rubysl-openssl 2.1.0 → 2.2.0

data/lib/openssl/config.rb

@@ -13,20 +13,41 @@
 require 'stringio'
 
 module OpenSSL
+  ##
+  # = OpenSSL::Config
+  #
+  # Configuration for the openssl library.
+  #
+  # Many system's installation of openssl library will depend on your system
+  # configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
+  # the location of the file for your host.
+  #
+  # See also http://www.openssl.org/docs/apps/config.html
   class Config
     include Enumerable
 
     class << self
-      def parse(str)
+
+      ##
+      # Parses a given +string+ as a blob that contains configuration for openssl.
+      #
+      # If the source of the IO is a file, then consider using #parse_config.
+      def parse(string)
         c = new()
-        parse_config(StringIO.new(str)).each do |section, hash|
+        parse_config(StringIO.new(string)).each do |section, hash|
           c[section] = hash
         end
         c
       end
 
+      ##
+      # load is an alias to ::new
       alias load new
 
+      ##
+      # Parses the configuration data read from +io+, see also #parse.
+      #
+      # Raises a ConfigError on invalid configuration data.
       def parse_config(io)
         begin
           parse_config_lines(io)
@@ -209,6 +230,18 @@ module OpenSSL
       end
     end
 
+    ##
+    # Creates an instance of OpenSSL's configuration class.
+    #
+    # This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
+    #
+    # If the optional +filename+ parameter is provided, then it is read in and
+    # parsed via #parse_config.
+    #
+    # This can raise IO exceptions based on the access, or availability of the
+    # file. A ConfigError exception may be raised depending on the validity of
+    # the data being configured.
+    #
     def initialize(filename = nil)
       @data = {}
       if filename
@@ -220,6 +253,23 @@ module OpenSSL
       end
     end
 
+    ##
+    # Gets the value of +key+ from the given +section+
+    #
+    # Given the following configurating file being loaded:
+    #
+    #   config = OpenSSL::Config.load('foo.cnf')
+    #     #=> #<OpenSSL::Config sections=["default"]>
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #
+    # You can get a specific value from the config if you know the +section+
+    # and +key+ like so:
+    #
+    #   config.get_value('default','foo')
+    #     #=> "bar"
+    #
     def get_value(section, key)
       if section.nil?
         raise TypeError.new('nil not allowed')
@@ -228,7 +278,12 @@ module OpenSSL
       get_key_string(section, key)
     end
 
-    def value(arg1, arg2 = nil)
+    ##
+    #
+    # *Deprecated*
+    #
+    # Use #get_value instead
+    def value(arg1, arg2 = nil) # :nodoc:
       warn('Config#value is deprecated; use Config#get_value')
       if arg2.nil?
         section, key = 'default', arg1
@@ -240,20 +295,84 @@ module OpenSSL
       get_key_string(section, key)
     end
 
+    ##
+    # Set the target +key+ with a given +value+ under a specific +section+.
+    #
+    # Given the following configurating file being loaded:
+    #
+    #   config = OpenSSL::Config.load('foo.cnf')
+    #     #=> #<OpenSSL::Config sections=["default"]>
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #
+    # You can set the value of +foo+ under the +default+ section to a new
+    # value:
+    #
+    #   config.add_value('default', 'foo', 'buzz')
+    #     #=> "buzz"
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=buzz
+    #
     def add_value(section, key, value)
       check_modify
       (@data[section] ||= {})[key] = value
     end
 
+    ##
+    # Get a specific +section+ from the current configuration
+    #
+    # Given the following configurating file being loaded:
+    #
+    #   config = OpenSSL::Config.load('foo.cnf')
+    #     #=> #<OpenSSL::Config sections=["default"]>
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #
+    # You can get a hash of the specific section like so:
+    #
+    #   config['default']
+    #     #=> {"foo"=>"bar"}
+    #
     def [](section)
       @data[section] || {}
     end
 
-    def section(name)
+    ##
+    # Deprecated
+    #
+    # Use #[] instead
+    def section(name) # :nodoc:
       warn('Config#section is deprecated; use Config#[]')
       @data[name] || {}
     end
 
+    ##
+    # Sets a specific +section+ name with a Hash +pairs+
+    #
+    # Given the following configuration being created:
+    #
+    #   config = OpenSSL::Config.new
+    #     #=> #<OpenSSL::Config sections=[]>
+    #   config['default'] = {"foo"=>"bar","baz"=>"buz"}
+    #     #=> {"foo"=>"bar", "baz"=>"buz"}
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #     #   baz=buz
+    #
+    # It's important to note that this will essentially merge any of the keys
+    # in +pairs+ with the existing +section+. For example:
+    #
+    #   config['default']
+    #     #=> {"foo"=>"bar", "baz"=>"buz"}
+    #   config['default'] = {"foo" => "changed"}
+    #     #=> {"foo"=>"changed"}
+    #   config['default']
+    #     #=> {"foo"=>"changed", "baz"=>"buz"}
+    #
     def []=(section, pairs)
       check_modify
       @data[section] ||= {}
@@ -262,10 +381,38 @@ module OpenSSL
       end
     end
 
+    ##
+    # Get the names of all sections in the current configuration
     def sections
       @data.keys
     end
 
+    ##
+    # Get the parsable form of the current configuration
+    #
+    # Given the following configuration being created:
+    #
+    #   config = OpenSSL::Config.new
+    #     #=> #<OpenSSL::Config sections=[]>
+    #   config['default'] = {"foo"=>"bar","baz"=>"buz"}
+    #     #=> {"foo"=>"bar", "baz"=>"buz"}
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #     #   baz=buz
+    #
+    # You can parse get the serialized configuration using #to_s and then parse
+    # it later:
+    #
+    #   serialized_config = config.to_s
+    #   # much later...
+    #   new_config = OpenSSL::Config.parse(serialized_config)
+    #     #=> #<OpenSSL::Config sections=["default"]>
+    #   puts new_config
+    #     #=> [ default ]
+    #         foo=bar
+    #         baz=buz
+    #
     def to_s
       ary = []
       @data.keys.sort.each do |section|
@@ -278,6 +425,15 @@ module OpenSSL
       ary.join
     end
 
+    ##
+    # For a block.
+    #
+    # Receive the section and its pairs for the current configuration.
+    #
+    #   config.each do |section, key, value|
+    #     # ...
+    #   end
+    #
     def each
       @data.each do |section, hash|
         hash.each do |key, value|
@@ -286,13 +442,16 @@ module OpenSSL
       end
     end
 
+    ##
+    # String representation of this configuration object, including the class
+    # name and its sections.
     def inspect
       "#<#{self.class.name} sections=#{sections.inspect}>"
     end
 
   protected
 
-    def data
+    def data # :nodoc:
       @data
     end
 

data/lib/openssl/digest.rb

@@ -38,31 +38,30 @@ module OpenSSL
     #   OpenSSL::Digest::SHA256.digest("abc")
 
     def self.digest(name, data)
-        super(data, name)
+      super(data, name)
     end
 
     alg.each{|name|
-      klass = Class.new(Digest){
-        define_method(:initialize){|*data|
-          if data.length > 1
-            raise ArgumentError,
-              "wrong number of arguments (#{data.length} for 1)"
-          end
-          super(name, data.first)
-        }
+      klass = Class.new(self) {
+        define_method(:initialize, ->(data = nil) {super(name, data)})
       }
       singleton = (class << klass; self; end)
       singleton.class_eval{
-        define_method(:digest){|data| Digest.digest(name, data) }
-        define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
+        define_method(:digest){|data| new.digest(data) }
+        define_method(:hexdigest){|data| new.hexdigest(data) }
       }
       const_set(name, klass)
     }
 
-    # This class is only provided for backwards compatibility.  Use OpenSSL::Digest in the future.
-    class Digest < ::OpenSSL::Digest
+    # Deprecated.
+    #
+    # This class is only provided for backwards compatibility.
+    class Digest < Digest # :nodoc:
+      # Deprecated.
+      #
+      # See OpenSSL::Digest.new
       def initialize(*args)
-        # add warning
+        warn('Digest::Digest is deprecated; use Digest')
         super(*args)
       end
     end

data/lib/openssl/ssl.rb

@@ -20,19 +20,52 @@ require "fcntl"
 module OpenSSL
   module SSL
     class SSLContext
-      options = OpenSSL::SSL::OP_ALL
-      if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
-        options &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
-      end
-      if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
-        options |= OpenSSL::SSL::OP_NO_COMPRESSION
-      end
-
       DEFAULT_PARAMS = {
         :ssl_version => "SSLv23",
         :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-        :ciphers => "DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:!ADH",
-        :options => options,
+        :ciphers => %w{
+          ECDHE-ECDSA-AES128-GCM-SHA256
+          ECDHE-RSA-AES128-GCM-SHA256
+          ECDHE-ECDSA-AES256-GCM-SHA384
+          ECDHE-RSA-AES256-GCM-SHA384
+          DHE-RSA-AES128-GCM-SHA256
+          DHE-DSS-AES128-GCM-SHA256
+          DHE-RSA-AES256-GCM-SHA384
+          DHE-DSS-AES256-GCM-SHA384
+          ECDHE-ECDSA-AES128-SHA256
+          ECDHE-RSA-AES128-SHA256
+          ECDHE-ECDSA-AES128-SHA
+          ECDHE-RSA-AES128-SHA
+          ECDHE-ECDSA-AES256-SHA384
+          ECDHE-RSA-AES256-SHA384
+          ECDHE-ECDSA-AES256-SHA
+          ECDHE-RSA-AES256-SHA
+          DHE-RSA-AES128-SHA256
+          DHE-RSA-AES256-SHA256
+          DHE-RSA-AES128-SHA
+          DHE-RSA-AES256-SHA
+          DHE-DSS-AES128-SHA256
+          DHE-DSS-AES256-SHA256
+          DHE-DSS-AES128-SHA
+          DHE-DSS-AES256-SHA
+          AES128-GCM-SHA256
+          AES256-GCM-SHA384
+          AES128-SHA256
+          AES256-SHA256
+          AES128-SHA
+          AES256-SHA
+          ECDHE-ECDSA-RC4-SHA
+          ECDHE-RSA-RC4-SHA
+          RC4-SHA
+        }.join(":"),
+        :options => -> {
+          opts = OpenSSL::SSL::OP_ALL
+          opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+          opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+          opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+          opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
+          opts
+        }.call
       }
 
       DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
@@ -154,10 +187,16 @@ module OpenSSL
       end
     end
 
+    ##
+    # SSLServer represents a TCP/IP server socket with Secure Sockets Layer.
     class SSLServer
       include SocketForwarder
+      # When true then #accept works exactly the same as TCPServer#accept
       attr_accessor :start_immediately
 
+      # Creates a new instance of SSLServer.
+      # * +srv+ is an instance of TCPServer.
+      # * +ctx+ is an instance of OpenSSL::SSL::SSLContext.
       def initialize(svr, ctx)
         @svr = svr
         @ctx = ctx
@@ -170,20 +209,27 @@ module OpenSSL
         @start_immediately = true
       end
 
+      # Returns the TCPServer passed to the SSLServer when initialized.
       def to_io
         @svr
       end
 
+      # See TCPServer#listen for details.
       def listen(backlog=5)
         @svr.listen(backlog)
       end
 
+      # See BasicSocket#shutdown for details.
       def shutdown(how=Socket::SHUT_RDWR)
         @svr.shutdown(how)
       end
 
+      # Works similar to TCPServer#accept.
       def accept
-        sock = @svr.accept
+        # Socket#accept returns [socket, addrinfo].
+        # TCPServer#accept returns a socket.
+        # The following comma strips addrinfo.
+        sock, = @svr.accept
         begin
           ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
           ssl.sync_close = true
@@ -195,6 +241,7 @@ module OpenSSL
         end
       end
 
+      # See IO#close for details.
       def close
         @svr.close
       end

data/lib/rubysl/openssl/version.rb

@@ -1,5 +1,5 @@
 module RubySL
   module OpenSSL
-    VERSION = "2.1.0"
+    VERSION = "2.2.0"
   end
 end

metadata

@@ -1,81 +1,68 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: rubysl-openssl
-version: !ruby/object:Gem::Version
-  version: 2.1.0
+version: !ruby/object:Gem::Version 
+  version: 2.2.0
 platform: ruby
-authors:
+authors: 
 - Brian Shirai
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-21 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+
+date: 2014-10-23 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
   name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.3'
-  type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.3'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.3"
   type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rake
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-- !ruby/object:Gem::Dependency
-  name: mspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "10.0"
   type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: mspec
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-- !ruby/object:Gem::Dependency
-  name: rubysl-prettyprint
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.5"
   type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rubysl-prettyprint
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - &id005 !ruby/object:Gem::Version 
+        version: "2.0"
+  type: :development
+  version_requirements: *id004
 description: Ruby standard library OpenSSL.
-email:
+email: 
 - brixen@gmail.com
 executables: []
-extensions:
+
+extensions: 
 - ext/rubysl/openssl/extconf.rb
 extra_rdoc_files: []
-files:
-- ".gitignore"
-- ".travis.yml"
+
+files: 
+- .gitignore
+- .travis.yml
 - Gemfile
 - LICENSE
 - README.md
@@ -157,30 +144,32 @@ files:
 - spec/shared/constants.rb
 - spec/x509/name/parse_spec.rb
 homepage: https://github.com/rubysl/rubysl-openssl
-licenses:
+licenses: 
 - BSD
 metadata: {}
+
 post_install_message: 
 rdoc_options: []
-require_paths:
+
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - "~>"
-    - !ruby/object:Gem::Version
-      version: '2.0'
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ~>
+    - *id005
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
   - - ">="
-    - !ruby/object:Gem::Version
-      version: '0'
+    - !ruby/object:Gem::Version 
+      version: "0"
 requirements: []
+
 rubyforge_project: 
-rubygems_version: 2.2.0
+rubygems_version: 2.4.2
 signing_key: 
 specification_version: 4
 summary: Ruby standard library OpenSSL.
-test_files:
+test_files: 
 - spec/cipher_spec.rb
 - spec/config/freeze_spec.rb
 - spec/hmac/digest_spec.rb