ruby-changes:44025
From: rhe <ko1@a...>
Date: Thu, 8 Sep 2016 10:09:26 +0900 (JST)
Subject: [ruby-changes:44025] rhe:r56098 (trunk): openssl: import v2.0.0.beta.2
rhe 2016-09-08 10:09:19 +0900 (Thu, 08 Sep 2016) New Revision: 56098 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=56098 Log: openssl: import v2.0.0.beta.2 * {ext,test}/openssl: Import Ruby/OpenSSL 2.0.0.beta.2. The full commit history since v2.0.0.beta.1 can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.1...v2.0.0.beta.2 Modified files: trunk/ChangeLog trunk/ext/openssl/extconf.rb trunk/ext/openssl/lib/openssl/ssl.rb trunk/ext/openssl/openssl.gemspec trunk/ext/openssl/ossl_pkcs12.c trunk/ext/openssl/ossl_pkey_ec.c trunk/ext/openssl/ossl_ssl.c trunk/test/openssl/test_pair.rb trunk/test/openssl/test_pkcs12.rb trunk/test/openssl/test_ssl.rb trunk/test/openssl/test_ssl_session.rb trunk/test/openssl/utils.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 56097) +++ ChangeLog (revision 56098) @@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Thu Sep 8 10:08:35 2016 Kazuki Yamaguchi <k@r...> + + * {ext,test}/openssl: Import Ruby/OpenSSL 2.0.0.beta.2. The full commit + history since v2.0.0.beta.1 can be found at: + https://github.com/ruby/openssl/compare/v2.0.0.beta.1...v2.0.0.beta.2 + Thu Sep 8 07:23:34 2016 SHIBATA Hiroshi <hsbt@r...> * lib/rdoc/*, test/rdoc/*: Update rdoc-5.0.0.beta2 Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 56097) +++ ext/openssl/ossl_ssl.c (revision 56098) @@ -36,50 +36,19 @@ VALUE cSSLSocket; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L36 static VALUE eSSLErrorWaitReadable; static VALUE eSSLErrorWaitWritable; -#define ossl_sslctx_set_cert(o,v) rb_iv_set((o),"@cert",(v)) -#define ossl_sslctx_set_key(o,v) rb_iv_set((o),"@key",(v)) -#define ossl_sslctx_set_client_ca(o,v) rb_iv_set((o),"@client_ca",(v)) -#define ossl_sslctx_set_ca_file(o,v) rb_iv_set((o),"@ca_file",(v)) -#define ossl_sslctx_set_ca_path(o,v) rb_iv_set((o),"@ca_path",(v)) -#define ossl_sslctx_set_timeout(o,v) rb_iv_set((o),"@timeout",(v)) -#define ossl_sslctx_set_verify_mode(o,v) rb_iv_set((o),"@verify_mode",(v)) -#define ossl_sslctx_set_verify_dep(o,v) rb_iv_set((o),"@verify_depth",(v)) -#define ossl_sslctx_set_verify_cb(o,v) rb_iv_set((o),"@verify_callback",(v)) -#define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v)) -#define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v)) -#define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v)) -#define ossl_sslctx_set_sess_id_ctx(o, v) rb_iv_set((o),"@session_id_context",(v)) - -#define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert") -#define ossl_sslctx_get_key(o) rb_iv_get((o),"@key") -#define ossl_sslctx_get_client_ca(o) rb_iv_get((o),"@client_ca") -#define ossl_sslctx_get_ca_file(o) rb_iv_get((o),"@ca_file") -#define ossl_sslctx_get_ca_path(o) rb_iv_get((o),"@ca_path") -#define ossl_sslctx_get_timeout(o) rb_iv_get((o),"@timeout") -#define ossl_sslctx_get_verify_mode(o) rb_iv_get((o),"@verify_mode") -#define ossl_sslctx_get_verify_dep(o) rb_iv_get((o),"@verify_depth") -#define ossl_sslctx_get_verify_cb(o) rb_iv_get((o),"@verify_callback") -#define ossl_sslctx_get_cert_store(o) rb_iv_get((o),"@cert_store") -#define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert") -#define ossl_sslctx_get_client_cert_cb(o) rb_iv_get((o),"@client_cert_cb") -#define ossl_sslctx_get_tmp_ecdh_cb(o) rb_iv_get((o),"@tmp_ecdh_callback") -#define ossl_sslctx_get_sess_id_ctx(o) rb_iv_get((o),"@session_id_context") -#define ossl_sslctx_get_verify_hostname(o) rb_iv_get((o),"@verify_hostname") - -#define ossl_ssl_get_io(o) rb_iv_get((o),"@io") -#define ossl_ssl_get_ctx(o) rb_iv_get((o),"@context") - -#define ossl_ssl_set_io(o,v) rb_iv_set((o),"@io",(v)) -#define ossl_ssl_set_ctx(o,v) rb_iv_set((o),"@context",(v)) -#define ossl_ssl_set_sync_close(o,v) rb_iv_set((o),"@sync_close",(v)) -#define ossl_ssl_set_hostname_v(o,v) rb_iv_set((o),"@hostname",(v)) -#define ossl_ssl_set_tmp_dh(o,v) rb_iv_set((o),"@tmp_dh",(v)) -#define ossl_ssl_set_tmp_ecdh(o,v) rb_iv_set((o),"@tmp_ecdh",(v)) - static ID ID_callback_state; - static VALUE sym_exception, sym_wait_readable, sym_wait_writable; +static ID id_i_cert_store, id_i_ca_file, id_i_ca_path, id_i_verify_mode, + id_i_verify_depth, id_i_verify_callback, id_i_client_ca, + id_i_renegotiation_cb, id_i_cert, id_i_key, id_i_extra_chain_cert, + id_i_client_cert_cb, id_i_tmp_ecdh_callback, id_i_timeout, + id_i_session_id_context, id_i_session_get_cb, id_i_session_new_cb, + id_i_session_remove_cb, id_i_npn_select_cb, id_i_npn_protocols, + id_i_alpn_select_cb, id_i_alpn_protocols, id_i_servername_cb, + id_i_verify_hostname; +static ID id_i_io, id_i_context, id_i_hostname; + /* * SSLContext class */ @@ -223,9 +192,10 @@ ossl_sslctx_set_ssl_version(VALUE self, https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L192 static VALUE ossl_call_client_cert_cb(VALUE obj) { - VALUE cb, ary, cert, key; + VALUE ctx_obj, cb, ary, cert, key; - cb = ossl_sslctx_get_client_cert_cb(ossl_ssl_get_ctx(obj)); + ctx_obj = rb_attr_get(obj, id_i_context); + cb = rb_attr_get(ctx_obj, id_i_client_cert_cb); if (NIL_P(cb)) return Qnil; @@ -281,7 +251,6 @@ ossl_tmp_dh_callback(SSL *ssl, int is_ex https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L251 dh = rb_protect(ossl_call_tmp_dh_callback, args, NULL); if (!RTEST(dh)) return NULL; - ossl_ssl_set_tmp_dh(rb_ssl, dh); return EVP_PKEY_get0_DH(GetPKeyPtr(dh)); } @@ -315,7 +284,6 @@ ossl_tmp_ecdh_callback(SSL *ssl, int is_ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L284 ecdh = rb_protect(ossl_call_tmp_ecdh_callback, args, NULL); if (!RTEST(ecdh)) return NULL; - ossl_ssl_set_tmp_ecdh(rb_ssl, ecdh); return EVP_PKEY_get0_EC_KEY(GetPKeyPtr(ecdh)); } @@ -330,7 +298,7 @@ call_verify_certificate_identity(VALUE c https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L298 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); ssl_obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx); - hostname = rb_attr_get(ssl_obj, rb_intern("@hostname")); + hostname = rb_attr_get(ssl_obj, id_i_hostname); if (!RTEST(hostname)) { rb_warning("verify_hostname requires hostname to be set"); @@ -345,14 +313,15 @@ call_verify_certificate_identity(VALUE c https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L313 static int ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { - VALUE cb, ssl_obj, verify_hostname, ret; + VALUE cb, ssl_obj, sslctx_obj, verify_hostname, ret; SSL *ssl; int status; ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_vcb_idx); ssl_obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx); - verify_hostname = ossl_sslctx_get_verify_hostname(ossl_ssl_get_ctx(ssl_obj)); + sslctx_obj = rb_attr_get(ssl_obj, id_i_context); + verify_hostname = rb_attr_get(sslctx_obj, id_i_verify_hostname); if (preverify_ok && RTEST(verify_hostname) && !SSL_is_server(ssl) && !X509_STORE_CTX_get_error_depth(ctx)) { @@ -474,7 +443,7 @@ ossl_call_session_remove_cb(VALUE ary) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L443 Check_Type(ary, T_ARRAY); sslctx_obj = rb_ary_entry(ary, 0); - cb = rb_iv_get(sslctx_obj, "@session_remove_cb"); + cb = rb_attr_get(sslctx_obj, id_i_session_remove_cb); if (NIL_P(cb)) return Qnil; return rb_funcall(cb, rb_intern("call"), 1, ary); @@ -536,9 +505,8 @@ ossl_call_servername_cb(VALUE ary) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L505 Check_Type(ary, T_ARRAY); ssl_obj = rb_ary_entry(ary, 0); - sslctx_obj = rb_iv_get(ssl_obj, "@context"); - if (NIL_P(sslctx_obj)) return Qnil; - cb = rb_iv_get(sslctx_obj, "@servername_cb"); + sslctx_obj = rb_attr_get(ssl_obj, id_i_context); + cb = rb_attr_get(sslctx_obj, id_i_servername_cb); if (NIL_P(cb)) return Qnil; ret_obj = rb_funcall(cb, rb_intern("call"), 1, ary); @@ -550,9 +518,10 @@ ossl_call_servername_cb(VALUE ary) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L518 GetSSL(ssl_obj, ssl); GetSSLCTX(ret_obj, ctx2); SSL_set_SSL_CTX(ssl, ctx2); - rb_iv_set(ssl_obj, "@context", ret_obj); + rb_ivar_set(ssl_obj, id_i_context, ret_obj); } else if (!NIL_P(ret_obj)) { - ossl_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil"); + ossl_raise(rb_eArgError, "servername_cb must return an " + "OpenSSL::SSL::SSLContext object or nil"); } return ret_obj; @@ -596,15 +565,15 @@ ssl_renegotiation_cb(const SSL *ssl) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L565 ossl_raise(eSSLError, "SSL object could not be retrieved"); ssl_obj = (VALUE)ptr; - sslctx_obj = rb_iv_get(ssl_obj, "@context"); - if (NIL_P(sslctx_obj)) return; - cb = rb_iv_get(sslctx_obj, "@renegotiation_cb"); + sslctx_obj = rb_attr_get(ssl_obj, id_i_context); + cb = rb_attr_get(sslctx_obj, id_i_renegotiation_cb); if (NIL_P(cb)) return; (void) rb_funcall(cb, rb_intern("call"), 1, ssl_obj); } -#if defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB) +#if defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || \ + defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB) static VALUE ssl_npn_encode_protocol_i(VALUE cur, VALUE encoded) { @@ -627,14 +596,20 @@ ssl_encode_npn_protocols(VALUE protocols https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L596 return encoded; } -static int -ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen) +struct npn_select_cb_common_args { + VALUE cb; + const unsigned char *in; + unsigned inlen; +}; + +static VALUE +npn_select_cb_common_i(VALUE tmp) { - VALUE selected; - long len; - VALUE protocols = rb_ary_new(); + struct npn_select_cb_common_args *args = (void *)tmp; + const unsigned char *in = args->in, *in_end = in + args->inlen; unsigned char l; - const unsigned char *in_end = in + inlen; + long len; + VALUE selected, protocols = rb_ary_new(); /* assume OpenSSL verifies this format */ /* The format is len_1|proto_1|...|len_n|proto_n */ @@ -644,21 +619,44 @@ ssl_npn_select_cb_common(VALUE cb, const https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L619 in += l; } - selected = rb_funcall(cb, rb_intern("call"), 1, protocols); + selected = rb_funcall(args->cb, rb_intern("call"), 1, protocols); StringValue(selected); len = RSTRING_LEN(selected); if (len < 1 || len >= 256) { ossl_raise(eSSLError, "Selected protocol name must have length 1..255"); } + + return selected; +} + +static int +ssl_npn_select_cb_common(SSL *ssl, VALUE cb, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen) +{ + VALUE selected; + int status; + struct npn_select_cb_common_args args = { cb, in, inlen }; + + selected = rb_protect(npn_select_cb_common_i, (VALUE)&args, &status); + if (status) { + VALUE ssl_obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx); + + rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(status)); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + *out = (unsigned char *)RSTRING_PTR(selected); - *outlen = (unsigned char)len; + *outlen = (unsigned char)RSTRING_LEN(selected); return SSL_TLSEXT_ERR_OK; } +#endif #ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB static int -ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg) +ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, + void *arg) { VALUE protocols = (VALUE)arg; @@ -669,30 +667,32 @@ ssl_npn_advertise_cb(SSL *ssl, const uns https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L667 } static int -ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +ssl_npn_select_cb(SSL *ssl, unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg) { VALUE sslctx_obj, cb; sslctx_obj = (VALUE) arg; - cb = rb_iv_get(sslctx_obj, "@npn_select_cb"); + cb = rb_attr_get(sslctx_obj, id_i_npn_select_cb); - return ssl_npn_select_cb_common(cb, (const unsigned char **)out, outlen, in, inlen); + return ssl_npn_select_cb_common(ssl, cb, (const unsigned char **)out, + outlen, in, inlen); } #endif #ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB static int -ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg) { VALUE sslctx_obj, cb; sslctx_obj = (VALUE) arg; - cb = rb_iv_get(sslctx_obj, "@alpn_select_cb"); + cb = rb_attr_get(sslctx_obj, id_i_alpn_select_cb); - return ssl_npn_select_cb_common(cb, out, outlen, in, inlen); + return ssl_npn_select_cb_common(ssl, cb, out, outlen, in, inlen); } #endif -#endif /* HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB || HAVE_SSL_CTX_SET_ALPN_SELECT_CB */ /* This function may serve as the entry point to support further callbacks. */ static void @@ -768,7 +768,7 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L768 #if !defined(OPENSSL_NO_EC) /* We added SSLContext#tmp_ecdh_callback= in Ruby 2.3.0, * but SSL_CTX_set_tmp_ecdh_callback() was removed in OpenSSL 1.1.0. */ - if (RTEST(ossl_sslctx_get_tmp_ecdh_cb(self))) { + if (RTEST(rb_attr_get(self, id_i_tmp_ecdh_callback))) { # if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) rb_warn("#tmp_ecdh_callback= is deprecated; use #ecdh_curves= instead"); SSL_CTX_set_tmp_ecdh_callback(ctx, ossl_tmp_ecdh_callback); @@ -785,7 +785,7 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L785 } #endif /* OPENSSL_NO_EC */ - val = ossl_sslctx_get_cert_store(self); + val = rb_attr_get(self, id_i_cert_store); if (!NIL_P(val)) { X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */ SSL_CTX_set_cert_store(ctx, store); @@ -802,15 +802,15 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L802 #endif } - val = ossl_sslctx_get_extra_cert(self); + val = rb_attr_get(self, id_i_extra_chain_cert); if(!NIL_P(val)){ rb_block_call(val, rb_intern("each"), 0, 0, ossl_sslctx_add_extra_chain_cert_i, self); } /* private key may be bundled in certificate file. */ - val = ossl_sslctx_get_cert(self); + val = rb_attr_get(self, id_i_cert); cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */ - val = ossl_sslctx_get_key(self); + val = rb_attr_get(self, id_i_key); key = NIL_P(val) ? NULL : GetPrivPKeyPtr(val); /* NO DUP NEEDED */ if (cert && key) { if (!SSL_CTX_use_certificate(ctx, cert)) { @@ -826,7 +826,7 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L826 } } - val = ossl_sslctx_get_client_ca(self); + val = rb_attr_get(self, id_i_client_ca); if(!NIL_P(val)){ if (RB_TYPE_P(val, T_ARRAY)) { for(i = 0; i < RARRAY_LEN(val); i++){ @@ -846,48 +846,52 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L846 } } - val = ossl_sslctx_get_ca_file(self); + val = rb_attr_get(self, id_i_ca_file); ca_file = NIL_P(val) ? NULL : StringValueCStr(val); - val = ossl_sslctx_get_ca_path(self); + val = rb_attr_get(self, id_i_ca_path); ca_path = NIL_P(val) ? NULL : StringValueCStr(val); if(ca_file || ca_path){ if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_path)) rb_warning("can't set verify locations"); } - val = ossl_sslctx_get_verify_mode(self); + val = rb_attr_get(self, id_i_verify_mode); verify_mode = NIL_P(val) ? SSL_VERIFY_NONE : NUM2INT(val); SSL_CTX_set_verify(ctx, verify_mode, ossl_ssl_verify_callback); - if (RTEST(ossl_sslctx_get_client_cert_cb(self))) + if (RTEST(rb_attr_get(self, id_i_client_cert_cb))) SSL_CTX_set_client_cert_cb(ctx, ossl_client_cert_cb); - val = ossl_sslctx_get_timeout(self); + val = rb_attr_get(self, id_i_timeout); if(!NIL_P(val)) SSL_CTX_set_timeout(ctx, NUM2LONG(val)); - val = ossl_sslctx_get_verify_dep(self); + val = rb_attr_get(self, id_i_verify_depth); if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2INT(val)); #ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB - val = rb_iv_get(self, "@npn_protocols"); + val = rb_attr_get(self, id_i_npn_protocols); if (!NIL_P(val)) { VALUE encoded = ssl_encode_npn_protocols(val); SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)encoded); OSSL_Debug("SSL NPN advertise callback added"); } - if (RTEST(rb_iv_get(self, "@npn_select_cb"))) { + if (RTEST(rb_attr_get(self, id_i_npn_select_cb))) { SSL_CTX_set_next_proto_select_cb(ctx, ssl_npn_select_cb, (void *) self); OSSL_Debug("SSL NPN select callback added"); } #endif #ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB - val = rb_iv_get(self, "@alpn_protocols"); + val = rb_attr_get(self, id_i_alpn_protocols); if (!NIL_P(val)) { VALUE rprotos = ssl_encode_npn_protocols(val); - SSL_CTX_set_alpn_protos(ctx, (unsigned char *)RSTRING_PTR(rprotos), RSTRING_LENINT(rprotos)); + + /* returns 0 on success */ + if (SSL_CTX_set_alpn_protos(ctx, (unsigned char *)RSTRING_PTR(rprotos), + RSTRING_LENINT(rprotos))) + ossl_raise(eSSLError, "SSL_CTX_set_alpn_protos"); OSSL_Debug("SSL ALPN values added"); } - if (RTEST(rb_iv_get(self, "@alpn_select_cb"))) { + if (RTEST(rb_attr_get(self, id_i_alpn_select_cb))) { SSL_CTX_set_alpn_select_cb(ctx, ssl_alpn_select_cb, (void *) self); OSSL_Debug("SSL ALPN select callback added"); } @@ -895,7 +899,7 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L899 rb_obj_freeze(self); - val = ossl_sslctx_get_sess_id_ctx(self); + val = rb_attr_get(self, id_i_session_id_context); if (!NIL_P(val)){ StringValue(val); if (!SSL_CTX_set_session_id_context(ctx, (unsigned char *)RSTRING_PTR(val), @@ -904,21 +908,21 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L908 } } - if (RTEST(rb_iv_get(self, "@session_get_cb"))) { + if (RTEST(rb_attr_get(self, id_i_session_get_cb))) { SSL_CTX_sess_set_get_cb(ctx, ossl_sslctx_session_get_cb); OSSL_Debug("SSL SESSION get callback added"); } - if (RTEST(rb_iv_get(self, "@session_new_cb"))) { + if (RTEST(rb_attr_get(self, id_i_session_new_cb))) { SSL_CTX_sess_set_new_cb(ctx, ossl_sslctx_session_new_cb); OSSL_Debug("SSL SESSION new callback added"); } - if (RTEST(rb_iv_get(self, "@session_remove_cb"))) { + if (RTEST(rb_attr_get(self, id_i_session_remove_cb))) { SSL_CTX_sess_set_remove_cb(ctx, ossl_sslctx_session_remove_cb); OSSL_Debug("SSL SESSION remove callback added"); } #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME - val = rb_iv_get(self, "@servername_cb"); + val = rb_attr_get(self, id_i_servername_cb); if (!NIL_P(val)) { SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); OSSL_Debug("SSL TLSEXT servername callback added"); @@ -1437,14 +1441,12 @@ ossl_ssl_initialize(int argc, VALUE *arg https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L1441 v_ctx = rb_funcall(cSSLContext, rb_intern("new"), 0); GetSSLCTX(v_ctx, ctx); - ossl_ssl_set_ctx(self, v_ctx); + rb_ivar_set(self, id_i_context, v_ctx); ossl_sslctx_setup(v_ctx); if (rb_respond_to(io, rb_intern("nonblock="))) rb_funcall(io, rb_intern("nonblock="), 1, Qtrue); - ossl_ssl_set_io(self, io); - - ossl_ssl_set_sync_close(self, Qfalse); + rb_ivar_set(self, id_i_io, io); ssl = SSL_new(ctx); if (!ssl) @@ -1453, (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/