Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2243aeaa530f
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 9445efd67021
Choose a head ref
  • 3 commits
  • 4 files changed
  • 1 contributor

Commits on Aug 20, 2015

  1. Revert "the default cert could be PEM or a java keystore. it should l… 

    …oad both whatver is used as default."

This reverts commit 1d3ba21.
    @kares
    kares committed Aug 20, 2015

    Verified

    This commit was signed with the committer’s verified signature.
    makenowjust Hiroya Fujinami
    GPG key ID: 9F4CB6A0CB6B6BE9
    Verified
    Learn about vigilant mode
    Copy the full SHA
    aa35fb9 View commit details

  2. Revert "keep in line with MRI if possible" (on OpenSSL X.509 cert paths) 

    reverts commits dfd8429 and 1d2d056
    @kares
    kares committed Aug 20, 2015
    Copy the full SHA
    3fae31f View commit details

  3. prepare for 0.9.10

    @kares
    kares committed Aug 20, 2015
    Copy the full SHA
    9445efd View commit details
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>rubygems</groupId>
<artifactId>jruby-openssl</artifactId>
<version>0.9.9</version>
<version>0.9.10</version>
<packaging>gem</packaging>
<name>JRuby OpenSSL</name>
<description>JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.</description>
2 changes: 1 addition & 1 deletion src/main/java/org/jruby/ext/openssl/OpenSSL.java
View file
Original file line number Diff line number Diff line change
@@ -205,7 +205,7 @@ static boolean isDebug(final Ruby runtime) {
return getDebug( OpenSSL ) == runtime.getTrue();
}

public static void debugStackTrace(final Ruby runtime, final Throwable e) {
static void debugStackTrace(final Ruby runtime, final Throwable e) {
if ( isDebug(runtime) ) e.printStackTrace(runtime.getOut());
}

22 changes: 0 additions & 22 deletions src/main/java/org/jruby/ext/openssl/x509store/Lookup.java
View file
Original file line number Diff line number Diff line change
@@ -27,9 +27,6 @@
***** END LICENSE BLOCK *****/
package org.jruby.ext.openssl.x509store;


import static org.jruby.ext.openssl.OpenSSL.debugStackTrace;

import org.jruby.ext.openssl.util.Cache;
import static org.jruby.ext.openssl.x509store.X509Utils.X509_CERT_DIR;
import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_ASN1;
@@ -242,10 +239,6 @@ else if ( type == X509_FILETYPE_ASN1 ) {
return 0; // NOTE: really?
}
}
catch(IOException e) {
debugStackTrace(runtime, e);
return 0;
}
finally {
if ( reader != null ) {
try { reader.close(); } catch (Exception ignored) {}
@@ -292,10 +285,6 @@ else if ( type == X509_FILETYPE_ASN1 ) {
return 0; // NOTE: really?
}
}
catch(IOException e) {
debugStackTrace(runtime, e);
return 0;
}
finally {
if ( reader != null ) {
try { reader.close(); } catch (Exception ignored) {}
@@ -356,10 +345,6 @@ else if ( cert instanceof CRL ) {
}
return count;
}
catch(IOException e) {
debugStackTrace(runtime, e);
return 0;
}
finally {
if ( reader != null ) {
try { reader.close(); } catch (Exception ignored) {}
@@ -382,9 +367,6 @@ public int loadDefaultJavaCACertsFile() throws IOException, GeneralSecurityExcep
count++;
}
}
catch(IOException e) {
return 0;
}
finally {
try { fin.close(); } catch (Exception ignored) {}
}
@@ -540,10 +522,6 @@ public int call(final Lookup ctx, final Integer cmd, final String argp, final Nu
ok = ctx.loadCertificateOrCRLFile(file, X509_FILETYPE_PEM) != 0 ? 1 : 0;
} else {
ok = (ctx.loadDefaultJavaCACertsFile() != 0) ? 1: 0;
// it could be a PEM file
if (ok == 0) {
ok = ctx.loadCertificateOrCRLFile(file, X509_FILETYPE_PEM) != 0 ? 1 : 0;
}
}
if (ok == 0) {
X509Error.addError(X509_R_LOADING_DEFAULTS);
60 changes: 5 additions & 55 deletions src/main/java/org/jruby/ext/openssl/x509store/X509Utils.java
View file
Original file line number Diff line number Diff line change
@@ -28,7 +28,6 @@
package org.jruby.ext.openssl.x509store;


import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
@@ -293,62 +292,13 @@ else if ( keyUsage != null && ! keyUsage[5] ) { // KU_KEY_CERT_SIGN
public static final String X509_PRIVATE_DIR;

static {
// roughly following the ideas from https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
// and falling back to trust store from java to be on the save side

OPENSSLDIR = "/usr/local/openssl"; // NOTE: blindly follow?!
// TODO usability in limited environments should be tested/reviewed
final String JAVA_HOME = SafePropertyAccessor.getProperty("java.home", "");

// if the default files/dirs exist we use them. with this a switch
// from MRI to JRuby produces the same results. otherwise we use the
// certs from JAVA_HOME.
final String LINUX_CERT_AREA = "/etc/ssl";
final String MACOS_CERT_AREA = "/System/Library/OpenSSL";

String certArea, certDir, privateDir;
String maybeCertFile;
String maybePkiCertFile = "/etc/pki/tls/certs/ca-bundle.crt";
try {
if (new File(LINUX_CERT_AREA).exists()) {
certArea = LINUX_CERT_AREA;
certDir = certArea + "/certs";
privateDir = certArea + "/private";
maybeCertFile = certDir + "/cert.pem";
}
else if (new File(MACOS_CERT_AREA).exists()) {
certArea = MACOS_CERT_AREA;
certDir = certArea + "/certs";
privateDir = certArea + "/private";
maybeCertFile = certArea + "/cert.pem";
}
else {
certArea = JAVA_HOME + "/lib/security";
certDir = certArea;
privateDir = certArea;
maybeCertFile = maybePkiCertFile;
}
}
catch (SecurityException e) {
maybeCertFile = null; maybePkiCertFile = null;
privateDir = certDir = certArea = JAVA_HOME + "/lib/security";
}

X509_CERT_AREA = certArea;
X509_CERT_DIR = certDir;
X509_PRIVATE_DIR = privateDir;

if (maybePkiCertFile != null && new File(maybePkiCertFile).exists()) {
X509_CERT_FILE = maybePkiCertFile;
}
else if (maybeCertFile != null && new File(maybeCertFile).exists()) {
X509_CERT_FILE = maybeCertFile;
}
else {
X509_CERT_FILE = JAVA_HOME + "/lib/security/cacerts";
}

// keep it with some meaninful content as it is a public constant
OPENSSLDIR = X509_CERT_AREA;
X509_CERT_AREA = JAVA_HOME + "/lib/security";
X509_CERT_DIR = X509_CERT_AREA;
X509_CERT_FILE = X509_CERT_DIR + "/cacerts";
X509_PRIVATE_DIR = "/usr/lib/ssl/private"; // NOTE: blindly follow?!
}

public static final String X509_CERT_DIR_EVP = "SSL_CERT_DIR";