ruby-tls 2.3.0 → 2.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/ruby-tls/ssl.rb +53 -12
- data/lib/ruby-tls/version.rb +1 -1
- data/spec/comms_spec.rb +12 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f08d99c470a03da9d3932d21d4fdc896ea6cfb06
|
|
4
|
+
data.tar.gz: 6500436dbffa39098612cbb5de54b0e14c9344a0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b97ed2ad8a534ac1516e011a7b1f3e0aca9077653bd590d303cda1775434f8e9f91bea2eabd41dd75cd227424fcdcd39be29257f5cdcafdbf2a2def8f088ad9c
|
|
7
|
+
data.tar.gz: 3b6cf4dde116a5728c4bb29f297415a28c22a846f4dc66efb50538fbef738473acf2d803445d8c6e92104687f4f6dac7752999af2109a69f3c7236a4a296101d
|
data/lib/ruby-tls/ssl.rb
CHANGED
|
@@ -89,9 +89,6 @@ module RubyTls
|
|
|
89
89
|
# PutCiphertext
|
|
90
90
|
attach_function :BIO_write, [:bio, :buffer_in, :buffer_length], :int
|
|
91
91
|
|
|
92
|
-
# SelectALPNCallback
|
|
93
|
-
# TODO:: SSL_select_next_proto
|
|
94
|
-
|
|
95
92
|
# Deconstructor
|
|
96
93
|
attach_function :SSL_get_shutdown, [:ssl], :int
|
|
97
94
|
attach_function :SSL_shutdown, [:ssl], :int
|
|
@@ -106,9 +103,6 @@ module RubyTls
|
|
|
106
103
|
# r, w
|
|
107
104
|
attach_function :SSL_set_bio, [:ssl, :bio, :bio], :void
|
|
108
105
|
|
|
109
|
-
# TODO:: SSL_CTX_set_alpn_select_cb
|
|
110
|
-
# Will have to put a try catch around these and support when available
|
|
111
|
-
|
|
112
106
|
attach_function :SSL_set_ex_data, [:ssl, :int, :string], :int
|
|
113
107
|
callback :verify_callback, [:int, :x509], :int
|
|
114
108
|
attach_function :SSL_set_verify, [:ssl, :int, :verify_callback], :void
|
|
@@ -120,11 +114,33 @@ module RubyTls
|
|
|
120
114
|
attach_function :X509_STORE_CTX_get_ex_data, [:pointer, :int], :ssl
|
|
121
115
|
attach_function :PEM_write_bio_X509, [:bio, :x509], :int
|
|
122
116
|
|
|
123
|
-
|
|
124
117
|
# SSL Context Class
|
|
125
|
-
#
|
|
126
|
-
|
|
127
|
-
|
|
118
|
+
# OpenSSL before 1.1.0 do not have these methods
|
|
119
|
+
# https://www.openssl.org/docs/man1.1.0/ssl/TLSv1_2_server_method.html
|
|
120
|
+
begin
|
|
121
|
+
attach_function :TLS_server_method, [], :pointer
|
|
122
|
+
attach_function :TLS_client_method, [], :pointer
|
|
123
|
+
|
|
124
|
+
VERSION_SUPPORTED = true
|
|
125
|
+
|
|
126
|
+
SSL3_VERSION = 0x0300
|
|
127
|
+
TLS1_VERSION = 0x0301
|
|
128
|
+
TLS1_1_VERSION = 0x0302
|
|
129
|
+
TLS1_2_VERSION = 0x0303
|
|
130
|
+
TLS1_3_VERSION = 0x0304
|
|
131
|
+
TLS_MAX_VERSION = TLS1_3_VERSION
|
|
132
|
+
ANY_VERSION = 0
|
|
133
|
+
attach_function :SSL_CTX_set_min_proto_version, [:ssl_ctx, :int], :int
|
|
134
|
+
attach_function :SSL_CTX_set_max_proto_version, [:ssl_ctx, :int], :int
|
|
135
|
+
rescue FFI::NotFoundError
|
|
136
|
+
attach_function :SSLv23_server_method, [], :pointer
|
|
137
|
+
attach_function :SSLv23_client_method, [], :pointer
|
|
138
|
+
|
|
139
|
+
def self.TLS_server_method; self.SSLv23_server_method; end
|
|
140
|
+
def self.TLS_client_method; self.SSLv23_client_method; end
|
|
141
|
+
|
|
142
|
+
VERSION_SUPPORTED = false
|
|
143
|
+
end
|
|
128
144
|
attach_function :SSL_CTX_new, [:pointer], :ssl_ctx
|
|
129
145
|
|
|
130
146
|
attach_function :SSL_CTX_ctrl, [:ssl_ctx, :int, :ulong, :pointer], :long
|
|
@@ -176,6 +192,7 @@ module RubyTls
|
|
|
176
192
|
attach_function :SSL_CTX_set_session_id_context, [:ssl_ctx, :string, :buffer_length], :int
|
|
177
193
|
attach_function :SSL_load_client_CA_file, [:string], :pointer
|
|
178
194
|
attach_function :SSL_CTX_set_client_CA_list, [:ssl_ctx, :pointer], :void
|
|
195
|
+
attach_function :SSL_CTX_load_verify_locations, [:ssl_ctx, :pointer], :int, :blocking => true
|
|
179
196
|
|
|
180
197
|
# OpenSSL before 1.0.2 do not have these methods
|
|
181
198
|
begin
|
|
@@ -342,12 +359,12 @@ keystr
|
|
|
342
359
|
@is_server = server
|
|
343
360
|
|
|
344
361
|
if @is_server
|
|
345
|
-
@ssl_ctx = SSL.SSL_CTX_new(SSL.
|
|
362
|
+
@ssl_ctx = SSL.SSL_CTX_new(SSL.TLS_server_method)
|
|
346
363
|
set_private_key(options[:private_key] || SSL::DEFAULT_PRIVATE)
|
|
347
364
|
set_certificate(options[:cert_chain] || SSL::DEFAULT_CERT)
|
|
348
365
|
set_client_ca(options[:client_ca])
|
|
349
366
|
else
|
|
350
|
-
@ssl_ctx = SSL.SSL_CTX_new(SSL.
|
|
367
|
+
@ssl_ctx = SSL.SSL_CTX_new(SSL.TLS_client_method)
|
|
351
368
|
end
|
|
352
369
|
|
|
353
370
|
SSL.SSL_CTX_set_options(@ssl_ctx, SSL::SSL_OP_ALL)
|
|
@@ -356,6 +373,12 @@ keystr
|
|
|
356
373
|
SSL.SSL_CTX_set_cipher_list(@ssl_ctx, options[:ciphers] || CIPHERS)
|
|
357
374
|
@alpn_set = false
|
|
358
375
|
|
|
376
|
+
version = options[:version]
|
|
377
|
+
if version
|
|
378
|
+
vresult = set_min_proto_version(version)
|
|
379
|
+
raise "#{version} is unsupported" unless vresult
|
|
380
|
+
end
|
|
381
|
+
|
|
359
382
|
if @is_server
|
|
360
383
|
SSL.SSL_CTX_sess_set_cache_size(@ssl_ctx, 128)
|
|
361
384
|
SSL.SSL_CTX_set_session_id_context(@ssl_ctx, SESSION, 8)
|
|
@@ -377,6 +400,24 @@ keystr
|
|
|
377
400
|
end
|
|
378
401
|
end
|
|
379
402
|
|
|
403
|
+
# Version can be one of:
|
|
404
|
+
# :SSL3, :TLS1, :TLS1_1, :TLS1_2, :TLS1_3, :TLS_MAX
|
|
405
|
+
def set_min_proto_version(version)
|
|
406
|
+
return false unless VERSION_SUPPORTED
|
|
407
|
+
num = SSL.const_get("#{version}_VERSION")
|
|
408
|
+
SSL.SSL_CTX_set_min_proto_version(@ssl_ctx, num) == 1
|
|
409
|
+
rescue NameError
|
|
410
|
+
false
|
|
411
|
+
end
|
|
412
|
+
|
|
413
|
+
def set_max_proto_version(version)
|
|
414
|
+
return false unless VERSION_SUPPORTED
|
|
415
|
+
num = SSL.const_get("#{version}_VERSION")
|
|
416
|
+
SSL.SSL_CTX_set_max_proto_version(@ssl_ctx, num) == 1
|
|
417
|
+
rescue NameError
|
|
418
|
+
false
|
|
419
|
+
end
|
|
420
|
+
|
|
380
421
|
def cleanup
|
|
381
422
|
if @ssl_ctx
|
|
382
423
|
SSL.SSL_CTX_free(@ssl_ctx)
|
data/lib/ruby-tls/version.rb
CHANGED
data/spec/comms_spec.rb
CHANGED
|
@@ -4,6 +4,18 @@ describe RubyTls do
|
|
|
4
4
|
|
|
5
5
|
describe RubyTls::SSL::Box do
|
|
6
6
|
|
|
7
|
+
it "fails when passed an unsupported TLS version" do
|
|
8
|
+
expect {
|
|
9
|
+
RubyTls::SSL::Box.new(false, nil, version: :TLS1_4)
|
|
10
|
+
}.to raise_error(/is unsupported/)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it "succeeds when passed a supported TLS version" do
|
|
14
|
+
expect {
|
|
15
|
+
RubyTls::SSL::Box.new(false, nil, version: :TLS1_2)
|
|
16
|
+
}.to raise_error(/is unsupported/)
|
|
17
|
+
end
|
|
18
|
+
|
|
7
19
|
it "should be able to send and receive encrypted comms" do
|
|
8
20
|
@server_data = []
|
|
9
21
|
@client_data = []
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-tls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.3.
|
|
4
|
+
version: 2.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen von Takach
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-10-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi-compiler
|
|
@@ -110,7 +110,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
110
110
|
version: '0'
|
|
111
111
|
requirements: []
|
|
112
112
|
rubyforge_project:
|
|
113
|
-
rubygems_version: 2.
|
|
113
|
+
rubygems_version: 2.6.12
|
|
114
114
|
signing_key:
|
|
115
115
|
specification_version: 4
|
|
116
116
|
summary: Abstract TLS for Ruby
|