kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implement

Browse source 
SSLContext#options and options= using SSL_CTX_set_options and
  SSL_CTX_get_options. This reduces the number of ivars we need and
  simplifies `ossl_sslctx_setup`.

* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options`
  to SSL_OP_ALL

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
tenderlove 2015-08-01 00:12:46 +00:00
parent bcc2641ed8
commit d8225d9f04
4 changed files with 75 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
ChangeLog
View file

@ -1,3 +1,13 @@
Sat Aug 1 09:09:46 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): Implement
SSLContext#options and options= using SSL_CTX_set_options and
SSL_CTX_get_options. This reduces the number of ivars we need and
simplifies `ossl_sslctx_setup`.
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): Default `options`
to SSL_OP_ALL
Sat Aug 1 06:54:36 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* ext/openssl/ossl_ssl.c (Init_ossl_ssl): OpenSSL declares these

3
ext/openssl/lib/openssl/ssl.rb
View file

@ -76,7 +76,7 @@ module OpenSSL
INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
"verify_callback", "options", "cert_store", "extra_chain_cert",
"verify_callback", "cert_store", "extra_chain_cert",
"client_cert_cb", "session_id_context", "tmp_dh_callback",
"session_get_cb", "session_new_cb", "session_remove_cb",
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
@ -102,6 +102,7 @@ module OpenSSL
# You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
def initialize(version = nil)
INIT_VARS.each { |v| instance_variable_set v, nil }
self.options = OpenSSL::SSL::OP_ALL
return unless version
self.ssl_version = version
end

49
ext/openssl/ossl_ssl.c
View file

@ -45,7 +45,6 @@ static VALUE eSSLErrorWaitWritable;
#define ossl_sslctx_set_verify_mode(o,v) rb_iv_set((o),"@verify_mode",(v))
#define ossl_sslctx_set_verify_dep(o,v) rb_iv_set((o),"@verify_depth",(v))
#define ossl_sslctx_set_verify_cb(o,v) rb_iv_set((o),"@verify_callback",(v))
#define ossl_sslctx_set_options(o,v) rb_iv_set((o),"@options",(v))
#define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v))
#define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v))
#define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v))
@ -60,7 +59,6 @@ static VALUE eSSLErrorWaitWritable;
#define ossl_sslctx_get_verify_mode(o) rb_iv_get((o),"@verify_mode")
#define ossl_sslctx_get_verify_dep(o) rb_iv_get((o),"@verify_depth")
#define ossl_sslctx_get_verify_cb(o) rb_iv_get((o),"@verify_callback")
#define ossl_sslctx_get_options(o) rb_iv_get((o),"@options")
#define ossl_sslctx_get_cert_store(o) rb_iv_get((o),"@cert_store")
#define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert")
#define ossl_sslctx_get_client_cert_cb(o) rb_iv_get((o),"@client_cert_cb")
@ -665,6 +663,39 @@ ssl_info_cb(const SSL *ssl, int where, int val)
}
}
/*
* Gets various OpenSSL options.
*/
static VALUE
ossl_sslctx_get_options(VALUE self)
{
SSL_CTX *ctx;
GetSSLCTX(self, ctx);
return LONG2NUM(SSL_CTX_get_options(ctx));
}
/*
* Sets various OpenSSL options.
*/
static VALUE
ossl_sslctx_set_options(VALUE self, VALUE options)
{
SSL_CTX *ctx;
rb_check_frozen(self);
GetSSLCTX(self, ctx);
SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx));
if (NIL_P(options)) {
SSL_CTX_set_options(ctx, SSL_OP_ALL);
} else {
SSL_CTX_set_options(ctx, NUM2LONG(options));
}
return self;
}
/*
* call-seq:
* ctx.setup => Qtrue # first time
@ -778,13 +809,6 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_verify_dep(self);
if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2INT(val));
val = ossl_sslctx_get_options(self);
if(!NIL_P(val)) {
SSL_CTX_set_options(ctx, NUM2LONG(val));
} else {
SSL_CTX_set_options(ctx, SSL_OP_ALL);
}
#ifdef HAVE_OPENSSL_NPN_NEGOTIATED
val = rb_iv_get(self, "@npn_protocols");
if (!NIL_P(val)) {
@ -2063,11 +2087,6 @@ Init_ossl_ssl(void)
*/
rb_attr(cSSLContext, rb_intern("verify_callback"), 1, 1, Qfalse);
/*
* Sets various OpenSSL options.
*/
rb_attr(cSSLContext, rb_intern("options"), 1, 1, Qfalse);
/*
* An OpenSSL::X509::Store used for certificate verification
*/
@ -2291,6 +2310,8 @@ Init_ossl_ssl(void)
rb_define_method(cSSLContext, "session_cache_size=", ossl_sslctx_set_session_cache_size, 1);
rb_define_method(cSSLContext, "session_cache_stats", ossl_sslctx_get_session_cache_stats, 0);
rb_define_method(cSSLContext, "flush_sessions", ossl_sslctx_flush_sessions, -1);
rb_define_method(cSSLContext, "options", ossl_sslctx_get_options, 0);
rb_define_method(cSSLContext, "options=", ossl_sslctx_set_options, 1);
ary = rb_ary_new2(numberof(ossl_ssl_method_tab));
for (i = 0; i < numberof(ossl_ssl_method_tab); i++) {

28
test/openssl/test_ssl.rb
View file

@ -10,6 +10,34 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
assert_equal(ctx.setup, nil)
end
def test_options_defaults_to_OP_ALL
ctx = OpenSSL::SSL::SSLContext.new
assert_equal OpenSSL::SSL::OP_ALL, ctx.options
end
def test_setting_twice
ctx = OpenSSL::SSL::SSLContext.new
ctx.options = 4
assert_equal 4, ctx.options
ctx.options = OpenSSL::SSL::OP_ALL
assert_equal OpenSSL::SSL::OP_ALL, ctx.options
end
def test_options_setting_nil_means_all
ctx = OpenSSL::SSL::SSLContext.new
ctx.options = nil
assert_equal OpenSSL::SSL::OP_ALL, ctx.options
end
def test_setting_options_raises_after_setup
ctx = OpenSSL::SSL::SSLContext.new
options = ctx.options
ctx.setup
assert_raises(RuntimeError) do
ctx.options = options
end
end
def test_ctx_setup_no_compression
ctx = OpenSSL::SSL::SSLContext.new
ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_COMPRESSION