ruby-changes:39641

tenderlove	2015-08-30 02:45:14 +0900 (Sun, 30 Aug 2015)

  New Revision: 51722

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=51722

  Log:
    * ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 support
      if the SSL library supports it.  Thanks Kurt Roeckx <kurt@r...>
      [Bug #11376]
    
    * ext/openssl/extconf.rb: check for SSLv3 support in the SSL
      implementation.
    
    * test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
      if there is no support.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/extconf.rb
    trunk/ext/openssl/ossl_ssl.c
    trunk/test/openssl/test_ssl.rb
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 51721)
+++ ChangeLog	(revision 51722)
@@ -1,3 +1,15 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Sun Aug 30 02:42:22 2015  Aaron Patterson <tenderlove@r...>
+
+	* ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 support
+	  if the SSL library supports it.  Thanks Kurt Roeckx <kurt@r...>
+	  [Bug #11376]
+
+	* ext/openssl/extconf.rb: check for SSLv3 support in the SSL
+	  implementation.
+
+	* test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
+	  if there is no support.
+
 Fri Aug 28 16:05:09 2015  SHIBATA Hiroshi  <hsbt@r...>
 
 	* lib/rdoc/*: Update rdoc master(cfffed5)
Index: ext/openssl/ossl_ssl.c
===================================================================
--- ext/openssl/ossl_ssl.c	(revision 51721)
+++ ext/openssl/ossl_ssl.c	(revision 51722)
@@ -109,9 +109,12 @@ static const struct { https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L109
     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
 #endif
+#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
+        defined(HAVE_SSLV3_CLIENT_METHOD)
     OSSL_SSL_METHOD_ENTRY(SSLv3),
     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
+#endif
     OSSL_SSL_METHOD_ENTRY(SSLv23),
     OSSL_SSL_METHOD_ENTRY(SSLv23_server),
     OSSL_SSL_METHOD_ENTRY(SSLv23_client),
Index: ext/openssl/extconf.rb
===================================================================
--- ext/openssl/extconf.rb	(revision 51721)
+++ ext/openssl/extconf.rb	(revision 51722)
@@ -104,6 +104,9 @@ have_func("OPENSSL_cleanse") https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L104
 have_func("SSLv2_method")
 have_func("SSLv2_server_method")
 have_func("SSLv2_client_method")
+have_func("SSLv3_method")
+have_func("SSLv3_server_method")
+have_func("SSLv3_client_method")
 have_func("TLSv1_1_method")
 have_func("TLSv1_1_server_method")
 have_func("TLSv1_1_client_method")
Index: test/openssl/test_ssl.rb
===================================================================
--- test/openssl/test_ssl.rb	(revision 51721)
+++ test/openssl/test_ssl.rb	(revision 51722)
@@ -912,7 +912,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L912
   # that has been marked as forbidden, therefore either of these may be raised
   HANDSHAKE_ERRORS = [OpenSSL::SSL::SSLError, Errno::ECONNRESET]
 
-if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
+if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) && OpenSSL::SSL::SSLContext::METHODS.include?(:SSLv3)
 
   def test_forbid_ssl_v3_for_client
     ctx_proc = Proc.new { |ctx| ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv3 }

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/