ruby-changes:39381
From: tenderlove <ko1@a...>
Date: Sat, 1 Aug 2015 09:13:08 +0900 (JST)
Subject: [ruby-changes:39381] tenderlove:r51462 (trunk): * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implement
tenderlove 2015-08-01 09:12:46 +0900 (Sat, 01 Aug 2015) New Revision: 51462 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=51462 Log: * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implement SSLContext#options and options= using SSL_CTX_set_options and SSL_CTX_get_options. This reduces the number of ivars we need and simplifies `ossl_sslctx_setup`. * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options` to SSL_OP_ALL Modified files: trunk/ChangeLog trunk/ext/openssl/lib/openssl/ssl.rb trunk/ext/openssl/ossl_ssl.c trunk/test/openssl/test_ssl.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 51461) +++ ChangeLog (revision 51462) @@ -1,3 +1,13 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sat Aug 1 09:09:46 2015 Aaron Patterson <tenderlove@r...> + + * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implement + SSLContext#options and options= using SSL_CTX_set_options and + SSL_CTX_get_options. This reduces the number of ivars we need and + simplifies `ossl_sslctx_setup`. + + * ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options` + to SSL_OP_ALL + Sat Aug 1 06:54:36 2015 Aaron Patterson <tenderlove@r...> * ext/openssl/ossl_ssl.c (Init_ossl_ssl): OpenSSL declares these Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 51461) +++ ext/openssl/ossl_ssl.c (revision 51462) @@ -45,7 +45,6 @@ static VALUE eSSLErrorWaitWritable; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L45 #define ossl_sslctx_set_verify_mode(o,v) rb_iv_set((o),"@verify_mode",(v)) #define ossl_sslctx_set_verify_dep(o,v) rb_iv_set((o),"@verify_depth",(v)) #define ossl_sslctx_set_verify_cb(o,v) rb_iv_set((o),"@verify_callback",(v)) -#define ossl_sslctx_set_options(o,v) rb_iv_set((o),"@options",(v)) #define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v)) #define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v)) #define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v)) @@ -60,7 +59,6 @@ static VALUE eSSLErrorWaitWritable; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L59 #define ossl_sslctx_get_verify_mode(o) rb_iv_get((o),"@verify_mode") #define ossl_sslctx_get_verify_dep(o) rb_iv_get((o),"@verify_depth") #define ossl_sslctx_get_verify_cb(o) rb_iv_get((o),"@verify_callback") -#define ossl_sslctx_get_options(o) rb_iv_get((o),"@options") #define ossl_sslctx_get_cert_store(o) rb_iv_get((o),"@cert_store") #define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert") #define ossl_sslctx_get_client_cert_cb(o) rb_iv_get((o),"@client_cert_cb") @@ -666,6 +664,39 @@ ssl_info_cb(const SSL *ssl, int where, i https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L664 } /* + * Gets various OpenSSL options. + */ +static VALUE +ossl_sslctx_get_options(VALUE self) +{ + SSL_CTX *ctx; + GetSSLCTX(self, ctx); + return LONG2NUM(SSL_CTX_get_options(ctx)); +} + +/* + * Sets various OpenSSL options. + */ +static VALUE +ossl_sslctx_set_options(VALUE self, VALUE options) +{ + SSL_CTX *ctx; + + rb_check_frozen(self); + GetSSLCTX(self, ctx); + + SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx)); + + if (NIL_P(options)) { + SSL_CTX_set_options(ctx, SSL_OP_ALL); + } else { + SSL_CTX_set_options(ctx, NUM2LONG(options)); + } + + return self; +} + +/* * call-seq: * ctx.setup => Qtrue # first time * ctx.setup => nil # thereafter @@ -778,13 +809,6 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L809 val = ossl_sslctx_get_verify_dep(self); if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2INT(val)); - val = ossl_sslctx_get_options(self); - if(!NIL_P(val)) { - SSL_CTX_set_options(ctx, NUM2LONG(val)); - } else { - SSL_CTX_set_options(ctx, SSL_OP_ALL); - } - #ifdef HAVE_OPENSSL_NPN_NEGOTIATED val = rb_iv_get(self, "@npn_protocols"); if (!NIL_P(val)) { @@ -2064,11 +2088,6 @@ Init_ossl_ssl(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L2088 rb_attr(cSSLContext, rb_intern("verify_callback"), 1, 1, Qfalse); /* - * Sets various OpenSSL options. - */ - rb_attr(cSSLContext, rb_intern("options"), 1, 1, Qfalse); - - /* * An OpenSSL::X509::Store used for certificate verification */ rb_attr(cSSLContext, rb_intern("cert_store"), 1, 1, Qfalse); @@ -2291,6 +2310,8 @@ Init_ossl_ssl(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L2310 rb_define_method(cSSLContext, "session_cache_size=", ossl_sslctx_set_session_cache_size, 1); rb_define_method(cSSLContext, "session_cache_stats", ossl_sslctx_get_session_cache_stats, 0); rb_define_method(cSSLContext, "flush_sessions", ossl_sslctx_flush_sessions, -1); + rb_define_method(cSSLContext, "options", ossl_sslctx_get_options, 0); + rb_define_method(cSSLContext, "options=", ossl_sslctx_set_options, 1); ary = rb_ary_new2(numberof(ossl_ssl_method_tab)); for (i = 0; i < numberof(ossl_ssl_method_tab); i++) { Index: ext/openssl/lib/openssl/ssl.rb =================================================================== --- ext/openssl/lib/openssl/ssl.rb (revision 51461) +++ ext/openssl/lib/openssl/ssl.rb (revision 51462) @@ -76,7 +76,7 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L76 INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "renegotiation_cb", - "verify_callback", "options", "cert_store", "extra_chain_cert", + "verify_callback", "cert_store", "extra_chain_cert", "client_cert_cb", "session_id_context", "tmp_dh_callback", "session_get_cb", "session_new_cb", "session_remove_cb", "tmp_ecdh_callback", "servername_cb", "npn_protocols", @@ -102,6 +102,7 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L102 # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS def initialize(version = nil) INIT_VARS.each { |v| instance_variable_set v, nil } + self.options = OpenSSL::SSL::OP_ALL return unless version self.ssl_version = version end Index: test/openssl/test_ssl.rb =================================================================== --- test/openssl/test_ssl.rb (revision 51461) +++ test/openssl/test_ssl.rb (revision 51462) @@ -10,6 +10,34 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L10 assert_equal(ctx.setup, nil) end + def test_options_defaults_to_OP_ALL + ctx = OpenSSL::SSL::SSLContext.new + assert_equal OpenSSL::SSL::OP_ALL, ctx.options + end + + def test_setting_twice + ctx = OpenSSL::SSL::SSLContext.new + ctx.options = 4 + assert_equal 4, ctx.options + ctx.options = OpenSSL::SSL::OP_ALL + assert_equal OpenSSL::SSL::OP_ALL, ctx.options + end + + def test_options_setting_nil_means_all + ctx = OpenSSL::SSL::SSLContext.new + ctx.options = nil + assert_equal OpenSSL::SSL::OP_ALL, ctx.options + end + + def test_setting_options_raises_after_setup + ctx = OpenSSL::SSL::SSLContext.new + options = ctx.options + ctx.setup + assert_raises(RuntimeError) do + ctx.options = options + end + end + def test_ctx_setup_no_compression ctx = OpenSSL::SSL::SSLContext.new ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_COMPRESSION -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/