ruby-changes:43268
From: rhe <ko1@a...>
Date: Thu, 9 Jun 2016 19:46:52 +0900 (JST)
Subject: [ruby-changes:43268] rhe:r55342 (trunk): openssl: fix build with OPENSSL_NO_EC
rhe 2016-06-09 19:46:46 +0900 (Thu, 09 Jun 2016) New Revision: 55342 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55342 Log: openssl: fix build with OPENSSL_NO_EC * ext/openssl/ossl_ssl.c: Add define guards for OPENSSL_NO_EC. SSL_CTX_set_ecdh_auto() is defined even when ECDH is disabled in OpenSSL's configuration. This fixes r55214. * test/openssl/test_pair.rb (test_ecdh_curves): Skip if the OpenSSL does not support ECDH. * test/openssl/utils.rb (start_server): Ignore error in SSLContext#ecdh_curves=. Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_ssl.c trunk/test/openssl/test_pair.rb trunk/test/openssl/utils.rb Index: test/openssl/test_pair.rb =================================================================== --- test/openssl/test_pair.rb (revision 55341) +++ test/openssl/test_pair.rb (revision 55342) @@ -433,7 +433,12 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L433 sock1, sock2 = tcp_pair ctx1 = OpenSSL::SSL::SSLContext.new - ctx1.ciphers = "ECDH" + begin + ctx1.ciphers = "ECDH" + rescue OpenSSL::SSL::SSLError + skip "ECDH is not enabled in this OpenSSL" if $!.message =~ /no cipher match/ + raise + end ctx1.ecdh_curves = "P-384:P-521" ctx1.security_level = 0 s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) Index: test/openssl/utils.rb =================================================================== --- test/openssl/utils.rb (revision 55341) +++ test/openssl/utils.rb (revision 55342) @@ -298,7 +298,10 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOP https://github.com/ruby/ruby/blob/trunk/test/openssl/utils.rb#L298 ctx.cert = @svr_cert ctx.key = @svr_key ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } - ctx.ecdh_curves = "P-256" + begin + ctx.ecdh_curves = "P-256" + rescue NotImplementedError + end ctx.verify_mode = verify_mode ctx_proc.call(ctx) if ctx_proc Index: ChangeLog =================================================================== --- ChangeLog (revision 55341) +++ ChangeLog (revision 55342) @@ -1,3 +1,15 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Thu Jun 9 19:46:22 2016 Kazuki Yamaguchi <k@r...> + + * ext/openssl/ossl_ssl.c: Add define guards for OPENSSL_NO_EC. + SSL_CTX_set_ecdh_auto() is defined even when ECDH is disabled in + OpenSSL's configuration. This fixes r55214. + + * test/openssl/test_pair.rb (test_ecdh_curves): Skip if the OpenSSL does + not support ECDH. + + * test/openssl/utils.rb (start_server): Ignore error in + SSLContext#ecdh_curves=. + Thu Jun 9 18:12:42 2016 Nobuyoshi Nakada <nobu@r...> * Makefile.in (un-runnable): fail with proper error message. Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 55341) +++ ext/openssl/ossl_ssl.c (revision 55342) @@ -163,7 +163,7 @@ ossl_sslctx_s_alloc(VALUE klass) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L163 RTYPEDDATA_DATA(obj) = ctx; SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)obj); -#if defined(HAVE_SSL_CTX_SET_ECDH_AUTO) +#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_ECDH_AUTO) /* We use SSL_CTX_set1_curves_list() to specify the curve used in ECDH. It * allows to specify multiple curve names and OpenSSL will select * automatically from them. In OpenSSL 1.0.2, the automatic selection has to @@ -285,7 +285,7 @@ ossl_tmp_dh_callback(SSL *ssl, int is_ex https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L285 } #endif /* OPENSSL_NO_DH */ -#if !defined(OPENSSL_NO_EC) +#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) static VALUE ossl_call_tmp_ecdh_callback(VALUE args) { @@ -2300,7 +2300,7 @@ Init_ossl_ssl(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L2300 */ rb_attr(cSSLContext, rb_intern("client_cert_cb"), 1, 1, Qfalse); -#if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) +#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) /* * A callback invoked when ECDH parameters are required. * -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/