ruby-changes:47451
From: rhe <ko1@a...>
Date: Thu, 10 Aug 2017 18:23:58 +0900 (JST)
Subject: [ruby-changes:47451] rhe:r59567 (trunk): openssl: import v2.0.5
rhe 2017-08-10 18:23:45 +0900 (Thu, 10 Aug 2017) New Revision: 59567 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=59567 Log: openssl: import v2.0.5 Import Ruby/OpenSSL 2.0.5. The full commit history since v2.0.4 (imported at r59081) can be found at: https://github.com/ruby/openssl/compare/v2.0.4...v2.0.5 This will fix the test failure on latest Debian sid and the "no OPENSSL_Applink" issue on mswin. ---------------------------------------------------------------- Kazuki Yamaguchi (11): test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params bio: prevent possible GC issue in ossl_obj2bio() bio: do not use the FILE BIO method in ossl_obj2bio() Rakefile: install_dependencies: install only when needed appveyor.yml: test against Ruby 2.4 ossl_pem_passwd_cb: relax passphrase length constraint ossl_pem_passwd_cb: do not check for taintedness ossl_pem_passwd_cb: handle nil from the block explicitly ssl: remove unsupported TLS versions from SSLContext::METHODS ssl: fix compile error with OpenSSL 1.0.0 Ruby/OpenSSL 2.0.5 Lars Kanis (1): Add msys2 library dependency tag in gem metadata Modified files: trunk/ext/openssl/History.md trunk/ext/openssl/extconf.rb trunk/ext/openssl/openssl.gemspec trunk/ext/openssl/ossl.c trunk/ext/openssl/ossl_bio.c trunk/ext/openssl/ossl_bio.h trunk/ext/openssl/ossl_config.c trunk/ext/openssl/ossl_pkcs12.c trunk/ext/openssl/ossl_pkcs7.c trunk/ext/openssl/ossl_pkey.c trunk/ext/openssl/ossl_pkey_dh.c trunk/ext/openssl/ossl_pkey_dsa.c trunk/ext/openssl/ossl_pkey_ec.c trunk/ext/openssl/ossl_pkey_rsa.c trunk/ext/openssl/ossl_ssl.c trunk/ext/openssl/ossl_ssl_session.c trunk/ext/openssl/ossl_version.h trunk/ext/openssl/ossl_x509cert.c trunk/ext/openssl/ossl_x509crl.c trunk/ext/openssl/ossl_x509req.c trunk/test/openssl/test_pkey_rsa.rb trunk/test/openssl/test_ssl.rb trunk/test/openssl/test_ssl_session.rb trunk/test/openssl/test_x509cert.rb Index: ext/openssl/ossl_pkey_dsa.c =================================================================== --- ext/openssl/ossl_pkey_dsa.c (revision 59566) +++ ext/openssl/ossl_pkey_dsa.c (revision 59567) @@ -229,7 +229,7 @@ ossl_dsa_initialize(int argc, VALUE *arg https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dsa.c#L229 else { pass = ossl_pem_passwd_value(pass); arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); if (!dsa) { OSSL_BIO_reset(in); Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 59566) +++ ext/openssl/ossl_ssl.c (revision 59567) @@ -65,17 +65,19 @@ static const struct { https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L65 { #name"_server", (SSL_METHOD *(*)(void))name##_server_method, version }, \ { #name"_client", (SSL_METHOD *(*)(void))name##_client_method, version } #endif -#if defined(HAVE_SSLV2_METHOD) +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL2_METHOD) && defined(HAVE_SSLV2_METHOD) OSSL_SSL_METHOD_ENTRY(SSLv2, SSL2_VERSION), #endif -#if defined(HAVE_SSLV3_METHOD) +#if !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL3_METHOD) && defined(HAVE_SSLV3_METHOD) OSSL_SSL_METHOD_ENTRY(SSLv3, SSL3_VERSION), #endif +#if !defined(OPENSSL_NO_TLS1) && !defined(OPENSSL_NO_TLS1_METHOD) OSSL_SSL_METHOD_ENTRY(TLSv1, TLS1_VERSION), -#if defined(HAVE_TLSV1_1_METHOD) +#endif +#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1_METHOD) && defined(HAVE_TLSV1_1_METHOD) OSSL_SSL_METHOD_ENTRY(TLSv1_1, TLS1_1_VERSION), #endif -#if defined(HAVE_TLSV1_2_METHOD) +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2_METHOD) && defined(HAVE_TLSV1_2_METHOD) OSSL_SSL_METHOD_ENTRY(TLSv1_2, TLS1_2_VERSION), #endif OSSL_SSL_METHOD_ENTRY(SSLv23, 0), Index: ext/openssl/ossl_config.c =================================================================== --- ext/openssl/ossl_config.c (revision 59566) +++ ext/openssl/ossl_config.c (revision 59567) @@ -41,7 +41,7 @@ DupConfigPtr(VALUE obj) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_config.c#L41 OSSL_Check_Kind(obj, cConfig); str = rb_funcall(obj, rb_intern("to_s"), 0); - bio = ossl_obj2bio(str); + bio = ossl_obj2bio(&str); conf = NCONF_new(NULL); if(!conf){ BIO_free(bio); Index: ext/openssl/ossl_pkey_rsa.c =================================================================== --- ext/openssl/ossl_pkey_rsa.c (revision 59566) +++ ext/openssl/ossl_pkey_rsa.c (revision 59567) @@ -236,7 +236,7 @@ ossl_rsa_initialize(int argc, VALUE *arg https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L236 else { pass = ossl_pem_passwd_value(pass); arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); if (!rsa) { OSSL_BIO_reset(in); Index: ext/openssl/ossl_x509req.c =================================================================== --- ext/openssl/ossl_x509req.c (revision 59566) +++ ext/openssl/ossl_x509req.c (revision 59567) @@ -123,7 +123,7 @@ ossl_x509req_initialize(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509req.c#L123 return self; } arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL); DATA_PTR(self) = x; if (!req) { Index: ext/openssl/ossl_pkey_ec.c =================================================================== --- ext/openssl/ossl_pkey_ec.c (revision 59566) +++ ext/openssl/ossl_pkey_ec.c (revision 59567) @@ -217,7 +217,7 @@ static VALUE ossl_ec_key_initialize(int https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L217 BIO *in; pass = ossl_pem_passwd_value(pass); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); if (!ec) { @@ -775,7 +775,7 @@ static VALUE ossl_ec_group_initialize(in https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L775 if ((group = EC_GROUP_dup(arg1_group)) == NULL) ossl_raise(eEC_GROUP, "EC_GROUP_dup"); } else { - BIO *in = ossl_obj2bio(arg1); + BIO *in = ossl_obj2bio(&arg1); group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); if (!group) { @@ -1381,7 +1381,7 @@ static VALUE ossl_ec_point_initialize(in https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L1381 point = EC_POINT_bn2point(group, bn, NULL, ossl_bn_ctx); } else { - BIO *in = ossl_obj2bio(arg1); + BIO *in = ossl_obj2bio(&arg1); /* BUG: finish me */ Index: ext/openssl/ossl.c =================================================================== --- ext/openssl/ossl.c (revision 59566) +++ ext/openssl/ossl.c (revision 59567) @@ -129,13 +129,6 @@ ossl_bin2hex(unsigned char *in, char *ou https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L129 /* * our default PEM callback */ - -/* - * OpenSSL requires passwords for PEM-encoded files to be at least four - * characters long. See crypto/pem/pem_lib.c (as of 1.0.2h) - */ -#define OSSL_MIN_PWD_LEN 4 - VALUE ossl_pem_passwd_value(VALUE pass) { @@ -144,8 +137,6 @@ ossl_pem_passwd_value(VALUE pass) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L137 StringValue(pass); - if (RSTRING_LEN(pass) < OSSL_MIN_PWD_LEN) - ossl_raise(eOSSLError, "password must be at least %d bytes", OSSL_MIN_PWD_LEN); /* PEM_BUFSIZE is currently used as the second argument of pem_password_cb, * that is +max_len+ of ossl_pem_passwd_cb() */ if (RSTRING_LEN(pass) > PEM_BUFSIZE) @@ -157,11 +148,10 @@ ossl_pem_passwd_value(VALUE pass) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L148 static VALUE ossl_pem_passwd_cb0(VALUE flag) { - VALUE pass; - - pass = rb_yield(flag); - SafeStringValue(pass); - + VALUE pass = rb_yield(flag); + if (NIL_P(pass)) + return Qnil; + StringValue(pass); return pass; } @@ -178,7 +168,7 @@ ossl_pem_passwd_cb(char *buf, int max_le https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L168 * bytes silently if the input is over 1024 bytes */ if (RB_TYPE_P(pass, T_STRING)) { len = RSTRING_LEN(pass); - if (len >= OSSL_MIN_PWD_LEN && len <= max_len) { + if (len <= max_len) { memcpy(buf, RSTRING_PTR(pass), len); return (int)len; } @@ -204,11 +194,9 @@ ossl_pem_passwd_cb(char *buf, int max_le https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L194 rb_set_errinfo(Qnil); return -1; } + if (NIL_P(pass)) + return -1; len = RSTRING_LEN(pass); - if (len < OSSL_MIN_PWD_LEN) { - rb_warning("password must be at least %d bytes", OSSL_MIN_PWD_LEN); - continue; - } if (len > max_len) { rb_warning("password must not be longer than %d bytes", max_len); continue; Index: ext/openssl/openssl.gemspec =================================================================== --- ext/openssl/openssl.gemspec (revision 59566) +++ ext/openssl/openssl.gemspec (revision 59567) @@ -1,19 +1,20 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl.gemspec#L1 # -*- encoding: utf-8 -*- -# stub: openssl 2.0.4 ruby lib +# stub: openssl 2.0.5 ruby lib # stub: ext/openssl/extconf.rb Gem::Specification.new do |s| s.name = "openssl".freeze - s.version = "2.0.4" + s.version = "2.0.5" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= + s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata= s.require_paths = ["lib".freeze] s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze] - s.date = "2017-06-14" + s.date = "2017-08-08" s.description = "It wraps the OpenSSL library.".freeze s.email = ["ruby-core@r...".freeze] s.extensions = ["ext/openssl/extconf.rb".freeze] - s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "History.md".freeze, "README.md".freeze] + s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "README.md".freeze, "History.md".freeze] s.files = ["BSDL".freeze, "CONTRIBUTING.md".freeze, "History.md".freeze, "LICENSE.txt".freeze, "README.md".freeze, "ext/openssl/deprecation.rb".freeze, "ext/openssl/extconf.rb".freeze, "ext/openssl/openssl_missing.c".freeze, "ext/openssl/openssl_missing.h".freeze, "ext/openssl/ossl.c".freeze, "ext/openssl/ossl.h".freeze, "ext/openssl/ossl_asn1.c".freeze, "ext/openssl/ossl_asn1.h".freeze, "ext/openssl/ossl_bio.c".freeze, "ext/openssl/ossl_bio.h".freeze, "ext/openssl/ossl_bn.c".freeze, "ext/openssl/ossl_bn.h".freeze, "ext/openssl/ossl_cipher.c".freeze, "ext/openssl/ossl_cipher.h".freeze, "ext/openssl/ossl_config.c".freeze, "ext/openssl/ossl_config.h".freeze, "ext/openssl/ossl_digest.c".freeze, "ext/openssl/ossl_digest.h".freeze, "ext/openssl/ossl_engine.c".freeze, "ext/openssl/ossl_engine.h".freeze, "ext/openssl/ossl_hmac.c".freeze, "ext/openssl/ossl_hmac.h".freeze, "ext/openssl/ossl_ns_spki.c".freeze, "ext/openssl/ossl_ns_spki.h".freeze, "ext/openssl/ossl_ocsp.c".freeze, "ext/opens sl/ossl_ocsp.h".freeze, "ext/openssl/ossl_pkcs12.c".freeze, "ext/openssl/ossl_pkcs12.h".freeze, "ext/openssl/ossl_pkcs5.c".freeze, "ext/openssl/ossl_pkcs5.h".freeze, "ext/openssl/ossl_pkcs7.c".freeze, "ext/openssl/ossl_pkcs7.h".freeze, "ext/openssl/ossl_pkey.c".freeze, "ext/openssl/ossl_pkey.h".freeze, "ext/openssl/ossl_pkey_dh.c".freeze, "ext/openssl/ossl_pkey_dsa.c".freeze, "ext/openssl/ossl_pkey_ec.c".freeze, "ext/openssl/ossl_pkey_rsa.c".freeze, "ext/openssl/ossl_rand.c".freeze, "ext/openssl/ossl_rand.h".freeze, "ext/openssl/ossl_ssl.c".freeze, "ext/openssl/ossl_ssl.h".freeze, "ext/openssl/ossl_ssl_session.c".freeze, "ext/openssl/ossl_version.h".freeze, "ext/openssl/ossl_x509.c".freeze, "ext/openssl/ossl_x509.h".freeze, "ext/openssl/ossl_x509attr.c".freeze, "ext/openssl/ossl_x509cert.c".freeze, "ext/openssl/ossl_x509crl.c".freeze, "ext/openssl/ossl_x509ext.c".freeze, "ext/openssl/ossl_x509name.c".freeze, "ext/openssl/ossl_x509req.c".freeze, "ext/openssl/ossl_x509revoked.c".freez e, "ext/openssl/ossl_x509store.c".freeze, "ext/openssl/ruby_missing.h".freeze, "lib/openssl.rb".freeze, "lib/openssl/bn.rb".freeze, "lib/openssl/buffering.rb".freeze, "lib/openssl/cipher.rb".freeze, "lib/openssl/config.rb".freeze, "lib/openssl/digest.rb".freeze, "lib/openssl/pkey.rb".freeze, "lib/openssl/ssl.rb".freeze, "lib/openssl/x509.rb".freeze] s.homepage = "https://www.ruby-lang.org/".freeze s.licenses = ["Ruby".freeze] Index: ext/openssl/ossl_pkcs12.c =================================================================== --- ext/openssl/ossl_pkcs12.c (revision 59566) +++ ext/openssl/ossl_pkcs12.c (revision 59567) @@ -178,7 +178,7 @@ ossl_pkcs12_initialize(int argc, VALUE * https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkcs12.c#L178 if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) return self; passphrase = NIL_P(pass) ? NULL : StringValueCStr(pass); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); d2i_PKCS12_bio(in, &pkcs); DATA_PTR(self) = pkcs; BIO_free(in); Index: ext/openssl/ossl_ssl_session.c =================================================================== --- ext/openssl/ossl_ssl_session.c (revision 59566) +++ ext/openssl/ossl_ssl_session.c (revision 59567) @@ -49,7 +49,7 @@ static VALUE ossl_ssl_session_initialize https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl_session.c#L49 if ((ctx = SSL_get1_session(ssl)) == NULL) ossl_raise(eSSLSession, "no session available"); } else { - BIO *in = ossl_obj2bio(arg1); + BIO *in = ossl_obj2bio(&arg1); ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL); Index: ext/openssl/ossl_x509crl.c =================================================================== --- ext/openssl/ossl_x509crl.c (revision 59566) +++ ext/openssl/ossl_x509crl.c (revision 59567) @@ -115,7 +115,7 @@ ossl_x509crl_initialize(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509crl.c#L115 return self; } arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL); DATA_PTR(self) = x; if (!crl) { Index: ext/openssl/ossl_pkey.c =================================================================== --- ext/openssl/ossl_pkey.c (revision 59566) +++ ext/openssl/ossl_pkey.c (revision 59567) @@ -144,7 +144,7 @@ ossl_pkey_new_from_data(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L144 rb_scan_args(argc, argv, "11", &data, &pass); pass = ossl_pem_passwd_value(pass); - bio = ossl_obj2bio(data); + bio = ossl_obj2bio(&data); if (!(pkey = d2i_PrivateKey_bio(bio, NULL))) { OSSL_BIO_reset(bio); if (!(pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, (void *)pass))) { Index: ext/openssl/ossl_bio.c =================================================================== --- ext/openssl/ossl_bio.c (revision 59566) +++ ext/openssl/ossl_bio.c (revision 59567) @@ -10,48 +10,21 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bio.c#L10 #include "ossl.h" BIO * -ossl_obj2bio(VALUE obj) +ossl_obj2bio(volatile VALUE *pobj) { + VALUE obj = *pobj; BIO *bio; - if (RB_TYPE_P(obj, T_FILE)) { - rb_io_t *fptr; - FILE *fp; - int fd; - - GetOpenFile(obj, fptr); - rb_io_check_readable(fptr); - if ((fd = rb_cloexec_dup(FPTR_TO_FD(fptr))) < 0){ - rb_sys_fail(0); - } - rb_update_max_fd(fd); - if (!(fp = fdopen(fd, "r"))){ - int e = errno; - close(fd); - rb_syserr_fail(e, 0); - } - if (!(bio = BIO_new_fp(fp, BIO_CLOSE))){ - fclose(fp); - ossl_raise(eOSSLError, NULL); - } - } - else { - StringValue(obj); - bio = BIO_new_mem_buf(RSTRING_PTR(obj), RSTRING_LENINT(obj)); - if (!bio) ossl_raise(eOSSLError, NULL); - } - + if (RB_TYPE_P(obj, T_FILE)) + obj = rb_funcallv(obj, rb_intern("read"), 0, NULL); + StringValue(obj); + bio = BIO_new_mem_buf(RSTRING_PTR(obj), RSTRING_LENINT(obj)); + if (!bio) + ossl_raise(eOSSLError, "BIO_new_mem_buf"); + *pobj = obj; return bio; } -BIO * -ossl_protect_obj2bio(VALUE obj, int *status) -{ - BIO *ret = NULL; - ret = (BIO*)rb_protect((VALUE (*)(VALUE))ossl_obj2bio, obj, status); - return ret; -} - VALUE ossl_membio2str0(BIO *bio) { Index: ext/openssl/ossl_bio.h =================================================================== --- ext/openssl/ossl_bio.h (revision 59566) +++ ext/openssl/ossl_bio.h (revision 59567) @@ -10,8 +10,7 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bio.h#L10 #if !defined(_OSSL_BIO_H_) #define _OSSL_BIO_H_ -BIO *ossl_obj2bio(VALUE); -BIO *ossl_protect_obj2bio(VALUE,int*); +BIO *ossl_obj2bio(volatile VALUE *); VALUE ossl_membio2str0(BIO*); VALUE ossl_membio2str(BIO*); VALUE ossl_protect_membio2str(BIO*,int*); Index: ext/openssl/History.md =================================================================== --- ext/openssl/History.md (revision 59566) +++ ext/openssl/History.md (revision 59567) @@ -1,3 +1,16 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/History.md#L1 +Version 2.0.5 +============= + +Bug fixes +--------- + +* Reading a PEM/DER-encoded private key or certificate from an IO object did + not work properly on mswin platforms. + [[ruby/openssl#128]](https://github.com/ruby/openssl/issues/128) +* Broken length check in the PEM passphrase callback is fixed. +* It failed to compile when OpenSSL is configured without TLS 1.0 support. + + Version 2.0.4 ============= Index: ext/openssl/ossl_pkey_dh.c =================================================================== --- ext/openssl/ossl_pkey_dh.c (revision 59566) +++ ext/openssl/ossl_pkey_dh.c (revision 59567) @@ -222,7 +222,7 @@ ossl_dh_initialize(int argc, VALUE *argv https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dh.c#L222 } else { arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); if (!dh){ OSSL_BIO_reset(in); Index: ext/openssl/ossl_x509cert.c =================================================================== --- ext/openssl/ossl_x509cert.c (revision 59566) +++ ext/openssl/ossl_x509cert.c (revision 59567) @@ -161,7 +161,7 @@ ossl_x509_initialize(int argc, VALUE *ar https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509cert.c#L161 return self; } arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); x509 = PEM_read_bio_X509(in, &x, NULL, NULL); DATA_PTR(self) = x; if (!x509) { Index: ext/openssl/extconf.rb =================================================================== --- ext/openssl/extconf.rb (revision 59566) +++ ext/openssl/extconf.rb (revision 59567) @@ -109,14 +109,10 @@ end https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L109 Logging::message "=== Checking for OpenSSL features... ===\n" # compile options -# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols -# exist even if compiled with no-ssl2 or no-ssl3-method. -unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h") - have_func("SSLv2_method") -end -unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h") - have_func("SSLv3_method") -end +# SSLv2 and SSLv3 may be removed in future versions of OpenSSL, and even macros +# like OPENSSL_NO_SSL2 may not be defined. +have_func("SSLv2_method") +have_func("SSLv3_method") have_func("TLSv1_1_method") have_func("TLSv1_2_method") have_func("RAND_egd") Index: ext/openssl/ossl_pkcs7.c =================================================================== --- ext/openssl/ossl_pkcs7.c (revision 59566) +++ ext/openssl/ossl_pkcs7.c (revision 59567) @@ -209,7 +209,7 @@ ossl_pkcs7_s_read_smime(VALUE klass, VAL https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkcs7.c#L209 VALUE ret, data; ret = NewPKCS7(cPKCS7); - in = ossl_obj2bio(arg); + in = ossl_obj2bio(&arg); out = NULL; pkcs7 = SMIME_read_PKCS7(in, &out); BIO_free(in); @@ -241,7 +241,7 @@ ossl_pkcs7_s_write_smime(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkcs7.c#L241 SafeGetPKCS7(pkcs7, p7); if(!NIL_P(data) && PKCS7_is_detached(p7)) flg |= PKCS7_DETACHED; - in = NIL_P(data) ? NULL : ossl_obj2bio(data); + in = NIL_P(data) ? NULL : ossl_obj2bio(&data); if(!(out = BIO_new(BIO_s_mem()))){ BIO_free(in); ossl_raise(ePKCS7Error, NULL); @@ -278,7 +278,7 @@ ossl_pkcs7_s_sign(int argc, VALUE *argv, https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkcs7.c#L278 pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ flg = NIL_P(flags) ? 0 : NUM2INT(flags); ret = NewPKCS7(cPKCS7); - in = ossl_obj2bio(data); + in = ossl_obj2bio(&data); if(NIL_P(certs)) x509s = NULL; else{ x509s = ossl_protect_x509_ary2sk(certs, &status); @@ -334,7 +334,7 @@ ossl_pkcs7_s_encrypt(int argc, VALUE *ar https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkcs7.c#L334 else ciph = GetCipherPtr(cipher); /* NO NEED TO DUP */ flg = NIL_P(flags) ? 0 : NUM2INT(flags); ret = NewPKCS7(cPKCS7); - in = ossl_obj2bio(data); + in = ossl_obj2bio(&data); x509s = ossl_protect_x509_ary2sk(certs, &status); if(status){ BIO_free(in); @@ -385,7 +385,7 @@ ossl_pkcs7_initialize(int argc, VALUE *a https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkcs7.c#L385 if(rb_scan_args(argc, argv, (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/