ruby-changes:43215
From: rhe <ko1@a...>
Date: Mon, 6 Jun 2016 01:36:45 +0900 (JST)
Subject: [ruby-changes:43215] rhe:r55289 (trunk): openssl: use SSL_is_server()
rhe 2016-06-06 01:36:39 +0900 (Mon, 06 Jun 2016) New Revision: 55289 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55289 Log: openssl: use SSL_is_server() * ext/openssl/extconf.rb: Check existence of SSL_is_server(). This function was introduced in OpenSSL 1.0.2. [ruby-core:75225] [Feature #12324] * ext/openssl/openssl_missing.h: Implement SSL_is_server() if missing. * ext/openssl/ossl_ssl.c (ssl_info_cb): Use SSL_is_server() to see if the SSL is server. The state machine in OpenSSL was rewritten and SSL_get_state() no longer returns SSL_ST_ACCEPT. (ossl_ssl_cipher_to_ary, ossl_sslctx_session_get_cb): Add some `const`s to suppress warning. Modified files: trunk/ChangeLog trunk/ext/openssl/extconf.rb trunk/ext/openssl/openssl_missing.h trunk/ext/openssl/ossl_ssl.c Index: ChangeLog =================================================================== --- ChangeLog (revision 55288) +++ ChangeLog (revision 55289) @@ -1,3 +1,18 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Mon Jun 6 01:36:24 2016 Kazuki Yamaguchi <k@r...> + + * ext/openssl/extconf.rb: Check existence of SSL_is_server(). This + function was introduced in OpenSSL 1.0.2. + [ruby-core:75225] [Feature #12324] + + * ext/openssl/openssl_missing.h: Implement SSL_is_server() if missing. + + * ext/openssl/ossl_ssl.c (ssl_info_cb): Use SSL_is_server() to see if + the SSL is server. The state machine in OpenSSL was rewritten and + SSL_get_state() no longer returns SSL_ST_ACCEPT. + + (ossl_ssl_cipher_to_ary, ossl_sslctx_session_get_cb): Add some + `const`s to suppress warning. + Mon Jun 6 01:18:10 2016 Kazuki Yamaguchi <k@r...> * ext/openssl/ossl_asn1.c (decode_bool): Do the same thing as Index: ext/openssl/openssl_missing.h =================================================================== --- ext/openssl/openssl_missing.h (revision 55288) +++ ext/openssl/openssl_missing.h (revision 55289) @@ -61,6 +61,10 @@ int EC_curve_nist2nid(const char *); https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L61 # define X509_STORE_CTX_get0_store(x) ((x)->ctx) #endif +#if !defined(HAVE_SSL_IS_SERVER) +# define SSL_is_server(s) ((s)->server) +#endif + /* added in 1.1.0 */ #if !defined(HAVE_BN_GENCB_NEW) # define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB))) Index: ext/openssl/extconf.rb =================================================================== --- ext/openssl/extconf.rb (revision 55288) +++ ext/openssl/extconf.rb (revision 55289) @@ -114,6 +114,7 @@ have_func("SSL_CTX_set_alpn_select_cb") https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L114 OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h") OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h") OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h") +have_func("SSL_is_server") # added in 1.1.0 have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API") Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 55288) +++ ext/openssl/ossl_ssl.c (revision 55289) @@ -342,7 +342,11 @@ ossl_call_session_get_cb(VALUE ary) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L342 /* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */ static SSL_SESSION * +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy) +#else ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy) +#endif { VALUE ary, ssl_obj, ret_obj; SSL_SESSION *sess; @@ -650,15 +654,13 @@ ssl_alpn_select_cb(SSL *ssl, const unsig https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L654 #endif #endif /* HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB || HAVE_SSL_CTX_SET_ALPN_SELECT_CB */ -/* This function may serve as the entry point to support further - * callbacks. */ +/* This function may serve as the entry point to support further callbacks. */ static void ssl_info_cb(const SSL *ssl, int where, int val) { - int state = SSL_state(ssl); + int is_server = SSL_is_server((SSL *)ssl); - if ((where & SSL_CB_HANDSHAKE_START) && - (state & SSL_ST_ACCEPT)) { + if (is_server && where & SSL_CB_HANDSHAKE_START) { ssl_renegotiation_cb(ssl); } } @@ -887,7 +889,7 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L889 } static VALUE -ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher) +ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher) { VALUE ary; int bits, alg_bits; @@ -913,7 +915,7 @@ ossl_sslctx_get_ciphers(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L915 { SSL_CTX *ctx; STACK_OF(SSL_CIPHER) *ciphers; - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; VALUE ary; int i, num; -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/