rubysl-openssl 2.4.0 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/rubysl/openssl/deprecation.rb +1 -0
- data/ext/rubysl/openssl/extconf.rb +6 -8
- data/ext/rubysl/openssl/openssl_missing.c +1 -3
- data/ext/rubysl/openssl/openssl_missing.h +1 -3
- data/ext/rubysl/openssl/ossl.c +15 -3
- data/ext/rubysl/openssl/ossl.h +5 -4
- data/ext/rubysl/openssl/ossl_asn1.c +19 -13
- data/ext/rubysl/openssl/ossl_asn1.h +1 -2
- data/ext/rubysl/openssl/ossl_bio.c +1 -2
- data/ext/rubysl/openssl/ossl_bio.h +1 -3
- data/ext/rubysl/openssl/ossl_bn.c +227 -90
- data/ext/rubysl/openssl/ossl_bn.h +1 -3
- data/ext/rubysl/openssl/ossl_cipher.c +5 -11
- data/ext/rubysl/openssl/ossl_cipher.h +1 -3
- data/ext/rubysl/openssl/ossl_config.c +1 -2
- data/ext/rubysl/openssl/ossl_config.h +1 -3
- data/ext/rubysl/openssl/ossl_digest.c +6 -7
- data/ext/rubysl/openssl/ossl_digest.h +1 -3
- data/ext/rubysl/openssl/ossl_engine.c +11 -7
- data/ext/rubysl/openssl/ossl_engine.h +1 -2
- data/ext/rubysl/openssl/ossl_hmac.c +1 -2
- data/ext/rubysl/openssl/ossl_hmac.h +1 -2
- data/ext/rubysl/openssl/ossl_ns_spki.c +7 -6
- data/ext/rubysl/openssl/ossl_ns_spki.h +1 -3
- data/ext/rubysl/openssl/ossl_ocsp.c +39 -25
- data/ext/rubysl/openssl/ossl_ocsp.h +1 -2
- data/ext/rubysl/openssl/ossl_pkcs12.c +10 -6
- data/ext/rubysl/openssl/ossl_pkcs12.h +1 -3
- data/ext/rubysl/openssl/ossl_pkcs5.c +0 -1
- data/ext/rubysl/openssl/ossl_pkcs7.c +29 -16
- data/ext/rubysl/openssl/ossl_pkcs7.h +1 -3
- data/ext/rubysl/openssl/ossl_pkey.c +10 -8
- data/ext/rubysl/openssl/ossl_pkey.h +5 -6
- data/ext/rubysl/openssl/ossl_pkey_dh.c +5 -74
- data/ext/rubysl/openssl/ossl_pkey_dsa.c +7 -6
- data/ext/rubysl/openssl/ossl_pkey_ec.c +4 -2
- data/ext/rubysl/openssl/ossl_pkey_rsa.c +5 -5
- data/ext/rubysl/openssl/ossl_rand.c +13 -5
- data/ext/rubysl/openssl/ossl_rand.h +1 -3
- data/ext/rubysl/openssl/ossl_ssl.c +334 -265
- data/ext/rubysl/openssl/ossl_ssl.h +1 -5
- data/ext/rubysl/openssl/ossl_ssl_session.c +5 -1
- data/ext/rubysl/openssl/ossl_version.h +1 -2
- data/ext/rubysl/openssl/ossl_x509.c +1 -3
- data/ext/rubysl/openssl/ossl_x509.h +1 -2
- data/ext/rubysl/openssl/ossl_x509attr.c +9 -6
- data/ext/rubysl/openssl/ossl_x509cert.c +14 -12
- data/ext/rubysl/openssl/ossl_x509crl.c +15 -13
- data/ext/rubysl/openssl/ossl_x509ext.c +13 -8
- data/ext/rubysl/openssl/ossl_x509name.c +9 -6
- data/ext/rubysl/openssl/ossl_x509req.c +12 -10
- data/ext/rubysl/openssl/ossl_x509revoked.c +12 -10
- data/ext/rubysl/openssl/ossl_x509store.c +17 -10
- data/ext/rubysl/openssl/ruby_missing.h +1 -2
- data/lib/openssl/bn.rb +2 -8
- data/lib/openssl/buffering.rb +3 -7
- data/lib/openssl/cipher.rb +3 -9
- data/lib/openssl/config.rb +2 -1
- data/lib/openssl/digest.rb +3 -10
- data/lib/openssl/pkey.rb +37 -0
- data/lib/openssl/ssl.rb +128 -17
- data/lib/openssl/x509.rb +2 -8
- data/lib/rubysl/openssl.rb +4 -7
- data/lib/rubysl/openssl/version.rb +1 -1
- metadata +12 -11
@@ -1,20 +1,21 @@
|
|
1
1
|
/*
|
2
|
-
* $Id: ossl_x509req.c 48815 2014-12-12 23:59:28Z nobu $
|
3
2
|
* 'OpenSSL for Ruby' project
|
4
3
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
4
|
* All rights reserved.
|
6
5
|
*/
|
7
6
|
/*
|
8
|
-
* This program is
|
7
|
+
* This program is licensed under the same licence as Ruby.
|
9
8
|
* (See the file 'LICENCE'.)
|
10
9
|
*/
|
11
10
|
#include "ossl.h"
|
12
11
|
|
13
|
-
#define
|
12
|
+
#define NewX509Req(klass) \
|
13
|
+
TypedData_Wrap_Struct((klass), &ossl_x509req_type, 0)
|
14
|
+
#define SetX509Req(obj, req) do { \
|
14
15
|
if (!(req)) { \
|
15
16
|
ossl_raise(rb_eRuntimeError, "Req wasn't initialized!"); \
|
16
17
|
} \
|
17
|
-
(obj) =
|
18
|
+
RTYPEDDATA_DATA(obj) = (req); \
|
18
19
|
} while (0)
|
19
20
|
#define GetX509Req(obj, req) do { \
|
20
21
|
TypedData_Get_Struct((obj), X509_REQ, &ossl_x509req_type, (req)); \
|
@@ -56,6 +57,7 @@ ossl_x509req_new(X509_REQ *req)
|
|
56
57
|
X509_REQ *new;
|
57
58
|
VALUE obj;
|
58
59
|
|
60
|
+
obj = NewX509Req(cX509Req);
|
59
61
|
if (!req) {
|
60
62
|
new = X509_REQ_new();
|
61
63
|
} else {
|
@@ -64,7 +66,7 @@ ossl_x509req_new(X509_REQ *req)
|
|
64
66
|
if (!new) {
|
65
67
|
ossl_raise(eX509ReqError, NULL);
|
66
68
|
}
|
67
|
-
|
69
|
+
SetX509Req(obj, new);
|
68
70
|
|
69
71
|
return obj;
|
70
72
|
}
|
@@ -101,10 +103,11 @@ ossl_x509req_alloc(VALUE klass)
|
|
101
103
|
X509_REQ *req;
|
102
104
|
VALUE obj;
|
103
105
|
|
106
|
+
obj = NewX509Req(klass);
|
104
107
|
if (!(req = X509_REQ_new())) {
|
105
108
|
ossl_raise(eX509ReqError, NULL);
|
106
109
|
}
|
107
|
-
|
110
|
+
SetX509Req(obj, req);
|
108
111
|
|
109
112
|
return obj;
|
110
113
|
}
|
@@ -415,18 +418,18 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
|
|
415
418
|
{
|
416
419
|
X509_REQ *req;
|
417
420
|
X509_ATTRIBUTE *attr;
|
418
|
-
|
421
|
+
long i;
|
419
422
|
VALUE item;
|
420
423
|
|
421
424
|
Check_Type(ary, T_ARRAY);
|
422
425
|
for (i=0;i<RARRAY_LEN(ary); i++) {
|
423
|
-
OSSL_Check_Kind(
|
426
|
+
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
|
424
427
|
}
|
425
428
|
GetX509Req(self, req);
|
426
429
|
sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
|
427
430
|
req->req_info->attributes = NULL;
|
428
431
|
for (i=0;i<RARRAY_LEN(ary); i++) {
|
429
|
-
item =
|
432
|
+
item = RARRAY_AREF(ary, i);
|
430
433
|
attr = DupX509AttrPtr(item);
|
431
434
|
if (!X509_REQ_add1_attr(req, attr)) {
|
432
435
|
ossl_raise(eX509ReqError, NULL);
|
@@ -479,4 +482,3 @@ Init_ossl_x509req(void)
|
|
479
482
|
rb_define_method(cX509Req, "attributes=", ossl_x509req_set_attributes, 1);
|
480
483
|
rb_define_method(cX509Req, "add_attribute", ossl_x509req_add_attribute, 1);
|
481
484
|
}
|
482
|
-
|
@@ -1,20 +1,21 @@
|
|
1
1
|
/*
|
2
|
-
* $Id: ossl_x509revoked.c 48816 2014-12-12 23:59:36Z nobu $
|
3
2
|
* 'OpenSSL for Ruby' project
|
4
3
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
4
|
* All rights reserved.
|
6
5
|
*/
|
7
6
|
/*
|
8
|
-
* This program is
|
7
|
+
* This program is licensed under the same licence as Ruby.
|
9
8
|
* (See the file 'LICENCE'.)
|
10
9
|
*/
|
11
10
|
#include "ossl.h"
|
12
11
|
|
13
|
-
#define
|
12
|
+
#define NewX509Rev(klass) \
|
13
|
+
TypedData_Wrap_Struct((klass), &ossl_x509rev_type, 0)
|
14
|
+
#define SetX509Rev(obj, rev) do { \
|
14
15
|
if (!(rev)) { \
|
15
16
|
ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \
|
16
17
|
} \
|
17
|
-
(obj) =
|
18
|
+
RTYPEDDATA_DATA(obj) = (rev); \
|
18
19
|
} while (0)
|
19
20
|
#define GetX509Rev(obj, rev) do { \
|
20
21
|
TypedData_Get_Struct((obj), X509_REVOKED, &ossl_x509rev_type, (rev)); \
|
@@ -56,6 +57,7 @@ ossl_x509revoked_new(X509_REVOKED *rev)
|
|
56
57
|
X509_REVOKED *new;
|
57
58
|
VALUE obj;
|
58
59
|
|
60
|
+
obj = NewX509Rev(cX509Rev);
|
59
61
|
if (!rev) {
|
60
62
|
new = X509_REVOKED_new();
|
61
63
|
} else {
|
@@ -64,7 +66,7 @@ ossl_x509revoked_new(X509_REVOKED *rev)
|
|
64
66
|
if (!new) {
|
65
67
|
ossl_raise(eX509RevError, NULL);
|
66
68
|
}
|
67
|
-
|
69
|
+
SetX509Rev(obj, new);
|
68
70
|
|
69
71
|
return obj;
|
70
72
|
}
|
@@ -91,10 +93,11 @@ ossl_x509revoked_alloc(VALUE klass)
|
|
91
93
|
X509_REVOKED *rev;
|
92
94
|
VALUE obj;
|
93
95
|
|
96
|
+
obj = NewX509Rev(klass);
|
94
97
|
if (!(rev = X509_REVOKED_new())) {
|
95
98
|
ossl_raise(eX509RevError, NULL);
|
96
99
|
}
|
97
|
-
|
100
|
+
SetX509Rev(obj, rev);
|
98
101
|
|
99
102
|
return obj;
|
100
103
|
}
|
@@ -185,18 +188,18 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
|
|
185
188
|
{
|
186
189
|
X509_REVOKED *rev;
|
187
190
|
X509_EXTENSION *ext;
|
188
|
-
|
191
|
+
long i;
|
189
192
|
VALUE item;
|
190
193
|
|
191
194
|
Check_Type(ary, T_ARRAY);
|
192
195
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
193
|
-
OSSL_Check_Kind(
|
196
|
+
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
|
194
197
|
}
|
195
198
|
GetX509Rev(self, rev);
|
196
199
|
sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free);
|
197
200
|
rev->extensions = NULL;
|
198
201
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
199
|
-
item =
|
202
|
+
item = RARRAY_AREF(ary, i);
|
200
203
|
ext = DupX509ExtPtr(item);
|
201
204
|
if(!X509_REVOKED_add_ext(rev, ext, -1)) {
|
202
205
|
ossl_raise(eX509RevError, NULL);
|
@@ -240,4 +243,3 @@ Init_ossl_x509revoked(void)
|
|
240
243
|
rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1);
|
241
244
|
rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1);
|
242
245
|
}
|
243
|
-
|
@@ -1,20 +1,21 @@
|
|
1
1
|
/*
|
2
|
-
* $Id: ossl_x509store.c 48818 2014-12-13 00:06:54Z nobu $
|
3
2
|
* 'OpenSSL for Ruby' project
|
4
3
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
4
|
* All rights reserved.
|
6
5
|
*/
|
7
6
|
/*
|
8
|
-
* This program is
|
7
|
+
* This program is licensed under the same licence as Ruby.
|
9
8
|
* (See the file 'LICENCE'.)
|
10
9
|
*/
|
11
10
|
#include "ossl.h"
|
12
11
|
|
13
|
-
#define
|
12
|
+
#define NewX509Store(klass) \
|
13
|
+
TypedData_Wrap_Struct((klass), &ossl_x509store_type, 0)
|
14
|
+
#define SetX509Store(obj, st) do { \
|
14
15
|
if (!(st)) { \
|
15
16
|
ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
|
16
17
|
} \
|
17
|
-
(obj) =
|
18
|
+
RTYPEDDATA_DATA(obj) = (st); \
|
18
19
|
} while (0)
|
19
20
|
#define GetX509Store(obj, st) do { \
|
20
21
|
TypedData_Get_Struct((obj), X509_STORE, &ossl_x509store_type, (st)); \
|
@@ -27,11 +28,13 @@
|
|
27
28
|
GetX509Store((obj), (st)); \
|
28
29
|
} while (0)
|
29
30
|
|
30
|
-
#define
|
31
|
+
#define NewX509StCtx(klass) \
|
32
|
+
TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, 0)
|
33
|
+
#define SetX509StCtx(obj, ctx) do { \
|
31
34
|
if (!(ctx)) { \
|
32
35
|
ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
|
33
36
|
} \
|
34
|
-
(obj) =
|
37
|
+
RTYPEDDATA_DATA(obj) = (ctx); \
|
35
38
|
} while (0)
|
36
39
|
#define GetX509StCtx(obj, ctx) do { \
|
37
40
|
TypedData_Get_Struct((obj), X509_STORE_CTX, &ossl_x509stctx_type, (ctx)); \
|
@@ -73,7 +76,8 @@ ossl_x509store_new(X509_STORE *store)
|
|
73
76
|
{
|
74
77
|
VALUE obj;
|
75
78
|
|
76
|
-
|
79
|
+
obj = NewX509Store(cX509Store);
|
80
|
+
SetX509Store(obj, store);
|
77
81
|
|
78
82
|
return obj;
|
79
83
|
}
|
@@ -108,10 +112,11 @@ ossl_x509store_alloc(VALUE klass)
|
|
108
112
|
X509_STORE *store;
|
109
113
|
VALUE obj;
|
110
114
|
|
115
|
+
obj = NewX509Store(klass);
|
111
116
|
if((store = X509_STORE_new()) == NULL){
|
112
117
|
ossl_raise(eX509StoreError, NULL);
|
113
118
|
}
|
114
|
-
|
119
|
+
SetX509Store(obj, store);
|
115
120
|
|
116
121
|
return obj;
|
117
122
|
}
|
@@ -373,7 +378,8 @@ ossl_x509stctx_new(X509_STORE_CTX *ctx)
|
|
373
378
|
{
|
374
379
|
VALUE obj;
|
375
380
|
|
376
|
-
|
381
|
+
obj = NewX509StCtx(cX509StoreContext);
|
382
|
+
SetX509StCtx(obj, ctx);
|
377
383
|
|
378
384
|
return obj;
|
379
385
|
}
|
@@ -407,10 +413,11 @@ ossl_x509stctx_alloc(VALUE klass)
|
|
407
413
|
X509_STORE_CTX *ctx;
|
408
414
|
VALUE obj;
|
409
415
|
|
416
|
+
obj = NewX509StCtx(klass);
|
410
417
|
if((ctx = X509_STORE_CTX_new()) == NULL){
|
411
418
|
ossl_raise(eX509StoreError, NULL);
|
412
419
|
}
|
413
|
-
|
420
|
+
SetX509StCtx(obj, ctx);
|
414
421
|
|
415
422
|
return obj;
|
416
423
|
}
|
@@ -1,11 +1,10 @@
|
|
1
1
|
/*
|
2
|
-
* $Id: ruby_missing.h 33843 2011-11-26 01:49:36Z emboss $
|
3
2
|
* 'OpenSSL for Ruby' project
|
4
3
|
* Copyright (C) 2001-2003 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
4
|
* All rights reserved.
|
6
5
|
*/
|
7
6
|
/*
|
8
|
-
* This program is
|
7
|
+
* This program is licensed under the same licence as Ruby.
|
9
8
|
* (See the file 'LICENCE'.)
|
10
9
|
*/
|
11
10
|
#if !defined(_OSSL_RUBY_MISSING_H_)
|
data/lib/openssl/bn.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
#--
|
2
3
|
#
|
3
|
-
# $RCSfile$
|
4
|
-
#
|
5
4
|
# = Ruby-space definitions that completes C-space funcs for BN
|
6
5
|
#
|
7
6
|
# = Info
|
@@ -10,12 +9,8 @@
|
|
10
9
|
# All rights reserved.
|
11
10
|
#
|
12
11
|
# = Licence
|
13
|
-
# This program is
|
12
|
+
# This program is licensed under the same licence as Ruby.
|
14
13
|
# (See the file 'LICENCE'.)
|
15
|
-
#
|
16
|
-
# = Version
|
17
|
-
# $Id: bn.rb 47647 2014-09-20 01:17:05Z akr $
|
18
|
-
#
|
19
14
|
#++
|
20
15
|
|
21
16
|
module OpenSSL
|
@@ -42,4 +37,3 @@ class Integer
|
|
42
37
|
OpenSSL::BN::new(self)
|
43
38
|
end
|
44
39
|
end # Integer
|
45
|
-
|
data/lib/openssl/buffering.rb
CHANGED
@@ -1,18 +1,14 @@
|
|
1
1
|
# coding: binary
|
2
|
+
# frozen_string_literal: false
|
2
3
|
#--
|
3
|
-
#= $RCSfile$ -- Buffering mix-in module.
|
4
|
-
#
|
5
4
|
#= Info
|
6
5
|
# 'OpenSSL for Ruby 2' project
|
7
6
|
# Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
|
8
7
|
# All rights reserved.
|
9
8
|
#
|
10
9
|
#= Licence
|
11
|
-
# This program is
|
10
|
+
# This program is licensed under the same licence as Ruby.
|
12
11
|
# (See the file 'LICENCE'.)
|
13
|
-
#
|
14
|
-
#= Version
|
15
|
-
# $Id: buffering.rb 43964 2013-12-03 01:44:41Z drbrain $
|
16
12
|
#++
|
17
13
|
|
18
14
|
##
|
@@ -213,7 +209,7 @@ module OpenSSL::Buffering
|
|
213
209
|
else
|
214
210
|
size = idx ? idx+eol.size : nil
|
215
211
|
end
|
216
|
-
if limit
|
212
|
+
if size && limit && limit >= 0
|
217
213
|
size = [size, limit].min
|
218
214
|
end
|
219
215
|
consume_rbuff(size)
|
data/lib/openssl/cipher.rb
CHANGED
@@ -1,7 +1,5 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
#--
|
2
|
-
#
|
3
|
-
# $RCSfile$
|
4
|
-
#
|
5
3
|
# = Ruby-space predefined Cipher subclasses
|
6
4
|
#
|
7
5
|
# = Info
|
@@ -10,12 +8,8 @@
|
|
10
8
|
# All rights reserved.
|
11
9
|
#
|
12
10
|
# = Licence
|
13
|
-
# This program is
|
11
|
+
# This program is licensed under the same licence as Ruby.
|
14
12
|
# (See the file 'LICENCE'.)
|
15
|
-
#
|
16
|
-
# = Version
|
17
|
-
# $Id: cipher.rb 36895 2012-09-04 00:57:31Z nobu $
|
18
|
-
#
|
19
13
|
#++
|
20
14
|
|
21
15
|
module OpenSSL
|
@@ -58,7 +52,7 @@ module OpenSSL
|
|
58
52
|
end
|
59
53
|
|
60
54
|
# This class is only provided for backwards compatibility. Use OpenSSL::Cipher in the future.
|
61
|
-
class Cipher <
|
55
|
+
class Cipher < Cipher
|
62
56
|
# add warning
|
63
57
|
end
|
64
58
|
end # Cipher
|
data/lib/openssl/config.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
=begin
|
2
3
|
= Ruby-space definitions that completes C-space funcs for Config
|
3
4
|
|
@@ -5,7 +6,7 @@
|
|
5
6
|
Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
|
6
7
|
|
7
8
|
= Licence
|
8
|
-
This program is
|
9
|
+
This program is licensed under the same licence as Ruby.
|
9
10
|
(See the file 'LICENCE'.)
|
10
11
|
|
11
12
|
=end
|
data/lib/openssl/digest.rb
CHANGED
@@ -1,7 +1,5 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
#--
|
2
|
-
#
|
3
|
-
# $RCSfile$
|
4
|
-
#
|
5
3
|
# = Ruby-space predefined Digest subclasses
|
6
4
|
#
|
7
5
|
# = Info
|
@@ -10,12 +8,8 @@
|
|
10
8
|
# All rights reserved.
|
11
9
|
#
|
12
10
|
# = Licence
|
13
|
-
# This program is
|
11
|
+
# This program is licensed under the same licence as Ruby.
|
14
12
|
# (See the file 'LICENCE'.)
|
15
|
-
#
|
16
|
-
# = Version
|
17
|
-
# $Id: digest.rb 44116 2013-12-10 07:16:03Z nobu $
|
18
|
-
#
|
19
13
|
#++
|
20
14
|
|
21
15
|
module OpenSSL
|
@@ -56,7 +50,7 @@ module OpenSSL
|
|
56
50
|
# Deprecated.
|
57
51
|
#
|
58
52
|
# This class is only provided for backwards compatibility.
|
59
|
-
class Digest <
|
53
|
+
class Digest < Digest # :nodoc:
|
60
54
|
# Deprecated.
|
61
55
|
#
|
62
56
|
# See OpenSSL::Digest.new
|
@@ -85,4 +79,3 @@ module OpenSSL
|
|
85
79
|
module_function :Digest
|
86
80
|
|
87
81
|
end # OpenSSL
|
88
|
-
|
data/lib/openssl/pkey.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
# frozen_string_literal: false
|
2
|
+
module OpenSSL
|
3
|
+
module PKey
|
4
|
+
if defined?(OpenSSL::PKey::DH)
|
5
|
+
|
6
|
+
class DH
|
7
|
+
DEFAULT_512 = new <<-_end_of_pem_
|
8
|
+
-----BEGIN DH PARAMETERS-----
|
9
|
+
MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
|
10
|
+
zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
|
11
|
+
-----END DH PARAMETERS-----
|
12
|
+
_end_of_pem_
|
13
|
+
|
14
|
+
DEFAULT_1024 = new <<-_end_of_pem_
|
15
|
+
-----BEGIN DH PARAMETERS-----
|
16
|
+
MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
|
17
|
+
AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR
|
18
|
+
T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
|
19
|
+
-----END DH PARAMETERS-----
|
20
|
+
_end_of_pem_
|
21
|
+
end
|
22
|
+
|
23
|
+
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
|
24
|
+
warn "using default DH parameters." if $VERBOSE
|
25
|
+
case keylen
|
26
|
+
when 512 then OpenSSL::PKey::DH::DEFAULT_512
|
27
|
+
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
|
28
|
+
else
|
29
|
+
nil
|
30
|
+
end
|
31
|
+
}
|
32
|
+
|
33
|
+
else
|
34
|
+
DEFAULT_TMP_DH_CALLBACK = nil
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
data/lib/openssl/ssl.rb
CHANGED
@@ -1,21 +1,17 @@
|
|
1
|
+
# frozen_string_literal: false
|
1
2
|
=begin
|
2
|
-
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
|
3
|
-
|
4
3
|
= Info
|
5
4
|
'OpenSSL for Ruby 2' project
|
6
5
|
Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
|
7
6
|
All rights reserved.
|
8
7
|
|
9
8
|
= Licence
|
10
|
-
This program is
|
9
|
+
This program is licensed under the same licence as Ruby.
|
11
10
|
(See the file 'LICENCE'.)
|
12
|
-
|
13
|
-
= Version
|
14
|
-
$Id: ssl.rb 50293 2015-04-13 13:13:01Z nagachika $
|
15
11
|
=end
|
16
12
|
|
17
13
|
require "openssl/buffering"
|
18
|
-
require "
|
14
|
+
require "io/nonblock"
|
19
15
|
|
20
16
|
module OpenSSL
|
21
17
|
module SSL
|
@@ -74,6 +70,48 @@ module OpenSSL
|
|
74
70
|
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
75
71
|
end
|
76
72
|
|
73
|
+
INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
|
74
|
+
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
|
75
|
+
"verify_callback", "cert_store", "extra_chain_cert",
|
76
|
+
"client_cert_cb", "session_id_context", "tmp_dh_callback",
|
77
|
+
"session_get_cb", "session_new_cb", "session_remove_cb",
|
78
|
+
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
|
79
|
+
"alpn_protocols", "alpn_select_cb",
|
80
|
+
"npn_select_cb"].map { |x| "@#{x}" }
|
81
|
+
|
82
|
+
# A callback invoked when DH parameters are required.
|
83
|
+
#
|
84
|
+
# The callback is invoked with the Session for the key exchange, an
|
85
|
+
# flag indicating the use of an export cipher and the keylength
|
86
|
+
# required.
|
87
|
+
#
|
88
|
+
# The callback must return an OpenSSL::PKey::DH instance of the correct
|
89
|
+
# key length.
|
90
|
+
|
91
|
+
attr_accessor :tmp_dh_callback
|
92
|
+
|
93
|
+
if ExtConfig::HAVE_TLSEXT_HOST_NAME
|
94
|
+
# A callback invoked at connect time to distinguish between multiple
|
95
|
+
# server names.
|
96
|
+
#
|
97
|
+
# The callback is invoked with an SSLSocket and a server name. The
|
98
|
+
# callback must return an SSLContext for the server name or nil.
|
99
|
+
attr_accessor :servername_cb
|
100
|
+
end
|
101
|
+
|
102
|
+
# call-seq:
|
103
|
+
# SSLContext.new => ctx
|
104
|
+
# SSLContext.new(:TLSv1) => ctx
|
105
|
+
# SSLContext.new("SSLv23_client") => ctx
|
106
|
+
#
|
107
|
+
# You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
|
108
|
+
def initialize(version = nil)
|
109
|
+
INIT_VARS.each { |v| instance_variable_set v, nil }
|
110
|
+
self.options = self.options | OpenSSL::SSL::OP_ALL
|
111
|
+
return unless version
|
112
|
+
self.ssl_version = version
|
113
|
+
end
|
114
|
+
|
77
115
|
##
|
78
116
|
# Sets the parameters for this SSL context to the values in +params+.
|
79
117
|
# The keys in +params+ must be assignment methods on SSLContext.
|
@@ -124,15 +162,6 @@ module OpenSSL
|
|
124
162
|
end
|
125
163
|
end
|
126
164
|
|
127
|
-
module Nonblock
|
128
|
-
def initialize(*args)
|
129
|
-
flag = File::NONBLOCK
|
130
|
-
flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
|
131
|
-
@io.fcntl(Fcntl::F_SETFL, flag)
|
132
|
-
super
|
133
|
-
end
|
134
|
-
end
|
135
|
-
|
136
165
|
def verify_certificate_identity(cert, hostname)
|
137
166
|
should_verify_common_name = true
|
138
167
|
cert.extensions.each{|ext|
|
@@ -220,7 +249,53 @@ module OpenSSL
|
|
220
249
|
class SSLSocket
|
221
250
|
include Buffering
|
222
251
|
include SocketForwarder
|
223
|
-
|
252
|
+
|
253
|
+
if ExtConfig::OPENSSL_NO_SOCK
|
254
|
+
def initialize(io, ctx = nil); raise NotImplmentedError; end
|
255
|
+
else
|
256
|
+
if ExtConfig::HAVE_TLSEXT_HOST_NAME
|
257
|
+
attr_accessor :hostname
|
258
|
+
end
|
259
|
+
|
260
|
+
attr_reader :io, :context
|
261
|
+
attr_accessor :sync_close
|
262
|
+
alias :to_io :io
|
263
|
+
|
264
|
+
# call-seq:
|
265
|
+
# SSLSocket.new(io) => aSSLSocket
|
266
|
+
# SSLSocket.new(io, ctx) => aSSLSocket
|
267
|
+
#
|
268
|
+
# Creates a new SSL socket from +io+ which must be a real ruby object (not an
|
269
|
+
# IO-like object that responds to read/write).
|
270
|
+
#
|
271
|
+
# If +ctx+ is provided the SSL Sockets initial params will be taken from
|
272
|
+
# the context.
|
273
|
+
#
|
274
|
+
# The OpenSSL::Buffering module provides additional IO methods.
|
275
|
+
#
|
276
|
+
# This method will freeze the SSLContext if one is provided;
|
277
|
+
# however, session management is still allowed in the frozen SSLContext.
|
278
|
+
|
279
|
+
def initialize(io, context = OpenSSL::SSL::SSLContext.new)
|
280
|
+
@io = io
|
281
|
+
@context = context
|
282
|
+
@sync_close = false
|
283
|
+
@hostname = nil
|
284
|
+
@io.nonblock = true if @io.respond_to?(:nonblock=)
|
285
|
+
context.setup
|
286
|
+
super()
|
287
|
+
end
|
288
|
+
end
|
289
|
+
|
290
|
+
# call-seq:
|
291
|
+
# ssl.sysclose => nil
|
292
|
+
#
|
293
|
+
# Shuts down the SSL connection and prepares it for another connection.
|
294
|
+
def sysclose
|
295
|
+
return if closed?
|
296
|
+
stop
|
297
|
+
io.close if sync_close
|
298
|
+
end
|
224
299
|
|
225
300
|
##
|
226
301
|
# Perform hostname verification after an SSL connection is established
|
@@ -228,6 +303,14 @@ module OpenSSL
|
|
228
303
|
# This method MUST be called after calling #connect to ensure that the
|
229
304
|
# hostname of a remote peer has been verified.
|
230
305
|
def post_connection_check(hostname)
|
306
|
+
if peer_cert.nil?
|
307
|
+
msg = "Peer verification enabled, but no certificate received."
|
308
|
+
if using_anon_cipher?
|
309
|
+
msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
|
310
|
+
end
|
311
|
+
raise SSLError, msg
|
312
|
+
end
|
313
|
+
|
231
314
|
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
232
315
|
raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
|
233
316
|
end
|
@@ -239,6 +322,34 @@ module OpenSSL
|
|
239
322
|
rescue SSL::Session::SessionError
|
240
323
|
nil
|
241
324
|
end
|
325
|
+
|
326
|
+
private
|
327
|
+
|
328
|
+
def using_anon_cipher?
|
329
|
+
ctx = OpenSSL::SSL::SSLContext.new
|
330
|
+
ctx.ciphers = "aNULL"
|
331
|
+
ctx.ciphers.include?(cipher)
|
332
|
+
end
|
333
|
+
|
334
|
+
def client_cert_cb
|
335
|
+
@context.client_cert_cb
|
336
|
+
end
|
337
|
+
|
338
|
+
def tmp_dh_callback
|
339
|
+
@context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
|
340
|
+
end
|
341
|
+
|
342
|
+
def tmp_ecdh_callback
|
343
|
+
@context.tmp_ecdh_callback
|
344
|
+
end
|
345
|
+
|
346
|
+
def session_new_cb
|
347
|
+
@context.session_new_cb
|
348
|
+
end
|
349
|
+
|
350
|
+
def session_get_cb
|
351
|
+
@context.session_get_cb
|
352
|
+
end
|
242
353
|
end
|
243
354
|
|
244
355
|
##
|