tenderlove	2015-08-01 03:20:31 +0900 (Sat, 01 Aug 2015)

  New Revision: 51455

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=51455

  Log:
    * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert
      `tmp_dh_callback` to Ruby, and call it when setting up an SSL
      connection.  This allows us to move the "default" behavior to the
      reader method.
    
    * ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of
      accessing the SSLContext's internals.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/lib/openssl/ssl.rb
    trunk/ext/openssl/ossl_ssl.c
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 51454)
+++ ChangeLog	(revision 51455)
@@ -1,3 +1,13 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Sat Aug  1 03:14:07 2015  Aaron Patterson <tenderlove@r...>
+
+	* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): convert
+	  `tmp_dh_callback` to Ruby, and call it when setting up an SSL
+	  connection.  This allows us to move the "default" behavior to the
+	  reader method.
+
+	* ext/openssl/ossl_ssl.c: call the tmp_dh_callback instead of
+	  accessing the SSLContext's internals.
+
 Fri Jul 31 23:34:27 2015  Aaron Patterson <tenderlove@r...>
 
 	* .travis.yml: update libssl before running tests.
Index: ext/openssl/ossl_ssl.c
===================================================================
--- ext/openssl/ossl_ssl.c	(revision 51454)
+++ ext/openssl/ossl_ssl.c	(revision 51455)
@@ -49,7 +49,6 @@ static VALUE eSSLErrorWaitWritable; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L49
 #define ossl_sslctx_set_cert_store(o,v)  	rb_iv_set((o),"@cert_store",(v))
 #define ossl_sslctx_set_extra_cert(o,v)  	rb_iv_set((o),"@extra_chain_cert",(v))
 #define ossl_sslctx_set_client_cert_cb(o,v) 	rb_iv_set((o),"@client_cert_cb",(v))
-#define ossl_sslctx_set_tmp_dh_cb(o,v)   	rb_iv_set((o),"@tmp_dh_callback",(v))
 #define ossl_sslctx_set_sess_id_ctx(o, v) 	rb_iv_set((o),"@session_id_context",(v))
 
 #define ossl_sslctx_get_cert(o)          	rb_iv_get((o),"@cert")
@@ -66,7 +65,7 @@ static VALUE eSSLErrorWaitWritable; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L65
 #define ossl_sslctx_get_extra_cert(o)    	rb_iv_get((o),"@extra_chain_cert")
 #define ossl_sslctx_get_client_cert_cb(o) 	rb_iv_get((o),"@client_cert_cb")
 #define ossl_sslctx_get_tmp_ecdh_cb(o)          rb_iv_get((o),"@tmp_ecdh_callback")
-#define ossl_sslctx_get_tmp_dh_cb(o)     	rb_iv_get((o),"@tmp_dh_callback")
+#define ossl_sslctx_get_tmp_dh_cb(o)     	rb_funcall((o),rb_intern("tmp_dh_callback"),0)
 #define ossl_sslctx_get_sess_id_ctx(o)   	rb_iv_get((o),"@session_id_context")
 
 #define ossl_ssl_get_io(o)           rb_iv_get((o),"@io")
@@ -2115,18 +2114,6 @@ Init_ossl_ssl(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L2114
      */
     rb_attr(cSSLContext, rb_intern("tmp_ecdh_callback"), 1, 1, Qfalse);
 
-     /*
-     * A callback invoked when DH parameters are required.
-     *
-     * The callback is invoked with the Session for the key exchange, an
-     * flag indicating the use of an export cipher and the keylength
-     * required.
-     *
-     * The callback must return an OpenSSL::PKey::DH instance of the correct
-     * key length.
-     */
-    rb_attr(cSSLContext, rb_intern("tmp_dh_callback"), 1, 0, Qfalse);
-
     /*
      * Sets the context in which a session can be reused.  This allows
      * sessions for multiple applications to be distinguished, for example, by
Index: ext/openssl/lib/openssl/ssl.rb
===================================================================
--- ext/openssl/lib/openssl/ssl.rb	(revision 51454)
+++ ext/openssl/lib/openssl/ssl.rb	(revision 51455)
@@ -77,12 +77,23 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L77
       INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
         "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
         "verify_callback", "options", "cert_store", "extra_chain_cert",
-        "client_cert_cb", "session_id_context",
+        "client_cert_cb", "session_id_context", "tmp_dh_callback",
         "session_get_cb", "session_new_cb", "session_remove_cb",
         "tmp_ecdh_callback", "servername_cb", "npn_protocols",
         "alpn_protocols", "alpn_select_cb",
         "npn_select_cb"].map { |x| "@#{x}" }
 
+      # A callback invoked when DH parameters are required.
+      #
+      # The callback is invoked with the Session for the key exchange, an
+      # flag indicating the use of an export cipher and the keylength
+      # required.
+      #
+      # The callback must return an OpenSSL::PKey::DH instance of the correct
+      # key length.
+
+      attr_writer :tmp_dh_callback
+
       # call-seq:
       #    SSLContext.new => ctx
       #    SSLContext.new(:TLSv1) => ctx
@@ -91,7 +102,6 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L102
       # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
       def initialize(version = nil)
         INIT_VARS.each { |v| instance_variable_set v, nil }
-        @tmp_dh_callback = OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
         return unless version
         self.ssl_version = version
       end
@@ -115,8 +125,8 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L125
         return params
       end
 
-      def tmp_dh_callback=(value)
-        @tmp_dh_callback = value || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
+      def tmp_dh_callback
+        @tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
       end
     end
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/