ruby-tls 2.3.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/ruby-tls/ssl.rb +53 -12
- data/lib/ruby-tls/version.rb +1 -1
- data/spec/comms_spec.rb +12 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f08d99c470a03da9d3932d21d4fdc896ea6cfb06
|
4
|
+
data.tar.gz: 6500436dbffa39098612cbb5de54b0e14c9344a0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b97ed2ad8a534ac1516e011a7b1f3e0aca9077653bd590d303cda1775434f8e9f91bea2eabd41dd75cd227424fcdcd39be29257f5cdcafdbf2a2def8f088ad9c
|
7
|
+
data.tar.gz: 3b6cf4dde116a5728c4bb29f297415a28c22a846f4dc66efb50538fbef738473acf2d803445d8c6e92104687f4f6dac7752999af2109a69f3c7236a4a296101d
|
data/lib/ruby-tls/ssl.rb
CHANGED
@@ -89,9 +89,6 @@ module RubyTls
|
|
89
89
|
# PutCiphertext
|
90
90
|
attach_function :BIO_write, [:bio, :buffer_in, :buffer_length], :int
|
91
91
|
|
92
|
-
# SelectALPNCallback
|
93
|
-
# TODO:: SSL_select_next_proto
|
94
|
-
|
95
92
|
# Deconstructor
|
96
93
|
attach_function :SSL_get_shutdown, [:ssl], :int
|
97
94
|
attach_function :SSL_shutdown, [:ssl], :int
|
@@ -106,9 +103,6 @@ module RubyTls
|
|
106
103
|
# r, w
|
107
104
|
attach_function :SSL_set_bio, [:ssl, :bio, :bio], :void
|
108
105
|
|
109
|
-
# TODO:: SSL_CTX_set_alpn_select_cb
|
110
|
-
# Will have to put a try catch around these and support when available
|
111
|
-
|
112
106
|
attach_function :SSL_set_ex_data, [:ssl, :int, :string], :int
|
113
107
|
callback :verify_callback, [:int, :x509], :int
|
114
108
|
attach_function :SSL_set_verify, [:ssl, :int, :verify_callback], :void
|
@@ -120,11 +114,33 @@ module RubyTls
|
|
120
114
|
attach_function :X509_STORE_CTX_get_ex_data, [:pointer, :int], :ssl
|
121
115
|
attach_function :PEM_write_bio_X509, [:bio, :x509], :int
|
122
116
|
|
123
|
-
|
124
117
|
# SSL Context Class
|
125
|
-
#
|
126
|
-
|
127
|
-
|
118
|
+
# OpenSSL before 1.1.0 do not have these methods
|
119
|
+
# https://www.openssl.org/docs/man1.1.0/ssl/TLSv1_2_server_method.html
|
120
|
+
begin
|
121
|
+
attach_function :TLS_server_method, [], :pointer
|
122
|
+
attach_function :TLS_client_method, [], :pointer
|
123
|
+
|
124
|
+
VERSION_SUPPORTED = true
|
125
|
+
|
126
|
+
SSL3_VERSION = 0x0300
|
127
|
+
TLS1_VERSION = 0x0301
|
128
|
+
TLS1_1_VERSION = 0x0302
|
129
|
+
TLS1_2_VERSION = 0x0303
|
130
|
+
TLS1_3_VERSION = 0x0304
|
131
|
+
TLS_MAX_VERSION = TLS1_3_VERSION
|
132
|
+
ANY_VERSION = 0
|
133
|
+
attach_function :SSL_CTX_set_min_proto_version, [:ssl_ctx, :int], :int
|
134
|
+
attach_function :SSL_CTX_set_max_proto_version, [:ssl_ctx, :int], :int
|
135
|
+
rescue FFI::NotFoundError
|
136
|
+
attach_function :SSLv23_server_method, [], :pointer
|
137
|
+
attach_function :SSLv23_client_method, [], :pointer
|
138
|
+
|
139
|
+
def self.TLS_server_method; self.SSLv23_server_method; end
|
140
|
+
def self.TLS_client_method; self.SSLv23_client_method; end
|
141
|
+
|
142
|
+
VERSION_SUPPORTED = false
|
143
|
+
end
|
128
144
|
attach_function :SSL_CTX_new, [:pointer], :ssl_ctx
|
129
145
|
|
130
146
|
attach_function :SSL_CTX_ctrl, [:ssl_ctx, :int, :ulong, :pointer], :long
|
@@ -176,6 +192,7 @@ module RubyTls
|
|
176
192
|
attach_function :SSL_CTX_set_session_id_context, [:ssl_ctx, :string, :buffer_length], :int
|
177
193
|
attach_function :SSL_load_client_CA_file, [:string], :pointer
|
178
194
|
attach_function :SSL_CTX_set_client_CA_list, [:ssl_ctx, :pointer], :void
|
195
|
+
attach_function :SSL_CTX_load_verify_locations, [:ssl_ctx, :pointer], :int, :blocking => true
|
179
196
|
|
180
197
|
# OpenSSL before 1.0.2 do not have these methods
|
181
198
|
begin
|
@@ -342,12 +359,12 @@ keystr
|
|
342
359
|
@is_server = server
|
343
360
|
|
344
361
|
if @is_server
|
345
|
-
@ssl_ctx = SSL.SSL_CTX_new(SSL.
|
362
|
+
@ssl_ctx = SSL.SSL_CTX_new(SSL.TLS_server_method)
|
346
363
|
set_private_key(options[:private_key] || SSL::DEFAULT_PRIVATE)
|
347
364
|
set_certificate(options[:cert_chain] || SSL::DEFAULT_CERT)
|
348
365
|
set_client_ca(options[:client_ca])
|
349
366
|
else
|
350
|
-
@ssl_ctx = SSL.SSL_CTX_new(SSL.
|
367
|
+
@ssl_ctx = SSL.SSL_CTX_new(SSL.TLS_client_method)
|
351
368
|
end
|
352
369
|
|
353
370
|
SSL.SSL_CTX_set_options(@ssl_ctx, SSL::SSL_OP_ALL)
|
@@ -356,6 +373,12 @@ keystr
|
|
356
373
|
SSL.SSL_CTX_set_cipher_list(@ssl_ctx, options[:ciphers] || CIPHERS)
|
357
374
|
@alpn_set = false
|
358
375
|
|
376
|
+
version = options[:version]
|
377
|
+
if version
|
378
|
+
vresult = set_min_proto_version(version)
|
379
|
+
raise "#{version} is unsupported" unless vresult
|
380
|
+
end
|
381
|
+
|
359
382
|
if @is_server
|
360
383
|
SSL.SSL_CTX_sess_set_cache_size(@ssl_ctx, 128)
|
361
384
|
SSL.SSL_CTX_set_session_id_context(@ssl_ctx, SESSION, 8)
|
@@ -377,6 +400,24 @@ keystr
|
|
377
400
|
end
|
378
401
|
end
|
379
402
|
|
403
|
+
# Version can be one of:
|
404
|
+
# :SSL3, :TLS1, :TLS1_1, :TLS1_2, :TLS1_3, :TLS_MAX
|
405
|
+
def set_min_proto_version(version)
|
406
|
+
return false unless VERSION_SUPPORTED
|
407
|
+
num = SSL.const_get("#{version}_VERSION")
|
408
|
+
SSL.SSL_CTX_set_min_proto_version(@ssl_ctx, num) == 1
|
409
|
+
rescue NameError
|
410
|
+
false
|
411
|
+
end
|
412
|
+
|
413
|
+
def set_max_proto_version(version)
|
414
|
+
return false unless VERSION_SUPPORTED
|
415
|
+
num = SSL.const_get("#{version}_VERSION")
|
416
|
+
SSL.SSL_CTX_set_max_proto_version(@ssl_ctx, num) == 1
|
417
|
+
rescue NameError
|
418
|
+
false
|
419
|
+
end
|
420
|
+
|
380
421
|
def cleanup
|
381
422
|
if @ssl_ctx
|
382
423
|
SSL.SSL_CTX_free(@ssl_ctx)
|
data/lib/ruby-tls/version.rb
CHANGED
data/spec/comms_spec.rb
CHANGED
@@ -4,6 +4,18 @@ describe RubyTls do
|
|
4
4
|
|
5
5
|
describe RubyTls::SSL::Box do
|
6
6
|
|
7
|
+
it "fails when passed an unsupported TLS version" do
|
8
|
+
expect {
|
9
|
+
RubyTls::SSL::Box.new(false, nil, version: :TLS1_4)
|
10
|
+
}.to raise_error(/is unsupported/)
|
11
|
+
end
|
12
|
+
|
13
|
+
it "succeeds when passed a supported TLS version" do
|
14
|
+
expect {
|
15
|
+
RubyTls::SSL::Box.new(false, nil, version: :TLS1_2)
|
16
|
+
}.to raise_error(/is unsupported/)
|
17
|
+
end
|
18
|
+
|
7
19
|
it "should be able to send and receive encrypted comms" do
|
8
20
|
@server_data = []
|
9
21
|
@client_data = []
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby-tls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stephen von Takach
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-10-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi-compiler
|
@@ -110,7 +110,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
110
110
|
version: '0'
|
111
111
|
requirements: []
|
112
112
|
rubyforge_project:
|
113
|
-
rubygems_version: 2.
|
113
|
+
rubygems_version: 2.6.12
|
114
114
|
signing_key:
|
115
115
|
specification_version: 4
|
116
116
|
summary: Abstract TLS for Ruby
|