ruby-changes:70373
From: Kazuki <ko1@a...>
Date: Tue, 21 Dec 2021 00:11:39 +0900 (JST)
Subject: [ruby-changes:70373] b2fb503dab (master): [ruby/openssl] engine: disable OpenSSL::Engine on OpenSSL 3.0
https://git.ruby-lang.org/ruby.git/commit/?id=b2fb503dab From b2fb503dabaf421997f20fa96cbf4e11e5d5206d Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi <k@r...> Date: Thu, 15 Apr 2021 00:51:58 +0900 Subject: [ruby/openssl] engine: disable OpenSSL::Engine on OpenSSL 3.0 The entire ENGINE API is deprecated in OpenSSL 3.0 in favor of the new "Provider" concept. OpenSSL::Engine will not be defined when compiled with OpenSSL 3.0. We would need a way to interact with providers from Ruby programs, but since the concept is completely different from the ENGINE API, it will not be through the current OpenSSL::Engine interface. https://github.com/ruby/openssl/commit/69a27d8de4 --- ext/openssl/openssl_missing.c | 3 --- ext/openssl/ossl.h | 8 +++++--- ext/openssl/ossl_engine.c | 3 ++- ext/openssl/ossl_pkey.c | 4 ++++ 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index 8b93cba6d42..4415703db4d 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -10,9 +10,6 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L10 #include RUBY_EXTCONF_H #include <string.h> /* memcpy() */ -#if !defined(OPENSSL_NO_ENGINE) -# include <openssl/engine.h> -#endif #include <openssl/x509_vfy.h> #include "openssl_missing.h" diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index 3a0ab1e5935..4b5126893bc 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -18,6 +18,7 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.h#L18 #include <ruby/io.h> #include <ruby/thread.h> #include <openssl/opensslv.h> + #include <openssl/err.h> #include <openssl/asn1.h> #include <openssl/x509v3.h> @@ -30,9 +31,6 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.h#L31 #include <openssl/ts.h> #endif #include <openssl/crypto.h> -#if !defined(OPENSSL_NO_ENGINE) -# include <openssl/engine.h> -#endif #if !defined(OPENSSL_NO_OCSP) # include <openssl/ocsp.h> #endif @@ -54,6 +52,10 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.h#L52 (LIBRESSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12)) #endif +#if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0) +# define OSSL_USE_ENGINE +#endif + /* * Common Module */ diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c index 661a1368e25..1abde7f7669 100644 --- a/ext/openssl/ossl_engine.c +++ b/ext/openssl/ossl_engine.c @@ -9,7 +9,8 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_engine.c#L9 */ #include "ossl.h" -#if !defined(OPENSSL_NO_ENGINE) +#ifdef OSSL_USE_ENGINE +# include <openssl/engine.h> #define NewEngine(klass) \ TypedData_Wrap_Struct((klass), &ossl_engine_type, 0) diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 7030be3c8eb..94760d32f41 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -9,6 +9,10 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L9 */ #include "ossl.h" +#ifdef OSSL_USE_ENGINE +# include <openssl/engine.h> +#endif + /* * Classes */ -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/