Ruby Contributors
GitHub

emboss

Hash Date Message
1915a913ecee168610f17d6b9c9e2d20d2a219d8 2011-05-11 Thu May 12 07:27:31 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
bc75259b69e3ba6cddea7e8508b90ea7759a6923 2011-05-11 Thu May 12 08:18:45 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
f14d97e1c0ce23412c2612085feda5d92db44f20 2011-05-11 Thu May 12 08:01:14 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
cb57042beeac1f6acc424cc1339acfa198d5ac8b 2011-05-13 Sat May 14 04:19:06 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
e16d6108c0420ebe4907b97f0419c9ed1eb4a579 2011-05-13 Sat May 14 05:08:32 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
ad10cfeb526151300f0ab141d0b4b5c85576033d 2011-05-14 Sat May 14 10:32:36 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
4ccb387f3bc436a08fc6d72c4931994f5de95110 2011-05-14 Sat May 14 12:00:54 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
a5eee54bbe01cef7f9b68ad323991feb9aeda0e0 2011-05-15 Mon May 16 05:13:20 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
61a5a6393d398a509352ffed49e662595d652d1f 2011-05-16 * ext/openssl/ossl_asn1.c: Fix more typos. Document attributes explicitly. Set indentation for verbose sections from 4 to 2 spaces.
60fdd0f0f56747b0bf0f91903636f9989e8fd577 2011-05-16 * ext/openssl/ossl_digest.c: Add documentation.
7f7fef1813b1022d0c11694515fb98929953a6b1 2011-05-18 *ext/openssl/ossl_pkey.c: Add documentation.
1fae66fca28167ca0e25625091c5df49405b8023 2011-05-18 * test/openssl/test_pkey_rsa.rb: Add tests for sign/verify.
ee02506321aaef689c4e18fd07a16def30041782 2011-05-21 * test/openssl/test_x509cert.rb: Merge DSA-related tests from ruby_1_8 branch.
affb9cfbc877896201536cb9abcda6e9f11f0bb5 2011-05-21 * test/openssl/test_pkey_dsa.rb: Add tests for sign/verify.
3c25546ba288ef859ded3f9737464de3331107a1 2011-05-21 * ext/openssl/ossl_digest.c: Explain DSS and DSS1 in documentation.
db874053457803ef694145c36249ad42aae5a49f 2011-05-22 * ext/openssl/ossl_asn1.c: Default tag lookup in constant time via hash instead of previous linear algorithm. [Ruby 1.9 - Feature #4309][ruby-core:34813]
4fc3431ba167008de37d4301e055c04de88a86e0 2011-05-22 * ext/openssl/ossl_asn1.c: Use OpenSSL constants V_ASN1_xxx instead of hardcoded numbers for initializing class_tag_map.
fbeca091ed738e4203c0f51bd1d3c68ba1edb4fe 2011-05-22 * ext/openssl/ossl_asn1.c: Instead of rb_intern use static symbols to improve performance.
9253bd7797461488245b466eabf6c018a9d0c24c 2011-05-22 * ext/openssl/ossl_asn1.c (ossl_asn1data_to_der): Remove redundant flag tmp_cons.
efd99b781b711bdc32acef1ae3729f47cc69d86a 2011-05-22 * ext/openssl/ossl_asn1.c (ossl_asn1_cons_to_der): Add an additional EOC for infinite length Constructives that are supposed to be encoded with explicit tagging. Also tabify method correctly.
2cf8b26bf859fd0692d67ab84c341c858521aff4 2011-05-22 * ext/openssl/ossl_asn1.c (ossl_asn1_initialize): Allow creation of Constructives with an explicit tag_class parameter without automatically setting tagging to :EXPLICIT. Fixes a bug when encoding infinite length primitive values.
e7d04f4b82a96bcda5224c75314e1dcf93f5f277 2011-05-22 * ext/openssl/ossl_asn1.c: Fix decoding of infinite length values. Simplified ossl_asn1_decode0 by splitting it into three separate functions. Add tests. [Ruby 1.9 - Bug #4374][ruby-core:35123]
a65d506d83ee126d59576e483bdb6699ec73bbe7 2011-05-22 * ext/openssl/ossl_asn1.c: Forbid Constructive without infinite length. This also prevents a segfault. Added test and improved documentation.
7d6529a415457ccfc912d6b8ddbac327516ee5d5 2011-05-22 * ext/openssl/ossl_asn1.c: Forbid Constructives whose value is not an Array to prevent segfault. Added test.
b7576c3d7a4e776dbce6b80ad0d985bada9c3059 2011-05-22 * NEWS (openssl): Infinite length support. Different behavior of Constructive and Primitive constructors.
5b3dd70232ae9dc6b67001921374120ab168376e 2011-05-23 * ext/openssl/ossl_asn1.c: Do not parse zero-tagged values as EOC. Do not let current length become negative for infinite length constructed values. Support constructed values of length zero. Added tests.
8b3e21b23d0b8e6dd545e8b97ae09ffbd0aeff53 2011-05-30 Tue Jun 30 06:45:21 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
d6b4cf46ad5f355059bb90d5a93d6ac39e752059 2011-06-12 * ext/openssl/ossl_pkey_dsa.c: completed documentation.
48a399d6202a94e7bfd007f51d0de1780884593f 2011-06-12 * ext/openssl/ossl_pkey_dh.c: completed documentation. * ext/openssl/ossl_pkey_dsa.c: corrected examples. Improved parameter sections.
f2c7a874a76dd113e088496220f2498e6223e721 2011-06-12 * test/openssl/test_pkey_dsa.rb: Test for DSA#syssign/sysverify.
bbb3cfb12b16c7681a58e9a16cec49c37edab1ab 2011-06-12 * ext/openssl/ossl_pkey.c: added PKey.read module function that allow reading arbitrary public/private keys from DER-/PEM-encoded File or string instances. * ext/openssl/ossl_pkey_dh.c: improved documentation. * test/openssl/utils.rb: added EC test key. * test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from OpenSSL::TestUtils. * test/openssl/test_pkey_ec.rb: Created test file for EC tests. Test PKey.read. [Ruby 1.9 - Feature #4424] [ruby-core:35330]
bec36af2d12c0c1187ea4528c3b2fc03ec97395e 2011-06-12 * NEWS: introduce PKey.read
149f35fc6ee42eb006300378daf002d998a9a07f 2011-06-13 * ext/openssl/pkey_dh.c: clarify difference between DH#public_key and DH#pub_key in documentation.
a27b63d3fc1c491eda62a8a48527df53301f45ce 2011-06-13 * ext/openssl/pkey_dh.c: corrected documentation. * test/openssl/utils.rb: add test key for DH. * test/openssl/test_pkey_dh.rb: add tests.
4247bfd60a15438e6adbabff682e96a235e2d241 2011-06-13 * ext/openssl/ossl_digest.c: allow Digests to be created by sn, ln or oid. * test/openssl/test_digest.rb: add tests for this. [Ruby 1.9 - Feature #4412] [ruby-core:35319]
1c629eff858830131539a5abab1717d93e029439 2011-06-13 * ext/openssl/ossl_digest.c: fix error for digests that have no oid (e.g. DSS1). * test/openssl/test_digest.c: add tests for this.
56aca9fc00611bc7775ef3ff19fa61d88fc1d480 2011-06-13 * test/openssl/digest.rb: remove MDC2 from test, it is not available by default in an OpenSSL installation.
839614309de62f761c9c53418356cf8f310745bd 2011-06-13 * test/openssl/test_ec.rb test/openssl/test_pkey_ec.rb: merge both files into test_pkey_ec.rb. Removed redundant group instantiation from PKey tests. * test/openssl/utils.rb: only create TEST_PKEY_EC_P256V1 if EC is defined.
562e35bce5b8e475ae83e10f0a2d2d0e5ac25250 2011-06-15 * test/openssl/tesst_config.rb: execute based on the existence of the OpenSSL module.
16cac0b722bfc334ca9ebcb40a2b86c47b263fe5 2011-06-15 * Fixed typo.
24acc9017ac3fee7391d73e6fba6f03b79c60185 2011-06-15 * test/openssl/test_config.rb: Commit missing file
914a4a025a493c17bba8262d1a13d6da2cef662f 2011-06-22 * test/openssl/test_buffering.rb * test/openssl/test_pkcs12.rb: Inherit from Test::Unit::TestCase instead of Mintest::Unit::TestCase. [ruby-core:37275]
41c517d13230dd3edd302a87231ac467babf2f3c 2011-06-22 * ext/openssl/ossl_ssl.c: Use SSL_MODE_RELEASE_BUFFERS if available. Thanks, Eric Wong, for providing the patch. [ Ruby 1.9 - Feature #4672 ] [ruby-core:36127]
26cb830df918614b4d734d187b7b65aba39f4d8e 2011-06-22 * ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER fallback scenarios.
8d836a15e46baacfb136b883e9efa5e08cc4727b 2011-06-22 * ext/openssl/ossl_ssl_session.c: Respect T_BIGNUM time values. Patch by Tomoyuki Chikanaga. [ Ruby 1.9 - Bug #4919 ] [ruby-dev:43869]
93e1583d735bac916ac815ee2737a9596dccad0f 2011-06-26 * ext/openssl/extconf.rb * ext/openssl/ossl_missing.h/.c: add ASN1_put_eoc if missing.
1dcd4b325ee9074952461d1748d881ea27da05d5 2011-06-30 * ext/openssl/ossl.c/.h: Added ossl_x509_name_sk2ary. * ext/openssl/ossl.c: Replaced ossl_x509_ary2k by generic macro to simplify future conversions. * ext/openssl/ossl_ssl.c: Implement SSLSocket#client_ca. * test/openssl/test_ssl.rb: Add test for SSLSocket#client_ca. Thanks to Ippei Obayashi for providing the patch! [ Ruby 1.9 - Feature #4481 ] [ruby-core:35461]
a5615faba16106e17a66d225bf7ad7782615af94 2011-07-02 * test/openssl/test_ocsp.rb * test/openssl/test_x509_cert.rb: Perform SHA-256 tests only if supported by the available OpenSSL version. Versions < 0.9.8 don't support it. [ruby-core:37724]
f8a538495e01aaa6c6fe0de1f09052d971bd064b 2011-07-16 * test/openssl/test_ssl_session.rb: add PEM SSL session without TLS extensions. Use this as the default for the tests to ensure compatibility with OpenSSL 0.9.7. [ Ruby 1.9 - Bug #4961 ] [ruby-core:37726]
84e835fe4a68586fcb17adc2a6140c737c83dd62 2011-07-22 * ext/openssl/ossl_engine.c: Avoid double free of ENGINE reference. * test/openssl/test_engine.rb: Add a test for it. Thanks to Ippei Obayashi for providing the patch. [ Ruby 1.9 - Bug #5062 ] [ruby-dev:44173]
00a006511b4b46298ac6cdebbeabb48d65d94ae8 2011-07-22 * ext/openssl/ossl_digest.c: Check return value of EVP_DigestInit_ex. * ext/openssl/ossl_hmac.c: Check return value of HMAC_Init_ex. Thanks, Jared Jennings, for the patch. [ Ruby 1.9 - Bug #4944 ] [ruby-core:37670]
af017841509b5cce4b82466f564186ea53774688 2011-07-22 * ext/openssl/ossl_hmac.c: Revert checking return type of HMAC_Init_ex as it is not compatible with OpenSSL < 1.0.0.
b9c485aa0d6f13303e7e9ab05c6d2b2496610a35 2011-07-27 * test/openssl/test_pkcs12.rb: Add test and intermediate certificates. [ Ruby 1.9 - Feature #3793 ] [ruby-core:32088]
1be5789eed8de583662e47e2bf580bf14a9e296c 2011-08-15 * ext/openssl/ossl_ssl.c: Support disabling OpenSSL compression. * test/openssl/test_ssl.rb: Add a test for it. Thanks to Eric Wong for the patch. [Ruby 1.9 - Feature #5183] [ruby-core:38911]
a517fe05186e1ca3ee9460ada40b15e0d2ec544a 2011-08-16 * ext/openssl/ossl_pkey.c: corrected docs, OpenSSL::PKey::DH does *not* support #sign/verify.
515d546d7614cefbad79b8c33d063ee8b33ffff0 2011-08-16 * ext/openssl/ossl_x509cert.c: Add class documentation for OpenSSL::X509::Certificate.
783fb0881f91d59dca1430657628c4d50bd1a2be 2011-08-16 * ext/openssl/ossl_x509cert.c: fixed whitespace issues
e3af0655e21a1f6e1fcf3d50c6ac8a5486d8b57b 2011-09-23 * test/openssl/test_ssl_session.rb: ensure server calls callbacks in test_ctx_server_session_cb. Thanks to Eric Wong for the patch. [Bug #5336] [ruby-core:39619]
e2694c597d5dd309dba2a7b5d8b0ea6963fe7f2e 2011-09-23 * test/openssl/test_ssl_session.rb: execute test_session_exts_read only for OpenSSL versions >= 0.9.8k. Thanks, Eric Wong, for reporting this. [Bug #4961] [ruby-core:37726]
3a16362371a431127d6a7cc7884bff102ede6b55 2011-09-23 * ext/openssl/ossl_asn1.c: remove unused variable.
8b7e10879ea7e78584e4d37ecf535fb2ddc57206 2011-09-25 * ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being fed arbitrary string values. Clearly distinguish between the cases "universal, infinite and not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly infinite". Raise error for universal tags that are not infinite. * test/openssl/test_asn1.rb: add a test for this.
c35204f7bdd821feb2d73782e3a56a3c822d6150 2011-10-19 * ext/openssl/ossl_ssl.c: Remove set, but unused variables. ext/openssl/ossl_pkey.c: ditto
65ca601ba6de9b63b6d0507788ffa411d4d85908 2011-10-19 * lib/openssl/buffering.rb: Force multi-byte strings to be treated as binary data. * test/openssl/test_ssl.rb: Add test for it.
359e7979d5815626bf13f5ce1ca5e194170d990b 2011-10-20 * test/openssl/test_pkcs5.rb: add RFC 6070 tests for PBKDF2 with HMAC-SHA1
98490d1f71a6d7072c8bf439a88e08c3762b27dd 2011-10-20 * ext/openssl/ossl_pkcs5.c: add note on timing attacks and general documentation.
b878cfa971870065e5a47cbe54758fe641a1cbf4 2011-10-20 * ext/openssl/ossl_ns_spki.c: Complete documentation. * test/openssl/test_ns_spki.rb: Integrate SPKI#to_text.
4fe2dacee7657a381a5ff6fc3b0bffa658b08731 2011-10-26 * ext/openssl/extconf.rb: add -Wall flag by default when compiler is GCC.
2b7bbe18b3528e30ed13339e1808536ad1196805 2011-10-26 * ext/psych/parser.c: remove unused variable.
576454a432559b43840f4827841d3c82d37e3458 2011-11-02 * test/openssl/test_engine.rb: call Engine::cleanup on exit. Patch provided by Yui Naruse, thanks! [Bug #5547] [ruby-core:40669]
00bfe1940e10abdf646096aeb4e489f978c91411 2011-11-03 * ext/openssl/extconf.rb: * ext/openssl/ossl_engine.c: add some missing OpenSSL engines. Thanks, Yui Naruse, for providing the patch! [Bug #5548] [ruby-core:40670]
3463615a69288dd066df0579eea087737a6c6bf8 2011-11-04 * test/openssl/test_engine.rb: add first tests for builtin "openssl" engine.
600fcacc7551d9957feac8a32f7639dcc3fc49cd 2011-11-05 * test/openssl/test_engine.rb: add test for engine cipher. RC4 is used because AES is not supported by the "openssl" engine currently.
29b0d9d932139aa38d7bb9656041a154dffc0649 2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error message. * ext/openssl/ossl_ssl.c: ditto. * ext/openssl/ossl_pkey_rsa: ditto. [Bug #5604] [ruby-core:40896]
c8abe4a054e605dd6e73c0725c4f4d3c59440aa6 2011-11-23 Mention "patched by"
452b74c10682280912d14254795d2e76894fbdc9 2011-11-24 * test/openssl/test_engine.rb: Suppress output from 'openssl' engine's RC4 cipher. [Bug #5633] [ruby-core:41026]
bdf357bf5eae625c606bff423a2299ba0cd69853 2011-11-26 * ext/openssl/ossl_ssl.c: add comment on where to find implementation of OpenSSL::SSL::SSLSocket#session.
41fa4bd7151f0a3c713d2bb3f4c08d2e8099b294 2011-11-26 * ext/openssl/extconf.rb: remove checks for available functions. * ext/openssl/missing.h: ditto. Thanks, Tim Mooney for reporting this! [Bug #5432] [ruby-core:40088]
0f59228a0b08bf59e4f9747b9272adca0899b157 2011-11-26 * test/openssl/test_engine.rb: remove side effect of generic engine load by explicitly loading software-based "openssl" engine for all tests.
976aba43c30c3fcd86fb36b68a829751a9a1b697 2011-12-25 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34123 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
16558749948b053e0b55d79efa267a3dba2591df 2011-12-25 * ext/openssl/ossl_cipher.c: Update and complete documentation.
91785eca932bcd215989c2be6c51bbc1b6f0fd14 2011-12-25 * ext/openssl/ossl_cipher.c: Fixed typo.
7a9b2cad172060201d63118eeccec074eb4e44f3 2011-12-25 * ext/openssl/ossl_cipher.c: Fix more typos.
aa3854e33d898885d067b5055d7e0f0db38a9c0d 2012-02-08 * ext/openssl/ossl_cipher.c: Add warning about key as IV.
460c8907c99e2b90a5fb0cb6c18f2537fd4e60e1 2012-02-08 * ext/openssl/ossl_asn1.c: Call INT2NUM only once for GeneralString. Thanks to Mantas Mikulenas for noticing and providing a patch! [ruby-core:42358] [Bug #5972]
45706e70c9e5bfefc3921c6fc406aabe83c19768 2012-02-08 * ext/openssl/ossl_x509name.c: Use the numerical representation of unrecognized OIDs instead of the sn "UNDEF".
5bef1c9223ffecbef27f01498f353087eb6c9275 2012-03-28 * ext/openssl/ossl_asn1.c: raise TypeError when trying to encode nil values for Primitive instances. * test/openssl/test_asn1.rb: Assert consistent behavior when encoding nil values: Primitives raise TypeError, Constructives raise NoMethodError. Fixes [ruby-core:43009][Bug #6102] -This line, and those below, will be ignored--
7d8a8956de4a099f0d1916caf8fd35e9a8fbb517 2012-03-28 * NEWS: add note about unified behavior of encoding nil values in instances of OpenSSL::ASN1::ASN1Data.
836af4e5dc7ef3293a68e07fea47385e2e5942ed 2012-03-29 * test/openssl/test_x509cert.rb: Exclude test that fails when issuing a certificate with RSA signature and DSS1 digest for earlier OpenSSL versions when used in conjunction with OpenSSL 1.0.1. Thanks, Vit Ondruch, for reporting the issue. [ruby-core:42949][Bug #6089]
aad347f5ec7f32c55dea663b3216f4bead993c9a 2012-03-29 * ext/openssl/ossl_pkcs7.c: fix crash when parsing garbage data. * test/openssl/test_pkcs7.rb: assert correct behavior for it. Thanks to Matt Venables for reporting the issue. [ruby-core:43250][Bug #6134]
d4f379ad93dbd667a80bc286073b22354a755a88 2012-03-31 * ext/openssl/ossl_x509cert.c: Fix doc typo.
060184c347822b11dff3db6bef915c04a564c4e4 2012-05-06 * ext/openssl/ossl_ssl.c: support TLSv1.1 & TLSv1.1. Add SSLContext#version to inspect the version that was negotiated for a given connection. * ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support. * test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they are supported by the native OpenSSL being used.
07ea7112dd5e94eb5f11542141eef7a52abcdb49 2012-05-07 * Fix typo.
5f7be3150f0bffb6a958770c61270302123774c3 2012-05-07 * ext/openssl/ossl_ssl.c: add support for option flags OpenSSL::SSL::OP_NO_TLSv1_1 OpenSSL::SSL::OP_NO_TLSv1_2 to allow blocking specific TLS versions. Thanks to Justin Guyett for pointing this out to me. * test/openssl/test_ssl.rb: add tests to assert correct behavior when blocking certain versions of TLS/SSL both on server and client side. Also refactored tests to reduce boilerplate code a little. * test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where client rejects the connection because a forbidden protocol version was used.
913827b6afd701f5f5b7461e3acf15c70ab4f22b 2012-05-25 * ext/openssl/ossl_ssl.c: Revert r35583 * test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid the test failing in Ruby CI [1]
6f5582a2ae543eb8000deba997348fda189c166a 2012-05-25 * test/openssl/test_ssl.rb: Clarify the intention of errors to be expected. Two errors are possible when connection is refused due to a protocol version that was explicitly disallowed, OpenSSL::SSL::SSLError or Errno::ECONNRESET, depending on the OpenSSL version in use.
50ba64ab87e1715cc0bf6d6c8bdfa330de4f6699 2012-05-26 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation. * test/openssl/test_ssl.rb: Simple tests for this.
14ba7fab58329201aebdc49b83ca96dfbf0b13e6 2012-06-09 * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb and remove SSLContext#disable_client_renegotiation and related functionality introduced in r35797. The new callback approach gives clients maximum flexibility to decide on their own what to do on renegotiation attempts. Add documentation for SSL module and SSLError. * test/openssl/test_ssl.rb: Add a test for SSLContext#renegotiation_cb.
21f1af2ec217c6e64af2095186c558b81a00e212 2012-06-09 * ext/openssl/ossl.c: Fix error in example. Patch by David Albert.
f17591876595104a79b1a41e020bd379b781487f 2012-06-09 * NEWS: document new features of Ruby OpenSSL.
5bd7899b98fc4fd9631d08423f5c2fb6918c783d 2012-06-10 * ext/openssl/ossl.c ext/openssl/ossl_pkey_rsa.c ext/openssl/ossl_pkey_dsa.c ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less than four characters long, as OpenSSL itself does not allow this. Issue found by Eric Hodel. * ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem, following the PKey interface contract. * test/openssl/test_pkey_dsa.rb test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_ec.rb: Add tests that assert correct behaviour when dealing with passwords that are less than four characters long. [ruby-core: 42281][ruby-trunk - Bug #5951]
7db3bb5c8fa6684f331b2aae79b59f5749cad0b9 2012-06-10 * NEWS: Add note about the new private key export behavior.
43759fc1ed8f10fff50b4239089d02c0fbe6895d 2012-06-10 * lib/openssl/ssl.rb: Use a simple random number to generate the session id. MD5, as was used before, causes problems when using a FIPS version of OpenSSL. Issue was found by Jared Jennings, thank you! [ruby-trunk - Bug #6137]
3ffd8a918ff2cfd555bf7e89329b275d1fe8ab12 2012-06-10 * ext/openssl/ossl_pkey_ec.c test/openssl/test_pkey_ec.rb: Add support for EC_POINT_mul. Patch provided by Sambasiva Suda. Thanks! [ruby-core:44408][ruby-trunk - Feature #6310]
df05bd2c82386e5897c4125576199e18a13712a1 2012-08-02 * ext/openssl/lib/openssl/digest.rb test/openssl/test_digest.rb: Add Digest module function to OpenSSL module and test it. Patch provided by Eric Hodel. [ruby-core:46908][Feature #6819]
9871dd5783963ad3d341ddb58f6bfe7ca7ceb444 2012-08-28 * test/openssl/utils.rb test/openssl/test_pair.rb test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy OpenSSL FIPS requirements. Patch by Vit Ondruch. [Bug #6938] [ruby-core:47326]
25e6db3e3cb52c1a81e1e4a958a8d520a996812e 2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED. ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be advertised by the server can be set in the SSLContext by using SSLContext#npn_protocols=, protocol selection on the client is supported by providing a selection callback with SSLContext#npn_select_cb. The protocol that was finally negotiated is available through SSL#npn_protocol. test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation. NEWS: add news about NPN support. [Feature #6503] [ruby-core:45272]
5aa3caaa5d68d6e62612574869f1dc6293ebb836 2012-09-02 * test/openssl/utils.rb: Use a cached DH key instead of generating a new one each time.
e29819df6e6a644bbfadbdc706a472c413015286 2012-09-03 * ext/openssl/extconf.rb: Detect OpenSSL_FIPS macro ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to indicate whether OpenSSL runs in FIPS mode. test/openssl/test_pkey_dh.rb: Generate 256 bit keys for non-FIPS installations to improve test performance (e.g. for rubyci). test/openssl/utils.rb: Replace DSS1 as certificate signature digest with SHA1 for FIPS installations when using DSA by introducing TestUtils::DSA_SIGNATURE_DIGEST. test/openssl/test_x509cert.rb: test/openssl/test_x509crl.rb: test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST NEWS: Introduce OpenSSL::OPENSSL_FIPS
c5ad3214391630a096db03decf8cb15f7046a7fd 2012-09-03 * Correct header format of my ChangeLog entries.
78755b8d52101e3b85ebce3aedd97e4cce8ed6ad 2012-09-03 * test/openssl/utils.rb: Use DSS1 as DSA signature digest for all OpenSSL versions < 1.0.0. [ruby-core:47405]
b6c38f675356cf6da84e35c8a9ed57922130e580 2012-09-03 * Reference feature #6946 in Changelog entry.
4bb125f91a1df7d5252b1dd1f59c1ce0238e0192 2012-09-03 * test/openssl/test_asn1_rb: test/openssl/test_ssl_session.rb: test/openssl/test_x509name.rb: test/openssl/test_buffering.rb: test/openssl/test_x509cert.rb: test/openssl/test_ssl.rb: Refactor code that leads to warnings on Ruby CI.
84f1dae9d637a2038d1b395bcc2f22404770d2d7 2012-12-18 * ext/openssl/lib/ssl.rb: Enable insertion of empty fragments as a countermeasure for the BEAST attack by default. The default options of OpenSSL::SSL:SSLContext are now: OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS [Bug #5353] [ruby-core:39673]
e814e2ff3a6a970e88843cc6ff1e161075931e8e 2012-12-18 * test/openssl/test_ssl.rb: Improve my grammar.
831af844ef2d4d716da07eda331c50d1e73005e3 2012-12-18 * test/openssl/test_ssl.rb: Use :TLSv1_2_client explicitly in test_tls_v1_2 to prevent upstream bug. [Bug #7197] [ruby-dev:46240]
a3b753b28214ad321e7335afada7f1b06d036836 2012-12-20 * ext/openssl/ossl.c: add OpenSSL.fips_mode= to allow enabling FIPS mode manually. * test/openssl/utils.rb: turn off FIPS mode for tests. This prevents OpenSSL installations with FIPS mode enabled by default from raising FIPS-related errors during the tests. * test/openssl/test_fips.rb: add tests for FIPS-capable OpenSSL installations. [Feature #6946] [ruby-core:47345]
b28ac4039df7f04d8bb743cc1741a4a31c52e270 2012-12-20 * test/openssl/test_pkey_dh.rb: revert special treatment of FIPS-capable installations since FIPS mode is now disabled for the tests.
215b54806b035509272779fefd57b432a1a0f9e5 2012-12-20 * ext/openssl/ossl_cipher.c: add support for Authenticated Encryption with Associated Data (AEAD) for OpenSSL versions that support the GCM encryption mode. It's the only mode supported for now by OpenSSL itself. Add Cipher#authenticated? to detect whether a chosen mode does support Authenticated Encryption. * test/openssl/test_cipher.rb: add tests for Authenticated Encryption. [Feature #6980] [ruby-core:47426] Thank you, Stephen Touset for providing a patch!
4fce754f9b603664501ac4ee982988fb264d20f2 2012-12-20 * ext/openssl/ossl.c: do not use FIPS_mode_set if not available. * test/openssl/utils.rb: revise comment about setting FIPS mode to false. * test/openssl/test_fips.rb: remove tests that cause errors on ruby-ci. [Feature #6946] [ruby-core:47345]
b9bd8eaf3b973268b898df22ee4cdadca7d15730 2012-12-20 * ext/openssl/ossl_cipher.c: fix errors for installations that do not feature Authenticated Encryption. * ext/openssl/extconf.rb: detect presence of EVP_CTRL_GCM_GET_TAG to determine whether Authenticated Encryption can be used. [Feature #6980] [ruby-core:47426]
a1580347899f1fb6fd85d82828db3f372e5ec86d 2012-12-20 * NEWS: announce AEAD encryption support in the OpenSSL extension.
d6b1ab91dcf83536ea7d94f2b855e8ce21802136 2013-04-15 * ext/openssl/ossl_ssl.c: Correct shutdown behavior w.r.t GC.
a3a62f87e144be31b9ca8ad6415b207f43f4e126 2013-07-05 * lib/openssl/ssl.rb: Fix SSL client connection crash for SAN marked critical. The patch for CVE-2013-4073 caused SSL crash when a SSL server returns the certificate that has critical SAN value. X509 extension could include 2 or 3 elements in it:
7e443fcfea0293a14e8dff2edfaaf24a366dced6 2013-07-05 * ext/openssl/ossl.c: Provide CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() callback functions ossl_thread_id and ossl_lock_callback to ensure the OpenSSL extension is usable in multi-threaded environments. [ruby-core:54900] [Bug #8386]
880bc0e02ddad9566eef99596b170f385d7b71b5 2013-07-05 * test/openssl/test_x509crl.rb: Remove unused variable. [ruby-core:53501] [Bug #8114]
0d58bb55985e787364b0235e5e69278d0f0ad4b0 2013-07-05 * ext/openssl/ossl_pkey_ec.c: Ensure compatibility to builds of OpenSSL with OPENSSL_NO_EC2M defined, but OPENSSL_NO_EC not defined. * test/openssl/test_pkey_ec.rb: Iterate over built-in curves (and assert their non-emptiness!) instead of hard-coding them, as this may cause problems with respect to the different availability of individual curves in individual OpenSSL builds. [ruby-core:54881] [Bug #8384]
ed92ae818f7b14690c401e07c1bdaa0746972cb5 2013-07-07 * test/openssl/test_pkey_ec.rb: Skip tests for "Oakley" curves as they are not suitable for ECDSA. [ruby-core:54881] [Bug #8384]
699b209cf8cf11809620e12985ad33ae33b119ee 2014-03-06 * lib/openssl/ssl.rb: Explicitly whitelist the default SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable compression by default. Reported by Jeff Hodges. [ruby-core:59829] [Bug #9424]
92a5ebb4b1b17a3b5e9531304c3de7c03ac36223 2014-03-07 * test/openssl/test_ssl.rb: Reuse TLS default options from OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.