[前][次][番号順一覧][スレッド一覧]

ruby-changes:14964

From: nahi <ko1@a...>
Date: Sun, 7 Mar 2010 06:38:11 +0900 (JST)
Subject: [ruby-changes:14964] Ruby:r26835 (ruby_1_8): * ext/openssl: backport fixes in 1.9.

nahi	2010-03-07 06:37:39 +0900 (Sun, 07 Mar 2010)

  New Revision: 26835

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=26835

  Log:
    * ext/openssl: backport fixes in 1.9.
    
      * r25019 by marcandre
        * ossl_ocsp.c (ossl_ocspres_to_der): Bug fix in Response#to_def.
          Patch by Chris Chandler [ruby-core:18411]
    
      * r25017 by marcandre
        * ossl_config.c (ossl_config_add_value_m,
          ossl_config_set_section): Check if frozen (or untrusted for
          $SECURE >= 4) [ruby-core:18377]
    
      * r22925 by nobu
        * ext/openssl/openssl_missing.h (i2d_of_void): cast for callbacks.
          [ruby-core:22860]
    
        * ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a
          warning.
    
        * ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may
          be larger than long.
    
        * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time),
          (ossl_ssl_session_get_timeout): use TIMET2NUM() to convert
          time_t.
    
      * r22924 by nobu
        * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): should use
          OPENSSL_free instead of free.  a patch from Charlie Savage at
          [ruby-core:22858].
    
      * r22918 by akr
        * ext/openssl: suppress warnings.
    
        * ext/openssl/ossl.h (OSSL_Debug): don't use gcc extention for
          variadic macro.
    
      * r22666 by akr
        * ext/openssl/lib/openssl/buffering.rb: define Buffering module
          under OpenSSL.  [ruby-dev:37906]
    
      * r22440 by nobu
        * ext/openssl/ossl_ocsp.c (ossl_ocspbres_verify): OCSP_basic_verify
          returns positive value on success, not non-zero.
          [ruby-core:21762]
    
      * r22378 by akr
        * ext/openssl: avoid cyclic require.
    
        * ext/openssl/lib/openssl/ssl-internal.rb: renamed from ssl.rb
    
        * ext/openssl/lib/openssl/x509-internal.rb: renamed from x509.rb.
          [ruby-dev:38018]
    
      * r22101 by nobu
        * ext/openssl/ossl_cipher.c (add_cipher_name_to_ary): used
          conditionally.
    
      * r21510 by akr
        * ext/openssl/ossl.c (ossl_raise): abolish a warning.
    
      * r21208 by akr
        * ext/openssl/ossl_digest.c (GetDigestPtr): use StringValueCStr
          instead of STR2CSTR.
    
        * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
          (ossl_ec_group_initialize): ditto.
    
      * r19420 by mame
        * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_to_string): comment out
          fragments of unused code.
    
      * r18975 by nobu
        * ext/openssl/ossl_ocsp.c (ossl_ocspres_initialize): fix for
          initialization of r18168.
    
      * r18971 by nobu
        * ext/openssl/ossl_config.c (Init_ossl_config): removed C99ism.
    
      * r18944 by matz
        * ext/openssl/ossl_config.c (Init_ossl_config): memory leak fixed.
          a patch <shinichiro.hamaji at gmail.com> in [ruby-dev:35880].
    
        * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): ditto.
    
      * r18917 by nobu
        * ext/openssl/ossl_x509attr.c (ossl_x509attr_initialize): fix for
          initialization of r18168.
    
        * ext/openssl/ossl_ocsp.c (ossl_ocspreq_initialize): ditto.
    
        * ext/openssl/ossl_x509name.c (ossl_x509name_initialize): ditto.
    
      * r18283 by nobu
        * ext/openssl/ossl_asn1.c (ossl_asn1_get_asn1type): suppress
          warnings on platforms which int size differs from pointer size.
    
      * r18181 by nobu
        * ext/openssl/openssl_missing.h (d2i_of_void): define for older
          versions.  [ruby-dev:35637]
    
      * r18168 by nobu
        * ext/openssl: suppress warnings.

  Added files:
    branches/ruby_1_8/ext/openssl/lib/openssl/ssl-internal.rb
    branches/ruby_1_8/ext/openssl/lib/openssl/x509-internal.rb
  Modified files:
    branches/ruby_1_8/ChangeLog
    branches/ruby_1_8/ext/openssl/extconf.rb
    branches/ruby_1_8/ext/openssl/lib/openssl/buffering.rb
    branches/ruby_1_8/ext/openssl/lib/openssl/digest.rb
    branches/ruby_1_8/ext/openssl/lib/openssl/ssl.rb
    branches/ruby_1_8/ext/openssl/lib/openssl/x509.rb
    branches/ruby_1_8/ext/openssl/lib/openssl.rb
    branches/ruby_1_8/ext/openssl/openssl_missing.h
    branches/ruby_1_8/ext/openssl/ossl.c
    branches/ruby_1_8/ext/openssl/ossl.h
    branches/ruby_1_8/ext/openssl/ossl_asn1.c
    branches/ruby_1_8/ext/openssl/ossl_bn.c
    branches/ruby_1_8/ext/openssl/ossl_cipher.c
    branches/ruby_1_8/ext/openssl/ossl_config.c
    branches/ruby_1_8/ext/openssl/ossl_engine.c
    branches/ruby_1_8/ext/openssl/ossl_hmac.c
    branches/ruby_1_8/ext/openssl/ossl_ocsp.c
    branches/ruby_1_8/ext/openssl/ossl_pkey.c
    branches/ruby_1_8/ext/openssl/ossl_pkey_dh.c
    branches/ruby_1_8/ext/openssl/ossl_pkey_dsa.c
    branches/ruby_1_8/ext/openssl/ossl_pkey_ec.c
    branches/ruby_1_8/ext/openssl/ossl_pkey_rsa.c
    branches/ruby_1_8/ext/openssl/ossl_ssl.c
    branches/ruby_1_8/ext/openssl/ossl_ssl_session.c
    branches/ruby_1_8/ext/openssl/ossl_x509ext.c
    branches/ruby_1_8/ext/openssl/ossl_x509name.c

Index: ruby_1_8/ext/openssl/ossl_pkey_dsa.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_pkey_dsa.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_pkey_dsa.c	(revision 26835)
@@ -433,11 +433,11 @@
     return Qfalse;
 }
 
-OSSL_PKEY_BN(dsa, p);
-OSSL_PKEY_BN(dsa, q);
-OSSL_PKEY_BN(dsa, g);
-OSSL_PKEY_BN(dsa, pub_key);
-OSSL_PKEY_BN(dsa, priv_key);
+OSSL_PKEY_BN(dsa, p)
+OSSL_PKEY_BN(dsa, q)
+OSSL_PKEY_BN(dsa, g)
+OSSL_PKEY_BN(dsa, pub_key)
+OSSL_PKEY_BN(dsa, priv_key)
 
 /*
  * INIT
Index: ruby_1_8/ext/openssl/ossl_ssl.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_ssl.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_ssl.c	(revision 26835)
@@ -907,7 +907,7 @@
         rb_raise(rb_eArgError, "arg must be Time or nil");
     }
 
-    SSL_CTX_flush_sessions(ctx, tm);
+    SSL_CTX_flush_sessions(ctx, (long)tm);
 
     return self;
 }
Index: ruby_1_8/ext/openssl/ossl_ocsp.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_ocsp.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_ocsp.c	(revision 26835)
@@ -382,7 +382,7 @@
 	ossl_raise(eOCSPError, NULL);
     str = rb_str_new(0, len);
     p = (unsigned char *)RSTRING_PTR(str);
-    if(i2d_OCSP_RESPONSE(res, NULL) <= 0)
+    if(i2d_OCSP_RESPONSE(res, &p) <= 0)
 	ossl_raise(eOCSPError, NULL);
     ossl_str_adjust(str, p);
 
Index: ruby_1_8/ext/openssl/ossl_engine.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_engine.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_engine.c	(revision 26835)
@@ -119,7 +119,7 @@
     if(!ENGINE_init(e))
 	ossl_raise(eEngineError, NULL);
     ENGINE_ctrl(e, ENGINE_CTRL_SET_PASSWORD_CALLBACK,
-		0, NULL, (void(*)())ossl_pem_passwd_cb);
+                0, NULL, (void(*)(void))ossl_pem_passwd_cb);
     ERR_clear_error();
 
     return obj;
Index: ruby_1_8/ext/openssl/ossl_config.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_config.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_config.c	(revision 26835)
@@ -158,14 +158,6 @@
     return self;
 }
 
-static void
-rb_ossl_config_modify_check(VALUE config)
-{
-    if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config");
-    if (!OBJ_TAINTED(config) && rb_safe_level() >= 4)
-	rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config");
-}
-
 static VALUE
 ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value)
 {
@@ -175,7 +167,6 @@
     CONF *conf;
     CONF_VALUE *sv, *cv;
 
-    rb_ossl_config_modify_check(self);
     StringValue(section);
     StringValue(name);
     StringValue(value);
@@ -201,7 +192,26 @@
 #endif
 }
 
+static void
+rb_ossl_config_modify_check(VALUE config)
+{
+    if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config");
+    if (!OBJ_TAINTED(config) && rb_safe_level() >= 4)
+	rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config");
+}
+
 static VALUE
+ossl_config_add_value_m(VALUE self, VALUE section, VALUE name, VALUE value)
+{
+#if defined(OSSL_NO_CONF_API)
+    rb_notimplement();
+#else
+    rb_ossl_config_modify_check(self);
+    return ossl_config_add_value(self, section, name, value);
+#endif
+}
+
+static VALUE
 ossl_config_get_value(VALUE self, VALUE section, VALUE name)
 {
     CONF *conf;
@@ -310,7 +320,7 @@
     rb_ary_push(ary, rb_str_new2(cv->section));
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE*, VALUE);
+static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE*, VALUE)
 
 static VALUE
 ossl_config_get_sections(VALUE self)
@@ -348,7 +358,7 @@
     rb_str_cat2(str, "\n");
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE*, VALUE);
+static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE*, VALUE)
 
 static VALUE
 dump_conf(CONF *conf)
@@ -392,13 +402,15 @@
     }
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE*, void*);
+static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE*, void*)
 
 static VALUE
 ossl_config_each(VALUE self)
 {
     CONF *conf;
 
+    RETURN_ENUMERATOR(self, 0, 0);
+
     GetConfig(self, conf);
     lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(each_conf_value), (void*)NULL);
 
@@ -448,11 +460,14 @@
 void
 Init_ossl_config()
 {
+    char *default_config_file;
     eConfigError = rb_define_class_under(mOSSL, "ConfigError", eOSSLError);
     cConfig = rb_define_class_under(mOSSL, "Config", rb_cObject);
 
+    default_config_file = CONF_get1_default_config_file();
     rb_define_const(cConfig, "DEFAULT_CONFIG_FILE",
-		    rb_str_new2(CONF_get1_default_config_file()));
+		    rb_str_new2(default_config_file));
+    OPENSSL_free(default_config_file);
     rb_include_module(cConfig, rb_mEnumerable);
     rb_define_singleton_method(cConfig, "parse", ossl_config_s_parse, 1);
     rb_define_alias(CLASS_OF(cConfig), "load", "new");
@@ -461,7 +476,7 @@
     rb_define_method(cConfig, "initialize", ossl_config_initialize, -1);
     rb_define_method(cConfig, "get_value", ossl_config_get_value, 2);
     rb_define_method(cConfig, "value", ossl_config_get_value_old, -1);
-    rb_define_method(cConfig, "add_value", ossl_config_add_value, 3);
+    rb_define_method(cConfig, "add_value", ossl_config_add_value_m, 3);
     rb_define_method(cConfig, "[]", ossl_config_get_section, 1);
     rb_define_method(cConfig, "section", ossl_config_get_section_old, 1);
     rb_define_method(cConfig, "[]=", ossl_config_set_section, 2);
Index: ruby_1_8/ext/openssl/ossl_hmac.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_hmac.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_hmac.c	(revision 26835)
@@ -42,7 +42,7 @@
 ossl_hmac_free(HMAC_CTX *ctx)
 {
     HMAC_CTX_cleanup(ctx);
-    free(ctx);
+    ruby_xfree(ctx);
 }
 
 static VALUE
Index: ruby_1_8/ext/openssl/ossl_cipher.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_cipher.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_cipher.c	(revision 26835)
@@ -67,7 +67,7 @@
 {
     if (ctx) {
 	EVP_CIPHER_CTX_cleanup(ctx);
-	free(ctx);
+        ruby_xfree(ctx);
     }
 }
 
@@ -124,12 +124,14 @@
     return self;
 }
 
+#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
 static void*
 add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary)
 {
     rb_ary_push(ary, rb_str_new2(name->name));
     return NULL;
 }
+#endif
 
 /*
  *  call-seq:
Index: ruby_1_8/ext/openssl/ossl_pkey_rsa.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_pkey_rsa.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_pkey_rsa.c	(revision 26835)
@@ -519,14 +519,14 @@
 }
  */
 
-OSSL_PKEY_BN(rsa, n);
-OSSL_PKEY_BN(rsa, e);
-OSSL_PKEY_BN(rsa, d);
-OSSL_PKEY_BN(rsa, p);
-OSSL_PKEY_BN(rsa, q);
-OSSL_PKEY_BN(rsa, dmp1);
-OSSL_PKEY_BN(rsa, dmq1);
-OSSL_PKEY_BN(rsa, iqmp);
+OSSL_PKEY_BN(rsa, n)
+OSSL_PKEY_BN(rsa, e)
+OSSL_PKEY_BN(rsa, d)
+OSSL_PKEY_BN(rsa, p)
+OSSL_PKEY_BN(rsa, q)
+OSSL_PKEY_BN(rsa, dmp1)
+OSSL_PKEY_BN(rsa, dmq1)
+OSSL_PKEY_BN(rsa, iqmp)
 
 /*
  * INIT
Index: ruby_1_8/ext/openssl/ossl_pkey_ec.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_pkey_ec.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_pkey_ec.c	(revision 26835)
@@ -463,8 +463,10 @@
     BIO *out;
     int i = -1;
     int private = 0;
+#if 0  /* unused now */
     EVP_CIPHER *cipher = NULL;
     char *password = NULL;
+#endif
     VALUE str;
 
     Require_EC_KEY(self, ec);
@@ -484,13 +486,18 @@
     switch(format) {
     case EXPORT_PEM:
     	if (private) {
+#if 0  /* unused now */
     	    if (cipher || password)
 /* BUG: finish cipher/password key export */
     	        rb_notimplement();
             i = PEM_write_bio_ECPrivateKey(out, ec, cipher, NULL, 0, NULL, password);
+#endif
+            i = PEM_write_bio_ECPrivateKey(out, ec, NULL, NULL, 0, NULL, NULL);
     	} else {
+#if 0  /* unused now */
     	    if (cipher || password)
                 rb_raise(rb_eArgError, "encryption is not supported when exporting this key type");
+#endif
 
             i = PEM_write_bio_EC_PUBKEY(out, ec);
         }
@@ -498,13 +505,17 @@
     	break;
     case EXPORT_DER:
         if (private) {
+#if 0  /* unused now */
     	    if (cipher || password)
                 rb_raise(rb_eArgError, "encryption is not supported when exporting this key type");
+#endif
 
             i = i2d_ECPrivateKey_bio(out, ec);
         } else {
+#if 0  /* unused now */
     	    if (cipher || password)
                 rb_raise(rb_eArgError, "encryption is not supported when exporting this key type");
+#endif
 
             i = i2d_EC_PUBKEY_bio(out, ec);
         }
@@ -695,7 +706,7 @@
 {
     if (!ec_group->dont_free && ec_group->group)
         EC_GROUP_clear_free(ec_group->group);
-    free(ec_group);
+    ruby_xfree(ec_group);
 }
 
 static VALUE ossl_ec_group_alloc(VALUE klass)
@@ -1201,7 +1212,7 @@
 {
     if (!ec_point->dont_free && ec_point->point)
         EC_POINT_clear_free(ec_point->point);
-    free(ec_point);
+    ruby_xfree(ec_point);
 }
 
 static VALUE ossl_ec_point_alloc(VALUE klass)
Index: ruby_1_8/ext/openssl/ossl.c
===================================================================
--- ruby_1_8/ext/openssl/ossl.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl.c	(revision 26835)
@@ -272,10 +272,9 @@
 /*
  * Errors
  */
-void
-ossl_raise(VALUE exc, const char *fmt, ...)
+static VALUE
+ossl_make_error(VALUE exc, const char *fmt, va_list args)
 {
-    va_list args;
     char buf[BUFSIZ];
     const char *msg;
     long e;
@@ -287,17 +286,14 @@
     e = ERR_peek_error();
 #endif
     if (fmt) {
-	va_start(args, fmt);
 	len = vsnprintf(buf, BUFSIZ, fmt, args);
-	va_end(args);
     }
     if (len < BUFSIZ && e) {
 	if (dOSSL == Qtrue) /* FULL INFO */
 	    msg = ERR_error_string(e, NULL);
 	else
 	    msg = ERR_reason_error_string(e);
-	fmt = len ? ": %s" : "%s";
-	len += snprintf(buf+len, BUFSIZ-len, fmt, msg);
+	len += snprintf(buf+len, BUFSIZ-len, "%s%s", (len ? ": " : ""), msg);
     }
     if (dOSSL == Qtrue){ /* show all errors on the stack */
 	while ((e = ERR_get_error()) != 0){
@@ -307,9 +303,31 @@
     ERR_clear_error();
 
     if(len > BUFSIZ) len = strlen(buf);
-    rb_exc_raise(rb_exc_new(exc, buf, len));
+    return rb_exc_new(exc, buf, len);
 }
 
+void
+ossl_raise(VALUE exc, const char *fmt, ...)
+{
+    va_list args;
+    VALUE err;
+    va_start(args, fmt);
+    err = ossl_make_error(exc, fmt, args);
+    va_end(args);
+    rb_exc_raise(err);
+}
+
+VALUE
+ossl_exc_new(VALUE exc, const char *fmt, ...)
+{
+    va_list args;
+    VALUE err;
+    va_start(args, fmt);
+    err = ossl_make_error(exc, fmt, args);
+    va_end(args);
+    return err;
+}
+
 /*
  * call-seq:
  *   OpenSSL.errors -> [String...]
Index: ruby_1_8/ext/openssl/ossl.h
===================================================================
--- ruby_1_8/ext/openssl/ossl.h	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl.h	(revision 26835)
@@ -139,6 +139,7 @@
  */
 #define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error())
 NORETURN(void ossl_raise(VALUE, const char *, ...));
+VALUE ossl_exc_new(VALUE, const char *, ...);
 
 /*
  * Verify callback
@@ -167,10 +168,10 @@
 extern VALUE dOSSL;
 
 #if defined(HAVE_VA_ARGS_MACRO)
-#define OSSL_Debug(fmt, ...) do { \
+#define OSSL_Debug(...) do { \
   if (dOSSL == Qtrue) { \
     fprintf(stderr, "OSSL_DEBUG: "); \
-    fprintf(stderr, fmt, ##__VA_ARGS__); \
+    fprintf(stderr, __VA_ARGS__); \
     fprintf(stderr, " [%s:%d]\n", __FILE__, __LINE__); \
   } \
 } while (0)
Index: ruby_1_8/ext/openssl/lib/openssl/digest.rb
===================================================================
--- ruby_1_8/ext/openssl/lib/openssl/digest.rb	(revision 26834)
+++ ruby_1_8/ext/openssl/lib/openssl/digest.rb	(revision 26835)
@@ -40,7 +40,7 @@
           super(name, data.first)
         }
       }
-      singleton = (class <<klass; self; end)
+      singleton = (class << klass; self; end)
       singleton.class_eval{
         define_method(:digest){|data| Digest.digest(name, data) }
         define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
Index: ruby_1_8/ext/openssl/lib/openssl/x509-internal.rb
===================================================================
--- ruby_1_8/ext/openssl/lib/openssl/x509-internal.rb	(revision 0)
+++ ruby_1_8/ext/openssl/lib/openssl/x509-internal.rb	(revision 26835)
@@ -0,0 +1,153 @@
+=begin
+= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2002  Michal Rokos <m.rokos@s...>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id$
+=end
+
+module OpenSSL
+  module X509
+    class ExtensionFactory
+      def create_extension(*arg)
+        if arg.size > 1
+          create_ext(*arg)
+        else
+          send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
+        end
+      end
+
+      def create_ext_from_array(ary)
+        raise ExtensionError, "unexpected array form" if ary.size > 3
+        create_ext(ary[0], ary[1], ary[2])
+      end
+
+      def create_ext_from_string(str) # "oid = critical, value"
+        oid, value = str.split(/=/, 2)
+        oid.strip!
+        value.strip!
+        create_ext(oid, value)
+      end
+
+      def create_ext_from_hash(hash)
+        create_ext(hash["oid"], hash["value"], hash["critical"])
+      end
+    end
+
+    class Extension
+      def to_s # "oid = critical, value"
+        str = self.oid
+        str << " = "
+        str << "critical, " if self.critical?
+        str << self.value.gsub(/\n/, ", ")
+      end
+
+      def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
+        {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
+      end
+
+      def to_a
+        [ self.oid, self.value, self.critical? ]
+      end
+    end
+
+    class Name
+      module RFC2253DN
+        Special = ',=+<>#;'
+        HexChar = /[0-9a-fA-F]/
+        HexPair = /#{HexChar}#{HexChar}/
+        HexString = /#{HexPair}+/
+        Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
+        StringChar = /[^#{Special}\\"]/
+        QuoteChar = /[^\\"]/
+        AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
+        AttributeValue = /
+          (?!["#])((?:#{StringChar}|#{Pair})*)|
+          \#(#{HexString})|
+          "((?:#{QuoteChar}|#{Pair})*)"
+        /x
+        TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
+
+        module_function
+
+        def expand_pair(str)
+          return nil unless str
+          return str.gsub(Pair){
+            pair = $&
+            case pair.size
+            when 2 then pair[1,1]
+            when 3 then Integer("0x#{pair[1,2]}").chr
+            else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
+            end
+          }
+        end
+
+        def expand_hexstring(str)
+          return nil unless str
+          der = str.gsub(HexPair){$&.to_i(16).chr }
+          a1 = OpenSSL::ASN1.decode(der)
+          return a1.value, a1.tag
+        end
+
+        def expand_value(str1, str2, str3)
+          value = expand_pair(str1)
+          value, tag = expand_hexstring(str2) unless value
+          value = expand_pair(str3) unless value
+          return value, tag
+        end
+
+        def scan(dn)
+          str = dn
+          ary = []
+          while true
+            if md = TypeAndValue.match(str)
+              matched = md.to_s
+              remain = md.post_match
+              type = md[1]
+              value, tag = expand_value(md[2], md[3], md[4]) rescue nil
+              if value
+                type_and_value = [type, value]
+                type_and_value.push(tag) if tag
+                ary.unshift(type_and_value)
+                if remain.length > 2 && remain[0] == ?,
+                  str = remain[1..-1]
+                  next
+                elsif remain.length > 2 && remain[0] == ?+
+                  raise OpenSSL::X509::NameError,
+                    "multi-valued RDN is not supported: #{dn}"
+                elsif remain.empty?
+                  break
+                end
+              end
+            end
+            msg_dn = dn[0, dn.length - str.length] + " =>" + str
+            raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
+          end
+          return ary
+        end
+      end
+
+      class <<self
+        def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
+          ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
+          self.new(ary, template)
+        end
+
+        def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
+          ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
+          self.new(ary, template)
+        end
+
+        alias parse parse_openssl
+      end
+    end
+  end
+end
Index: ruby_1_8/ext/openssl/lib/openssl/ssl.rb
===================================================================
--- ruby_1_8/ext/openssl/lib/openssl/ssl.rb	(revision 26834)
+++ ruby_1_8/ext/openssl/lib/openssl/ssl.rb	(revision 26835)
@@ -1,179 +1 @@
-=begin
-= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
-
-= Info
-  'OpenSSL for Ruby 2' project
-  Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@n...>
-  All rights reserved.
-
-= Licence
-  This program is licenced under the same licence as Ruby.
-  (See the file 'LICENCE'.)
-
-= Version
-  $Id$
-=end
-
-require "openssl"
-require "openssl/buffering"
-require "fcntl"
-
-module OpenSSL
-  module SSL
-    class SSLContext
-      DEFAULT_PARAMS = {
-        :ssl_version => "SSLv23",
-        :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-        :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
-        :options => OpenSSL::SSL::OP_ALL,
-      }
-
-      DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
-      DEFAULT_CERT_STORE.set_default_paths
-      if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
-        DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-      end
-
-      def set_params(params={})
-        params = DEFAULT_PARAMS.merge(params)
-        self.ssl_version = params.delete(:ssl_version)
-        params.each{|name, value| self.__send__("#{name}=", value) }
-        if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
-          unless self.ca_file or self.ca_path or self.cert_store
-            self.cert_store = DEFAULT_CERT_STORE
-          end
-        end
-        return params
-      end
-    end
-
-    module SocketForwarder
-      def addr
-        to_io.addr
-      end
-
-      def peeraddr
-        to_io.peeraddr
-      end
-
-      def setsockopt(level, optname, optval)
-        to_io.setsockopt(level, optname, optval)
-      end
-
-      def getsockopt(level, optname)
-        to_io.getsockopt(level, optname)
-      end
-
-      def fcntl(*args)
-        to_io.fcntl(*args)
-      end
-
-      def closed?
-        to_io.closed?
-      end
-
-      def do_not_reverse_lookup=(flag)
-        to_io.do_not_reverse_lookup = flag
-      end
-    end
-
-    module Nonblock
-      def initialize(*args)
-        flag = File::NONBLOCK
-        flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
-        @io.fcntl(Fcntl::F_SETFL, flag)
-        super
-      end
-    end
-
-    def verify_certificate_identity(cert, hostname)
-      should_verify_common_name = true
-      cert.extensions.each{|ext|
-        next if ext.oid != "subjectAltName"
-        ext.value.split(/,\s+/).each{|general_name|
-          if /\ADNS:(.*)/ =~ general_name
-            should_verify_common_name = false
-            reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
-            return true if /\A#{reg}\z/i =~ hostname
-          elsif /\AIP Address:(.*)/ =~ general_name
-            should_verify_common_name = false
-            return true if $1 == hostname
-          end
-        }
-      }
-      if should_verify_common_name
-        cert.subject.to_a.each{|oid, value|
-          if oid == "CN"
-            reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
-            return true if /\A#{reg}\z/i =~ hostname
-          end
-        }
-      end
-      return false
-    end
-    module_function :verify_certificate_identity
-
-    class SSLSocket
-      include Buffering
-      include SocketForwarder
-      include Nonblock
-
-      def post_connection_check(hostname)
-        unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
-          raise SSLError, "hostname was not match with the server certificate"
-        end
-        return true
-      end
-
-      def session
-        SSL::Session.new(self)
-      rescue SSL::Session::SessionError
-        nil
-      end
-    end
-
-    class SSLServer
-      include SocketForwarder
-      attr_accessor :start_immediately
-
-      def initialize(svr, ctx)
-        @svr = svr
-        @ctx = ctx
-        unless ctx.session_id_context
-          session_id = OpenSSL::Digest::MD5.hexdigest($0)
-          @ctx.session_id_context = session_id
-        end
-        @start_immediately = true
-      end
-
-      def to_io
-        @svr
-      end
-
-      def listen(backlog=5)
-        @svr.listen(backlog)
-      end
-
-      def shutdown(how=Socket::SHUT_RDWR)
-        @svr.shutdown(how)
-      end
-
-      def accept
-        sock = @svr.accept
-        begin
-          ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
-          ssl.sync_close = true
-          ssl.accept if @start_immediately
-          ssl
-        rescue SSLError => ex
-          sock.close
-          raise ex
-        end
-      end
-
-      def close
-        @svr.close
-      end
-    end
-  end
-end
+require 'openssl'
Index: ruby_1_8/ext/openssl/lib/openssl/x509.rb
===================================================================
--- ruby_1_8/ext/openssl/lib/openssl/x509.rb	(revision 26834)
+++ ruby_1_8/ext/openssl/lib/openssl/x509.rb	(revision 26835)
@@ -1,154 +1 @@
-=begin
-= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
-
-= Info
-  'OpenSSL for Ruby 2' project
-  Copyright (C) 2002  Michal Rokos <m.rokos@s...>
-  All rights reserved.
-
-= Licence
-  This program is licenced under the same licence as Ruby.
-  (See the file 'LICENCE'.)
-
-= Version
-  $Id$
-=end
-
-require "openssl"
-
-module OpenSSL
-  module X509
-    class ExtensionFactory
-      def create_extension(*arg)
-        if arg.size > 1
-          create_ext(*arg)
-        else
-          send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
-        end
-      end
-
-      def create_ext_from_array(ary)
-        raise ExtensionError, "unexpected array form" if ary.size > 3 
-        create_ext(ary[0], ary[1], ary[2])
-      end
-
-      def create_ext_from_string(str) # "oid = critical, value"
-        oid, value = str.split(/=/, 2)
-        oid.strip!
-        value.strip!
-        create_ext(oid, value)
-      end
-      
-      def create_ext_from_hash(hash)
-        create_ext(hash["oid"], hash["value"], hash["critical"])
-      end
-    end
-    
-    class Extension
-      def to_s # "oid = critical, value"
-        str = self.oid
-        str << " = "
-        str << "critical, " if self.critical?
-        str << self.value.gsub(/\n/, ", ")
-      end
-        
-      def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
-        {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
-      end
-
-      def to_a
-        [ self.oid, self.value, self.critical? ]
-      end
-    end
-
-    class Name
-      module RFC2253DN
-        Special = ',=+<>#;'
-        HexChar = /[0-9a-fA-F]/
-        HexPair = /#{HexChar}#{HexChar}/
-        HexString = /#{HexPair}+/
-        Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
-        StringChar = /[^#{Special}\\"]/
-        QuoteChar = /[^\\"]/
-        AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
-        AttributeValue = /
-          (?!["#])((?:#{StringChar}|#{Pair})*)|
-          \#(#{HexString})|
-          "((?:#{QuoteChar}|#{Pair})*)"
-        /x
-        TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
-
-        module_function
-
-        def expand_pair(str)
-          return nil unless str
-          return str.gsub(Pair){|pair|
-            case pair.size
-            when 2 then pair[1,1]
-            when 3 then Integer("0x#{pair[1,2]}").chr
-            else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
-            end
-          }
-        end
-
-        def expand_hexstring(str)
-          return nil unless str
-          der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr }
-          a1 = OpenSSL::ASN1.decode(der)
-          return a1.value, a1.tag
-        end
-
-        def expand_value(str1, str2, str3)
-          value = expand_pair(str1)
-          value, tag = expand_hexstring(str2) unless value
-          value = expand_pair(str3) unless value
-          return value, tag
-        end
-
-        def scan(dn)
-          str = dn
-          ary = []
-          while true
-            if md = TypeAndValue.match(str)
-              matched = md.to_s
-              remain = md.post_match
-              type = md[1]
-              value, tag = expand_value(md[2], md[3], md[4]) rescue nil
-              if value
-                type_and_value = [type, value]
-                type_and_value.push(tag) if tag
-                ary.unshift(type_and_value)
-                if remain.length > 2 && remain[0] == ?,
-                  str = remain[1..-1]
-                  next
-                elsif remain.length > 2 && remain[0] == ?+
-                  raise OpenSSL::X509::NameError,
-                    "multi-valued RDN is not supported: #{dn}"
-                elsif remain.empty?
-                  break
-                end
-              end
-            end
-            msg_dn = dn[0, dn.length - str.length] + " =>" + str
-            raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
-          end
-          return ary
-        end
-      end
-
-      class <<self
-        def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
-          ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
-          self.new(ary, template)
-        end
-
-        def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
-          ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
-          self.new(ary, template)
-        end
-
-        alias parse parse_openssl
-      end
-    end
-  end
-end
+require 'openssl'
Index: ruby_1_8/ext/openssl/lib/openssl/buffering.rb
===================================================================
--- ruby_1_8/ext/openssl/lib/openssl/buffering.rb	(revision 26834)
+++ ruby_1_8/ext/openssl/lib/openssl/buffering.rb	(revision 26835)
@@ -14,6 +14,7 @@
   $Id$
 =end
 
+module OpenSSL
 module Buffering
   include Enumerable
   attr_accessor :sync
@@ -237,3 +238,4 @@
     sysclose
   end
 end
+end
Index: ruby_1_8/ext/openssl/lib/openssl/ssl-internal.rb
===================================================================
--- ruby_1_8/ext/openssl/lib/openssl/ssl-internal.rb	(revision 0)
+++ ruby_1_8/ext/openssl/lib/openssl/ssl-internal.rb	(revision 26835)
@@ -0,0 +1,179 @@
+=begin
+= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@n...>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id$
+=end
+
+require "openssl/buffering"
+require "fcntl"
+
+module OpenSSL
+  module SSL
+    class SSLContext
+      DEFAULT_PARAMS = {
+        :ssl_version => "SSLv23",
+        :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+        :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
+        :options => OpenSSL::SSL::OP_ALL,
+      }
+
+      DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
+      DEFAULT_CERT_STORE.set_default_paths
+      if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+        DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+      end
+
+      def set_params(params={})
+        params = DEFAULT_PARAMS.merge(params)
+        # ssl_version need to be set at first.
+        self.ssl_version = params.delete(:ssl_version)
+        params.each{|name, value| self.__send__("#{name}=", value) }
+        if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
+          unless self.ca_file or self.ca_path or self.cert_store
+            self.cert_store = DEFAULT_CERT_STORE
+          end
+        end
+        return params
+      end
+    end
+
+    module SocketForwarder
+      def addr
+        to_io.addr
+      end
+
+      def peeraddr
+        to_io.peeraddr
+      end
+
+      def setsockopt(level, optname, optval)
+        to_io.setsockopt(level, optname, optval)
+      end
+
+      def getsockopt(level, optname)
+        to_io.getsockopt(level, optname)
+      end
+
+      def fcntl(*args)
+        to_io.fcntl(*args)
+      end
+
+      def closed?
+        to_io.closed?
+      end
+
+      def do_not_reverse_lookup=(flag)
+        to_io.do_not_reverse_lookup = flag
+      end
+    end
+
+    module Nonblock
+      def initialize(*args)
+        flag = File::NONBLOCK
+        flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
+        @io.fcntl(Fcntl::F_SETFL, flag)
+        super
+      end
+    end
+
+    def verify_certificate_identity(cert, hostname)
+      should_verify_common_name = true
+      cert.extensions.each{|ext|
+        next if ext.oid != "subjectAltName"
+        ext.value.split(/,\s+/).each{|general_name|
+          if /\ADNS:(.*)/ =~ general_name
+            should_verify_common_name = false
+            reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
+            return true if /\A#{reg}\z/i =~ hostname
+          elsif /\AIP Address:(.*)/ =~ general_name
+            should_verify_common_name = false
+            return true if $1 == hostname
+          end
+        }
+      }
+      if should_verify_common_name
+        cert.subject.to_a.each{|oid, value|
+          if oid == "CN"
+            reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
+            return true if /\A#{reg}\z/i =~ hostname
+          end
+        }
+      end
+      return false
+    end
+    module_function :verify_certificate_identity
+
+    class SSLSocket
+      include Buffering
+      include SocketForwarder
+      include Nonblock
+
+      def post_connection_check(hostname)
+        unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
+          raise SSLError, "hostname was not match with the server certificate"
+        end
+        return true
+      end
+
+      def session
+        SSL::Session.new(self)
+      rescue SSL::Session::SessionError
+        nil
+      end
+    end
+
+    class SSLServer
+      include SocketForwarder
+      attr_accessor :start_immediately
+
+      def initialize(svr, ctx)
+        @svr = svr
+        @ctx = ctx
+        unless ctx.session_id_context
+          session_id = OpenSSL::Digest::MD5.hexdigest($0)
+          @ctx.session_id_context = session_id
+        end
+        @start_immediately = true
+      end
+
+      def to_io
+        @svr
+      end
+
+      def listen(backlog=5)
+        @svr.listen(backlog)
+      end
+
+      def shutdown(how=Socket::SHUT_RDWR)
+        @svr.shutdown(how)
+      end
+
+      def accept
+        sock = @svr.accept
+        begin
+          ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
+          ssl.sync_close = true
+          ssl.accept if @start_immediately
+          ssl
+        rescue SSLError => ex
+          sock.close
+          raise ex
+        end
+      end
+
+      def close
+        @svr.close
+      end
+    end
+  end
+end
Index: ruby_1_8/ext/openssl/lib/openssl.rb
===================================================================
--- ruby_1_8/ext/openssl/lib/openssl.rb	(revision 26834)
+++ ruby_1_8/ext/openssl/lib/openssl.rb	(revision 26835)
@@ -20,6 +20,6 @@
 require 'openssl/cipher'
 require 'openssl/digest'
 require 'openssl/pkcs7'
-require 'openssl/ssl'
-require 'openssl/x509'
+require 'openssl/ssl-internal'
+require 'openssl/x509-internal'
 
Index: ruby_1_8/ext/openssl/ossl_bn.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_bn.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_bn.c	(revision 26835)
@@ -151,7 +151,7 @@
 	}
 	break;
     default:
-	ossl_raise(rb_eArgError, "illegal radix %d", base);
+	ossl_raise(rb_eArgError, "invalid radix %d", base);
     }
     return self;
 }
@@ -203,7 +203,7 @@
 	str = ossl_buf2str(buf, strlen(buf));
 	break;
     default:
-	ossl_raise(rb_eArgError, "illegal radix %d", base);
+	ossl_raise(rb_eArgError, "invalid radix %d", base);
     }
 
     return str;
@@ -272,9 +272,9 @@
 	}						\
 	return Qfalse;					\
     }
-BIGNUM_BOOL1(is_zero);
-BIGNUM_BOOL1(is_one);
-BIGNUM_BOOL1(is_odd);
+BIGNUM_BOOL1(is_zero)
+BIGNUM_BOOL1(is_one)
+BIGNUM_BOOL1(is_odd)
 
 #define BIGNUM_1c(func)					\
     /*							\
@@ -298,7 +298,7 @@
 	WrapBN(CLASS_OF(self), obj, result);		\
 	return obj;					\
     }
-BIGNUM_1c(sqr);
+BIGNUM_1c(sqr)
 
 #define BIGNUM_2(func)					\
     /*							\
@@ -322,8 +322,8 @@
 	WrapBN(CLASS_OF(self), obj, result);		\
 	return obj;					\
     }
-BIGNUM_2(add);
-BIGNUM_2(sub);
+BIGNUM_2(add)
+BIGNUM_2(sub)
 
 #define BIGNUM_2c(func)						\
     /*								\
@@ -347,12 +347,12 @@
 	WrapBN(CLASS_OF(self), obj, result);			\
 	return obj;						\
     }
-BIGNUM_2c(mul);
-BIGNUM_2c(mod);
-BIGNUM_2c(exp);
-BIGNUM_2c(gcd);
-BIGNUM_2c(mod_sqr);
-BIGNUM_2c(mod_inverse);
+BIGNUM_2c(mul)
+BIGNUM_2c(mod)
+BIGNUM_2c(exp)
+BIGNUM_2c(gcd)
+BIGNUM_2c(mod_sqr)
+BIGNUM_2c(mod_inverse)
 
 /*
  * call-seq:
@@ -407,10 +407,10 @@
 	WrapBN(CLASS_OF(self), obj, result);			\
 	return obj;						\
     }
-BIGNUM_3c(mod_add);
-BIGNUM_3c(mod_sub);
-BIGNUM_3c(mod_mul);
-BIGNUM_3c(mod_exp);
+BIGNUM_3c(mod_add)
+BIGNUM_3c(mod_sub)
+BIGNUM_3c(mod_mul)
+BIGNUM_3c(mod_exp)
 
 #define BIGNUM_BIT(func)				\
     /*							\
@@ -428,9 +428,9 @@
 	}						\
 	return self;					\
     }
-BIGNUM_BIT(set_bit);
-BIGNUM_BIT(clear_bit);
-BIGNUM_BIT(mask_bits);
+BIGNUM_BIT(set_bit)
+BIGNUM_BIT(clear_bit)
+BIGNUM_BIT(mask_bits)
 
 /*
  * call-seq:
@@ -474,8 +474,8 @@
 	WrapBN(CLASS_OF(self), obj, result);		\
 	return obj;					\
     }
-BIGNUM_SHIFT(lshift);
-BIGNUM_SHIFT(rshift);
+BIGNUM_SHIFT(lshift)
+BIGNUM_SHIFT(rshift)
 
 #define BIGNUM_SELF_SHIFT(func)				\
     /*							\
@@ -494,8 +494,8 @@
 		ossl_raise(eBNError, NULL);		\
 	return self;					\
     }
-BIGNUM_SELF_SHIFT(lshift);
-BIGNUM_SELF_SHIFT(rshift);
+BIGNUM_SELF_SHIFT(lshift)
+BIGNUM_SELF_SHIFT(rshift)
 
 #define BIGNUM_RAND(func)					\
     /*								\
@@ -528,8 +528,8 @@
 	WrapBN(klass, obj, result);				\
 	return obj;						\
     }
-BIGNUM_RAND(rand);
-BIGNUM_RAND(pseudo_rand);
+BIGNUM_RAND(rand)
+BIGNUM_RAND(pseudo_rand)
 
 #define BIGNUM_RAND_RANGE(func)					\
     /*								\
@@ -552,8 +552,8 @@
 	WrapBN(klass, obj, result);				\
 	return obj;						\
     }
-BIGNUM_RAND_RANGE(rand);
-BIGNUM_RAND_RANGE(pseudo_rand);
+BIGNUM_RAND_RANGE(rand)
+BIGNUM_RAND_RANGE(pseudo_rand)
 
 /*
  * call-seq:
@@ -608,8 +608,8 @@
 	GetBN(self, bn);			\
 	return INT2FIX(BN_##func(bn));		\
     }
-BIGNUM_NUM(num_bytes);
-BIGNUM_NUM(num_bits);
+BIGNUM_NUM(num_bytes)
+BIGNUM_NUM(num_bits)
 
 static VALUE
 ossl_bn_copy(VALUE self, VALUE other)
@@ -642,8 +642,8 @@
 	GetBN(self, bn1);				\
 	return INT2FIX(BN_##func(bn1, bn2));		\
     }
-BIGNUM_CMP(cmp);
-BIGNUM_CMP(ucmp);
+BIGNUM_CMP(cmp)
+BIGNUM_CMP(ucmp)
 
 static VALUE
 ossl_bn_eql(VALUE self, VALUE other)
Index: ruby_1_8/ext/openssl/ossl_asn1.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_asn1.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_asn1.c	(revision 26835)
@@ -306,14 +306,14 @@
 static VALUE
 decode_bool(unsigned char* der, int length)
 {
-    int bool;
+    int val;
     const unsigned char *p;
 
     p = der;
-    if((bool = d2i_ASN1_BOOLEAN(NULL, &p, length)) < 0)
+    if((val = d2i_ASN1_BOOLEAN(NULL, &p, length)) < 0)
 	ossl_raise(eASN1Error, NULL);
 
-    return bool ? Qtrue : Qfalse;
+    return val ? Qtrue : Qfalse;
 }
 
 static VALUE
@@ -340,7 +340,6 @@
 {
     ASN1_BIT_STRING *bstr;
     const unsigned char *p;
-    char *buf;
     long len;
     VALUE ret;
 
@@ -348,16 +347,11 @@
     if(!(bstr = d2i_ASN1_BIT_STRING(NULL, &p, length)))
 	ossl_raise(eASN1Error, NULL);
     len = bstr->length;
-    if(!(buf = OPENSSL_malloc(len))){
-	ASN1_BIT_STRING_free(bstr);
-	ossl_raise(eASN1Error, NULL);
-    }
     *unused_bits = 0;
     if(bstr->flags & ASN1_STRING_FLAG_BITS_LEFT)
 	*unused_bits = bstr->flags & 0x07;
-    memcpy(buf, bstr->data, len);
+    ret = rb_str_new((const char *)bstr->data, len);
     ASN1_BIT_STRING_free(bstr);
-    ret = ossl_buf2str(buf, len);
 
     return ret;
 }
@@ -501,7 +495,7 @@
     value = ossl_asn1_get_value(obj);
     switch(tag){
     case V_ASN1_BOOLEAN:
-	ptr = (void*)obj_to_asn1bool(value);
+	ptr = (void*)(VALUE)obj_to_asn1bool(value);
 	free_func = NULL;
 	break;
     case V_ASN1_INTEGER:         /* FALLTHROUGH */
@@ -929,7 +923,7 @@
 {
     ASN1_TYPE *asn1;
     int tn, tc, explicit;
-    long length, reallen;
+    long len, reallen;
     unsigned char *buf, *p;
     VALUE str;
 
@@ -938,26 +932,24 @@
     explicit = ossl_asn1_is_explicit(self);
     asn1 = ossl_asn1_get_asn1type(self);
 
-    length = ASN1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn);
-    if(!(buf = OPENSSL_malloc(length))){
+    len = ASN1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn);
+    if(!(buf = OPENSSL_malloc(len))){
 	ossl_ASN1_TYPE_free(asn1);
 	ossl_raise(eASN1Error, "cannot alloc buffer");
     }
     p = buf;
-    if(tc == V_ASN1_UNIVERSAL) ossl_i2d_ASN1_TYPE(asn1, &p);
-    else{
-	if(explicit){
-	    ASN1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc);
-	    ossl_i2d_ASN1_TYPE(asn1, &p);
-	}
-	else{
-	    ossl_i2d_ASN1_TYPE(asn1, &p);
-	    *buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED);
-	}
+    if (tc == V_ASN1_UNIVERSAL) {
+        ossl_i2d_ASN1_TYPE(asn1, &p);
+    } else if (explicit) {
+        ASN1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc);
+        ossl_i2d_ASN1_TYPE(asn1, &p);
+    } else {
+        ossl_i2d_ASN1_TYPE(asn1, &p);
+        *buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED);
     }
     ossl_ASN1_TYPE_free(asn1);
     reallen = p - buf;
-    assert(reallen <= length);
+    assert(reallen <= len);
     str = ossl_buf2str((char *)buf, reallen); /* buf will be free in ossl_buf2str */
 
     return str;
Index: ruby_1_8/ext/openssl/ossl_ssl_session.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_ssl_session.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_ssl_session.c	(revision 26835)
@@ -107,7 +107,7 @@
 	if (t == 0)
 		return Qnil;
 
-	return rb_funcall(rb_cTime, rb_intern("at"), 1, LONG2NUM(t));
+	return rb_funcall(rb_cTime, rb_intern("at"), 1, TIMET2NUM(t));
 }
 
 /*
@@ -126,14 +126,14 @@
 
 	t = SSL_SESSION_get_timeout(ctx);
 
-	return ULONG2NUM(t);
+	return TIMET2NUM(t);
 }
 
 #define SSLSESSION_SET_TIME(func)						\
 	static VALUE ossl_ssl_session_set_##func(VALUE self, VALUE time_v)	\
 	{									\
 		SSL_SESSION *ctx;						\
-		time_t t;							\
+		unsigned long t;						\
 										\
 		GetSSLSession(self, ctx);					\
 										\
Index: ruby_1_8/ext/openssl/ossl_x509name.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_x509name.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_x509name.c	(revision 26835)
@@ -140,9 +140,9 @@
 	    X509_NAME *x;
 	    StringValue(str);
 	    p = (unsigned char *)RSTRING_PTR(str);
- 	    x = d2i_X509_NAME(&name, &p, RSTRING_LEN(str));
- 	    DATA_PTR(self) = name;
- 	    if(!x){
+	    x = d2i_X509_NAME(&name, &p, RSTRING_LEN(str));
+	    DATA_PTR(self) = name;
+	    if(!x){
 		ossl_raise(eX509NameError, NULL);
 	    }
 	}
Index: ruby_1_8/ext/openssl/ossl_pkey.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_pkey.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_pkey.c	(revision 26835)
@@ -177,7 +177,7 @@
     str = rb_str_new(0, EVP_PKEY_size(pkey)+16);
     if (!EVP_SignFinal(&ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey))
 	ossl_raise(ePKeyError, NULL);
-    assert(buf_len <= RSTRING_LEN(str));
+    assert((long)buf_len <= RSTRING_LEN(str));
     rb_str_set_len(str, buf_len);
 
     return str;
Index: ruby_1_8/ext/openssl/openssl_missing.h
===================================================================
--- ruby_1_8/ext/openssl/openssl_missing.h	(revision 26834)
+++ ruby_1_8/ext/openssl/openssl_missing.h	(revision 26835)
@@ -18,6 +18,9 @@
 #ifndef TYPEDEF_D2I_OF
 typedef char *d2i_of_void();
 #endif
+#ifndef TYPEDEF_I2D_OF
+typedef int i2d_of_void();
+#endif
 
 /*
  * These functions are not included in headers of OPENSSL <= 0.9.6b
@@ -30,33 +33,33 @@
 
 #if !defined(PEM_write_bio_DSAPublicKey)
 # define PEM_write_bio_DSAPublicKey(bp,x) \
-	PEM_ASN1_write_bio((int (*)())i2d_DSAPublicKey,\
+	PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\
 		PEM_STRING_DSA_PUBLIC,\
 		bp,(char *)x, NULL, NULL, 0, NULL, NULL)
 #endif
 
 #if !defined(DSAPrivateKey_dup)
-# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPrivateKey, \
+# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \
 	(d2i_of_void *)d2i_DSAPrivateKey,(char *)dsa)
 #endif
 
 #if !defined(DSAPublicKey_dup)
-# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPublicKey, \
+# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \
 	(d2i_of_void *)d2i_DSAPublicKey,(char *)dsa)
 #endif
 
 #if !defined(X509_REVOKED_dup)
-# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((int (*)())i2d_X509_REVOKED, \
+# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
 	(d2i_of_void *)d2i_X509_REVOKED, (char *)rev)
 #endif
 
 #if !defined(PKCS7_SIGNER_INFO_dup)
-#  define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((int (*)())i2d_PKCS7_SIGNER_INFO, \
+#  define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \
 	(d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)si)
 #endif
 
 #if !defined(PKCS7_RECIP_INFO_dup)
-#  define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((int (*)())i2d_PKCS7_RECIP_INFO, \
+#  define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \
 	(d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)ri)
 #endif
 
Index: ruby_1_8/ext/openssl/ossl_pkey_dh.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_pkey_dh.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_pkey_dh.c	(revision 26835)
@@ -415,10 +415,10 @@
     return str;
 }
 
-OSSL_PKEY_BN(dh, p);
-OSSL_PKEY_BN(dh, g);
-OSSL_PKEY_BN(dh, pub_key);
-OSSL_PKEY_BN(dh, priv_key);
+OSSL_PKEY_BN(dh, p)
+OSSL_PKEY_BN(dh, g)
+OSSL_PKEY_BN(dh, pub_key)
+OSSL_PKEY_BN(dh, priv_key)
 
 /*
  * -----BEGIN DH PARAMETERS-----
Index: ruby_1_8/ext/openssl/ossl_x509ext.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_x509ext.c	(revision 26834)
+++ ruby_1_8/ext/openssl/ossl_x509ext.c	(revision 26835)
@@ -110,7 +110,6 @@
     VALUE obj;
 
     MakeX509ExtFactory(klass, obj, ctx);
-    rb_iv_set(obj, "@config", Qnil);
 
     return obj;
 }
@@ -199,6 +198,7 @@
 	ossl_x509extfactory_set_subject_req(self, subject_req);
     if (!NIL_P(crl))
 	ossl_x509extfactory_set_crl(self, crl);
+    rb_iv_set(self, "@config", Qnil);
 
     return self;
 }
@@ -325,14 +325,15 @@
 	ossl_raise(eX509ExtError, "malloc error");
     memcpy(s, RSTRING_PTR(data), RSTRING_LEN(data));
     if(!(asn1s = ASN1_OCTET_STRING_new())){
-	free(s);
+        OPENSSL_free(s);
 	ossl_raise(eX509ExtError, NULL);
     }
     if(!M_ASN1_OCTET_STRING_set(asn1s, s, RSTRING_LEN(data))){
-	free(s);
+        OPENSSL_free(s);
 	ASN1_OCTET_STRING_free(asn1s);
 	ossl_raise(eX509ExtError, NULL);
     }
+    OPENSSL_free(s);
     GetX509Ext(self, ext);
     X509_EXTENSION_set_data(ext, asn1s);
 
Index: ruby_1_8/ext/openssl/extconf.rb
===================================================================
--- ruby_1_8/ext/openssl/extconf.rb	(revision 26834)
+++ ruby_1_8/ext/openssl/extconf.rb	(revision 26835)
@@ -99,7 +99,7 @@
 unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
 	have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
 end
-if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
+if try_compile("#define FOO(...) foo(__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
   $defs.push("-DHAVE_VA_ARGS_MACRO")
 end
 if have_header("openssl/engine.h")
Index: ruby_1_8/ChangeLog
===================================================================
--- ruby_1_8/ChangeLog	(revision 26834)
+++ ruby_1_8/ChangeLog	(revision 26835)
@@ -1,3 +1,108 @@
+Sun Mar  7 06:27:24 2010  NAKAMURA, Hiroshi  <nahi@r...>
+
+	* ext/openssl: backport fixes in 1.9.
+
+	  * r25019 by marcandre
+	    * ossl_ocsp.c (ossl_ocspres_to_der): Bug fix in Response#to_def.
+	      Patch by Chris Chandler [ruby-core:18411]
+
+	  * r25017 by marcandre
+	    * ossl_config.c (ossl_config_add_value_m,
+	      ossl_config_set_section): Check if frozen (or untrusted for
+	      $SECURE >= 4) [ruby-core:18377]
+
+	  * r22925 by nobu
+	    * ext/openssl/openssl_missing.h (i2d_of_void): cast for callbacks.
+	      [ruby-core:22860]
+
+	    * ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a
+	      warning.
+
+	    * ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may
+	      be larger than long.
+
+	    * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time),
+	      (ossl_ssl_session_get_timeout): use TIMET2NUM() to convert
+	      time_t.
+
+	  * r22924 by nobu
+	    * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): should use
+	      OPENSSL_free instead of free.  a patch from Charlie Savage at
+	      [ruby-core:22858].
+
+	  * r22918 by akr
+	    * ext/openssl: suppress warnings.
+
+	    * ext/openssl/ossl.h (OSSL_Debug): don't use gcc extention for
+	      variadic macro.
+
+	  * r22666 by akr
+	    * ext/openssl/lib/openssl/buffering.rb: define Buffering module
+	      under OpenSSL.  [ruby-dev:37906]
+
+	  * r22440 by nobu
+	    * ext/openssl/ossl_ocsp.c (ossl_ocspbres_verify): OCSP_basic_verify
+	      returns positive value on success, not non-zero.
+	      [ruby-core:21762]
+
+	  * r22378 by akr
+	    * ext/openssl: avoid cyclic require.
+
+	    * ext/openssl/lib/openssl/ssl-internal.rb: renamed from ssl.rb
+
+	    * ext/openssl/lib/openssl/x509-internal.rb: renamed from x509.rb.
+	      [ruby-dev:38018]
+
+	  * r22101 by nobu
+	    * ext/openssl/ossl_cipher.c (add_cipher_name_to_ary): used
+	      conditionally.
+
+	  * r21510 by akr
+	    * ext/openssl/ossl.c (ossl_raise): abolish a warning.
+
+	  * r21208 by akr
+	    * ext/openssl/ossl_digest.c (GetDigestPtr): use StringValueCStr
+	      instead of STR2CSTR.
+
+	    * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
+	      (ossl_ec_group_initialize): ditto.
+
+	  * r19420 by mame
+	    * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_to_string): comment out
+	      fragments of unused code.
+
+	  * r18975 by nobu
+	    * ext/openssl/ossl_ocsp.c (ossl_ocspres_initialize): fix for
+	      initialization of r18168.
+
+	  * r18971 by nobu
+	    * ext/openssl/ossl_config.c (Init_ossl_config): removed C99ism.
+
+	  * r18944 by matz
+	    * ext/openssl/ossl_config.c (Init_ossl_config): memory leak fixed.
+	      a patch <shinichiro.hamaji at gmail.com> in [ruby-dev:35880].
+
+	    * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): ditto.
+
+	  * r18917 by nobu
+	    * ext/openssl/ossl_x509attr.c (ossl_x509attr_initialize): fix for
+	      initialization of r18168.
+
+	    * ext/openssl/ossl_ocsp.c (ossl_ocspreq_initialize): ditto.
+
+	    * ext/openssl/ossl_x509name.c (ossl_x509name_initialize): ditto.
+
+	  * r18283 by nobu
+	    * ext/openssl/ossl_asn1.c (ossl_asn1_get_asn1type): suppress
+	      warnings on platforms which int size differs from pointer size.
+
+	  * r18181 by nobu
+	    * ext/openssl/openssl_missing.h (d2i_of_void): define for older
+	      versions.  [ruby-dev:35637]
+
+	  * r18168 by nobu
+	    * ext/openssl: suppress warnings.
+
 Sun Feb 28 21:32:36 2010  Nobuyoshi Nakada  <nobu@r...>
 
 	* ext/pty/pty.c (get_device_once): raise on error when fail is

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]