rubysl-openssl 2.1.0 → 2.2.0

data/ext/rubysl/openssl/ossl_ssl.c

@@ -29,6 +29,9 @@ VALUE eSSLError;
 VALUE cSSLContext;
 VALUE cSSLSocket;
 
+static VALUE eSSLErrorWaitReadable;
+static VALUE eSSLErrorWaitWritable;
+
 #define ossl_sslctx_set_cert(o,v)        	rb_iv_set((o),"@cert",(v))
 #define ossl_sslctx_set_key(o,v)         	rb_iv_set((o),"@key",(v))
 #define ossl_sslctx_set_client_ca(o,v)   	rb_iv_set((o),"@client_ca",(v))
@@ -100,6 +103,8 @@ static const char *ossl_ssl_attrs[] = {
 
 ID ID_callback_state;
 
+static VALUE sym_exception;
+
 /*
  * SSLContext class
  */
@@ -418,7 +423,7 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess)
     }
 
     /*
-     * return 0 which means to OpenSSL that the the session is still
+     * return 0 which means to OpenSSL that the session is still
      * valid (since we created Ruby Session object) and was not freed by us
      * with SSL_SESSION_free(). Call SSLContext#remove_session(sess) in
      * session_get_cb block if you don't want OpenSSL to cache the session
@@ -472,7 +477,7 @@ ossl_sslctx_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
 }
 
 static VALUE
-ossl_sslctx_add_extra_chain_cert_i(VALUE i, VALUE arg)
+ossl_sslctx_add_extra_chain_cert_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, arg))
 {
     X509 *x509;
     SSL_CTX *ctx;
@@ -713,7 +718,7 @@ ossl_sslctx_setup(VALUE self)
     if(!NIL_P(val)){
 	if(TYPE(val) == T_ARRAY){
 	    for(i = 0; i < RARRAY_LEN(val); i++){
-		client_ca = GetX509CertPtr(rb_ary_entry(val, i));
+		client_ca = GetX509CertPtr(RARRAY_PTR(val)[i]);
         	if (!SSL_CTX_add_client_CA(ctx, client_ca)){
 		    /* Copies X509_NAME => FREE it. */
         	    ossl_raise(eSSLError, "SSL_CTX_add_client_CA");
@@ -1092,6 +1097,7 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self)
 /*
  * SSLSocket class
  */
+#ifndef OPENSSL_NO_SOCK
 static void
 ossl_ssl_shutdown(SSL *ssl)
 {
@@ -1105,7 +1111,7 @@ ossl_ssl_shutdown(SSL *ssl)
 	     * Ignore the case SSL_shutdown returns -1. Empty handshake_func
 	     * must not happen.
 	     */
-	    if (rc = SSL_shutdown(ssl))
+	    if ((rc = SSL_shutdown(ssl)))
 		break;
 	}
 	SSL_clear(ssl);
@@ -1131,7 +1137,7 @@ ossl_ssl_s_alloc(VALUE klass)
  *    SSLSocket.new(io, ctx) => aSSLSocket
  *
  * Creates a new SSL socket from +io+ which must be a real ruby object (not an
- * IO-like object that responds to read/write.
+ * IO-like object that responds to read/write).
  *
  * If +ctx+ is provided the SSL Sockets initial params will be taken from
  * the context.
@@ -1229,8 +1235,7 @@ static void
 write_would_block(int nonblock)
 {
     if (nonblock) {
-        VALUE exc = ossl_exc_new(eSSLError, "write would block");
-        rb_extend_object(exc, rb_mWaitWritable);
+        VALUE exc = ossl_exc_new(eSSLErrorWaitWritable, "write would block");
         rb_exc_raise(exc);
     }
 }
@@ -1239,8 +1244,7 @@ static void
 read_would_block(int nonblock)
 {
     if (nonblock) {
-        VALUE exc = ossl_exc_new(eSSLError, "read would block");
-        rb_extend_object(exc, rb_mWaitReadable);
+        VALUE exc = ossl_exc_new(eSSLErrorWaitReadable, "read would block");
         rb_exc_raise(exc);
     }
 }
@@ -1371,10 +1375,16 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
 {
     SSL *ssl;
     int ilen, nread = 0;
+    int no_exception = 0;
     VALUE len, str;
     rb_io_t *fptr;
+    VALUE opts = Qnil;
+
+    rb_scan_args(argc, argv, "11:", &len, &str, &opts);
+
+    if (!NIL_P(opts) && Qfalse == rb_hash_aref(opts, sym_exception))
+	no_exception = 1;
 
-    rb_scan_args(argc, argv, "11", &len, &str);
     ilen = NUM2INT(len);
     if(NIL_P(str)) str = rb_str_new(0, ilen);
     else{
@@ -1395,17 +1405,23 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
 	    case SSL_ERROR_NONE:
 		goto end;
 	    case SSL_ERROR_ZERO_RETURN:
+		if (no_exception) { return Qnil; }
 		rb_eof_error();
 	    case SSL_ERROR_WANT_WRITE:
+		if (no_exception) { return ID2SYM(rb_intern("wait_writable")); }
                 write_would_block(nonblock);
                 rb_io_wait_writable(FPTR_TO_FD(fptr));
                 continue;
 	    case SSL_ERROR_WANT_READ:
+		if (no_exception) { return ID2SYM(rb_intern("wait_readable")); }
                 read_would_block(nonblock);
                 rb_io_wait_readable(FPTR_TO_FD(fptr));
 		continue;
 	    case SSL_ERROR_SYSCALL:
-		if(ERR_peek_error() == 0 && nread == 0) rb_eof_error();
+		if(ERR_peek_error() == 0 && nread == 0) {
+		    if (no_exception) { return Qnil; }
+		    rb_eof_error();
+		}
 		rb_sys_fail(0);
 	    default:
 		ossl_raise(eSSLError, "SSL_read");
@@ -1443,9 +1459,11 @@ ossl_ssl_read(int argc, VALUE *argv, VALUE self)
  * call-seq:
  *    ssl.sysread_nonblock(length) => string
  *    ssl.sysread_nonblock(length, buffer) => buffer
+ *    ssl.sysread_nonblock(length[, buffer [, opts]) => buffer
  *
  * A non-blocking version of #sysread.  Raises an SSLError if reading would
- * block.
+ * block.  If "exception: false" is passed, this method returns a symbol of
+ * :wait_readable, :wait_writable, or nil, rather than raising an exception.
  *
  * Reads +length+ bytes from the SSL connection.  If a pre-allocated +buffer+
  * is provided the data will be written into it.
@@ -1457,7 +1475,7 @@ ossl_ssl_read_nonblock(int argc, VALUE *argv, VALUE self)
 }
 
 static VALUE
-ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock)
+ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock, int no_exception)
 {
     SSL *ssl;
     int nwrite = 0;
@@ -1474,10 +1492,12 @@ ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock)
 	    case SSL_ERROR_NONE:
 		goto end;
 	    case SSL_ERROR_WANT_WRITE:
+		if (no_exception) { return ID2SYM(rb_intern("wait_writable")); }
                 write_would_block(nonblock);
                 rb_io_wait_writable(FPTR_TO_FD(fptr));
                 continue;
 	    case SSL_ERROR_WANT_READ:
+		if (no_exception) { return ID2SYM(rb_intern("wait_readable")); }
                 read_would_block(nonblock);
                 rb_io_wait_readable(FPTR_TO_FD(fptr));
                 continue;
@@ -1507,7 +1527,7 @@ ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock)
 static VALUE
 ossl_ssl_write(VALUE self, VALUE str)
 {
-    return ossl_ssl_write_internal(self, str, 0);
+    return ossl_ssl_write_internal(self, str, 0, 0);
 }
 
 /*
@@ -1518,9 +1538,18 @@ ossl_ssl_write(VALUE self, VALUE str)
  * SSLError if writing would block.
  */
 static VALUE
-ossl_ssl_write_nonblock(VALUE self, VALUE str)
+ossl_ssl_write_nonblock(int argc, VALUE *argv, VALUE self)
 {
-    return ossl_ssl_write_internal(self, str, 1);
+    VALUE str;
+    VALUE opts = Qnil;
+    int no_exception = 0;
+
+    rb_scan_args(argc, argv, "1:", &str, &opts);
+
+    if (!NIL_P(opts) && Qfalse == rb_hash_aref(opts, sym_exception))
+	no_exception = 1;
+
+    return ossl_ssl_write_internal(self, str, 1, no_exception);
 }
 
 /*
@@ -1633,7 +1662,7 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
 
 /*
 * call-seq:
-*    ssl.version => String
+*    ssl.ssl_version => String
 *
 * Returns a String representing the SSL/TLS version that was negotiated
 * for the connection, for example "TLSv1.2".
@@ -1794,7 +1823,7 @@ ossl_ssl_get_client_ca_list(VALUE self)
     return ossl_x509name_sk2ary(ca);
 }
 
-#ifdef HAVE_OPENSSL_NPN_NEGOTIATED
+# ifdef HAVE_OPENSSL_NPN_NEGOTIATED
 /*
  * call-seq:
  *    ssl.npn_protocol => String
@@ -1817,7 +1846,8 @@ ossl_ssl_npn_protocol(VALUE self)
     else
 	return rb_str_new((const char *) out, outlen);
 }
-#endif
+# endif
+#endif /* !defined(OPENSSL_NO_SOCK) */
 
 void
 Init_ossl_ssl()
@@ -1852,6 +1882,10 @@ Init_ossl_ssl()
      * Generic error class raised by SSLSocket and SSLContext.
      */
     eSSLError = rb_define_class_under(mSSL, "SSLError", eOSSLError);
+    eSSLErrorWaitReadable = rb_define_class_under(mSSL, "SSLErrorWaitReadable", eSSLError);
+    rb_include_module(eSSLErrorWaitReadable, rb_mWaitReadable);
+    eSSLErrorWaitWritable = rb_define_class_under(mSSL, "SSLErrorWaitWritable", eSSLError);
+    rb_include_module(eSSLErrorWaitWritable, rb_mWaitWritable);
 
     Init_ossl_ssl_session();
 
@@ -1970,7 +2004,7 @@ Init_ossl_ssl()
 
     /*
      * Sets the context in which a session can be reused.  This allows
-     * sessions for multiple applications to be distinguished, for exapmle, by
+     * sessions for multiple applications to be distinguished, for example, by
      * name.
      */
     rb_attr(cSSLContext, rb_intern("session_id_context"), 1, 1, Qfalse);
@@ -2144,6 +2178,9 @@ Init_ossl_ssl()
      *
      */
     cSSLSocket = rb_define_class_under(mSSL, "SSLSocket", rb_cObject);
+#ifdef OPENSSL_NO_SOCK
+    rb_define_method(cSSLSocket, "initialize", rb_notimplement, -1);
+#else
     rb_define_alloc_func(cSSLSocket, ossl_ssl_s_alloc);
     for(i = 0; i < numberof(ossl_ssl_attr_readers); i++)
         rb_attr(cSSLSocket, rb_intern(ossl_ssl_attr_readers[i]), 1, 0, Qfalse);
@@ -2158,7 +2195,7 @@ Init_ossl_ssl()
     rb_define_method(cSSLSocket, "sysread",    ossl_ssl_read, -1);
     rb_define_private_method(cSSLSocket, "sysread_nonblock",    ossl_ssl_read_nonblock, -1);
     rb_define_method(cSSLSocket, "syswrite",   ossl_ssl_write, 1);
-    rb_define_private_method(cSSLSocket, "syswrite_nonblock",    ossl_ssl_write_nonblock, 1);
+    rb_define_private_method(cSSLSocket, "syswrite_nonblock",    ossl_ssl_write_nonblock, -1);
     rb_define_method(cSSLSocket, "sysclose",   ossl_ssl_close, 0);
     rb_define_method(cSSLSocket, "cert",       ossl_ssl_get_cert, 0);
     rb_define_method(cSSLSocket, "peer_cert",  ossl_ssl_get_peer_cert, 0);
@@ -2172,8 +2209,9 @@ Init_ossl_ssl()
     rb_define_method(cSSLSocket, "session=",    ossl_ssl_set_session, 1);
     rb_define_method(cSSLSocket, "verify_result", ossl_ssl_get_verify_result, 0);
     rb_define_method(cSSLSocket, "client_ca", ossl_ssl_get_client_ca_list, 0);
-#ifdef HAVE_OPENSSL_NPN_NEGOTIATED
+# ifdef HAVE_OPENSSL_NPN_NEGOTIATED
     rb_define_method(cSSLSocket, "npn_protocol", ossl_ssl_npn_protocol, 0);
+# endif
 #endif
 
 #define ossl_ssl_def_const(x) rb_define_const(mSSL, #x, INT2NUM(SSL_##x))
@@ -2230,4 +2268,6 @@ Init_ossl_ssl()
     ossl_ssl_def_const(OP_PKCS1_CHECK_2);
     ossl_ssl_def_const(OP_NETSCAPE_CA_DN_BUG);
     ossl_ssl_def_const(OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+
+    sym_exception = ID2SYM(rb_intern("exception"));
 }

data/ext/rubysl/openssl/ossl_x509attr.c

@@ -165,8 +165,8 @@ ossl_x509attr_get_oid(VALUE self)
 #  define OSSL_X509ATTR_IS_SINGLE(attr)  ((attr)->single)
 #  define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
 #else
-#  define OSSL_X509ATTR_IS_SINGLE(attr)  (!(attr)->set)
-#  define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->set = 0)
+#  define OSSL_X509ATTR_IS_SINGLE(attr)  (!(attr)->value.set)
+#  define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
 #endif
 
 /*

data/ext/rubysl/openssl/ossl_x509cert.c

@@ -66,7 +66,7 @@ ossl_x509_new_from_file(VALUE filename)
     if (!(fp = fopen(RSTRING_PTR(filename), "r"))) {
 	ossl_raise(eX509CertError, "%s", strerror(errno));
     }
-    rb_update_max_fd(fileno(fp));
+    rb_fd_fix_cloexec(fileno(fp));
     x509 = PEM_read_X509(fp, NULL, NULL, NULL);
     /*
      * prepare for DER...
@@ -651,13 +651,13 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
     Check_Type(ary, T_ARRAY);
     /* All ary's members should be X509Extension */
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(rb_ary_entry(ary, i), cX509Ext);
+	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext);
     }
     GetX509(self, x509);
     sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free);
     x509->cert_info->extensions = NULL;
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	ext = DupX509ExtPtr(rb_ary_entry(ary, i));
+	ext = DupX509ExtPtr(RARRAY_PTR(ary)[i]);
 
 	if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
 	    X509_EXTENSION_free(ext);

data/ext/rubysl/openssl/ossl_x509crl.c

@@ -290,13 +290,13 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
     Check_Type(ary, T_ARRAY);
     /* All ary members should be X509 Revoked */
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(rb_ary_entry(ary, i), cX509Rev);
+	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Rev);
     }
     GetX509CRL(self, crl);
     sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free);
     crl->crl->revoked = NULL;
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	rev = DupX509RevokedPtr(rb_ary_entry(ary, i));
+	rev = DupX509RevokedPtr(RARRAY_PTR(ary)[i]);
 	if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
 	    ossl_raise(eX509CRLError, NULL);
 	}
@@ -464,13 +464,13 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
     Check_Type(ary, T_ARRAY);
     /* All ary members should be X509 Extensions */
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(rb_ary_entry(ary, i), cX509Ext);
+	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext);
     }
     GetX509CRL(self, crl);
     sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free);
     crl->crl->extensions = NULL;
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	ext = DupX509ExtPtr(rb_ary_entry(ary, i));
+	ext = DupX509ExtPtr(RARRAY_PTR(ary)[i]);
 	if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */
 	    X509_EXTENSION_free(ext);
 	    ossl_raise(eX509CRLError, NULL);

data/ext/rubysl/openssl/ossl_x509name.c

@@ -92,7 +92,7 @@ static VALUE ossl_x509name_add_entry(int, VALUE*, VALUE);
 #define rb_aref(obj, key) rb_funcall((obj), id_aref, 1, (key))
 
 static VALUE
-ossl_x509name_init_i(VALUE i, VALUE args)
+ossl_x509name_init_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, args))
 {
     VALUE self = rb_ary_entry(args, 0);
     VALUE template = rb_ary_entry(args, 1);

data/ext/rubysl/openssl/ossl_x509req.c

@@ -406,13 +406,13 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
 
     Check_Type(ary, T_ARRAY);
     for (i=0;i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(rb_ary_entry(ary, i), cX509Attr);
+	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Attr);
     }
     GetX509Req(self, req);
     sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
     req->req_info->attributes = NULL;
     for (i=0;i<RARRAY_LEN(ary); i++) {
-	item = rb_ary_entry(ary, i);
+	item = RARRAY_PTR(ary)[i];
 	attr = DupX509AttrPtr(item);
 	if (!X509_REQ_add1_attr(req, attr)) {
 	    ossl_raise(eX509ReqError, NULL);

data/ext/rubysl/openssl/ossl_x509revoked.c

@@ -176,13 +176,13 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
 
     Check_Type(ary, T_ARRAY);
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(rb_ary_entry(ary, i), cX509Ext);
+	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext);
     }
     GetX509Rev(self, rev);
     sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free);
     rev->extensions = NULL;
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	item = rb_ary_entry(ary, i);
+	item = RARRAY_PTR(ary)[i];
 	ext = DupX509ExtPtr(item);
 	if(!X509_REVOKED_add_ext(rev, ext, -1)) {
 	    ossl_raise(eX509RevError, NULL);

data/ext/rubysl/openssl/ossl_x509store.c

@@ -135,9 +135,9 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
     ossl_x509store_set_vfy_cb(self, Qnil);
 
 #if (OPENSSL_VERSION_NUMBER < 0x00907000L)
-    rb_iv_set(self, "@flags", INT2NUM(0));
-    rb_iv_set(self, "@purpose", INT2NUM(0));
-    rb_iv_set(self, "@trust", INT2NUM(0));
+    rb_iv_set(self, "@flags", INT2FIX(0));
+    rb_iv_set(self, "@purpose", INT2FIX(0));
+    rb_iv_set(self, "@trust", INT2FIX(0));
 #endif
 
     /* last verification status */
@@ -257,7 +257,7 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
 
 /*
  * call-seq:
- *   store.set_default_path
+ *   store.set_default_paths
  *
  * Adds the default certificates to the certificate store.  These certificates
  * are loaded from the default configuration directory which can usually be

data/lib/openssl/bn.rb

@@ -28,8 +28,11 @@ end # OpenSSL
 # Add double dispatch to Integer
 #
 class Integer
+  # Casts an Integer as an OpenSSL::BN
+  #
+  # See `man bn` for more info.
   def to_bn
-    OpenSSL::BN::new(self.to_s(16), 16)
+    OpenSSL::BN::new(self)
   end
 end # Integer
 

data/lib/openssl/buffering.rb

@@ -1,23 +1,27 @@
-=begin
-= $RCSfile$ -- Buffering mix-in module.
-
-= Info
-  'OpenSSL for Ruby 2' project
-  Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
-  All rights reserved.
-
-= Licence
-  This program is licenced under the same licence as Ruby.
-  (See the file 'LICENCE'.)
-
-= Version
-  $Id$
-=end
+# coding: binary
+#--
+#= $RCSfile$ -- Buffering mix-in module.
+#
+#= Info
+#  'OpenSSL for Ruby 2' project
+#  Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
+#  All rights reserved.
+#
+#= Licence
+#  This program is licenced under the same licence as Ruby.
+#  (See the file 'LICENCE'.)
+#
+#= Version
+#  $Id$
+#++
 
 ##
 # OpenSSL IO buffering mix-in module.
 #
 # This module allows an OpenSSL::SSL::SSLSocket to behave like an IO.
+#
+# You typically won't use this module directly, you can see it implemented in
+# OpenSSL::SSL::SSLSocket.
 
 module OpenSSL::Buffering
   include Enumerable
@@ -34,7 +38,11 @@ module OpenSSL::Buffering
 
   BLOCK_SIZE = 1024*16
 
-  def initialize(*args)
+  ##
+  # Creates an instance of OpenSSL's buffering IO module.
+
+  def initialize(*)
+    super
     @eof = false
     @rbuffer = ""
     @sync = @io.sync
@@ -161,7 +169,7 @@ module OpenSSL::Buffering
   # when the peer requests a new TLS/SSL handshake.  See openssl the FAQ for
   # more details.  http://www.openssl.org/support/faq.html
 
-  def read_nonblock(maxlen, buf=nil)
+  def read_nonblock(maxlen, buf=nil, exception: true)
     if maxlen == 0
       if buf
         buf.clear
@@ -171,7 +179,7 @@ module OpenSSL::Buffering
       end
     end
     if @rbuffer.empty?
-      return sysread_nonblock(maxlen, buf)
+      return sysread_nonblock(maxlen, buf, exception: exception)
     end
     ret = consume_rbuff(maxlen)
     if buf
@@ -370,9 +378,9 @@ module OpenSSL::Buffering
   # is when the peer requests a new TLS/SSL handshake.  See the openssl FAQ
   # for more details.  http://www.openssl.org/support/faq.html
 
-  def write_nonblock(s)
+  def write_nonblock(s, exception: true)
     flush
-    syswrite_nonblock(s)
+    syswrite_nonblock(s, exception: exception)
   end
 
   ##

data/lib/openssl/cipher.rb

@@ -58,7 +58,7 @@ module OpenSSL
     end
 
     # This class is only provided for backwards compatibility.  Use OpenSSL::Cipher in the future.
-    class Cipher < ::OpenSSL::Cipher
+    class Cipher < Cipher
       # add warning
     end
   end # Cipher