kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity
ruby--ruby/ext/openssl
History
Exact
emboss 85fd9aadd1 * backport r34482 from trunk 
* ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
  option to prevent BEAST attack. See [Bug #5353].

  In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
  TLS-CBC-IV vulunerability described at
  http://www.openssl.org/~bodo/tls-cbc.txt
  It's known issue of TLSv1/SSLv3 but it attracts lots of attention
  these days as BEAST attack. (CVE-2011-3389)

  Until now ossl sets OP_ALL at SSLContext allocation and call
  SSL_CTX_set_options at connection.  SSL_CTX_set_options updates the
  value by using |= so bits set by OP_ALL cannot be unset afterwards.
  This commit changes to call SSL_CTX_set_options only 1 time for each
  SSLContext. It sets the specified value if SSLContext#options= are
  called and sets OP_ALL if not.

  To help users to unset bits in OP_ALL, this commit also adds several
  constant to SSL such as
  OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS.  These constants were
  not exposed in Ruby because there's no way to unset bits in OP_ALL
  before.

  Following is an example to enable 0/n split for BEAST prevention.

    ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS

* test/openssl/test_ssl.rb: Test above option exists.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@34525 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-02-09 17:20:52 +00:00
..
lib merges r31113 from trunk into ruby_1_9_2. 2011-05-28 23:32:46 +00:00
.cvsignore
extconf.rb merges r31346 from trunk into ruby_1_9_2. 2011-05-30 04:44:32 +00:00
openssl_missing.c merges r29190 from trunk into ruby_1_9_2. 2010-11-01 15:03:37 +00:00
openssl_missing.h merges r29190 from trunk into ruby_1_9_2. 2010-11-01 15:03:37 +00:00
ossl.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl.h merges r32288 and r32292 from trunk into ruby_1_9_2. 2011-08-11 00:38:30 +00:00
ossl_asn1.c merges r29075 from trunk into ruby_1_9_2. 2010-10-02 11:20:01 +00:00
ossl_asn1.h * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:04:13 +00:00
ossl_bio.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:04:13 +00:00
ossl_bio.h
ossl_bn.c merges r29237 and r29238 from trunk into ruby_1_9_2. 2010-11-15 11:43:42 +00:00
ossl_bn.h
ossl_cipher.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_cipher.h
ossl_config.c * ext/openssl/ossl_config.c: fix compilation failure with 2010-04-23 14:28:56 +00:00
ossl_config.h
ossl_digest.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_digest.h
ossl_engine.c * ext/openssl/ossl_config.c: OpenSSL 1.0.0 support. 2010-04-23 08:37:55 +00:00
ossl_engine.h
ossl_hmac.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_hmac.h
ossl_ns_spki.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_ns_spki.h
ossl_ocsp.c merges r31162 from trunk into ruby_1_9_2. 2011-05-29 22:48:25 +00:00
ossl_ocsp.h
ossl_pkcs5.c * ext/readline/readline.c: use rb_f_notimplement for methods not 2009-04-18 14:10:06 +00:00
ossl_pkcs5.h
ossl_pkcs7.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_pkcs7.h
ossl_pkcs12.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:04:13 +00:00
ossl_pkcs12.h
ossl_pkey.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_pkey.h
ossl_pkey_dh.c merges r31244 from trunk into ruby_1_9_2. 2011-05-29 22:49:10 +00:00
ossl_pkey_dsa.c merges r31244 from trunk into ruby_1_9_2. 2011-05-29 22:49:10 +00:00
ossl_pkey_ec.c merges r31244 from trunk into ruby_1_9_2. 2011-05-29 22:49:10 +00:00
ossl_pkey_rsa.c merges r31242 from trunk into ruby_1_9_2. 2011-05-29 22:49:02 +00:00
ossl_rand.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_rand.h
ossl_ssl.c * backport r34482 from trunk 2012-02-09 17:20:52 +00:00
ossl_ssl.h * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:04:13 +00:00
ossl_ssl_session.c merges 32211 from trunk into ruby_1_9_2. 2011-08-07 10:03:07 +00:00
ossl_version.h * ext/openssl/ossl_ssl.c: Switch stats hash key from string to symbol. 2008-04-20 22:32:06 +00:00
ossl_x509.c
ossl_x509.h
ossl_x509attr.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:04:13 +00:00
ossl_x509cert.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_x509crl.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_x509ext.c merges r30213 from trunk into ruby_1_9_2. 2010-12-23 12:45:44 +00:00
ossl_x509name.c merges r31164 from trunk into ruby_1_9_2. 2011-05-29 22:48:34 +00:00
ossl_x509req.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_x509revoked.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:21:01 +00:00
ossl_x509store.c * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:04:13 +00:00
ruby_missing.h