rubysl-openssl 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -13,20 +13,41 @@
13
13
  require 'stringio'
14
14
 
15
15
  module OpenSSL
16
+ ##
17
+ # = OpenSSL::Config
18
+ #
19
+ # Configuration for the openssl library.
20
+ #
21
+ # Many system's installation of openssl library will depend on your system
22
+ # configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
23
+ # the location of the file for your host.
24
+ #
25
+ # See also http://www.openssl.org/docs/apps/config.html
16
26
  class Config
17
27
  include Enumerable
18
28
 
19
29
  class << self
20
- def parse(str)
30
+
31
+ ##
32
+ # Parses a given +string+ as a blob that contains configuration for openssl.
33
+ #
34
+ # If the source of the IO is a file, then consider using #parse_config.
35
+ def parse(string)
21
36
  c = new()
22
- parse_config(StringIO.new(str)).each do |section, hash|
37
+ parse_config(StringIO.new(string)).each do |section, hash|
23
38
  c[section] = hash
24
39
  end
25
40
  c
26
41
  end
27
42
 
43
+ ##
44
+ # load is an alias to ::new
28
45
  alias load new
29
46
 
47
+ ##
48
+ # Parses the configuration data read from +io+, see also #parse.
49
+ #
50
+ # Raises a ConfigError on invalid configuration data.
30
51
  def parse_config(io)
31
52
  begin
32
53
  parse_config_lines(io)
@@ -209,6 +230,18 @@ module OpenSSL
209
230
  end
210
231
  end
211
232
 
233
+ ##
234
+ # Creates an instance of OpenSSL's configuration class.
235
+ #
236
+ # This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
237
+ #
238
+ # If the optional +filename+ parameter is provided, then it is read in and
239
+ # parsed via #parse_config.
240
+ #
241
+ # This can raise IO exceptions based on the access, or availability of the
242
+ # file. A ConfigError exception may be raised depending on the validity of
243
+ # the data being configured.
244
+ #
212
245
  def initialize(filename = nil)
213
246
  @data = {}
214
247
  if filename
@@ -220,6 +253,23 @@ module OpenSSL
220
253
  end
221
254
  end
222
255
 
256
+ ##
257
+ # Gets the value of +key+ from the given +section+
258
+ #
259
+ # Given the following configurating file being loaded:
260
+ #
261
+ # config = OpenSSL::Config.load('foo.cnf')
262
+ # #=> #<OpenSSL::Config sections=["default"]>
263
+ # puts config.to_s
264
+ # #=> [ default ]
265
+ # # foo=bar
266
+ #
267
+ # You can get a specific value from the config if you know the +section+
268
+ # and +key+ like so:
269
+ #
270
+ # config.get_value('default','foo')
271
+ # #=> "bar"
272
+ #
223
273
  def get_value(section, key)
224
274
  if section.nil?
225
275
  raise TypeError.new('nil not allowed')
@@ -228,7 +278,12 @@ module OpenSSL
228
278
  get_key_string(section, key)
229
279
  end
230
280
 
231
- def value(arg1, arg2 = nil)
281
+ ##
282
+ #
283
+ # *Deprecated*
284
+ #
285
+ # Use #get_value instead
286
+ def value(arg1, arg2 = nil) # :nodoc:
232
287
  warn('Config#value is deprecated; use Config#get_value')
233
288
  if arg2.nil?
234
289
  section, key = 'default', arg1
@@ -240,20 +295,84 @@ module OpenSSL
240
295
  get_key_string(section, key)
241
296
  end
242
297
 
298
+ ##
299
+ # Set the target +key+ with a given +value+ under a specific +section+.
300
+ #
301
+ # Given the following configurating file being loaded:
302
+ #
303
+ # config = OpenSSL::Config.load('foo.cnf')
304
+ # #=> #<OpenSSL::Config sections=["default"]>
305
+ # puts config.to_s
306
+ # #=> [ default ]
307
+ # # foo=bar
308
+ #
309
+ # You can set the value of +foo+ under the +default+ section to a new
310
+ # value:
311
+ #
312
+ # config.add_value('default', 'foo', 'buzz')
313
+ # #=> "buzz"
314
+ # puts config.to_s
315
+ # #=> [ default ]
316
+ # # foo=buzz
317
+ #
243
318
  def add_value(section, key, value)
244
319
  check_modify
245
320
  (@data[section] ||= {})[key] = value
246
321
  end
247
322
 
323
+ ##
324
+ # Get a specific +section+ from the current configuration
325
+ #
326
+ # Given the following configurating file being loaded:
327
+ #
328
+ # config = OpenSSL::Config.load('foo.cnf')
329
+ # #=> #<OpenSSL::Config sections=["default"]>
330
+ # puts config.to_s
331
+ # #=> [ default ]
332
+ # # foo=bar
333
+ #
334
+ # You can get a hash of the specific section like so:
335
+ #
336
+ # config['default']
337
+ # #=> {"foo"=>"bar"}
338
+ #
248
339
  def [](section)
249
340
  @data[section] || {}
250
341
  end
251
342
 
252
- def section(name)
343
+ ##
344
+ # Deprecated
345
+ #
346
+ # Use #[] instead
347
+ def section(name) # :nodoc:
253
348
  warn('Config#section is deprecated; use Config#[]')
254
349
  @data[name] || {}
255
350
  end
256
351
 
352
+ ##
353
+ # Sets a specific +section+ name with a Hash +pairs+
354
+ #
355
+ # Given the following configuration being created:
356
+ #
357
+ # config = OpenSSL::Config.new
358
+ # #=> #<OpenSSL::Config sections=[]>
359
+ # config['default'] = {"foo"=>"bar","baz"=>"buz"}
360
+ # #=> {"foo"=>"bar", "baz"=>"buz"}
361
+ # puts config.to_s
362
+ # #=> [ default ]
363
+ # # foo=bar
364
+ # # baz=buz
365
+ #
366
+ # It's important to note that this will essentially merge any of the keys
367
+ # in +pairs+ with the existing +section+. For example:
368
+ #
369
+ # config['default']
370
+ # #=> {"foo"=>"bar", "baz"=>"buz"}
371
+ # config['default'] = {"foo" => "changed"}
372
+ # #=> {"foo"=>"changed"}
373
+ # config['default']
374
+ # #=> {"foo"=>"changed", "baz"=>"buz"}
375
+ #
257
376
  def []=(section, pairs)
258
377
  check_modify
259
378
  @data[section] ||= {}
@@ -262,10 +381,38 @@ module OpenSSL
262
381
  end
263
382
  end
264
383
 
384
+ ##
385
+ # Get the names of all sections in the current configuration
265
386
  def sections
266
387
  @data.keys
267
388
  end
268
389
 
390
+ ##
391
+ # Get the parsable form of the current configuration
392
+ #
393
+ # Given the following configuration being created:
394
+ #
395
+ # config = OpenSSL::Config.new
396
+ # #=> #<OpenSSL::Config sections=[]>
397
+ # config['default'] = {"foo"=>"bar","baz"=>"buz"}
398
+ # #=> {"foo"=>"bar", "baz"=>"buz"}
399
+ # puts config.to_s
400
+ # #=> [ default ]
401
+ # # foo=bar
402
+ # # baz=buz
403
+ #
404
+ # You can parse get the serialized configuration using #to_s and then parse
405
+ # it later:
406
+ #
407
+ # serialized_config = config.to_s
408
+ # # much later...
409
+ # new_config = OpenSSL::Config.parse(serialized_config)
410
+ # #=> #<OpenSSL::Config sections=["default"]>
411
+ # puts new_config
412
+ # #=> [ default ]
413
+ # foo=bar
414
+ # baz=buz
415
+ #
269
416
  def to_s
270
417
  ary = []
271
418
  @data.keys.sort.each do |section|
@@ -278,6 +425,15 @@ module OpenSSL
278
425
  ary.join
279
426
  end
280
427
 
428
+ ##
429
+ # For a block.
430
+ #
431
+ # Receive the section and its pairs for the current configuration.
432
+ #
433
+ # config.each do |section, key, value|
434
+ # # ...
435
+ # end
436
+ #
281
437
  def each
282
438
  @data.each do |section, hash|
283
439
  hash.each do |key, value|
@@ -286,13 +442,16 @@ module OpenSSL
286
442
  end
287
443
  end
288
444
 
445
+ ##
446
+ # String representation of this configuration object, including the class
447
+ # name and its sections.
289
448
  def inspect
290
449
  "#<#{self.class.name} sections=#{sections.inspect}>"
291
450
  end
292
451
 
293
452
  protected
294
453
 
295
- def data
454
+ def data # :nodoc:
296
455
  @data
297
456
  end
298
457
 
@@ -38,31 +38,30 @@ module OpenSSL
38
38
  # OpenSSL::Digest::SHA256.digest("abc")
39
39
 
40
40
  def self.digest(name, data)
41
- super(data, name)
41
+ super(data, name)
42
42
  end
43
43
 
44
44
  alg.each{|name|
45
- klass = Class.new(Digest){
46
- define_method(:initialize){|*data|
47
- if data.length > 1
48
- raise ArgumentError,
49
- "wrong number of arguments (#{data.length} for 1)"
50
- end
51
- super(name, data.first)
52
- }
45
+ klass = Class.new(self) {
46
+ define_method(:initialize, ->(data = nil) {super(name, data)})
53
47
  }
54
48
  singleton = (class << klass; self; end)
55
49
  singleton.class_eval{
56
- define_method(:digest){|data| Digest.digest(name, data) }
57
- define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
50
+ define_method(:digest){|data| new.digest(data) }
51
+ define_method(:hexdigest){|data| new.hexdigest(data) }
58
52
  }
59
53
  const_set(name, klass)
60
54
  }
61
55
 
62
- # This class is only provided for backwards compatibility. Use OpenSSL::Digest in the future.
63
- class Digest < ::OpenSSL::Digest
56
+ # Deprecated.
57
+ #
58
+ # This class is only provided for backwards compatibility.
59
+ class Digest < Digest # :nodoc:
60
+ # Deprecated.
61
+ #
62
+ # See OpenSSL::Digest.new
64
63
  def initialize(*args)
65
- # add warning
64
+ warn('Digest::Digest is deprecated; use Digest')
66
65
  super(*args)
67
66
  end
68
67
  end
data/lib/openssl/ssl.rb CHANGED
@@ -20,19 +20,52 @@ require "fcntl"
20
20
  module OpenSSL
21
21
  module SSL
22
22
  class SSLContext
23
- options = OpenSSL::SSL::OP_ALL
24
- if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
25
- options &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
26
- end
27
- if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
28
- options |= OpenSSL::SSL::OP_NO_COMPRESSION
29
- end
30
-
31
23
  DEFAULT_PARAMS = {
32
24
  :ssl_version => "SSLv23",
33
25
  :verify_mode => OpenSSL::SSL::VERIFY_PEER,
34
- :ciphers => "DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:!ADH",
35
- :options => options,
26
+ :ciphers => %w{
27
+ ECDHE-ECDSA-AES128-GCM-SHA256
28
+ ECDHE-RSA-AES128-GCM-SHA256
29
+ ECDHE-ECDSA-AES256-GCM-SHA384
30
+ ECDHE-RSA-AES256-GCM-SHA384
31
+ DHE-RSA-AES128-GCM-SHA256
32
+ DHE-DSS-AES128-GCM-SHA256
33
+ DHE-RSA-AES256-GCM-SHA384
34
+ DHE-DSS-AES256-GCM-SHA384
35
+ ECDHE-ECDSA-AES128-SHA256
36
+ ECDHE-RSA-AES128-SHA256
37
+ ECDHE-ECDSA-AES128-SHA
38
+ ECDHE-RSA-AES128-SHA
39
+ ECDHE-ECDSA-AES256-SHA384
40
+ ECDHE-RSA-AES256-SHA384
41
+ ECDHE-ECDSA-AES256-SHA
42
+ ECDHE-RSA-AES256-SHA
43
+ DHE-RSA-AES128-SHA256
44
+ DHE-RSA-AES256-SHA256
45
+ DHE-RSA-AES128-SHA
46
+ DHE-RSA-AES256-SHA
47
+ DHE-DSS-AES128-SHA256
48
+ DHE-DSS-AES256-SHA256
49
+ DHE-DSS-AES128-SHA
50
+ DHE-DSS-AES256-SHA
51
+ AES128-GCM-SHA256
52
+ AES256-GCM-SHA384
53
+ AES128-SHA256
54
+ AES256-SHA256
55
+ AES128-SHA
56
+ AES256-SHA
57
+ ECDHE-ECDSA-RC4-SHA
58
+ ECDHE-RSA-RC4-SHA
59
+ RC4-SHA
60
+ }.join(":"),
61
+ :options => -> {
62
+ opts = OpenSSL::SSL::OP_ALL
63
+ opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
64
+ opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
65
+ opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
66
+ opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
67
+ opts
68
+ }.call
36
69
  }
37
70
 
38
71
  DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
@@ -154,10 +187,16 @@ module OpenSSL
154
187
  end
155
188
  end
156
189
 
190
+ ##
191
+ # SSLServer represents a TCP/IP server socket with Secure Sockets Layer.
157
192
  class SSLServer
158
193
  include SocketForwarder
194
+ # When true then #accept works exactly the same as TCPServer#accept
159
195
  attr_accessor :start_immediately
160
196
 
197
+ # Creates a new instance of SSLServer.
198
+ # * +srv+ is an instance of TCPServer.
199
+ # * +ctx+ is an instance of OpenSSL::SSL::SSLContext.
161
200
  def initialize(svr, ctx)
162
201
  @svr = svr
163
202
  @ctx = ctx
@@ -170,20 +209,27 @@ module OpenSSL
170
209
  @start_immediately = true
171
210
  end
172
211
 
212
+ # Returns the TCPServer passed to the SSLServer when initialized.
173
213
  def to_io
174
214
  @svr
175
215
  end
176
216
 
217
+ # See TCPServer#listen for details.
177
218
  def listen(backlog=5)
178
219
  @svr.listen(backlog)
179
220
  end
180
221
 
222
+ # See BasicSocket#shutdown for details.
181
223
  def shutdown(how=Socket::SHUT_RDWR)
182
224
  @svr.shutdown(how)
183
225
  end
184
226
 
227
+ # Works similar to TCPServer#accept.
185
228
  def accept
186
- sock = @svr.accept
229
+ # Socket#accept returns [socket, addrinfo].
230
+ # TCPServer#accept returns a socket.
231
+ # The following comma strips addrinfo.
232
+ sock, = @svr.accept
187
233
  begin
188
234
  ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
189
235
  ssl.sync_close = true
@@ -195,6 +241,7 @@ module OpenSSL
195
241
  end
196
242
  end
197
243
 
244
+ # See IO#close for details.
198
245
  def close
199
246
  @svr.close
200
247
  end
@@ -1,5 +1,5 @@
1
1
  module RubySL
2
2
  module OpenSSL
3
- VERSION = "2.1.0"
3
+ VERSION = "2.2.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,81 +1,68 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: rubysl-openssl
3
- version: !ruby/object:Gem::Version
4
- version: 2.1.0
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.2.0
5
5
  platform: ruby
6
- authors:
6
+ authors:
7
7
  - Brian Shirai
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-01-21 00:00:00.000000000 Z
12
- dependencies:
13
- - !ruby/object:Gem::Dependency
11
+
12
+ date: 2014-10-23 00:00:00 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
14
15
  name: bundler
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '1.3'
20
- type: :development
21
16
  prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '1.3'
27
- - !ruby/object:Gem::Dependency
28
- name: rake
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - "~>"
32
- - !ruby/object:Gem::Version
33
- version: '10.0'
17
+ requirement: &id001 !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: "1.3"
34
22
  type: :development
23
+ version_requirements: *id001
24
+ - !ruby/object:Gem::Dependency
25
+ name: rake
35
26
  prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - "~>"
39
- - !ruby/object:Gem::Version
40
- version: '10.0'
41
- - !ruby/object:Gem::Dependency
42
- name: mspec
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - "~>"
46
- - !ruby/object:Gem::Version
47
- version: '1.5'
27
+ requirement: &id002 !ruby/object:Gem::Requirement
28
+ requirements:
29
+ - - ~>
30
+ - !ruby/object:Gem::Version
31
+ version: "10.0"
48
32
  type: :development
33
+ version_requirements: *id002
34
+ - !ruby/object:Gem::Dependency
35
+ name: mspec
49
36
  prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - "~>"
53
- - !ruby/object:Gem::Version
54
- version: '1.5'
55
- - !ruby/object:Gem::Dependency
56
- name: rubysl-prettyprint
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - "~>"
60
- - !ruby/object:Gem::Version
61
- version: '2.0'
37
+ requirement: &id003 !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ~>
40
+ - !ruby/object:Gem::Version
41
+ version: "1.5"
62
42
  type: :development
43
+ version_requirements: *id003
44
+ - !ruby/object:Gem::Dependency
45
+ name: rubysl-prettyprint
63
46
  prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - "~>"
67
- - !ruby/object:Gem::Version
68
- version: '2.0'
47
+ requirement: &id004 !ruby/object:Gem::Requirement
48
+ requirements:
49
+ - - ~>
50
+ - &id005 !ruby/object:Gem::Version
51
+ version: "2.0"
52
+ type: :development
53
+ version_requirements: *id004
69
54
  description: Ruby standard library OpenSSL.
70
- email:
55
+ email:
71
56
  - brixen@gmail.com
72
57
  executables: []
73
- extensions:
58
+
59
+ extensions:
74
60
  - ext/rubysl/openssl/extconf.rb
75
61
  extra_rdoc_files: []
76
- files:
77
- - ".gitignore"
78
- - ".travis.yml"
62
+
63
+ files:
64
+ - .gitignore
65
+ - .travis.yml
79
66
  - Gemfile
80
67
  - LICENSE
81
68
  - README.md
@@ -157,30 +144,32 @@ files:
157
144
  - spec/shared/constants.rb
158
145
  - spec/x509/name/parse_spec.rb
159
146
  homepage: https://github.com/rubysl/rubysl-openssl
160
- licenses:
147
+ licenses:
161
148
  - BSD
162
149
  metadata: {}
150
+
163
151
  post_install_message:
164
152
  rdoc_options: []
165
- require_paths:
153
+
154
+ require_paths:
166
155
  - lib
167
- required_ruby_version: !ruby/object:Gem::Requirement
168
- requirements:
169
- - - "~>"
170
- - !ruby/object:Gem::Version
171
- version: '2.0'
172
- required_rubygems_version: !ruby/object:Gem::Requirement
173
- requirements:
156
+ required_ruby_version: !ruby/object:Gem::Requirement
157
+ requirements:
158
+ - - ~>
159
+ - *id005
160
+ required_rubygems_version: !ruby/object:Gem::Requirement
161
+ requirements:
174
162
  - - ">="
175
- - !ruby/object:Gem::Version
176
- version: '0'
163
+ - !ruby/object:Gem::Version
164
+ version: "0"
177
165
  requirements: []
166
+
178
167
  rubyforge_project:
179
- rubygems_version: 2.2.0
168
+ rubygems_version: 2.4.2
180
169
  signing_key:
181
170
  specification_version: 4
182
171
  summary: Ruby standard library OpenSSL.
183
- test_files:
172
+ test_files:
184
173
  - spec/cipher_spec.rb
185
174
  - spec/config/freeze_spec.rb
186
175
  - spec/hmac/digest_spec.rb