rubysl-openssl 2.2.1 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +4 -4
- data/MRI_LICENSE +56 -0
- data/ext/rubysl/openssl/openssl_missing.c +1 -1
- data/ext/rubysl/openssl/openssl_missing.h +1 -1
- data/ext/rubysl/openssl/ossl.c +17 -16
- data/ext/rubysl/openssl/ossl.h +7 -7
- data/ext/rubysl/openssl/ossl_asn1.c +5 -5
- data/ext/rubysl/openssl/ossl_asn1.h +1 -1
- data/ext/rubysl/openssl/ossl_bio.c +2 -2
- data/ext/rubysl/openssl/ossl_bio.h +1 -1
- data/ext/rubysl/openssl/ossl_bn.c +37 -13
- data/ext/rubysl/openssl/ossl_bn.h +1 -1
- data/ext/rubysl/openssl/ossl_cipher.c +64 -17
- data/ext/rubysl/openssl/ossl_cipher.h +1 -1
- data/ext/rubysl/openssl/ossl_config.c +3 -3
- data/ext/rubysl/openssl/ossl_config.h +1 -1
- data/ext/rubysl/openssl/ossl_digest.c +19 -7
- data/ext/rubysl/openssl/ossl_digest.h +1 -1
- data/ext/rubysl/openssl/ossl_engine.c +24 -17
- data/ext/rubysl/openssl/ossl_engine.h +1 -1
- data/ext/rubysl/openssl/ossl_hmac.c +15 -7
- data/ext/rubysl/openssl/ossl_hmac.h +1 -1
- data/ext/rubysl/openssl/ossl_ns_spki.c +19 -4
- data/ext/rubysl/openssl/ossl_ns_spki.h +1 -1
- data/ext/rubysl/openssl/ossl_ocsp.c +518 -60
- data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
- data/ext/rubysl/openssl/ossl_pkcs12.c +18 -4
- data/ext/rubysl/openssl/ossl_pkcs12.h +1 -1
- data/ext/rubysl/openssl/ossl_pkcs5.c +1 -1
- data/ext/rubysl/openssl/ossl_pkcs7.c +59 -15
- data/ext/rubysl/openssl/ossl_pkcs7.h +1 -1
- data/ext/rubysl/openssl/ossl_pkey.c +16 -2
- data/ext/rubysl/openssl/ossl_pkey.h +4 -3
- data/ext/rubysl/openssl/ossl_pkey_dh.c +3 -3
- data/ext/rubysl/openssl/ossl_pkey_dsa.c +3 -3
- data/ext/rubysl/openssl/ossl_pkey_ec.c +32 -12
- data/ext/rubysl/openssl/ossl_pkey_rsa.c +3 -3
- data/ext/rubysl/openssl/ossl_rand.c +58 -34
- data/ext/rubysl/openssl/ossl_rand.h +1 -1
- data/ext/rubysl/openssl/ossl_ssl.c +75 -46
- data/ext/rubysl/openssl/ossl_ssl.h +8 -2
- data/ext/rubysl/openssl/ossl_ssl_session.c +16 -15
- data/ext/rubysl/openssl/ossl_version.h +1 -1
- data/ext/rubysl/openssl/ossl_x509.c +2 -2
- data/ext/rubysl/openssl/ossl_x509.h +1 -1
- data/ext/rubysl/openssl/ossl_x509attr.c +18 -4
- data/ext/rubysl/openssl/ossl_x509cert.c +27 -33
- data/ext/rubysl/openssl/ossl_x509crl.c +18 -4
- data/ext/rubysl/openssl/ossl_x509ext.c +29 -7
- data/ext/rubysl/openssl/ossl_x509name.c +22 -7
- data/ext/rubysl/openssl/ossl_x509req.c +18 -4
- data/ext/rubysl/openssl/ossl_x509revoked.c +18 -4
- data/ext/rubysl/openssl/ossl_x509store.c +33 -8
- data/ext/rubysl/openssl/ruby_missing.h +1 -1
- data/lib/openssl/bn.rb +8 -1
- data/lib/openssl/buffering.rb +1 -1
- data/lib/openssl/cipher.rb +1 -1
- data/lib/openssl/digest.rb +1 -1
- data/lib/openssl/ssl.rb +65 -7
- data/lib/openssl/x509.rb +22 -2
- data/lib/rubysl/openssl.rb +1 -1
- data/lib/rubysl/openssl/version.rb +1 -1
- metadata +4 -3
@@ -1,5 +1,5 @@
|
|
1
1
|
/*
|
2
|
-
* $Id$
|
2
|
+
* $Id: ossl_pkey_rsa.c 47744 2014-09-30 05:25:32Z nobu $
|
3
3
|
* 'OpenSSL for Ruby' project
|
4
4
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
5
|
* All rights reserved.
|
@@ -626,7 +626,7 @@ OSSL_PKEY_BN(rsa, iqmp)
|
|
626
626
|
#define DefRSAConst(x) rb_define_const(cRSA, #x,INT2FIX(RSA_##x))
|
627
627
|
|
628
628
|
void
|
629
|
-
Init_ossl_rsa()
|
629
|
+
Init_ossl_rsa(void)
|
630
630
|
{
|
631
631
|
#if 0
|
632
632
|
mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL and mPKey */
|
@@ -694,7 +694,7 @@ Init_ossl_rsa()
|
|
694
694
|
|
695
695
|
#else /* defined NO_RSA */
|
696
696
|
void
|
697
|
-
Init_ossl_rsa()
|
697
|
+
Init_ossl_rsa(void)
|
698
698
|
{
|
699
699
|
}
|
700
700
|
#endif /* NO_RSA */
|
@@ -1,37 +1,23 @@
|
|
1
1
|
/*
|
2
|
-
* $Id$
|
2
|
+
* $Id: ossl_rand.c 47782 2014-10-04 00:01:07Z zzak $
|
3
3
|
* 'OpenSSL for Ruby' project
|
4
4
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
|
+
*
|
5
6
|
* All rights reserved.
|
6
|
-
|
7
|
-
/*
|
7
|
+
*
|
8
8
|
* This program is licenced under the same licence as Ruby.
|
9
9
|
* (See the file 'LICENCE'.)
|
10
10
|
*/
|
11
11
|
#include "ossl.h"
|
12
12
|
|
13
|
-
/*
|
14
|
-
* Classes
|
15
|
-
*/
|
16
13
|
VALUE mRandom;
|
17
14
|
VALUE eRandomError;
|
18
15
|
|
19
|
-
/*
|
20
|
-
* Struct
|
21
|
-
*/
|
22
|
-
|
23
|
-
/*
|
24
|
-
* Public
|
25
|
-
*/
|
26
|
-
|
27
|
-
/*
|
28
|
-
* Private
|
29
|
-
*/
|
30
|
-
|
31
16
|
/*
|
32
17
|
* call-seq:
|
33
18
|
* seed(str) -> str
|
34
19
|
*
|
20
|
+
* ::seed is equivalent to ::add where +entropy+ is length of +str+.
|
35
21
|
*/
|
36
22
|
static VALUE
|
37
23
|
ossl_rand_seed(VALUE self, VALUE str)
|
@@ -46,6 +32,23 @@ ossl_rand_seed(VALUE self, VALUE str)
|
|
46
32
|
* call-seq:
|
47
33
|
* add(str, entropy) -> self
|
48
34
|
*
|
35
|
+
* Mixes the bytes from +str+ into the Pseudo Random Number Generator(PRNG)
|
36
|
+
* state.
|
37
|
+
*
|
38
|
+
* Thus, if the data from +str+ are unpredictable to an adversary, this
|
39
|
+
* increases the uncertainty about the state and makes the PRNG output less
|
40
|
+
* predictable.
|
41
|
+
*
|
42
|
+
* The +entropy+ argument is (the lower bound of) an estimate of how much
|
43
|
+
* randomness is contained in +str+, measured in bytes.
|
44
|
+
*
|
45
|
+
* Example:
|
46
|
+
*
|
47
|
+
* pid = $$
|
48
|
+
* now = Time.now
|
49
|
+
* ary = [now.to_i, now.nsec, 1000, pid]
|
50
|
+
* OpenSSL::Random.add(ary.join("").to_s, 0.0)
|
51
|
+
* OpenSSL::Random.seed(ary.join("").to_s)
|
49
52
|
*/
|
50
53
|
static VALUE
|
51
54
|
ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
|
@@ -60,6 +63,7 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
|
|
60
63
|
* call-seq:
|
61
64
|
* load_random_file(filename) -> true
|
62
65
|
*
|
66
|
+
* Reads bytes from +filename+ and adds them to the PRNG.
|
63
67
|
*/
|
64
68
|
static VALUE
|
65
69
|
ossl_rand_load_file(VALUE self, VALUE filename)
|
@@ -76,6 +80,9 @@ ossl_rand_load_file(VALUE self, VALUE filename)
|
|
76
80
|
* call-seq:
|
77
81
|
* write_random_file(filename) -> true
|
78
82
|
*
|
83
|
+
* Writes a number of random generated bytes (currently 1024) to +filename+
|
84
|
+
* which can be used to initialize the PRNG by calling ::load_random_file in a
|
85
|
+
* later session.
|
79
86
|
*/
|
80
87
|
static VALUE
|
81
88
|
ossl_rand_write_file(VALUE self, VALUE filename)
|
@@ -89,8 +96,15 @@ ossl_rand_write_file(VALUE self, VALUE filename)
|
|
89
96
|
|
90
97
|
/*
|
91
98
|
* call-seq:
|
92
|
-
*
|
99
|
+
* random_bytes(length) -> string
|
100
|
+
*
|
101
|
+
* Generates +string+ with +length+ number of cryptographically strong
|
102
|
+
* pseudo-random bytes.
|
93
103
|
*
|
104
|
+
* Example:
|
105
|
+
*
|
106
|
+
* OpenSSL::Random.random_bytes(12)
|
107
|
+
* => "..."
|
94
108
|
*/
|
95
109
|
static VALUE
|
96
110
|
ossl_rand_bytes(VALUE self, VALUE len)
|
@@ -108,8 +122,17 @@ ossl_rand_bytes(VALUE self, VALUE len)
|
|
108
122
|
|
109
123
|
/*
|
110
124
|
* call-seq:
|
111
|
-
*
|
125
|
+
* pseudo_bytes(length) -> string
|
126
|
+
*
|
127
|
+
* Generates +string+ with +length+ number of pseudo-random bytes.
|
128
|
+
*
|
129
|
+
* Pseudo-random byte sequences generated by ::pseudo_bytes will be unique if
|
130
|
+
* they are of sufficient length, but are not necessarily unpredictable.
|
112
131
|
*
|
132
|
+
* Example:
|
133
|
+
*
|
134
|
+
* OpenSSL::Random.pseudo_bytes(12)
|
135
|
+
* => "..."
|
113
136
|
*/
|
114
137
|
static VALUE
|
115
138
|
ossl_rand_pseudo_bytes(VALUE self, VALUE len)
|
@@ -129,6 +152,7 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len)
|
|
129
152
|
* call-seq:
|
130
153
|
* egd(filename) -> true
|
131
154
|
*
|
155
|
+
* Same as ::egd_bytes but queries 255 bytes by default.
|
132
156
|
*/
|
133
157
|
static VALUE
|
134
158
|
ossl_rand_egd(VALUE self, VALUE filename)
|
@@ -145,6 +169,10 @@ ossl_rand_egd(VALUE self, VALUE filename)
|
|
145
169
|
* call-seq:
|
146
170
|
* egd_bytes(filename, length) -> true
|
147
171
|
*
|
172
|
+
* Queries the entropy gathering daemon EGD on socket path given by +filename+.
|
173
|
+
*
|
174
|
+
* Fetches +length+ number of bytes and uses ::add to seed the OpenSSL built-in
|
175
|
+
* PRNG.
|
148
176
|
*/
|
149
177
|
static VALUE
|
150
178
|
ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
|
@@ -171,15 +199,11 @@ ossl_rand_status(VALUE self)
|
|
171
199
|
return RAND_status() ? Qtrue : Qfalse;
|
172
200
|
}
|
173
201
|
|
174
|
-
#define DEFMETH(class, name, func, argc) \
|
175
|
-
rb_define_method((class), (name), (func), (argc)); \
|
176
|
-
rb_define_singleton_method((class), (name), (func), (argc));
|
177
|
-
|
178
202
|
/*
|
179
203
|
* INIT
|
180
204
|
*/
|
181
205
|
void
|
182
|
-
Init_ossl_rand()
|
206
|
+
Init_ossl_rand(void)
|
183
207
|
{
|
184
208
|
#if 0
|
185
209
|
mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
|
@@ -189,14 +213,14 @@ Init_ossl_rand()
|
|
189
213
|
|
190
214
|
eRandomError = rb_define_class_under(mRandom, "RandomError", eOSSLError);
|
191
215
|
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
216
|
+
rb_define_module_function(mRandom, "seed", ossl_rand_seed, 1);
|
217
|
+
rb_define_module_function(mRandom, "random_add", ossl_rand_add, 2);
|
218
|
+
rb_define_module_function(mRandom, "load_random_file", ossl_rand_load_file, 1);
|
219
|
+
rb_define_module_function(mRandom, "write_random_file", ossl_rand_write_file, 1);
|
220
|
+
rb_define_module_function(mRandom, "random_bytes", ossl_rand_bytes, 1);
|
221
|
+
rb_define_module_function(mRandom, "pseudo_bytes", ossl_rand_pseudo_bytes, 1);
|
222
|
+
rb_define_module_function(mRandom, "egd", ossl_rand_egd, 1);
|
223
|
+
rb_define_module_function(mRandom, "egd_bytes", ossl_rand_egd_bytes, 2);
|
224
|
+
rb_define_module_function(mRandom, "status?", ossl_rand_status, 0);
|
201
225
|
}
|
202
226
|
|
@@ -1,5 +1,5 @@
|
|
1
1
|
/*
|
2
|
-
* $Id$
|
2
|
+
* $Id: ossl_ssl.c 48801 2014-12-12 21:58:34Z nobu $
|
3
3
|
* 'OpenSSL for Ruby' project
|
4
4
|
* Copyright (C) 2000-2002 GOTOU Yuuzou <gotoyuzo@notwork.org>
|
5
5
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
@@ -24,6 +24,10 @@
|
|
24
24
|
# define TO_SOCKET(s) (s)
|
25
25
|
#endif
|
26
26
|
|
27
|
+
#define GetSSLCTX(obj, ctx) do { \
|
28
|
+
TypedData_Get_Struct((obj), SSL_CTX, &ossl_sslctx_type, (ctx)); \
|
29
|
+
} while (0)
|
30
|
+
|
27
31
|
VALUE mSSL;
|
28
32
|
VALUE eSSLError;
|
29
33
|
VALUE cSSLContext;
|
@@ -108,7 +112,7 @@ static VALUE sym_exception;
|
|
108
112
|
/*
|
109
113
|
* SSLContext class
|
110
114
|
*/
|
111
|
-
struct {
|
115
|
+
static const struct {
|
112
116
|
const char *name;
|
113
117
|
SSL_METHOD *(*func)(void);
|
114
118
|
} ossl_ssl_method_tab[] = {
|
@@ -150,13 +154,22 @@ int ossl_ssl_ex_client_cert_cb_idx;
|
|
150
154
|
int ossl_ssl_ex_tmp_dh_callback_idx;
|
151
155
|
|
152
156
|
static void
|
153
|
-
ossl_sslctx_free(
|
157
|
+
ossl_sslctx_free(void *ptr)
|
154
158
|
{
|
159
|
+
SSL_CTX *ctx = ptr;
|
155
160
|
if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1)
|
156
161
|
ctx->cert_store = NULL;
|
157
162
|
SSL_CTX_free(ctx);
|
158
163
|
}
|
159
164
|
|
165
|
+
static const rb_data_type_t ossl_sslctx_type = {
|
166
|
+
"OpenSSL/SSL/CTX",
|
167
|
+
{
|
168
|
+
0, ossl_sslctx_free,
|
169
|
+
},
|
170
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
171
|
+
};
|
172
|
+
|
160
173
|
static VALUE
|
161
174
|
ossl_sslctx_s_alloc(VALUE klass)
|
162
175
|
{
|
@@ -172,7 +185,7 @@ ossl_sslctx_s_alloc(VALUE klass)
|
|
172
185
|
ossl_raise(eSSLError, "SSL_CTX_new");
|
173
186
|
}
|
174
187
|
SSL_CTX_set_mode(ctx, mode);
|
175
|
-
return
|
188
|
+
return TypedData_Wrap_Struct(klass, &ossl_sslctx_type, ctx);
|
176
189
|
}
|
177
190
|
|
178
191
|
/*
|
@@ -190,7 +203,7 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
|
|
190
203
|
int i;
|
191
204
|
|
192
205
|
SSL_CTX *ctx;
|
193
|
-
if(
|
206
|
+
if (RB_TYPE_P(ssl_method, T_SYMBOL))
|
194
207
|
s = rb_id2name(SYM2ID(ssl_method));
|
195
208
|
else
|
196
209
|
s = StringValuePtr(ssl_method);
|
@@ -203,7 +216,7 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
|
|
203
216
|
if (!method) {
|
204
217
|
ossl_raise(rb_eArgError, "unknown SSL method `%s'.", s);
|
205
218
|
}
|
206
|
-
|
219
|
+
GetSSLCTX(self, ctx);
|
207
220
|
if (SSL_CTX_set_ssl_version(ctx, method) != 1) {
|
208
221
|
ossl_raise(eSSLError, "SSL_CTX_set_ssl_version");
|
209
222
|
}
|
@@ -244,7 +257,7 @@ ossl_call_client_cert_cb(VALUE obj)
|
|
244
257
|
VALUE cb, ary, cert, key;
|
245
258
|
SSL *ssl;
|
246
259
|
|
247
|
-
|
260
|
+
GetSSL(obj, ssl);
|
248
261
|
cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_client_cert_cb_idx);
|
249
262
|
if (NIL_P(cb)) return Qfalse;
|
250
263
|
ary = rb_funcall(cb, rb_intern("call"), 1, obj);
|
@@ -280,7 +293,7 @@ ossl_call_tmp_dh_callback(VALUE *args)
|
|
280
293
|
VALUE cb, dh;
|
281
294
|
EVP_PKEY *pkey;
|
282
295
|
|
283
|
-
|
296
|
+
GetSSL(args[0], ssl);
|
284
297
|
cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_tmp_dh_callback_idx);
|
285
298
|
if (NIL_P(cb)) return Qfalse;
|
286
299
|
dh = rb_funcall(cb, rb_intern("call"), 3, args[0], args[1], args[2]);
|
@@ -482,7 +495,7 @@ ossl_sslctx_add_extra_chain_cert_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, arg))
|
|
482
495
|
X509 *x509;
|
483
496
|
SSL_CTX *ctx;
|
484
497
|
|
485
|
-
|
498
|
+
GetSSLCTX(arg, ctx);
|
486
499
|
x509 = DupX509CertPtr(i);
|
487
500
|
if(!SSL_CTX_add_extra_chain_cert(ctx, x509)){
|
488
501
|
ossl_raise(eSSLError, NULL);
|
@@ -513,8 +526,8 @@ ossl_call_servername_cb(VALUE ary)
|
|
513
526
|
SSL_CTX *ctx2;
|
514
527
|
|
515
528
|
ossl_sslctx_setup(ret_obj);
|
516
|
-
|
517
|
-
|
529
|
+
GetSSL(ssl_obj, ssl);
|
530
|
+
GetSSLCTX(ret_obj, ctx2);
|
518
531
|
SSL_set_SSL_CTX(ssl, ctx2);
|
519
532
|
} else if (!NIL_P(ret_obj)) {
|
520
533
|
ossl_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil");
|
@@ -665,7 +678,7 @@ ossl_sslctx_setup(VALUE self)
|
|
665
678
|
VALUE val;
|
666
679
|
|
667
680
|
if(OBJ_FROZEN(self)) return Qnil;
|
668
|
-
|
681
|
+
GetSSLCTX(self, ctx);
|
669
682
|
|
670
683
|
#if !defined(OPENSSL_NO_DH)
|
671
684
|
if (RTEST(ossl_sslctx_get_tmp_dh_cb(self))){
|
@@ -716,7 +729,7 @@ ossl_sslctx_setup(VALUE self)
|
|
716
729
|
|
717
730
|
val = ossl_sslctx_get_client_ca(self);
|
718
731
|
if(!NIL_P(val)){
|
719
|
-
if(
|
732
|
+
if (RB_TYPE_P(val, T_ARRAY)) {
|
720
733
|
for(i = 0; i < RARRAY_LEN(val); i++){
|
721
734
|
client_ca = GetX509CertPtr(RARRAY_PTR(val)[i]);
|
722
735
|
if (!SSL_CTX_add_client_CA(ctx, client_ca)){
|
@@ -841,7 +854,7 @@ ossl_sslctx_get_ciphers(VALUE self)
|
|
841
854
|
VALUE ary;
|
842
855
|
int i, num;
|
843
856
|
|
844
|
-
|
857
|
+
GetSSLCTX(self, ctx);
|
845
858
|
if(!ctx){
|
846
859
|
rb_warning("SSL_CTX is not initialized.");
|
847
860
|
return Qnil;
|
@@ -882,11 +895,11 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
|
|
882
895
|
rb_check_frozen(self);
|
883
896
|
if (NIL_P(v))
|
884
897
|
return v;
|
885
|
-
else if (
|
898
|
+
else if (RB_TYPE_P(v, T_ARRAY)) {
|
886
899
|
str = rb_str_new(0, 0);
|
887
900
|
for (i = 0; i < RARRAY_LEN(v); i++) {
|
888
901
|
elem = rb_ary_entry(v, i);
|
889
|
-
if (
|
902
|
+
if (RB_TYPE_P(elem, T_ARRAY)) elem = rb_ary_entry(elem, 0);
|
890
903
|
elem = rb_String(elem);
|
891
904
|
rb_str_append(str, elem);
|
892
905
|
if (i < RARRAY_LEN(v)-1) rb_str_cat2(str, ":");
|
@@ -896,7 +909,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
|
|
896
909
|
StringValue(str);
|
897
910
|
}
|
898
911
|
|
899
|
-
|
912
|
+
GetSSLCTX(self, ctx);
|
900
913
|
if(!ctx){
|
901
914
|
ossl_raise(eSSLError, "SSL_CTX is not initialized.");
|
902
915
|
return Qnil;
|
@@ -920,7 +933,7 @@ ossl_sslctx_session_add(VALUE self, VALUE arg)
|
|
920
933
|
SSL_CTX *ctx;
|
921
934
|
SSL_SESSION *sess;
|
922
935
|
|
923
|
-
|
936
|
+
GetSSLCTX(self, ctx);
|
924
937
|
SafeGetSSLSession(arg, sess);
|
925
938
|
|
926
939
|
return SSL_CTX_add_session(ctx, sess) == 1 ? Qtrue : Qfalse;
|
@@ -938,7 +951,7 @@ ossl_sslctx_session_remove(VALUE self, VALUE arg)
|
|
938
951
|
SSL_CTX *ctx;
|
939
952
|
SSL_SESSION *sess;
|
940
953
|
|
941
|
-
|
954
|
+
GetSSLCTX(self, ctx);
|
942
955
|
SafeGetSSLSession(arg, sess);
|
943
956
|
|
944
957
|
return SSL_CTX_remove_session(ctx, sess) == 1 ? Qtrue : Qfalse;
|
@@ -955,7 +968,7 @@ ossl_sslctx_get_session_cache_mode(VALUE self)
|
|
955
968
|
{
|
956
969
|
SSL_CTX *ctx;
|
957
970
|
|
958
|
-
|
971
|
+
GetSSLCTX(self, ctx);
|
959
972
|
|
960
973
|
return LONG2NUM(SSL_CTX_get_session_cache_mode(ctx));
|
961
974
|
}
|
@@ -973,7 +986,7 @@ ossl_sslctx_set_session_cache_mode(VALUE self, VALUE arg)
|
|
973
986
|
{
|
974
987
|
SSL_CTX *ctx;
|
975
988
|
|
976
|
-
|
989
|
+
GetSSLCTX(self, ctx);
|
977
990
|
|
978
991
|
SSL_CTX_set_session_cache_mode(ctx, NUM2LONG(arg));
|
979
992
|
|
@@ -992,7 +1005,7 @@ ossl_sslctx_get_session_cache_size(VALUE self)
|
|
992
1005
|
{
|
993
1006
|
SSL_CTX *ctx;
|
994
1007
|
|
995
|
-
|
1008
|
+
GetSSLCTX(self, ctx);
|
996
1009
|
|
997
1010
|
return LONG2NUM(SSL_CTX_sess_get_cache_size(ctx));
|
998
1011
|
}
|
@@ -1009,7 +1022,7 @@ ossl_sslctx_set_session_cache_size(VALUE self, VALUE arg)
|
|
1009
1022
|
{
|
1010
1023
|
SSL_CTX *ctx;
|
1011
1024
|
|
1012
|
-
|
1025
|
+
GetSSLCTX(self, ctx);
|
1013
1026
|
|
1014
1027
|
SSL_CTX_sess_set_cache_size(ctx, NUM2LONG(arg));
|
1015
1028
|
|
@@ -1044,7 +1057,7 @@ ossl_sslctx_get_session_cache_stats(VALUE self)
|
|
1044
1057
|
SSL_CTX *ctx;
|
1045
1058
|
VALUE hash;
|
1046
1059
|
|
1047
|
-
|
1060
|
+
GetSSLCTX(self, ctx);
|
1048
1061
|
|
1049
1062
|
hash = rb_hash_new();
|
1050
1063
|
rb_hash_aset(hash, ID2SYM(rb_intern("cache_num")), LONG2NUM(SSL_CTX_sess_number(ctx)));
|
@@ -1079,7 +1092,7 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self)
|
|
1079
1092
|
|
1080
1093
|
rb_scan_args(argc, argv, "01", &arg1);
|
1081
1094
|
|
1082
|
-
|
1095
|
+
GetSSLCTX(self, ctx);
|
1083
1096
|
|
1084
1097
|
if (NIL_P(arg1)) {
|
1085
1098
|
tm = time(0);
|
@@ -1111,7 +1124,7 @@ ossl_ssl_shutdown(SSL *ssl)
|
|
1111
1124
|
* Ignore the case SSL_shutdown returns -1. Empty handshake_func
|
1112
1125
|
* must not happen.
|
1113
1126
|
*/
|
1114
|
-
if (
|
1127
|
+
if (rc = SSL_shutdown(ssl))
|
1115
1128
|
break;
|
1116
1129
|
}
|
1117
1130
|
SSL_clear(ssl);
|
@@ -1120,15 +1133,23 @@ ossl_ssl_shutdown(SSL *ssl)
|
|
1120
1133
|
}
|
1121
1134
|
|
1122
1135
|
static void
|
1123
|
-
ossl_ssl_free(
|
1136
|
+
ossl_ssl_free(void *ssl)
|
1124
1137
|
{
|
1125
1138
|
SSL_free(ssl);
|
1126
1139
|
}
|
1127
1140
|
|
1141
|
+
const rb_data_type_t ossl_ssl_type = {
|
1142
|
+
"OpenSSL/SSL",
|
1143
|
+
{
|
1144
|
+
0, ossl_ssl_free,
|
1145
|
+
},
|
1146
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
1147
|
+
};
|
1148
|
+
|
1128
1149
|
static VALUE
|
1129
1150
|
ossl_ssl_s_alloc(VALUE klass)
|
1130
1151
|
{
|
1131
|
-
return
|
1152
|
+
return TypedData_Wrap_Struct(klass, &ossl_ssl_type, NULL);
|
1132
1153
|
}
|
1133
1154
|
|
1134
1155
|
/*
|
@@ -1177,14 +1198,14 @@ ossl_ssl_setup(VALUE self)
|
|
1177
1198
|
SSL *ssl;
|
1178
1199
|
rb_io_t *fptr;
|
1179
1200
|
|
1180
|
-
|
1201
|
+
GetSSL(self, ssl);
|
1181
1202
|
if(!ssl){
|
1182
1203
|
#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
|
1183
1204
|
VALUE hostname = rb_iv_get(self, "@hostname");
|
1184
1205
|
#endif
|
1185
1206
|
|
1186
1207
|
v_ctx = ossl_ssl_get_ctx(self);
|
1187
|
-
|
1208
|
+
GetSSLCTX(v_ctx, ctx);
|
1188
1209
|
|
1189
1210
|
ssl = SSL_new(ctx);
|
1190
1211
|
if (!ssl) {
|
@@ -1224,7 +1245,7 @@ ossl_ssl_setup(VALUE self)
|
|
1224
1245
|
|
1225
1246
|
#define ossl_ssl_data_get_struct(v, ssl) \
|
1226
1247
|
do { \
|
1227
|
-
|
1248
|
+
GetSSL((v), (ssl)); \
|
1228
1249
|
if (!(ssl)) { \
|
1229
1250
|
rb_warning("SSL session is not started yet."); \
|
1230
1251
|
return Qnil; \
|
@@ -1394,7 +1415,7 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
|
|
1394
1415
|
}
|
1395
1416
|
if(ilen == 0) return str;
|
1396
1417
|
|
1397
|
-
|
1418
|
+
GetSSL(self, ssl);
|
1398
1419
|
GetOpenFile(ossl_ssl_get_io(self), fptr);
|
1399
1420
|
if (ssl) {
|
1400
1421
|
if(!nonblock && SSL_pending(ssl) <= 0)
|
@@ -1431,7 +1452,11 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
|
|
1431
1452
|
else {
|
1432
1453
|
ID meth = nonblock ? rb_intern("read_nonblock") : rb_intern("sysread");
|
1433
1454
|
rb_warning("SSL session is not started yet.");
|
1434
|
-
|
1455
|
+
if (nonblock) {
|
1456
|
+
return rb_funcall(ossl_ssl_get_io(self), meth, 3, len, str, opts);
|
1457
|
+
} else {
|
1458
|
+
return rb_funcall(ossl_ssl_get_io(self), meth, 2, len, str);
|
1459
|
+
}
|
1435
1460
|
}
|
1436
1461
|
|
1437
1462
|
end:
|
@@ -1482,7 +1507,7 @@ ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock, int no_exception)
|
|
1482
1507
|
rb_io_t *fptr;
|
1483
1508
|
|
1484
1509
|
StringValue(str);
|
1485
|
-
|
1510
|
+
GetSSL(self, ssl);
|
1486
1511
|
GetOpenFile(ossl_ssl_get_io(self), fptr);
|
1487
1512
|
|
1488
1513
|
if (ssl) {
|
@@ -1562,18 +1587,22 @@ static VALUE
|
|
1562
1587
|
ossl_ssl_close(VALUE self)
|
1563
1588
|
{
|
1564
1589
|
SSL *ssl;
|
1590
|
+
VALUE io;
|
1565
1591
|
|
1566
|
-
ossl_ssl_data_get_struct(
|
1592
|
+
/* ossl_ssl_data_get_struct() is not usable here because it may return
|
1593
|
+
* from this function; */
|
1567
1594
|
|
1568
|
-
|
1569
|
-
|
1570
|
-
|
1571
|
-
|
1572
|
-
|
1573
|
-
|
1574
|
-
|
1575
|
-
|
1576
|
-
|
1595
|
+
GetSSL(self, ssl);
|
1596
|
+
|
1597
|
+
io = ossl_ssl_get_io(self);
|
1598
|
+
if (!RTEST(rb_funcall(io, rb_intern("closed?"), 0))) {
|
1599
|
+
if (ssl) {
|
1600
|
+
ossl_ssl_shutdown(ssl);
|
1601
|
+
SSL_free(ssl);
|
1602
|
+
}
|
1603
|
+
DATA_PTR(self) = NULL;
|
1604
|
+
if (RTEST(ossl_ssl_get_sync_close(self)))
|
1605
|
+
rb_funcall(io, rb_intern("close"), 0);
|
1577
1606
|
}
|
1578
1607
|
|
1579
1608
|
return Qnil;
|
@@ -1850,7 +1879,7 @@ ossl_ssl_npn_protocol(VALUE self)
|
|
1850
1879
|
#endif /* !defined(OPENSSL_NO_SOCK) */
|
1851
1880
|
|
1852
1881
|
void
|
1853
|
-
Init_ossl_ssl()
|
1882
|
+
Init_ossl_ssl(void)
|
1854
1883
|
{
|
1855
1884
|
int i;
|
1856
1885
|
VALUE ary;
|
@@ -2019,7 +2048,7 @@ Init_ossl_ssl()
|
|
2019
2048
|
rb_attr(cSSLContext, rb_intern("session_get_cb"), 1, 1, Qfalse);
|
2020
2049
|
|
2021
2050
|
/*
|
2022
|
-
* A callback invoked when a new session was
|
2051
|
+
* A callback invoked when a new session was negotiated.
|
2023
2052
|
*
|
2024
2053
|
* The callback is invoked with an SSLSocket. If false is returned the
|
2025
2054
|
* session will be removed from the internal cache.
|