ruby-changes:2987
From: ko1@a...
Date: 22 Dec 2007 17:32:11 +0900
Subject: [ruby-changes:2987] gotoyuzo - Ruby:r14479 (trunk): * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
gotoyuzo 2007-12-22 17:31:53 +0900 (Sat, 22 Dec 2007) New Revision: 14479 Modified files: trunk/ChangeLog trunk/ext/openssl/lib/openssl/ssl.rb trunk/lib/net/http.rb trunk/lib/net/imap.rb trunk/lib/net/pop.rb trunk/test/net/http/test_https.rb trunk/test/openssl/test_ssl.rb Log: * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed. * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params): new method to set suitable SSL parameters. * lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, test/openssl/test_ssl.rb: follow above change. * test/net/http/test_https.rb: refine error case. http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/net/imap.rb?r1=14479&r2=14478 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ChangeLog?r1=14479&r2=14478 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/test/net/http/test_https.rb?r1=14479&r2=14478 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/net/pop.rb?r1=14479&r2=14478 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/test/openssl/test_ssl.rb?r1=14479&r2=14478 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/net/http.rb?r1=14479&r2=14478 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/openssl/lib/openssl/ssl.rb?r1=14479&r2=14478 Index: ChangeLog =================================================================== --- ChangeLog (revision 14478) +++ ChangeLog (revision 14479) @@ -1,3 +1,15 @@ +Sat Dec 22 17:06:50 2007 GOTOU Yuuzou <gotoyuzo@n...> + + * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed. + + * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params): + new method to set suitable SSL parameters. + + * lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, + test/openssl/test_ssl.rb: follow above change. + + * test/net/http/test_https.rb: refine error case. + Sat Dec 22 16:58:49 2007 Shugo Maeda <shugo@r...> * lib/net/imap.rb (encode_utf7): accept UTF-8 strings. @@ -19,7 +31,7 @@ * transcode_data_japanese: new data file for EUC-JP and SHIFT_JIS (not yet optimized; tests to follow; data from http://nkf.sourceforge.jp/ucm/{SJIS|eucJP}-nkf.ucm) - + * common.mk, transcode.c: Adjusted for transcode_data_japanese Sat Dec 22 15:30:13 2007 NAKAMURA Usaku <usa@r...> Index: lib/net/pop.rb =================================================================== --- lib/net/pop.rb (revision 14478) +++ lib/net/pop.rb (revision 14479) @@ -328,7 +328,7 @@ # Net::POP.enable_ssl(params = {}) # # Enable SSL for all new instances. - # +params+ is passed to OpenSSL::SSLContext.build. + # +params+ is passed to OpenSSL::SSLContext#set_params. def POP3.enable_ssl(*args) @ssl_params = create_ssl_params(*args) end @@ -441,7 +441,7 @@ # Enables SSL for this instance. Must be called before the connection is # established to have any effect. # +params[:port]+ is port to establish the SSL connection on; Defaults to 995. - # +params+ (except :port) is passed to OpenSSL::SSLContext.build. + # +params+ (except :port) is passed to OpenSSL::SSLContext#set_params. def enable_ssl(verify_or_params = {}, certs = nil, port = nil) begin @ssl_params = verify_or_params.to_hash.dup @@ -534,7 +534,8 @@ s = timeout(@open_timeout) { TCPSocket.open(@address, port) } if use_ssl? raise 'openssl library not installed' unless defined?(OpenSSL) - context = OpenSSL::SSL::SSLContext.build(@ssl_params) + context = OpenSSL::SSL::SSLContext.new + context.set_params(@ssl_params) s = OpenSSL::SSL::SSLSocket.new(s, context) s.sync_close = true s.connect Index: lib/net/http.rb =================================================================== --- lib/net/http.rb (revision 14478) +++ lib/net/http.rb (revision 14479) @@ -581,7 +581,8 @@ ssl_parameters[name] = value end end - @ssl_context = OpenSSL::SSL::SSLContext.build(ssl_parameters) + @ssl_context = OpenSSL::SSL::SSLContext.new + @ssl_context.set_params(ssl_parameters) s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context) s.sync_close = true end Index: lib/net/imap.rb =================================================================== --- lib/net/imap.rb (revision 14478) +++ lib/net/imap.rb (revision 14479) @@ -892,7 +892,7 @@ # OpenSSL [OSSL] and the Ruby OpenSSL [RSSL] extensions need to # be installed. # if options[:ssl] is a hash, it's passed to - # OpenSSL::SSL::SSLContext.build as parameters. + # OpenSSL::SSL::SSLContext#set_params as parameters. # # The most common errors are: # @@ -1263,7 +1263,8 @@ rescue NoMethodError params = {} end - context = SSLContext.build(params) + context = SSLContext.new + context.set_params(params) if defined?(VerifyCallbackProc) context.verify_callback = VerifyCallbackProc end Index: ext/openssl/lib/openssl/ssl.rb =================================================================== --- ext/openssl/lib/openssl/ssl.rb (revision 14478) +++ ext/openssl/lib/openssl/ssl.rb (revision 14479) @@ -21,30 +21,28 @@ module OpenSSL module SSL class SSLContext - class <<self - def build(params={}) - default_params = { - :ssl_version => "SSLv23", - :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", - :options => OpenSSL::SSL::OP_ALL, - } - params = default_params.merge(params) - ctx = new() - params.each{|name, value| ctx.__send__("#{name}=", value) } - ctx.verify_mode ||= OpenSSL::SSL::VERIFY_NONE - if ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE - unless ctx.ca_file or ctx.ca_path or - ctx.cert_store or ctx.verify_callback - ctx.cert_store = OpenSSL::X509::Store.new - if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) - ctx.cert_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL - end - ctx.cert_store.set_default_paths - end + DEFAULT_PARAMS = { + :ssl_version => "SSLv23", + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", + :options => OpenSSL::SSL::OP_ALL, + } + + DEFAULT_CERT_STORE = OpenSSL::X509::Store.new + DEFAULT_CERT_STORE.set_default_paths + if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) + DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL + end + + def set_params(params={}) + params = DEFAULT_PARAMS.merge(params) + params.each{|name, value| self.__send__("#{name}=", value) } + if self.verify_mode != OpenSSL::SSL::VERIFY_NONE + unless self.ca_file or self.ca_path or self.cert_store + self.cert_store = DEFAULT_CERT_STORE end - return ctx end + return params end end Index: test/openssl/test_ssl.rb =================================================================== --- test/openssl/test_ssl.rb (revision 14478) +++ test/openssl/test_ssl.rb (revision 14479) @@ -245,13 +245,15 @@ def test_verify_result start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| sock = TCPSocket.new("127.0.0.1", port) - ctx = OpenSSL::SSL::SSLContext.build + ctx = OpenSSL::SSL::SSLContext.new + ctx.set_params ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) assert_raise(OpenSSL::SSL::SSLError){ ssl.connect } assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result) sock = TCPSocket.new("127.0.0.1", port) - ctx = OpenSSL::SSL::SSLContext.build( + ctx = OpenSSL::SSL::SSLContext.new + ctx.set_params( :verify_callback => Proc.new do |preverify_ok, store_ctx| store_ctx.error = OpenSSL::X509::V_OK true @@ -262,7 +264,8 @@ assert_equal(OpenSSL::X509::V_OK, ssl.verify_result) sock = TCPSocket.new("127.0.0.1", port) - ctx = OpenSSL::SSL::SSLContext.build( + ctx = OpenSSL::SSL::SSLContext.new + ctx.set_params( :verify_callback => Proc.new do |preverify_ok, store_ctx| store_ctx.error = OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION false @@ -274,10 +277,11 @@ } end - def test_sslctx_build + def test_sslctx_set_params start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port| sock = TCPSocket.new("127.0.0.1", port) - ctx = OpenSSL::SSL::SSLContext.build + ctx = OpenSSL::SSL::SSLContext.new + ctx.set_params assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode) assert_equal(OpenSSL::SSL::OP_ALL, ctx.options) ciphers = ctx.ciphers Index: test/net/http/test_https.rb =================================================================== --- test/net/http/test_https.rb (revision 14478) +++ test/net/http/test_https.rb (revision 14479) @@ -59,7 +59,7 @@ http = Net::HTTP.new("ssl.netlab.jp", 443) http.use_ssl = true assert( - http.request_head("/"){|res| }, + (http.request_head("/"){|res| } rescue false), "The system may not have default CA certificate store." ) end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml