[前][次][番号順一覧][スレッド一覧]

ruby-changes:43215

From: rhe <ko1@a...>
Date: Mon, 6 Jun 2016 01:36:45 +0900 (JST)
Subject: [ruby-changes:43215] rhe:r55289 (trunk): openssl: use SSL_is_server()

rhe	2016-06-06 01:36:39 +0900 (Mon, 06 Jun 2016)

  New Revision: 55289

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55289

  Log:
    openssl: use SSL_is_server()
    
    * ext/openssl/extconf.rb: Check existence of SSL_is_server(). This
      function was introduced in OpenSSL 1.0.2.
      [ruby-core:75225] [Feature #12324]
    
    * ext/openssl/openssl_missing.h: Implement SSL_is_server() if missing.
    
    * ext/openssl/ossl_ssl.c (ssl_info_cb): Use SSL_is_server() to see if
      the SSL is server. The state machine in OpenSSL was rewritten and
      SSL_get_state() no longer returns SSL_ST_ACCEPT.
    
      (ossl_ssl_cipher_to_ary, ossl_sslctx_session_get_cb): Add some
      `const`s to suppress warning.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/extconf.rb
    trunk/ext/openssl/openssl_missing.h
    trunk/ext/openssl/ossl_ssl.c
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 55288)
+++ ChangeLog	(revision 55289)
@@ -1,3 +1,18 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Mon Jun  6 01:36:24 2016  Kazuki Yamaguchi  <k@r...>
+
+	* ext/openssl/extconf.rb: Check existence of SSL_is_server(). This
+	  function was introduced in OpenSSL 1.0.2.
+	  [ruby-core:75225] [Feature #12324]
+
+	* ext/openssl/openssl_missing.h: Implement SSL_is_server() if missing.
+
+	* ext/openssl/ossl_ssl.c (ssl_info_cb): Use SSL_is_server() to see if
+	  the SSL is server. The state machine in OpenSSL was rewritten and
+	  SSL_get_state() no longer returns SSL_ST_ACCEPT.
+
+	  (ossl_ssl_cipher_to_ary, ossl_sslctx_session_get_cb): Add some
+	  `const`s to suppress warning.
+
 Mon Jun  6 01:18:10 2016  Kazuki Yamaguchi  <k@r...>
 
 	* ext/openssl/ossl_asn1.c (decode_bool): Do the same thing as
Index: ext/openssl/openssl_missing.h
===================================================================
--- ext/openssl/openssl_missing.h	(revision 55288)
+++ ext/openssl/openssl_missing.h	(revision 55289)
@@ -61,6 +61,10 @@ int EC_curve_nist2nid(const char *); https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L61
 #  define X509_STORE_CTX_get0_store(x) ((x)->ctx)
 #endif
 
+#if !defined(HAVE_SSL_IS_SERVER)
+#  define SSL_is_server(s) ((s)->server)
+#endif
+
 /* added in 1.1.0 */
 #if !defined(HAVE_BN_GENCB_NEW)
 #  define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
Index: ext/openssl/extconf.rb
===================================================================
--- ext/openssl/extconf.rb	(revision 55288)
+++ ext/openssl/extconf.rb	(revision 55289)
@@ -114,6 +114,7 @@ have_func("SSL_CTX_set_alpn_select_cb") https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L114
 OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
 OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
 OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
+have_func("SSL_is_server")
 
 # added in 1.1.0
 have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
Index: ext/openssl/ossl_ssl.c
===================================================================
--- ext/openssl/ossl_ssl.c	(revision 55288)
+++ ext/openssl/ossl_ssl.c	(revision 55289)
@@ -342,7 +342,11 @@ ossl_call_session_get_cb(VALUE ary) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L342
 
 /* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */
 static SSL_SESSION *
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy)
+#else
 ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy)
+#endif
 {
     VALUE ary, ssl_obj, ret_obj;
     SSL_SESSION *sess;
@@ -650,15 +654,13 @@ ssl_alpn_select_cb(SSL *ssl, const unsig https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L654
 #endif
 #endif /* HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB || HAVE_SSL_CTX_SET_ALPN_SELECT_CB */
 
-/* This function may serve as the entry point to support further
- * callbacks. */
+/* This function may serve as the entry point to support further callbacks. */
 static void
 ssl_info_cb(const SSL *ssl, int where, int val)
 {
-    int state = SSL_state(ssl);
+    int is_server = SSL_is_server((SSL *)ssl);
 
-    if ((where & SSL_CB_HANDSHAKE_START) &&
-	(state & SSL_ST_ACCEPT)) {
+    if (is_server && where & SSL_CB_HANDSHAKE_START) {
 	ssl_renegotiation_cb(ssl);
     }
 }
@@ -887,7 +889,7 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L889
 }
 
 static VALUE
-ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
+ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher)
 {
     VALUE ary;
     int bits, alg_bits;
@@ -913,7 +915,7 @@ ossl_sslctx_get_ciphers(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L915
 {
     SSL_CTX *ctx;
     STACK_OF(SSL_CIPHER) *ciphers;
-    SSL_CIPHER *cipher;
+    const SSL_CIPHER *cipher;
     VALUE ary;
     int i, num;
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]