EVP_MD_CTX_free")
|
137
|
-
have_func("EVP_MD_CTX_pkey_ctx")
|
138
|
-
have_func("X509_STORE_get_ex_data")
|
139
|
-
have_func("X509_STORE_set_ex_data")
|
140
|
-
have_func("X509_STORE_get_ex_new_index")
|
141
|
-
have_func("X509_CRL_get0_signature")
|
142
|
-
have_func("X509_REQ_get0_signature")
|
143
|
-
have_func("X509_REVOKED_get0_serialNumber")
|
144
|
-
have_func("X509_REVOKED_get0_revocationDate")
|
145
|
-
have_func("X509_get0_tbs_sigalg")
|
146
|
-
have_func("X509_STORE_CTX_get0_untrusted")
|
147
|
-
have_func("X509_STORE_CTX_get0_cert")
|
148
|
-
have_func("X509_STORE_CTX_get0_chain")
|
149
|
-
have_func("OCSP_SINGLERESP_get0_id")
|
150
|
-
have_func("SSL_CTX_get_ciphers")
|
151
|
-
have_func("X509_up_ref")
|
152
|
-
have_func("X509_CRL_up_ref")
|
153
|
-
have_func("X509_STORE_up_ref")
|
154
|
-
have_func("SSL_SESSION_up_ref")
|
155
|
-
have_func("EVP_PKEY_up_ref")
|
156
|
-
have_func("SSL_CTX_set_min_proto_version(NULL, 0)",
|
157
|
-
have_func("SSL_CTX_get_security_level")
|
158
|
-
have_func("X509_get0_notBefore")
|
159
|
-
have_func("SSL_SESSION_get_protocol_version")
|
160
|
-
have_func("TS_STATUS_INFO_get0_status")
|
161
|
-
have_func("TS_STATUS_INFO_get0_text")
|
162
|
-
have_func("TS_STATUS_INFO_get0_failure_info")
|
163
|
-
have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)",
|
164
|
-
have_func("TS_VERIFY_CTX_set_store")
|
165
|
-
have_func("TS_VERIFY_CTX_add_flags")
|
166
|
-
have_func("TS_RESP_CTX_set_time_cb")
|
167
|
-
have_func("EVP_PBE_scrypt")
|
168
|
-
have_func("SSL_CTX_set_post_handshake_auth")
|
162
|
+
have_func("EVP_MD_CTX_new()", evp_h)
|
163
|
+
have_func("EVP_MD_CTX_free(NULL)", evp_h)
|
164
|
+
have_func("EVP_MD_CTX_pkey_ctx(NULL)", evp_h)
|
165
|
+
have_func("X509_STORE_get_ex_data(NULL, 0)", x509_h)
|
166
|
+
have_func("X509_STORE_set_ex_data(NULL, 0, NULL)", x509_h)
|
167
|
+
have_func("X509_STORE_get_ex_new_index(0, NULL, NULL, NULL, NULL)", x509_h)
|
168
|
+
have_func("X509_CRL_get0_signature(NULL, NULL, NULL)", x509_h)
|
169
|
+
have_func("X509_REQ_get0_signature(NULL, NULL, NULL)", x509_h)
|
170
|
+
have_func("X509_REVOKED_get0_serialNumber(NULL)", x509_h)
|
171
|
+
have_func("X509_REVOKED_get0_revocationDate(NULL)", x509_h)
|
172
|
+
have_func("X509_get0_tbs_sigalg(NULL)", x509_h)
|
173
|
+
have_func("X509_STORE_CTX_get0_untrusted(NULL)", x509_h)
|
174
|
+
have_func("X509_STORE_CTX_get0_cert(NULL)", x509_h)
|
175
|
+
have_func("X509_STORE_CTX_get0_chain(NULL)", x509_h)
|
176
|
+
have_func("OCSP_SINGLERESP_get0_id(NULL)", "openssl/ocsp.h")
|
177
|
+
have_func("SSL_CTX_get_ciphers(NULL)", ssl_h)
|
178
|
+
have_func("X509_up_ref(NULL)", x509_h)
|
179
|
+
have_func("X509_CRL_up_ref(NULL)", x509_h)
|
180
|
+
have_func("X509_STORE_up_ref(NULL)", x509_h)
|
181
|
+
have_func("SSL_SESSION_up_ref(NULL)", ssl_h)
|
182
|
+
have_func("EVP_PKEY_up_ref(NULL)", evp_h)
|
183
|
+
have_func("SSL_CTX_set_min_proto_version(NULL, 0)", ssl_h)
|
184
|
+
have_func("SSL_CTX_get_security_level(NULL)", ssl_h)
|
185
|
+
have_func("X509_get0_notBefore(NULL)", x509_h)
|
186
|
+
have_func("SSL_SESSION_get_protocol_version(NULL)", ssl_h)
|
187
|
+
have_func("TS_STATUS_INFO_get0_status(NULL)", ts_h)
|
188
|
+
have_func("TS_STATUS_INFO_get0_text(NULL)", ts_h)
|
189
|
+
have_func("TS_STATUS_INFO_get0_failure_info(NULL)", ts_h)
|
190
|
+
have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", ts_h)
|
191
|
+
have_func("TS_VERIFY_CTX_set_store(NULL, NULL)", ts_h)
|
192
|
+
have_func("TS_VERIFY_CTX_add_flags(NULL, 0)", ts_h)
|
193
|
+
have_func("TS_RESP_CTX_set_time_cb(NULL, NULL, NULL)", ts_h)
|
194
|
+
have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h)
|
195
|
+
have_func("SSL_CTX_set_post_handshake_auth(NULL, 0)", ssl_h)
|
169
196
|
|
170
197
|
# added in 1.1.1
|
171
|
-
have_func("EVP_PKEY_check")
|
172
|
-
have_func("EVP_PKEY_new_raw_private_key")
|
198
|
+
have_func("EVP_PKEY_check(NULL)", evp_h)
|
199
|
+
have_func("EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)\"\", 0)", evp_h)
|
200
|
+
have_func("SSL_CTX_set_ciphersuites(NULL, \"\")", ssl_h)
|
173
201
|
|
174
202
|
# added in 3.0.0
|
175
|
-
have_func("SSL_set0_tmp_dh_pkey")
|
176
|
-
have_func("ERR_get_error_all")
|
177
|
-
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)",
|
178
|
-
have_func("SSL_CTX_load_verify_file")
|
179
|
-
have_func("BN_check_prime")
|
180
|
-
have_func("EVP_MD_CTX_get0_md")
|
181
|
-
have_func("EVP_MD_CTX_get_pkey_ctx")
|
182
|
-
have_func("EVP_PKEY_eq")
|
183
|
-
have_func("EVP_PKEY_dup")
|
203
|
+
have_func("SSL_set0_tmp_dh_pkey(NULL, NULL)", ssl_h)
|
204
|
+
have_func("ERR_get_error_all(NULL, NULL, NULL, NULL, NULL)", "openssl/err.h")
|
205
|
+
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", ts_h)
|
206
|
+
have_func("SSL_CTX_load_verify_file(NULL, \"\")", ssl_h)
|
207
|
+
have_func("BN_check_prime(NULL, NULL, NULL)", "openssl/bn.h")
|
208
|
+
have_func("EVP_MD_CTX_get0_md(NULL)", evp_h)
|
209
|
+
have_func("EVP_MD_CTX_get_pkey_ctx(NULL)", evp_h)
|
210
|
+
have_func("EVP_PKEY_eq(NULL, NULL)", evp_h)
|
211
|
+
have_func("EVP_PKEY_dup(NULL)", evp_h)
|
184
212
|
|
185
213
|
Logging::message "=== Checking done. ===\n"
|
186
214
|
|
215
|
+
# Append flags from environment variables.
|
216
|
+
extcflags = ENV["RUBY_OPENSSL_EXTCFLAGS"]
|
217
|
+
append_cflags(extcflags.split) if extcflags
|
218
|
+
extldflags = ENV["RUBY_OPENSSL_EXTLDFLAGS"]
|
219
|
+
append_ldflags(extldflags.split) if extldflags
|
220
|
+
|
187
221
|
create_header
|
188
222
|
create_makefile("openssl")
|
189
223
|
Logging::message "Done.\n"
|