[compat] sync-up more openssl.rb updates from upstream

jruby · Jun 20, 2024 · 0d06604 · 0d06604
1 parent adca91b
commit 0d06604
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 48 deletions.
diff --git a/lib/openssl/buffering.rb b/lib/openssl/buffering.rb
@@ -31,7 +31,7 @@ def initialize
 
       force_encoding(BINARY)
     end
-    
+
     def << string
       if string.encoding == BINARY
         super(string)
@@ -93,9 +93,7 @@ def consume_rbuff(size=nil)
       nil
     else
       size = @rbuffer.size unless size
-      ret = @rbuffer[0, size]
-      @rbuffer[0, size] = ""
-      ret
+      @rbuffer.slice!(0, size)
     end
   end
 

diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb
@@ -86,15 +86,17 @@ class SSLContext
       DEFAULT_CERT_STORE.set_default_paths
       DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
 
-      # A callback invoked when DH parameters are required.
+      # A callback invoked when DH parameters are required for ephemeral DH key
+      # exchange.
       #
-      # The callback is invoked with the Session for the key exchange, an
+      # The callback is invoked with the SSLSocket, a
       # flag indicating the use of an export cipher and the keylength
       # required.
       #
       # The callback must return an OpenSSL::PKey::DH instance of the correct
       # key length.
-
+      #
+      # <b>Deprecated in version 3.0.</b> Use #tmp_dh= instead.
       attr_accessor :tmp_dh_callback
 
       # A callback invoked at connect time to distinguish between multiple
@@ -117,6 +119,8 @@ class SSLContext
       # def initialize(version = nil)
       #   self.options |= OpenSSL::SSL::OP_ALL
       #   self.ssl_version = version if version
+      #   self.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      #   self.verify_hostname = false
       # end
 
       ##
@@ -355,18 +359,18 @@ class SSLSocket
       include Buffering
       include SocketForwarder
 
-      # attr_reader :hostname
-      #
-      # # The underlying IO object.
-      # attr_reader :io
-      # alias :to_io :io
-      #
-      # # The SSLContext object used in this connection.
-      # attr_reader :context
-      #
-      # # Whether to close the underlying socket as well, when the SSL/TLS
-      # # connection is shut down. This defaults to +false+.
-      # attr_accessor :sync_close
+      #attr_reader :hostname
+
+      # The underlying IO object.
+      #attr_reader :io
+      #alias :to_io :io
+
+      # The SSLContext object used in this connection.
+      #attr_reader :context
+
+      # Whether to close the underlying socket as well, when the SSL/TLS
+      # connection is shut down. This defaults to +false+.
+      #attr_accessor :sync_close
 
       # call-seq:
       #    ssl.sysclose => nil
@@ -379,7 +383,7 @@ def sysclose
         return if closed?
         stop
         io.close if sync_close
-      end unless method_defined? :sysclose
+      end
 
       # call-seq:
       #   ssl.post_connection_check(hostname) -> true
@@ -431,10 +435,6 @@ def tmp_dh_callback
         @context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
       end
 
-      def tmp_ecdh_callback
-        @context.tmp_ecdh_callback
-      end
-
       def session_new_cb
         @context.session_new_cb
       end

diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb
@@ -50,20 +50,20 @@ def ==(other)
         to_der == other.to_der
       end
 
-      # def to_s # "oid = critical, value"
-      #   str = self.oid
-      #   str << " = "
-      #   str << "critical, " if self.critical?
-      #   str << self.value.gsub(/\n/, ", ")
-      # end
-      #
-      # def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
-      #   {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
-      # end
-      #
-      # def to_a
-      #   [ self.oid, self.value, self.critical? ]
-      # end
+      def to_s # "oid = critical, value"
+        str = self.oid
+        str << " = "
+        str << "critical, " if self.critical?
+        str << self.value.gsub(/\n/, ", ")
+      end
+
+      def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
+        {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
+      end
+
+      def to_a
+        [ self.oid, self.value, self.critical? ]
+      end
 
       module Helpers
         def find_extension(oid)
@@ -187,17 +187,17 @@ def ocsp_uris
 
         private
 
-          def parse_aia_asn1
-            ext = find_extension("authorityInfoAccess")
-            return nil if ext.nil?
-
-            aia_asn1 = ASN1.decode(ext.value_der)
-            if ext.critical? || aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
-              raise ASN1::ASN1Error, "invalid extension"
-            end
+        def parse_aia_asn1
+          ext = find_extension("authorityInfoAccess")
+          return nil if ext.nil?
 
-            aia_asn1
+          aia_asn1 = ASN1.decode(ext.value_der)
+          if ext.critical? || aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
+            raise ASN1::ASN1Error, "invalid extension"
           end
+
+          aia_asn1
+        end
       end
     end
 
@@ -265,7 +265,7 @@ def scan(dn)
                   next
                 elsif remain.length > 2 && remain[0] == ?+
                   raise OpenSSL::X509::NameError,
-                    "multi-valued RDN is not supported: #{dn}"
+                        "multi-valued RDN is not supported: #{dn}"
                 elsif remain.empty?
                   break
                 end
@@ -279,11 +279,29 @@ def scan(dn)
       end
 
       class << self
+        # Parses the UTF-8 string representation of a distinguished name,
+        # according to RFC 2253.
+        #
+        # See also #to_utf8 for the opposite operation.
         def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
           ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
           self.new(ary, template)
         end
 
+        # Parses the string representation of a distinguished name. Two
+        # different forms are supported:
+        #
+        # - \OpenSSL format (<tt>X509_NAME_oneline()</tt>) used by
+        #   <tt>#to_s</tt>. For example: <tt>/DC=com/DC=example/CN=nobody</tt>
+        # - \OpenSSL format (<tt>X509_NAME_print()</tt>)
+        #   used by <tt>#to_s(OpenSSL::X509::Name::COMPAT)</tt>. For example:
+        #   <tt>DC=com, DC=example, CN=nobody</tt>
+        #
+        # Neither of them is standardized and has quirks and inconsistencies
+        # in handling of escaped characters or multi-valued RDNs.
+        #
+        # Use of this method is discouraged in new applications. See
+        # Name.parse_rfc2253 and #to_utf8 for the alternative.
         def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
           if str.start_with?("/")
             # /A=B/C=D format
@@ -338,6 +356,10 @@ def pretty_print(q)
           q.text 'not_after='; q.pp self.not_after
         }
       end
+
+      def self.load_file(path)
+        load(File.binread(path))
+      end
     end
 
     class CRL