rubysl-openssl 2.4.0 → 2.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/rubysl/openssl/deprecation.rb +1 -0
- data/ext/rubysl/openssl/extconf.rb +6 -8
- data/ext/rubysl/openssl/openssl_missing.c +1 -3
- data/ext/rubysl/openssl/openssl_missing.h +1 -3
- data/ext/rubysl/openssl/ossl.c +15 -3
- data/ext/rubysl/openssl/ossl.h +5 -4
- data/ext/rubysl/openssl/ossl_asn1.c +19 -13
- data/ext/rubysl/openssl/ossl_asn1.h +1 -2
- data/ext/rubysl/openssl/ossl_bio.c +1 -2
- data/ext/rubysl/openssl/ossl_bio.h +1 -3
- data/ext/rubysl/openssl/ossl_bn.c +227 -90
- data/ext/rubysl/openssl/ossl_bn.h +1 -3
- data/ext/rubysl/openssl/ossl_cipher.c +5 -11
- data/ext/rubysl/openssl/ossl_cipher.h +1 -3
- data/ext/rubysl/openssl/ossl_config.c +1 -2
- data/ext/rubysl/openssl/ossl_config.h +1 -3
- data/ext/rubysl/openssl/ossl_digest.c +6 -7
- data/ext/rubysl/openssl/ossl_digest.h +1 -3
- data/ext/rubysl/openssl/ossl_engine.c +11 -7
- data/ext/rubysl/openssl/ossl_engine.h +1 -2
- data/ext/rubysl/openssl/ossl_hmac.c +1 -2
- data/ext/rubysl/openssl/ossl_hmac.h +1 -2
- data/ext/rubysl/openssl/ossl_ns_spki.c +7 -6
- data/ext/rubysl/openssl/ossl_ns_spki.h +1 -3
- data/ext/rubysl/openssl/ossl_ocsp.c +39 -25
- data/ext/rubysl/openssl/ossl_ocsp.h +1 -2
- data/ext/rubysl/openssl/ossl_pkcs12.c +10 -6
- data/ext/rubysl/openssl/ossl_pkcs12.h +1 -3
- data/ext/rubysl/openssl/ossl_pkcs5.c +0 -1
- data/ext/rubysl/openssl/ossl_pkcs7.c +29 -16
- data/ext/rubysl/openssl/ossl_pkcs7.h +1 -3
- data/ext/rubysl/openssl/ossl_pkey.c +10 -8
- data/ext/rubysl/openssl/ossl_pkey.h +5 -6
- data/ext/rubysl/openssl/ossl_pkey_dh.c +5 -74
- data/ext/rubysl/openssl/ossl_pkey_dsa.c +7 -6
- data/ext/rubysl/openssl/ossl_pkey_ec.c +4 -2
- data/ext/rubysl/openssl/ossl_pkey_rsa.c +5 -5
- data/ext/rubysl/openssl/ossl_rand.c +13 -5
- data/ext/rubysl/openssl/ossl_rand.h +1 -3
- data/ext/rubysl/openssl/ossl_ssl.c +334 -265
- data/ext/rubysl/openssl/ossl_ssl.h +1 -5
- data/ext/rubysl/openssl/ossl_ssl_session.c +5 -1
- data/ext/rubysl/openssl/ossl_version.h +1 -2
- data/ext/rubysl/openssl/ossl_x509.c +1 -3
- data/ext/rubysl/openssl/ossl_x509.h +1 -2
- data/ext/rubysl/openssl/ossl_x509attr.c +9 -6
- data/ext/rubysl/openssl/ossl_x509cert.c +14 -12
- data/ext/rubysl/openssl/ossl_x509crl.c +15 -13
- data/ext/rubysl/openssl/ossl_x509ext.c +13 -8
- data/ext/rubysl/openssl/ossl_x509name.c +9 -6
- data/ext/rubysl/openssl/ossl_x509req.c +12 -10
- data/ext/rubysl/openssl/ossl_x509revoked.c +12 -10
- data/ext/rubysl/openssl/ossl_x509store.c +17 -10
- data/ext/rubysl/openssl/ruby_missing.h +1 -2
- data/lib/openssl/bn.rb +2 -8
- data/lib/openssl/buffering.rb +3 -7
- data/lib/openssl/cipher.rb +3 -9
- data/lib/openssl/config.rb +2 -1
- data/lib/openssl/digest.rb +3 -10
- data/lib/openssl/pkey.rb +37 -0
- data/lib/openssl/ssl.rb +128 -17
- data/lib/openssl/x509.rb +2 -8
- data/lib/rubysl/openssl.rb +4 -7
- data/lib/rubysl/openssl/version.rb +1 -1
- metadata +12 -11
@@ -1,20 +1,21 @@
|
|
1
1
|
/*
|
2
|
-
* $Id: ossl_x509req.c 48815 2014-12-12 23:59:28Z nobu $
|
3
2
|
* 'OpenSSL for Ruby' project
|
4
3
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
4
|
* All rights reserved.
|
6
5
|
*/
|
7
6
|
/*
|
8
|
-
* This program is
|
7
|
+
* This program is licensed under the same licence as Ruby.
|
9
8
|
* (See the file 'LICENCE'.)
|
10
9
|
*/
|
11
10
|
#include "ossl.h"
|
12
11
|
|
13
|
-
#define
|
12
|
+
#define NewX509Req(klass) \
|
13
|
+
TypedData_Wrap_Struct((klass), &ossl_x509req_type, 0)
|
14
|
+
#define SetX509Req(obj, req) do { \
|
14
15
|
if (!(req)) { \
|
15
16
|
ossl_raise(rb_eRuntimeError, "Req wasn't initialized!"); \
|
16
17
|
} \
|
17
|
-
(obj) =
|
18
|
+
RTYPEDDATA_DATA(obj) = (req); \
|
18
19
|
} while (0)
|
19
20
|
#define GetX509Req(obj, req) do { \
|
20
21
|
TypedData_Get_Struct((obj), X509_REQ, &ossl_x509req_type, (req)); \
|
@@ -56,6 +57,7 @@ ossl_x509req_new(X509_REQ *req)
|
|
56
57
|
X509_REQ *new;
|
57
58
|
VALUE obj;
|
58
59
|
|
60
|
+
obj = NewX509Req(cX509Req);
|
59
61
|
if (!req) {
|
60
62
|
new = X509_REQ_new();
|
61
63
|
} else {
|
@@ -64,7 +66,7 @@ ossl_x509req_new(X509_REQ *req)
|
|
64
66
|
if (!new) {
|
65
67
|
ossl_raise(eX509ReqError, NULL);
|
66
68
|
}
|
67
|
-
|
69
|
+
SetX509Req(obj, new);
|
68
70
|
|
69
71
|
return obj;
|
70
72
|
}
|
@@ -101,10 +103,11 @@ ossl_x509req_alloc(VALUE klass)
|
|
101
103
|
X509_REQ *req;
|
102
104
|
VALUE obj;
|
103
105
|
|
106
|
+
obj = NewX509Req(klass);
|
104
107
|
if (!(req = X509_REQ_new())) {
|
105
108
|
ossl_raise(eX509ReqError, NULL);
|
106
109
|
}
|
107
|
-
|
110
|
+
SetX509Req(obj, req);
|
108
111
|
|
109
112
|
return obj;
|
110
113
|
}
|
@@ -415,18 +418,18 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
|
|
415
418
|
{
|
416
419
|
X509_REQ *req;
|
417
420
|
X509_ATTRIBUTE *attr;
|
418
|
-
|
421
|
+
long i;
|
419
422
|
VALUE item;
|
420
423
|
|
421
424
|
Check_Type(ary, T_ARRAY);
|
422
425
|
for (i=0;i<RARRAY_LEN(ary); i++) {
|
423
|
-
OSSL_Check_Kind(
|
426
|
+
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
|
424
427
|
}
|
425
428
|
GetX509Req(self, req);
|
426
429
|
sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
|
427
430
|
req->req_info->attributes = NULL;
|
428
431
|
for (i=0;i<RARRAY_LEN(ary); i++) {
|
429
|
-
item =
|
432
|
+
item = RARRAY_AREF(ary, i);
|
430
433
|
attr = DupX509AttrPtr(item);
|
431
434
|
if (!X509_REQ_add1_attr(req, attr)) {
|
432
435
|
ossl_raise(eX509ReqError, NULL);
|
@@ -479,4 +482,3 @@ Init_ossl_x509req(void)
|
|
479
482
|
rb_define_method(cX509Req, "attributes=", ossl_x509req_set_attributes, 1);
|
480
483
|
rb_define_method(cX509Req, "add_attribute", ossl_x509req_add_attribute, 1);
|
481
484
|
}
|
482
|
-
|
@@ -1,20 +1,21 @@
|
|
1
1
|
/*
|
2
|
-
* $Id: ossl_x509revoked.c 48816 2014-12-12 23:59:36Z nobu $
|
3
2
|
* 'OpenSSL for Ruby' project
|
4
3
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
4
|
* All rights reserved.
|
6
5
|
*/
|
7
6
|
/*
|
8
|
-
* This program is
|
7
|
+
* This program is licensed under the same licence as Ruby.
|
9
8
|
* (See the file 'LICENCE'.)
|
10
9
|
*/
|
11
10
|
#include "ossl.h"
|
12
11
|
|
13
|
-
#define
|
12
|
+
#define NewX509Rev(klass) \
|
13
|
+
TypedData_Wrap_Struct((klass), &ossl_x509rev_type, 0)
|
14
|
+
#define SetX509Rev(obj, rev) do { \
|
14
15
|
if (!(rev)) { \
|
15
16
|
ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \
|
16
17
|
} \
|
17
|
-
(obj) =
|
18
|
+
RTYPEDDATA_DATA(obj) = (rev); \
|
18
19
|
} while (0)
|
19
20
|
#define GetX509Rev(obj, rev) do { \
|
20
21
|
TypedData_Get_Struct((obj), X509_REVOKED, &ossl_x509rev_type, (rev)); \
|
@@ -56,6 +57,7 @@ ossl_x509revoked_new(X509_REVOKED *rev)
|
|
56
57
|
X509_REVOKED *new;
|
57
58
|
VALUE obj;
|
58
59
|
|
60
|
+
obj = NewX509Rev(cX509Rev);
|
59
61
|
if (!rev) {
|
60
62
|
new = X509_REVOKED_new();
|
61
63
|
} else {
|
@@ -64,7 +66,7 @@ ossl_x509revoked_new(X509_REVOKED *rev)
|
|
64
66
|
if (!new) {
|
65
67
|
ossl_raise(eX509RevError, NULL);
|
66
68
|
}
|
67
|
-
|
69
|
+
SetX509Rev(obj, new);
|
68
70
|
|
69
71
|
return obj;
|
70
72
|
}
|
@@ -91,10 +93,11 @@ ossl_x509revoked_alloc(VALUE klass)
|
|
91
93
|
X509_REVOKED *rev;
|
92
94
|
VALUE obj;
|
93
95
|
|
96
|
+
obj = NewX509Rev(klass);
|
94
97
|
if (!(rev = X509_REVOKED_new())) {
|
95
98
|
ossl_raise(eX509RevError, NULL);
|
96
99
|
}
|
97
|
-
|
100
|
+
SetX509Rev(obj, rev);
|
98
101
|
|
99
102
|
return obj;
|
100
103
|
}
|
@@ -185,18 +188,18 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
|
|
185
188
|
{
|
186
189
|
X509_REVOKED *rev;
|
187
190
|
X509_EXTENSION *ext;
|
188
|
-
|
191
|
+
long i;
|
189
192
|
VALUE item;
|
190
193
|
|
191
194
|
Check_Type(ary, T_ARRAY);
|
192
195
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
193
|
-
OSSL_Check_Kind(
|
196
|
+
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
|
194
197
|
}
|
195
198
|
GetX509Rev(self, rev);
|
196
199
|
sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free);
|
197
200
|
rev->extensions = NULL;
|
198
201
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
199
|
-
item =
|
202
|
+
item = RARRAY_AREF(ary, i);
|
200
203
|
ext = DupX509ExtPtr(item);
|
201
204
|
if(!X509_REVOKED_add_ext(rev, ext, -1)) {
|
202
205
|
ossl_raise(eX509RevError, NULL);
|
@@ -240,4 +243,3 @@ Init_ossl_x509revoked(void)
|
|
240
243
|
rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1);
|
241
244
|
rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1);
|
242
245
|
}
|
243
|
-
|
@@ -1,20 +1,21 @@
|
|
1
1
|
/*
|
2
|
-
* $Id: ossl_x509store.c 48818 2014-12-13 00:06:54Z nobu $
|
3
2
|
* 'OpenSSL for Ruby' project
|
4
3
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
4
|
* All rights reserved.
|
6
5
|
*/
|
7
6
|
/*
|
8
|
-
* This program is
|
7
|
+
* This program is licensed under the same licence as Ruby.
|
9
8
|
* (See the file 'LICENCE'.)
|
10
9
|
*/
|
11
10
|
#include "ossl.h"
|
12
11
|
|
13
|
-
#define
|
12
|
+
#define NewX509Store(klass) \
|
13
|
+
TypedData_Wrap_Struct((klass), &ossl_x509store_type, 0)
|
14
|
+
#define SetX509Store(obj, st) do { \
|
14
15
|
if (!(st)) { \
|
15
16
|
ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
|
16
17
|
} \
|
17
|
-
(obj) =
|
18
|
+
RTYPEDDATA_DATA(obj) = (st); \
|
18
19
|
} while (0)
|
19
20
|
#define GetX509Store(obj, st) do { \
|
20
21
|
TypedData_Get_Struct((obj), X509_STORE, &ossl_x509store_type, (st)); \
|
@@ -27,11 +28,13 @@
|
|
27
28
|
GetX509Store((obj), (st)); \
|
28
29
|
} while (0)
|
29
30
|
|
30
|
-
#define
|
31
|
+
#define NewX509StCtx(klass) \
|
32
|
+
TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, 0)
|
33
|
+
#define SetX509StCtx(obj, ctx) do { \
|
31
34
|
if (!(ctx)) { \
|
32
35
|
ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
|
33
36
|
} \
|
34
|
-
(obj) =
|
37
|
+
RTYPEDDATA_DATA(obj) = (ctx); \
|
35
38
|
} while (0)
|
36
39
|
#define GetX509StCtx(obj, ctx) do { \
|
37
40
|
TypedData_Get_Struct((obj), X509_STORE_CTX, &ossl_x509stctx_type, (ctx)); \
|
@@ -73,7 +76,8 @@ ossl_x509store_new(X509_STORE *store)
|
|
73
76
|
{
|
74
77
|
VALUE obj;
|
75
78
|
|
76
|
-
|
79
|
+
obj = NewX509Store(cX509Store);
|
80
|
+
SetX509Store(obj, store);
|
77
81
|
|
78
82
|
return obj;
|
79
83
|
}
|
@@ -108,10 +112,11 @@ ossl_x509store_alloc(VALUE klass)
|
|
108
112
|
X509_STORE *store;
|
109
113
|
VALUE obj;
|
110
114
|
|
115
|
+
obj = NewX509Store(klass);
|
111
116
|
if((store = X509_STORE_new()) == NULL){
|
112
117
|
ossl_raise(eX509StoreError, NULL);
|
113
118
|
}
|
114
|
-
|
119
|
+
SetX509Store(obj, store);
|
115
120
|
|
116
121
|
return obj;
|
117
122
|
}
|
@@ -373,7 +378,8 @@ ossl_x509stctx_new(X509_STORE_CTX *ctx)
|
|
373
378
|
{
|
374
379
|
VALUE obj;
|
375
380
|
|
376
|
-
|
381
|
+
obj = NewX509StCtx(cX509StoreContext);
|
382
|
+
SetX509StCtx(obj, ctx);
|
377
383
|
|
378
384
|
return obj;
|
379
385
|
}
|
@@ -407,10 +413,11 @@ ossl_x509stctx_alloc(VALUE klass)
|
|
407
413
|
X509_STORE_CTX *ctx;
|
408
414
|
VALUE obj;
|
409
415
|
|
416
|
+
obj = NewX509StCtx(klass);
|
410
417
|
if((ctx = X509_STORE_CTX_new()) == NULL){
|
411
418
|
ossl_raise(eX509StoreError, NULL);
|
412
419
|
}
|
413
|
-
|
420
|
+
SetX509StCtx(obj, ctx);
|
414
421
|
|
415
422
|
return obj;
|
416
423
|
}
|
@@ -1,11 +1,10 @@
|
|
1
1
|
/*
|
2
|
-
* $Id: ruby_missing.h 33843 2011-11-26 01:49:36Z emboss $
|
3
2
|
* 'OpenSSL for Ruby' project
|
4
3
|
* Copyright (C) 2001-2003 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
4
|
* All rights reserved.
|
6
5
|
*/
|
7
6
|
/*
|
8
|
-
* This program is
|
7
|
+
* This program is licensed under the same licence as Ruby.
|
9
8
|
* (See the file 'LICENCE'.)
|
10
9
|
*/
|
11
10
|
#if !defined(_OSSL_RUBY_MISSING_H_)
|
data/lib/openssl/bn.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
#--
|
2
3
|
#
|
3
|
-
# $RCSfile$
|
4
|
-
#
|
5
4
|
# = Ruby-space definitions that completes C-space funcs for BN
|
6
5
|
#
|
7
6
|
# = Info
|
@@ -10,12 +9,8 @@
|
|
10
9
|
# All rights reserved.
|
11
10
|
#
|
12
11
|
# = Licence
|
13
|
-
# This program is
|
12
|
+
# This program is licensed under the same licence as Ruby.
|
14
13
|
# (See the file 'LICENCE'.)
|
15
|
-
#
|
16
|
-
# = Version
|
17
|
-
# $Id: bn.rb 47647 2014-09-20 01:17:05Z akr $
|
18
|
-
#
|
19
14
|
#++
|
20
15
|
|
21
16
|
module OpenSSL
|
@@ -42,4 +37,3 @@ class Integer
|
|
42
37
|
OpenSSL::BN::new(self)
|
43
38
|
end
|
44
39
|
end # Integer
|
45
|
-
|
data/lib/openssl/buffering.rb
CHANGED
@@ -1,18 +1,14 @@
|
|
1
1
|
# coding: binary
|
2
|
+
# frozen_string_literal: false
|
2
3
|
#--
|
3
|
-
#= $RCSfile$ -- Buffering mix-in module.
|
4
|
-
#
|
5
4
|
#= Info
|
6
5
|
# 'OpenSSL for Ruby 2' project
|
7
6
|
# Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
|
8
7
|
# All rights reserved.
|
9
8
|
#
|
10
9
|
#= Licence
|
11
|
-
# This program is
|
10
|
+
# This program is licensed under the same licence as Ruby.
|
12
11
|
# (See the file 'LICENCE'.)
|
13
|
-
#
|
14
|
-
#= Version
|
15
|
-
# $Id: buffering.rb 43964 2013-12-03 01:44:41Z drbrain $
|
16
12
|
#++
|
17
13
|
|
18
14
|
##
|
@@ -213,7 +209,7 @@ module OpenSSL::Buffering
|
|
213
209
|
else
|
214
210
|
size = idx ? idx+eol.size : nil
|
215
211
|
end
|
216
|
-
if limit
|
212
|
+
if size && limit && limit >= 0
|
217
213
|
size = [size, limit].min
|
218
214
|
end
|
219
215
|
consume_rbuff(size)
|
data/lib/openssl/cipher.rb
CHANGED
@@ -1,7 +1,5 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
#--
|
2
|
-
#
|
3
|
-
# $RCSfile$
|
4
|
-
#
|
5
3
|
# = Ruby-space predefined Cipher subclasses
|
6
4
|
#
|
7
5
|
# = Info
|
@@ -10,12 +8,8 @@
|
|
10
8
|
# All rights reserved.
|
11
9
|
#
|
12
10
|
# = Licence
|
13
|
-
# This program is
|
11
|
+
# This program is licensed under the same licence as Ruby.
|
14
12
|
# (See the file 'LICENCE'.)
|
15
|
-
#
|
16
|
-
# = Version
|
17
|
-
# $Id: cipher.rb 36895 2012-09-04 00:57:31Z nobu $
|
18
|
-
#
|
19
13
|
#++
|
20
14
|
|
21
15
|
module OpenSSL
|
@@ -58,7 +52,7 @@ module OpenSSL
|
|
58
52
|
end
|
59
53
|
|
60
54
|
# This class is only provided for backwards compatibility. Use OpenSSL::Cipher in the future.
|
61
|
-
class Cipher <
|
55
|
+
class Cipher < Cipher
|
62
56
|
# add warning
|
63
57
|
end
|
64
58
|
end # Cipher
|
data/lib/openssl/config.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
=begin
|
2
3
|
= Ruby-space definitions that completes C-space funcs for Config
|
3
4
|
|
@@ -5,7 +6,7 @@
|
|
5
6
|
Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
|
6
7
|
|
7
8
|
= Licence
|
8
|
-
This program is
|
9
|
+
This program is licensed under the same licence as Ruby.
|
9
10
|
(See the file 'LICENCE'.)
|
10
11
|
|
11
12
|
=end
|
data/lib/openssl/digest.rb
CHANGED
@@ -1,7 +1,5 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
#--
|
2
|
-
#
|
3
|
-
# $RCSfile$
|
4
|
-
#
|
5
3
|
# = Ruby-space predefined Digest subclasses
|
6
4
|
#
|
7
5
|
# = Info
|
@@ -10,12 +8,8 @@
|
|
10
8
|
# All rights reserved.
|
11
9
|
#
|
12
10
|
# = Licence
|
13
|
-
# This program is
|
11
|
+
# This program is licensed under the same licence as Ruby.
|
14
12
|
# (See the file 'LICENCE'.)
|
15
|
-
#
|
16
|
-
# = Version
|
17
|
-
# $Id: digest.rb 44116 2013-12-10 07:16:03Z nobu $
|
18
|
-
#
|
19
13
|
#++
|
20
14
|
|
21
15
|
module OpenSSL
|
@@ -56,7 +50,7 @@ module OpenSSL
|
|
56
50
|
# Deprecated.
|
57
51
|
#
|
58
52
|
# This class is only provided for backwards compatibility.
|
59
|
-
class Digest <
|
53
|
+
class Digest < Digest # :nodoc:
|
60
54
|
# Deprecated.
|
61
55
|
#
|
62
56
|
# See OpenSSL::Digest.new
|
@@ -85,4 +79,3 @@ module OpenSSL
|
|
85
79
|
module_function :Digest
|
86
80
|
|
87
81
|
end # OpenSSL
|
88
|
-
|
data/lib/openssl/pkey.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
# frozen_string_literal: false
|
2
|
+
module OpenSSL
|
3
|
+
module PKey
|
4
|
+
if defined?(OpenSSL::PKey::DH)
|
5
|
+
|
6
|
+
class DH
|
7
|
+
DEFAULT_512 = new <<-_end_of_pem_
|
8
|
+
-----BEGIN DH PARAMETERS-----
|
9
|
+
MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
|
10
|
+
zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
|
11
|
+
-----END DH PARAMETERS-----
|
12
|
+
_end_of_pem_
|
13
|
+
|
14
|
+
DEFAULT_1024 = new <<-_end_of_pem_
|
15
|
+
-----BEGIN DH PARAMETERS-----
|
16
|
+
MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
|
17
|
+
AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR
|
18
|
+
T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
|
19
|
+
-----END DH PARAMETERS-----
|
20
|
+
_end_of_pem_
|
21
|
+
end
|
22
|
+
|
23
|
+
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
|
24
|
+
warn "using default DH parameters." if $VERBOSE
|
25
|
+
case keylen
|
26
|
+
when 512 then OpenSSL::PKey::DH::DEFAULT_512
|
27
|
+
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
|
28
|
+
else
|
29
|
+
nil
|
30
|
+
end
|
31
|
+
}
|
32
|
+
|
33
|
+
else
|
34
|
+
DEFAULT_TMP_DH_CALLBACK = nil
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
data/lib/openssl/ssl.rb
CHANGED
@@ -1,21 +1,17 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
=begin
|
2
|
-
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
|
3
|
-
|
4
3
|
= Info
|
5
4
|
'OpenSSL for Ruby 2' project
|
6
5
|
Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
|
7
6
|
All rights reserved.
|
8
7
|
|
9
8
|
= Licence
|
10
|
-
This program is
|
9
|
+
This program is licensed under the same licence as Ruby.
|
11
10
|
(See the file 'LICENCE'.)
|
12
|
-
|
13
|
-
= Version
|
14
|
-
$Id: ssl.rb 50293 2015-04-13 13:13:01Z nagachika $
|
15
11
|
=end
|
16
12
|
|
17
13
|
require "openssl/buffering"
|
18
|
-
require "
|
14
|
+
require "io/nonblock"
|
19
15
|
|
20
16
|
module OpenSSL
|
21
17
|
module SSL
|
@@ -74,6 +70,48 @@ module OpenSSL
|
|
74
70
|
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
75
71
|
end
|
76
72
|
|
73
|
+
INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
|
74
|
+
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
|
75
|
+
"verify_callback", "cert_store", "extra_chain_cert",
|
76
|
+
"client_cert_cb", "session_id_context", "tmp_dh_callback",
|
77
|
+
"session_get_cb", "session_new_cb", "session_remove_cb",
|
78
|
+
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
|
79
|
+
"alpn_protocols", "alpn_select_cb",
|
80
|
+
"npn_select_cb"].map { |x| "@#{x}" }
|
81
|
+
|
82
|
+
# A callback invoked when DH parameters are required.
|
83
|
+
#
|
84
|
+
# The callback is invoked with the Session for the key exchange, an
|
85
|
+
# flag indicating the use of an export cipher and the keylength
|
86
|
+
# required.
|
87
|
+
#
|
88
|
+
# The callback must return an OpenSSL::PKey::DH instance of the correct
|
89
|
+
# key length.
|
90
|
+
|
91
|
+
attr_accessor :tmp_dh_callback
|
92
|
+
|
93
|
+
if ExtConfig::HAVE_TLSEXT_HOST_NAME
|
94
|
+
# A callback invoked at connect time to distinguish between multiple
|
95
|
+
# server names.
|
96
|
+
#
|
97
|
+
# The callback is invoked with an SSLSocket and a server name. The
|
98
|
+
# callback must return an SSLContext for the server name or nil.
|
99
|
+
attr_accessor :servername_cb
|
100
|
+
end
|
101
|
+
|
102
|
+
# call-seq:
|
103
|
+
# SSLContext.new => ctx
|
104
|
+
# SSLContext.new(:TLSv1) => ctx
|
105
|
+
# SSLContext.new("SSLv23_client") => ctx
|
106
|
+
#
|
107
|
+
# You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
|
108
|
+
def initialize(version = nil)
|
109
|
+
INIT_VARS.each { |v| instance_variable_set v, nil }
|
110
|
+
self.options = self.options | OpenSSL::SSL::OP_ALL
|
111
|
+
return unless version
|
112
|
+
self.ssl_version = version
|
113
|
+
end
|
114
|
+
|
77
115
|
##
|
78
116
|
# Sets the parameters for this SSL context to the values in +params+.
|
79
117
|
# The keys in +params+ must be assignment methods on SSLContext.
|
@@ -124,15 +162,6 @@ module OpenSSL
|
|
124
162
|
end
|
125
163
|
end
|
126
164
|
|
127
|
-
module Nonblock
|
128
|
-
def initialize(*args)
|
129
|
-
flag = File::NONBLOCK
|
130
|
-
flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
|
131
|
-
@io.fcntl(Fcntl::F_SETFL, flag)
|
132
|
-
super
|
133
|
-
end
|
134
|
-
end
|
135
|
-
|
136
165
|
def verify_certificate_identity(cert, hostname)
|
137
166
|
should_verify_common_name = true
|
138
167
|
cert.extensions.each{|ext|
|
@@ -220,7 +249,53 @@ module OpenSSL
|
|
220
249
|
class SSLSocket
|
221
250
|
include Buffering
|
222
251
|
include SocketForwarder
|
223
|
-
|
252
|
+
|
253
|
+
if ExtConfig::OPENSSL_NO_SOCK
|
254
|
+
def initialize(io, ctx = nil); raise NotImplmentedError; end
|
255
|
+
else
|
256
|
+
if ExtConfig::HAVE_TLSEXT_HOST_NAME
|
257
|
+
attr_accessor :hostname
|
258
|
+
end
|
259
|
+
|
260
|
+
attr_reader :io, :context
|
261
|
+
attr_accessor :sync_close
|
262
|
+
alias :to_io :io
|
263
|
+
|
264
|
+
# call-seq:
|
265
|
+
# SSLSocket.new(io) => aSSLSocket
|
266
|
+
# SSLSocket.new(io, ctx) => aSSLSocket
|
267
|
+
#
|
268
|
+
# Creates a new SSL socket from +io+ which must be a real ruby object (not an
|
269
|
+
# IO-like object that responds to read/write).
|
270
|
+
#
|
271
|
+
# If +ctx+ is provided the SSL Sockets initial params will be taken from
|
272
|
+
# the context.
|
273
|
+
#
|
274
|
+
# The OpenSSL::Buffering module provides additional IO methods.
|
275
|
+
#
|
276
|
+
# This method will freeze the SSLContext if one is provided;
|
277
|
+
# however, session management is still allowed in the frozen SSLContext.
|
278
|
+
|
279
|
+
def initialize(io, context = OpenSSL::SSL::SSLContext.new)
|
280
|
+
@io = io
|
281
|
+
@context = context
|
282
|
+
@sync_close = false
|
283
|
+
@hostname = nil
|
284
|
+
@io.nonblock = true if @io.respond_to?(:nonblock=)
|
285
|
+
context.setup
|
286
|
+
super()
|
287
|
+
end
|
288
|
+
end
|
289
|
+
|
290
|
+
# call-seq:
|
291
|
+
# ssl.sysclose => nil
|
292
|
+
#
|
293
|
+
# Shuts down the SSL connection and prepares it for another connection.
|
294
|
+
def sysclose
|
295
|
+
return if closed?
|
296
|
+
stop
|
297
|
+
io.close if sync_close
|
298
|
+
end
|
224
299
|
|
225
300
|
##
|
226
301
|
# Perform hostname verification after an SSL connection is established
|
@@ -228,6 +303,14 @@ module OpenSSL
|
|
228
303
|
# This method MUST be called after calling #connect to ensure that the
|
229
304
|
# hostname of a remote peer has been verified.
|
230
305
|
def post_connection_check(hostname)
|
306
|
+
if peer_cert.nil?
|
307
|
+
msg = "Peer verification enabled, but no certificate received."
|
308
|
+
if using_anon_cipher?
|
309
|
+
msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
|
310
|
+
end
|
311
|
+
raise SSLError, msg
|
312
|
+
end
|
313
|
+
|
231
314
|
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
232
315
|
raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
|
233
316
|
end
|
@@ -239,6 +322,34 @@ module OpenSSL
|
|
239
322
|
rescue SSL::Session::SessionError
|
240
323
|
nil
|
241
324
|
end
|
325
|
+
|
326
|
+
private
|
327
|
+
|
328
|
+
def using_anon_cipher?
|
329
|
+
ctx = OpenSSL::SSL::SSLContext.new
|
330
|
+
ctx.ciphers = "aNULL"
|
331
|
+
ctx.ciphers.include?(cipher)
|
332
|
+
end
|
333
|
+
|
334
|
+
def client_cert_cb
|
335
|
+
@context.client_cert_cb
|
336
|
+
end
|
337
|
+
|
338
|
+
def tmp_dh_callback
|
339
|
+
@context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
|
340
|
+
end
|
341
|
+
|
342
|
+
def tmp_ecdh_callback
|
343
|
+
@context.tmp_ecdh_callback
|
344
|
+
end
|
345
|
+
|
346
|
+
def session_new_cb
|
347
|
+
@context.session_new_cb
|
348
|
+
end
|
349
|
+
|
350
|
+
def session_get_cb
|
351
|
+
@context.session_get_cb
|
352
|
+
end
|
242
353
|
end
|
243
354
|
|
244
355
|
##
|