ruby-changes:39374
From: tenderlove <ko1@a...>
Date: Sat, 1 Aug 2015 03:20:46 +0900 (JST)
Subject: [ruby-changes:39374] tenderlove:r51455 (trunk): * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert
tenderlove 2015-08-01 03:20:31 +0900 (Sat, 01 Aug 2015) New Revision: 51455 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=51455 Log: * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert `tmp_dh_callback` to Ruby, and call it when setting up an SSL connection. This allows us to move the "default" behavior to the reader method. * ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of accessing the SSLContext's internals. Modified files: trunk/ChangeLog trunk/ext/openssl/lib/openssl/ssl.rb trunk/ext/openssl/ossl_ssl.c Index: ChangeLog =================================================================== --- ChangeLog (revision 51454) +++ ChangeLog (revision 51455) @@ -1,3 +1,13 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sat Aug 1 03:14:07 2015 Aaron Patterson <tenderlove@r...> + + * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert + `tmp_dh_callback` to Ruby, and call it when setting up an SSL + connection. This allows us to move the "default" behavior to the + reader method. + + * ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of + accessing the SSLContext's internals. + Fri Jul 31 23:34:27 2015 Aaron Patterson <tenderlove@r...> * .travis.yml: update libssl before running tests. Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 51454) +++ ext/openssl/ossl_ssl.c (revision 51455) @@ -49,7 +49,6 @@ static VALUE eSSLErrorWaitWritable; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L49 #define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v)) #define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v)) #define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v)) -#define ossl_sslctx_set_tmp_dh_cb(o,v) rb_iv_set((o),"@tmp_dh_callback",(v)) #define ossl_sslctx_set_sess_id_ctx(o, v) rb_iv_set((o),"@session_id_context",(v)) #define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert") @@ -66,7 +65,7 @@ static VALUE eSSLErrorWaitWritable; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L65 #define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert") #define ossl_sslctx_get_client_cert_cb(o) rb_iv_get((o),"@client_cert_cb") #define ossl_sslctx_get_tmp_ecdh_cb(o) rb_iv_get((o),"@tmp_ecdh_callback") -#define ossl_sslctx_get_tmp_dh_cb(o) rb_iv_get((o),"@tmp_dh_callback") +#define ossl_sslctx_get_tmp_dh_cb(o) rb_funcall((o),rb_intern("tmp_dh_callback"),0) #define ossl_sslctx_get_sess_id_ctx(o) rb_iv_get((o),"@session_id_context") #define ossl_ssl_get_io(o) rb_iv_get((o),"@io") @@ -2115,18 +2114,6 @@ Init_ossl_ssl(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L2114 */ rb_attr(cSSLContext, rb_intern("tmp_ecdh_callback"), 1, 1, Qfalse); - /* - * A callback invoked when DH parameters are required. - * - * The callback is invoked with the Session for the key exchange, an - * flag indicating the use of an export cipher and the keylength - * required. - * - * The callback must return an OpenSSL::PKey::DH instance of the correct - * key length. - */ - rb_attr(cSSLContext, rb_intern("tmp_dh_callback"), 1, 0, Qfalse); - /* * Sets the context in which a session can be reused. This allows * sessions for multiple applications to be distinguished, for example, by Index: ext/openssl/lib/openssl/ssl.rb =================================================================== --- ext/openssl/lib/openssl/ssl.rb (revision 51454) +++ ext/openssl/lib/openssl/ssl.rb (revision 51455) @@ -77,12 +77,23 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L77 INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "renegotiation_cb", "verify_callback", "options", "cert_store", "extra_chain_cert", - "client_cert_cb", "session_id_context", + "client_cert_cb", "session_id_context", "tmp_dh_callback", "session_get_cb", "session_new_cb", "session_remove_cb", "tmp_ecdh_callback", "servername_cb", "npn_protocols", "alpn_protocols", "alpn_select_cb", "npn_select_cb"].map { |x| "@#{x}" } + # A callback invoked when DH parameters are required. + # + # The callback is invoked with the Session for the key exchange, an + # flag indicating the use of an export cipher and the keylength + # required. + # + # The callback must return an OpenSSL::PKey::DH instance of the correct + # key length. + + attr_writer :tmp_dh_callback + # call-seq: # SSLContext.new => ctx # SSLContext.new(:TLSv1) => ctx @@ -91,7 +102,6 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L102 # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS def initialize(version = nil) INIT_VARS.each { |v| instance_variable_set v, nil } - @tmp_dh_callback = OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK return unless version self.ssl_version = version end @@ -115,8 +125,8 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L125 return params end - def tmp_dh_callback=(value) - @tmp_dh_callback = value || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK + def tmp_dh_callback + @tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK end end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/