diff --git a/lib/openssl/buffering.rb b/lib/openssl/buffering.rb
index 9b40fb05..c0559abf 100644
--- a/lib/openssl/buffering.rb
+++ b/lib/openssl/buffering.rb
@@ -31,7 +31,7 @@ def initialize
force_encoding(BINARY)
end
-
+
def << string
if string.encoding == BINARY
super(string)
@@ -93,9 +93,7 @@ def consume_rbuff(size=nil)
nil
else
size = @rbuffer.size unless size
- ret = @rbuffer[0, size]
- @rbuffer[0, size] = ""
- ret
+ @rbuffer.slice!(0, size)
end
end
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb
index 5d42e43d..b77f0b52 100644
--- a/lib/openssl/ssl.rb
+++ b/lib/openssl/ssl.rb
@@ -86,15 +86,17 @@ class SSLContext
DEFAULT_CERT_STORE.set_default_paths
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
- # A callback invoked when DH parameters are required.
+ # A callback invoked when DH parameters are required for ephemeral DH key
+ # exchange.
#
- # The callback is invoked with the Session for the key exchange, an
+ # The callback is invoked with the SSLSocket, a
# flag indicating the use of an export cipher and the keylength
# required.
#
# The callback must return an OpenSSL::PKey::DH instance of the correct
# key length.
-
+ #
+ # Deprecated in version 3.0. Use #tmp_dh= instead.
attr_accessor :tmp_dh_callback
# A callback invoked at connect time to distinguish between multiple
@@ -117,6 +119,8 @@ class SSLContext
# def initialize(version = nil)
# self.options |= OpenSSL::SSL::OP_ALL
# self.ssl_version = version if version
+ # self.verify_mode = OpenSSL::SSL::VERIFY_NONE
+ # self.verify_hostname = false
# end
##
@@ -355,18 +359,18 @@ class SSLSocket
include Buffering
include SocketForwarder
- # attr_reader :hostname
- #
- # # The underlying IO object.
- # attr_reader :io
- # alias :to_io :io
- #
- # # The SSLContext object used in this connection.
- # attr_reader :context
- #
- # # Whether to close the underlying socket as well, when the SSL/TLS
- # # connection is shut down. This defaults to +false+.
- # attr_accessor :sync_close
+ #attr_reader :hostname
+
+ # The underlying IO object.
+ #attr_reader :io
+ #alias :to_io :io
+
+ # The SSLContext object used in this connection.
+ #attr_reader :context
+
+ # Whether to close the underlying socket as well, when the SSL/TLS
+ # connection is shut down. This defaults to +false+.
+ #attr_accessor :sync_close
# call-seq:
# ssl.sysclose => nil
@@ -379,7 +383,7 @@ def sysclose
return if closed?
stop
io.close if sync_close
- end unless method_defined? :sysclose
+ end
# call-seq:
# ssl.post_connection_check(hostname) -> true
@@ -431,10 +435,6 @@ def tmp_dh_callback
@context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
end
- def tmp_ecdh_callback
- @context.tmp_ecdh_callback
- end
-
def session_new_cb
@context.session_new_cb
end
diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb
index d523b10c..1f378b48 100644
--- a/lib/openssl/x509.rb
+++ b/lib/openssl/x509.rb
@@ -50,20 +50,20 @@ def ==(other)
to_der == other.to_der
end
- # def to_s # "oid = critical, value"
- # str = self.oid
- # str << " = "
- # str << "critical, " if self.critical?
- # str << self.value.gsub(/\n/, ", ")
- # end
- #
- # def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
- # {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
- # end
- #
- # def to_a
- # [ self.oid, self.value, self.critical? ]
- # end
+ def to_s # "oid = critical, value"
+ str = self.oid
+ str << " = "
+ str << "critical, " if self.critical?
+ str << self.value.gsub(/\n/, ", ")
+ end
+
+ def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
+ {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
+ end
+
+ def to_a
+ [ self.oid, self.value, self.critical? ]
+ end
module Helpers
def find_extension(oid)
@@ -187,17 +187,17 @@ def ocsp_uris
private
- def parse_aia_asn1
- ext = find_extension("authorityInfoAccess")
- return nil if ext.nil?
-
- aia_asn1 = ASN1.decode(ext.value_der)
- if ext.critical? || aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
- raise ASN1::ASN1Error, "invalid extension"
- end
+ def parse_aia_asn1
+ ext = find_extension("authorityInfoAccess")
+ return nil if ext.nil?
- aia_asn1
+ aia_asn1 = ASN1.decode(ext.value_der)
+ if ext.critical? || aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
+ raise ASN1::ASN1Error, "invalid extension"
end
+
+ aia_asn1
+ end
end
end
@@ -265,7 +265,7 @@ def scan(dn)
next
elsif remain.length > 2 && remain[0] == ?+
raise OpenSSL::X509::NameError,
- "multi-valued RDN is not supported: #{dn}"
+ "multi-valued RDN is not supported: #{dn}"
elsif remain.empty?
break
end
@@ -279,11 +279,29 @@ def scan(dn)
end
class << self
+ # Parses the UTF-8 string representation of a distinguished name,
+ # according to RFC 2253.
+ #
+ # See also #to_utf8 for the opposite operation.
def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
self.new(ary, template)
end
+ # Parses the string representation of a distinguished name. Two
+ # different forms are supported:
+ #
+ # - \OpenSSL format (X509_NAME_oneline()) used by
+ # #to_s. For example: /DC=com/DC=example/CN=nobody
+ # - \OpenSSL format (X509_NAME_print())
+ # used by #to_s(OpenSSL::X509::Name::COMPAT). For example:
+ # DC=com, DC=example, CN=nobody
+ #
+ # Neither of them is standardized and has quirks and inconsistencies
+ # in handling of escaped characters or multi-valued RDNs.
+ #
+ # Use of this method is discouraged in new applications. See
+ # Name.parse_rfc2253 and #to_utf8 for the alternative.
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
if str.start_with?("/")
# /A=B/C=D format
@@ -338,6 +356,10 @@ def pretty_print(q)
q.text 'not_after='; q.pp self.not_after
}
end
+
+ def self.load_file(path)
+ load(File.binread(path))
+ end
end
class CRL