head 1.5; access; symbols pkgsrc-2017Q1:1.4.0.10 pkgsrc-2017Q1-base:1.4 pkgsrc-2016Q4:1.4.0.8 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.4.0.6 pkgsrc-2016Q3-base:1.4 pkgsrc-2016Q2:1.4.0.4 pkgsrc-2016Q2-base:1.4 pkgsrc-2016Q1:1.4.0.2 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.3.0.2 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.2.0.42 pkgsrc-2015Q3-base:1.2 pkgsrc-2015Q2:1.2.0.40 pkgsrc-2015Q2-base:1.2 pkgsrc-2015Q1:1.2.0.38 pkgsrc-2015Q1-base:1.2 pkgsrc-2014Q4:1.2.0.36 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.34 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.32 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.30 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.28 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.26 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.24 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.22 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.20 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.18 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.16 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.14 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.12 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.10 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.8 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.6 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.4 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.2 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.1.0.8 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.6 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.4 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.2 pkgsrc-2009Q3-base:1.1; locks; strict; comment @# @; 1.5 date 2017.04.22.18.23.55; author taca; state dead; branches; next 1.4; commitid tDoWtAVFTjPkJyOz; 1.4 date 2016.03.24.16.30.11; author taca; state Exp; branches; next 1.3; commitid xcy7jp3ShD4yLUZy; 1.3 date 2015.10.14.18.33.08; author sevan; state Exp; branches; next 1.2; commitid rQAf7ZZy1OsbE6Fy; 1.2 date 2010.09.10.03.29.00; author taca; state Exp; branches; next 1.1; 1.1 date 2009.08.11.14.26.59; author taca; state Exp; branches; next ; desc @@ 1.5 log @Remove ruby18 which is EOL almost 4 years ago. @ text @$NetBSD: patch-dq,v 1.4 2016/03/24 16:30:11 taca Exp $ * r18172: suppress warnings. * r20494: (ossl_ssl_read_nonblock): OpenSSL::SSL::SSLSocket should implement read_nonblock. a patch from Aaron Patterson in [ruby-core:20277]. fix: #814 [ruby-core:20241] * r21772: Test for Server Name Indication support. * r23008: revert incomplete read_nonblock implemenatation. * r26835: backport fixes in 1.9. * r26838: backport the commit from trunk. * Constify (some cases are depends on OpenSSL's version). * Only enable SSLv3 methods if library provides support. --- ext/openssl/ossl_ssl.c.orig 2012-02-08 06:09:40.000000000 +0000 +++ ext/openssl/ossl_ssl.c @@@@ -26,6 +26,12 @@@@ # define TO_SOCKET(s) s #endif +#if OPENSSL_VERSION_NUMBER >= 0x00909000L +#define OSSL_CONST const +#else +#define OSSL_CONST +#endif + VALUE mSSL; VALUE eSSLError; VALUE cSSLContext; @@@@ -69,6 +75,9 @@@@ static const char *ossl_sslctx_attrs[] = "verify_callback", "options", "cert_store", "extra_chain_cert", "client_cert_cb", "tmp_dh_callback", "session_id_context", "session_get_cb", "session_new_cb", "session_remove_cb", +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + "servername_cb", +#endif }; #define ossl_ssl_get_io(o) rb_iv_get((o),"@@io") @@@@ -86,7 +95,12 @@@@ static const char *ossl_sslctx_attrs[] = #define ossl_ssl_set_tmp_dh(o,v) rb_iv_set((o),"@@tmp_dh",(v)) static const char *ossl_ssl_attr_readers[] = { "io", "context", }; -static const char *ossl_ssl_attrs[] = { "sync_close", }; +static const char *ossl_ssl_attrs[] = { +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + "hostname", +#endif + "sync_close", +}; ID ID_callback_state; @@@@ -95,21 +109,24 @@@@ ID ID_callback_state; */ struct { const char *name; - SSL_METHOD *(*func)(void); + OSSL_CONST SSL_METHOD *(*func)(void); } ossl_ssl_method_tab[] = { #define OSSL_SSL_METHOD_ENTRY(name) { #name, name##_method } OSSL_SSL_METHOD_ENTRY(TLSv1), OSSL_SSL_METHOD_ENTRY(TLSv1_server), OSSL_SSL_METHOD_ENTRY(TLSv1_client), -#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \ +#if !defined(OPENSSL_NO_SSL2) && defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \ defined(HAVE_SSLV2_CLIENT_METHOD) OSSL_SSL_METHOD_ENTRY(SSLv2), OSSL_SSL_METHOD_ENTRY(SSLv2_server), OSSL_SSL_METHOD_ENTRY(SSLv2_client), #endif +#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \ + defined(HAVE_SSLV3_CLIENT_METHOD) OSSL_SSL_METHOD_ENTRY(SSLv3), OSSL_SSL_METHOD_ENTRY(SSLv3_server), OSSL_SSL_METHOD_ENTRY(SSLv3_client), +#endif OSSL_SSL_METHOD_ENTRY(SSLv23), OSSL_SSL_METHOD_ENTRY(SSLv23_server), OSSL_SSL_METHOD_ENTRY(SSLv23_client), @@@@ -146,7 +163,7 @@@@ ossl_sslctx_s_alloc(VALUE klass) static VALUE ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method) { - SSL_METHOD *method = NULL; + OSSL_CONST SSL_METHOD *method = NULL; const char *s; int i; @@@@ -299,7 +316,7 @@@@ ossl_ssl_verify_callback(int preverify_o static VALUE ossl_call_session_get_cb(VALUE ary) { - VALUE ssl_obj, sslctx_obj, cb, ret; + VALUE ssl_obj, sslctx_obj, cb; Check_Type(ary, T_ARRAY); ssl_obj = rb_ary_entry(ary, 0); @@@@ -327,7 +344,7 @@@@ ossl_sslctx_session_get_cb(SSL *ssl, uns ssl_obj = (VALUE)ptr; ary = rb_ary_new2(2); rb_ary_push(ary, ssl_obj); - rb_ary_push(ary, rb_str_new(buf, len)); + rb_ary_push(ary, rb_str_new((const char *)buf, len)); ret_obj = rb_protect((VALUE(*)_((VALUE)))ossl_call_session_get_cb, ary, &state); if (state) { @@@@ -346,7 +363,7 @@@@ ossl_sslctx_session_get_cb(SSL *ssl, uns static VALUE ossl_call_session_new_cb(VALUE ary) { - VALUE ssl_obj, sslctx_obj, cb, ret; + VALUE ssl_obj, sslctx_obj, cb; Check_Type(ary, T_ARRAY); ssl_obj = rb_ary_entry(ary, 0); @@@@ -389,10 +406,11 @@@@ ossl_sslctx_session_new_cb(SSL *ssl, SSL return RTEST(ret_obj) ? 1 : 0; } +#if 0 /* unused */ static VALUE ossl_call_session_remove_cb(VALUE ary) { - VALUE sslctx_obj, cb, ret; + VALUE sslctx_obj, cb; Check_Type(ary, T_ARRAY); sslctx_obj = rb_ary_entry(ary, 0); @@@@ -402,6 +420,7 @@@@ ossl_call_session_remove_cb(VALUE ary) return rb_funcall(cb, rb_intern("call"), 1, ary); } +#endif static void ossl_sslctx_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess) @@@@ -448,6 +467,66 @@@@ ossl_sslctx_add_extra_chain_cert_i(VALUE return i; } +static VALUE ossl_sslctx_setup(VALUE self); + +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME +static VALUE +ossl_call_servername_cb(VALUE ary) +{ + VALUE ssl_obj, sslctx_obj, cb, ret_obj; + + Check_Type(ary, T_ARRAY); + ssl_obj = rb_ary_entry(ary, 0); + + sslctx_obj = rb_iv_get(ssl_obj, "@@context"); + if (NIL_P(sslctx_obj)) return Qnil; + cb = rb_iv_get(sslctx_obj, "@@servername_cb"); + if (NIL_P(cb)) return Qnil; + + ret_obj = rb_funcall(cb, rb_intern("call"), 1, ary); + if (rb_obj_is_kind_of(ret_obj, cSSLContext)) { + SSL *ssl; + SSL_CTX *ctx2; + + ossl_sslctx_setup(ret_obj); + Data_Get_Struct(ssl_obj, SSL, ssl); + Data_Get_Struct(ret_obj, SSL_CTX, ctx2); + SSL_set_SSL_CTX(ssl, ctx2); + } else if (!NIL_P(ret_obj)) { + rb_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil"); + } + + return ret_obj; +} + +static int +ssl_servername_cb(SSL *ssl, int *ad, void *arg) +{ + VALUE ary, ssl_obj, ret_obj; + void *ptr; + int state = 0; + const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + + if (!servername) + return SSL_TLSEXT_ERR_OK; + + if ((ptr = SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx)) == NULL) + return SSL_TLSEXT_ERR_ALERT_FATAL; + ssl_obj = (VALUE)ptr; + ary = rb_ary_new2(2); + rb_ary_push(ary, ssl_obj); + rb_ary_push(ary, rb_str_new2(servername)); + + ret_obj = rb_protect((VALUE(*)_((VALUE)))ossl_call_servername_cb, ary, &state); + if (state) { + rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state)); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + + return SSL_TLSEXT_ERR_OK; +} +#endif + /* * call-seq: * ctx.setup => Qtrue # first time @@@@ -569,7 +648,7 @@@@ ossl_sslctx_setup(VALUE self) val = ossl_sslctx_get_sess_id_ctx(self); if (!NIL_P(val)){ StringValue(val); - if (!SSL_CTX_set_session_id_context(ctx, RSTRING_PTR(val), + if (!SSL_CTX_set_session_id_context(ctx, (unsigned char *)RSTRING_PTR(val), RSTRING_LEN(val))){ ossl_raise(eSSLError, "SSL_CTX_set_session_id_context:"); } @@@@ -587,11 +666,20 @@@@ ossl_sslctx_setup(VALUE self) SSL_CTX_sess_set_remove_cb(ctx, ossl_sslctx_session_remove_cb); OSSL_Debug("SSL SESSION remove callback added"); } + +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + val = rb_iv_get(self, "@@servername_cb"); + if (!NIL_P(val)) { + SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); + OSSL_Debug("SSL TLSEXT servername callback added"); + } +#endif + return Qtrue; } static VALUE -ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher) +ossl_ssl_cipher_to_ary(OSSL_CONST SSL_CIPHER *cipher) { VALUE ary; int bits, alg_bits; @@@@ -615,7 +703,7 @@@@ ossl_sslctx_get_ciphers(VALUE self) { SSL_CTX *ctx; STACK_OF(SSL_CIPHER) *ciphers; - SSL_CIPHER *cipher; + OSSL_CONST SSL_CIPHER *cipher; VALUE ary; int i, num; @@@@ -629,10 +717,10 @@@@ ossl_sslctx_get_ciphers(VALUE self) if (!ciphers) return rb_ary_new(); - num = sk_num((STACK*)ciphers); + num = sk_SSL_CIPHER_num(ciphers); ary = rb_ary_new2(num); for(i = 0; i < num; i++){ - cipher = (SSL_CIPHER*)sk_value((STACK*)ciphers, i); + cipher = sk_SSL_CIPHER_value(ciphers, i); rb_ary_push(ary, ossl_ssl_cipher_to_ary(cipher)); } return ary; @@@@ -821,7 +909,6 @@@@ ossl_sslctx_flush_sessions(int argc, VAL VALUE arg1; SSL_CTX *ctx; time_t tm = 0; - int cb_state; rb_scan_args(argc, argv, "01", &arg1); @@@@ -895,6 +982,8 @@@@ ossl_ssl_initialize(int argc, VALUE *arg ossl_sslctx_setup(ctx); rb_call_super(0, 0); + rb_iv_set(self, "@@hostname", Qnil); + return self; } @@@@ -908,6 +997,10 @@@@ ossl_ssl_setup(VALUE self) Data_Get_Struct(self, SSL, ssl); if(!ssl){ +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + VALUE hostname = rb_iv_get(self, "@@hostname"); +#endif + v_ctx = ossl_ssl_get_ctx(self); Data_Get_Struct(v_ctx, SSL_CTX, ctx); @@@@ -917,6 +1010,12 @@@@ ossl_ssl_setup(VALUE self) } DATA_PTR(self) = ssl; +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + if (!NIL_P(hostname)) { + if (SSL_set_tlsext_host_name(ssl, StringValuePtr(hostname)) != 1) + ossl_raise(eSSLError, "SSL_set_tlsext_host_name:"); + } +#endif io = ossl_ssl_get_io(self); GetOpenFile(io, fptr); rb_io_check_readable(fptr); @@@@ -953,7 +1052,15 @@@@ ossl_start_ssl(VALUE self, int (*func)() Data_Get_Struct(self, SSL, ssl); GetOpenFile(ossl_ssl_get_io(self), fptr); for(;;){ - if((ret = func(ssl)) > 0) break; + ret = func(ssl); + + cb_state = rb_ivar_get(self, ID_callback_state); + if (!NIL_P(cb_state)) + rb_jump_tag(NUM2INT(cb_state)); + + if (ret > 0) + break; + switch((ret2 = ssl_get_error(ssl, ret))){ case SSL_ERROR_WANT_WRITE: rb_io_wait_writable(FPTR_TO_FD(fptr)); @@@@ -969,10 +1076,6 @@@@ ossl_start_ssl(VALUE self, int (*func)() } } - cb_state = rb_ivar_get(self, ID_callback_state); - if (!NIL_P(cb_state)) - rb_jump_tag(NUM2INT(cb_state)); - return self; } @@@@ -1010,6 +1113,72 @@@@ ossl_ssl_accept(VALUE self) static VALUE ossl_ssl_read(int argc, VALUE *argv, VALUE self) { + SSL *ssl; + int ilen, nread = 0; + VALUE len, str; + rb_io_t *fptr; + + rb_scan_args(argc, argv, "11", &len, &str); + ilen = NUM2INT(len); + if(NIL_P(str)) str = rb_str_new(0, ilen); + else{ + StringValue(str); + rb_str_modify(str); + rb_str_resize(str, ilen); + } + if(ilen == 0) return str; + + Data_Get_Struct(self, SSL, ssl); + GetOpenFile(ossl_ssl_get_io(self), fptr); + if (ssl) { + if(SSL_pending(ssl) <= 0) + rb_thread_wait_fd(FPTR_TO_FD(fptr)); + for (;;){ + nread = SSL_read(ssl, RSTRING_PTR(str), RSTRING_LEN(str)); + switch(SSL_get_error(ssl, nread)){ + case SSL_ERROR_NONE: + goto end; + case SSL_ERROR_ZERO_RETURN: + rb_eof_error(); + case SSL_ERROR_WANT_WRITE: + rb_io_wait_writable(FPTR_TO_FD(fptr)); + continue; + case SSL_ERROR_WANT_READ: + rb_io_wait_readable(FPTR_TO_FD(fptr)); + continue; + case SSL_ERROR_SYSCALL: + if(ERR_peek_error() == 0 && nread == 0) rb_eof_error(); + rb_sys_fail(0); + default: + ossl_raise(eSSLError, "SSL_read:"); + } + } + } + else { + ID id_sysread = rb_intern("sysread"); + rb_warning("SSL session is not started yet."); + return rb_funcall(ossl_ssl_get_io(self), id_sysread, 2, len, str); + } + +end: + rb_str_set_len(str, nread); + OBJ_TAINT(str); + + return str; +} + +/* + * call-seq: + * ssl.read_nonblock(length) => string + * ssl.read_nonblock(length, buffer) => buffer + * + * === Parameters + * * +length+ is a positive integer. + * * +buffer+ is a string used to store the result. + */ +static VALUE +ossl_ssl_read_nonblock(int argc, VALUE *argv, VALUE self) +{ SSL *ssl; int ilen, nread = 0; VALUE len, str; @@@@ -1027,12 +1196,11 @@@@ ossl_ssl_read(int argc, VALUE *argv, VAL Data_Get_Struct(self, SSL, ssl); GetOpenFile(ossl_ssl_get_io(self), fptr); + rb_io_set_nonblock(fptr); if (ssl) { - if(SSL_pending(ssl) <= 0) - rb_thread_wait_fd(FPTR_TO_FD(fptr)); for (;;){ nread = SSL_read(ssl, RSTRING_PTR(str), RSTRING_LEN(str)); - switch(ssl_get_error(ssl, nread)){ + switch(SSL_get_error(ssl, nread)){ case SSL_ERROR_NONE: goto end; case SSL_ERROR_ZERO_RETURN: @@@@ -1041,7 +1209,7 @@@@ ossl_ssl_read(int argc, VALUE *argv, VAL rb_io_wait_writable(FPTR_TO_FD(fptr)); continue; case SSL_ERROR_WANT_READ: - rb_io_wait_readable(FPTR_TO_FD(fptr)); + rb_sys_fail(fptr->path); continue; case SSL_ERROR_SYSCALL: if(ERR_peek_error() == 0 && nread == 0) rb_eof_error(); @@@@ -1052,9 +1220,8 @@@@ ossl_ssl_read(int argc, VALUE *argv, VAL } } else { - ID id_sysread = rb_intern("sysread"); rb_warning("SSL session is not started yet."); - return rb_funcall(ossl_ssl_get_io(self), id_sysread, 2, len, str); + return rb_funcall(ossl_ssl_get_io(self), rb_intern("sysread"), 2, len, str); } end: @@@@ -1227,7 +1394,7 @@@@ ossl_ssl_get_cipher(VALUE self) rb_warning("SSL session is not started yet."); return Qnil; } - cipher = SSL_get_current_cipher(ssl); + cipher = (SSL_CIPHER *)SSL_get_current_cipher(ssl); return ossl_ssl_cipher_to_ary(cipher); } @@@@ -1350,13 +1517,13 @@@@ Init_ossl_ssl() ID_callback_state = rb_intern("@@callback_state"); - ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0,"ossl_ssl_ex_vcb_idx",0,0,0); - ossl_ssl_ex_store_p = SSL_get_ex_new_index(0,"ossl_ssl_ex_store_p",0,0,0); - ossl_ssl_ex_ptr_idx = SSL_get_ex_new_index(0,"ossl_ssl_ex_ptr_idx",0,0,0); + ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_vcb_idx",0,0,0); + ossl_ssl_ex_store_p = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_store_p",0,0,0); + ossl_ssl_ex_ptr_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_ptr_idx",0,0,0); ossl_ssl_ex_client_cert_cb_idx = - SSL_get_ex_new_index(0,"ossl_ssl_ex_client_cert_cb_idx",0,0,0); + SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_client_cert_cb_idx",0,0,0); ossl_ssl_ex_tmp_dh_callback_idx = - SSL_get_ex_new_index(0,"ossl_ssl_ex_tmp_dh_callback_idx",0,0,0); + SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_tmp_dh_callback_idx",0,0,0); mSSL = rb_define_module_under(mOSSL, "SSL"); eSSLError = rb_define_class_under(mSSL, "SSLError", eOSSLError); @ 1.4 log @Try to fix build error by recent OpenSSL change on NetBSD, reported as PR pkg/50971. @ text @d1 1 a1 1 $NetBSD: patch-dq,v 1.3 2015/10/14 18:33:08 sevan Exp $ @ 1.3 log @ Add pkg-config to USE_TOOLS. Set PKG_CONFIG to empty as it removes reference to the build directory. Add checks for the presence of SSLv3 in OpenSSL/LibreSSL - obtained from http://www.libressl.org/patches.html Fix typo in comment s/refrect/reference. Reviewed by taca@@ wiz@@ @ text @d1 1 a1 1 $NetBSD$ d14 1 a14 1 --- ext/openssl/ossl_ssl.c.orig Wed Feb 8 06:09:40 2012 d29 1 a29 1 @@@@ -69,6 +75,9 @@@@ static const char *ossl_sslctx_attrs[] = { d39 1 a39 1 @@@@ -86,7 +95,12 @@@@ static const char *ossl_sslctx_attrs[] = { d53 1 a53 1 @@@@ -95,7 +109,7 @@@@ ID ID_callback_state; d62 6 a67 1 @@@@ -107,9 +121,12 @@@@ struct { d89 1 a89 1 @@@@ -299,7 +316,7 @@@@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_ d98 1 a98 1 @@@@ -327,7 +344,7 @@@@ ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *bu d107 1 a107 1 @@@@ -346,7 +363,7 @@@@ ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *bu d116 1 a116 1 @@@@ -389,10 +406,11 @@@@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess d137 1 a137 1 @@@@ -448,6 +467,66 @@@@ ossl_sslctx_add_extra_chain_cert_i(VALUE i, VALUE arg) d257 1 a257 1 @@@@ -821,7 +909,6 @@@@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALU d265 1 a265 1 @@@@ -895,6 +982,8 @@@@ ossl_ssl_initialize(int argc, VALUE *argv, VALUE self) d298 1 a298 1 @@@@ -953,7 +1052,15 @@@@ ossl_start_ssl(VALUE self, int (*func)(), const char * d315 1 a315 1 @@@@ -969,10 +1076,6 @@@@ ossl_start_ssl(VALUE self, int (*func)(), const char * d399 1 a399 1 @@@@ -1027,12 +1196,11 @@@@ ossl_ssl_read(int argc, VALUE *argv, VALUE self) d414 1 a414 1 @@@@ -1041,7 +1209,7 @@@@ ossl_ssl_read(int argc, VALUE *argv, VALUE self) d423 1 a423 1 @@@@ -1052,9 +1220,8 @@@@ ossl_ssl_read(int argc, VALUE *argv, VALUE self) @ 1.2 log @Update ruby18-base to 1.8.7.302 (Ruby 1.8.7 patchlevel 302). Since many changes from previous release, please refer http://www.ruby-lang.org/en/news/2010/08/16/ruby-1-8-7-p302-is-released/. Note: Since all security updates are already in previous package, This update dosen't include any securify fix. @ text @d1 1 a1 1 $NetBSD: patch-dq,v 1.1 2009/08/11 14:26:59 taca Exp $ d5 2 a6 2 read_nonblock. a patch from Aaron Patterson in [ruby-core:20277]. fix: #814 [ruby-core:20241] d12 1 d14 1 a14 1 --- ext/openssl/ossl_ssl.c.orig 2010-06-21 09:18:59.000000000 +0000 d29 1 a29 1 @@@@ -69,6 +75,9 @@@@ static const char *ossl_sslctx_attrs[] = d39 1 a39 1 @@@@ -86,7 +95,12 @@@@ static const char *ossl_sslctx_attrs[] = d62 14 a75 1 @@@@ -144,7 +158,7 @@@@ ossl_sslctx_s_alloc(VALUE klass) d84 1 a84 1 @@@@ -297,7 +311,7 @@@@ ossl_ssl_verify_callback(int preverify_o d93 1 a93 1 @@@@ -325,7 +339,7 @@@@ ossl_sslctx_session_get_cb(SSL *ssl, uns d102 1 a102 1 @@@@ -344,7 +358,7 @@@@ ossl_sslctx_session_get_cb(SSL *ssl, uns d111 1 a111 1 @@@@ -387,10 +401,11 @@@@ ossl_sslctx_session_new_cb(SSL *ssl, SSL d124 1 a124 1 @@@@ -400,6 +415,7 @@@@ ossl_call_session_remove_cb(VALUE ary) d132 1 a132 1 @@@@ -446,6 +462,66 @@@@ ossl_sslctx_add_extra_chain_cert_i(VALUE d199 1 a199 1 @@@@ -563,7 +639,7 @@@@ ossl_sslctx_setup(VALUE self) d208 1 a208 1 @@@@ -581,11 +657,20 @@@@ ossl_sslctx_setup(VALUE self) d230 1 a230 1 @@@@ -609,7 +694,7 @@@@ ossl_sslctx_get_ciphers(VALUE self) d239 1 a239 1 @@@@ -623,10 +708,10 @@@@ ossl_sslctx_get_ciphers(VALUE self) d252 1 a252 1 @@@@ -815,7 +900,6 @@@@ ossl_sslctx_flush_sessions(int argc, VAL d260 1 a260 1 @@@@ -889,6 +973,8 @@@@ ossl_ssl_initialize(int argc, VALUE *arg d269 1 a269 1 @@@@ -902,6 +988,10 @@@@ ossl_ssl_setup(VALUE self) d280 1 a280 1 @@@@ -911,6 +1001,12 @@@@ ossl_ssl_setup(VALUE self) d293 1 a293 1 @@@@ -947,7 +1043,15 @@@@ ossl_start_ssl(VALUE self, int (*func)() d310 1 a310 1 @@@@ -963,10 +1067,6 @@@@ ossl_start_ssl(VALUE self, int (*func)() d321 1 a321 1 @@@@ -1004,6 +1104,72 @@@@ ossl_ssl_accept(VALUE self) d394 1 a394 1 @@@@ -1021,12 +1187,11 @@@@ ossl_ssl_read(int argc, VALUE *argv, VAL d409 1 a409 1 @@@@ -1035,7 +1200,7 @@@@ ossl_ssl_read(int argc, VALUE *argv, VAL d418 1 a418 1 @@@@ -1046,9 +1211,8 @@@@ ossl_ssl_read(int argc, VALUE *argv, VAL d429 1 a429 1 @@@@ -1221,7 +1385,7 @@@@ ossl_ssl_get_cipher(VALUE self) d438 1 a438 1 @@@@ -1344,13 +1508,13 @@@@ Init_ossl_ssl() @ 1.1 log @ * Make Ruby's OpenSSL library compatible with OpenSSL 1.0.0 and later, focusing to PR pkg/41829. * Add comments to patches. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 8 a10 1 * Use modern OpenSSL API to catch up OpenSSL 1.0.0 and later. d13 1 a13 1 --- ext/openssl/ossl_ssl.c.orig 2008-06-06 17:05:24.000000000 +0900 d28 25 a52 1 @@@@ -95,7 +101,7 @@@@ ID ID_callback_state; d61 1 a61 1 @@@@ -144,7 +150,7 @@@@ ossl_sslctx_s_alloc(VALUE klass) d70 138 a207 1 @@@@ -585,7 +591,7 @@@@ ossl_sslctx_setup(VALUE self) d212 1 a212 1 +ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher) d216 10 a225 1 @@@@ -623,10 +629,10 @@@@ ossl_sslctx_get_ciphers(VALUE self) d238 60 a297 11 @@@@ -1196,10 +1202,10 @@@@ ossl_ssl_get_peer_cert_chain(VALUE self) } chain = SSL_get_peer_cert_chain(ssl); if(!chain) return Qnil; - num = sk_num(chain); + num = sk_X509_num(chain); ary = rb_ary_new2(num); for (i = 0; i < num; i++){ - cert = (X509*)sk_value(chain, i); + cert = sk_X509_value(chain, i); rb_ary_push(ary, ossl_x509_new(cert)); d300 10 a309 2 @@@@ -1214,7 +1220,7 @@@@ static VALUE ossl_ssl_get_cipher(VALUE self) d311 66 d378 3 a380 2 - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; d383 60 a442 1 if (!ssl) { @