Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 91d2243ea60d^
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: fa5e674ad5a7
Choose a head ref
  • 2 commits
  • 4 files changed
  • 1 contributor

Commits on Aug 20, 2015

  1. Revert "the default cert could be PEM or a java keystore. it should l… 

    …oad both whatver is used as default."

This reverts commit 1d3ba21.
    @kares
    kares committed Aug 20, 2015
    Copy the full SHA
    91d2243 View commit details

  2. Revert "keep in line with MRI if possible" (on OpenSSL X.509 cert paths) 

    reverts commits dfd8429 and 1d2d056
    @kares
    kares committed Aug 20, 2015
    Copy the full SHA
    fa5e674 View commit details
2 changes: 1 addition & 1 deletion lib/jopenssl/version.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module Jopenssl
module Version
VERSION = '0.9.10'
VERSION = '0.9.9'
BOUNCY_CASTLE_VERSION = '1.50'
end
end
2 changes: 1 addition & 1 deletion src/main/java/org/jruby/ext/openssl/OpenSSL.java
View file
Original file line number Diff line number Diff line change
@@ -205,7 +205,7 @@ static boolean isDebug(final Ruby runtime) {
return getDebug( OpenSSL ) == runtime.getTrue();
}

public static void debugStackTrace(final Ruby runtime, final Throwable e) {
static void debugStackTrace(final Ruby runtime, final Throwable e) {
if ( isDebug(runtime) ) e.printStackTrace(runtime.getOut());
}

22 changes: 0 additions & 22 deletions src/main/java/org/jruby/ext/openssl/x509store/Lookup.java
View file
Original file line number Diff line number Diff line change
@@ -27,9 +27,6 @@
***** END LICENSE BLOCK *****/
package org.jruby.ext.openssl.x509store;


import static org.jruby.ext.openssl.OpenSSL.debugStackTrace;

import org.jruby.ext.openssl.util.Cache;
import static org.jruby.ext.openssl.x509store.X509Utils.X509_CERT_DIR;
import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_ASN1;
@@ -242,10 +239,6 @@ else if ( type == X509_FILETYPE_ASN1 ) {
return 0; // NOTE: really?
}
}
catch(IOException e) {
debugStackTrace(runtime, e);
return 0;
}
finally {
if ( reader != null ) {
try { reader.close(); } catch (Exception ignored) {}
@@ -292,10 +285,6 @@ else if ( type == X509_FILETYPE_ASN1 ) {
return 0; // NOTE: really?
}
}
catch(IOException e) {
debugStackTrace(runtime, e);
return 0;
}
finally {
if ( reader != null ) {
try { reader.close(); } catch (Exception ignored) {}
@@ -356,10 +345,6 @@ else if ( cert instanceof CRL ) {
}
return count;
}
catch(IOException e) {
debugStackTrace(runtime, e);
return 0;
}
finally {
if ( reader != null ) {
try { reader.close(); } catch (Exception ignored) {}
@@ -382,9 +367,6 @@ public int loadDefaultJavaCACertsFile() throws IOException, GeneralSecurityExcep
count++;
}
}
catch(IOException e) {
return 0;
}
finally {
try { fin.close(); } catch (Exception ignored) {}
}
@@ -540,10 +522,6 @@ public int call(final Lookup ctx, final Integer cmd, final String argp, final Nu
ok = ctx.loadCertificateOrCRLFile(file, X509_FILETYPE_PEM) != 0 ? 1 : 0;
} else {
ok = (ctx.loadDefaultJavaCACertsFile() != 0) ? 1: 0;
// it could be a PEM file
if (ok == 0) {
ok = ctx.loadCertificateOrCRLFile(file, X509_FILETYPE_PEM) != 0 ? 1 : 0;
}
}
if (ok == 0) {
X509Error.addError(X509_R_LOADING_DEFAULTS);
60 changes: 5 additions & 55 deletions src/main/java/org/jruby/ext/openssl/x509store/X509Utils.java
View file
Original file line number Diff line number Diff line change
@@ -28,7 +28,6 @@
package org.jruby.ext.openssl.x509store;


import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
@@ -293,62 +292,13 @@ else if ( keyUsage != null && ! keyUsage[5] ) { // KU_KEY_CERT_SIGN
public static final String X509_PRIVATE_DIR;

static {
// roughly following the ideas from https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
// and falling back to trust store from java to be on the save side

OPENSSLDIR = "/usr/local/openssl"; // NOTE: blindly follow?!
// TODO usability in limited environments should be tested/reviewed
final String JAVA_HOME = SafePropertyAccessor.getProperty("java.home", "");

// if the default files/dirs exist we use them. with this a switch
// from MRI to JRuby produces the same results. otherwise we use the
// certs from JAVA_HOME.
final String LINUX_CERT_AREA = "/etc/ssl";
final String MACOS_CERT_AREA = "/System/Library/OpenSSL";

String certArea, certDir, privateDir;
String maybeCertFile;
String maybePkiCertFile = "/etc/pki/tls/certs/ca-bundle.crt";
try {
if (new File(LINUX_CERT_AREA).exists()) {
certArea = LINUX_CERT_AREA;
certDir = certArea + "/certs";
privateDir = certArea + "/private";
maybeCertFile = certDir + "/cert.pem";
}
else if (new File(MACOS_CERT_AREA).exists()) {
certArea = MACOS_CERT_AREA;
certDir = certArea + "/certs";
privateDir = certArea + "/private";
maybeCertFile = certArea + "/cert.pem";
}
else {
certArea = JAVA_HOME + "/lib/security";
certDir = certArea;
privateDir = certArea;
maybeCertFile = maybePkiCertFile;
}
}
catch (SecurityException e) {
maybeCertFile = null; maybePkiCertFile = null;
privateDir = certDir = certArea = JAVA_HOME + "/lib/security";
}

X509_CERT_AREA = certArea;
X509_CERT_DIR = certDir;
X509_PRIVATE_DIR = privateDir;

if (maybePkiCertFile != null && new File(maybePkiCertFile).exists()) {
X509_CERT_FILE = maybePkiCertFile;
}
else if (maybeCertFile != null && new File(maybeCertFile).exists()) {
X509_CERT_FILE = maybeCertFile;
}
else {
X509_CERT_FILE = JAVA_HOME + "/lib/security/cacerts";
}

// keep it with some meaninful content as it is a public constant
OPENSSLDIR = X509_CERT_AREA;
X509_CERT_AREA = JAVA_HOME + "/lib/security";
X509_CERT_DIR = X509_CERT_AREA;
X509_CERT_FILE = X509_CERT_DIR + "/cacerts";
X509_PRIVATE_DIR = "/usr/lib/ssl/private"; // NOTE: blindly follow?!
}

public static final String X509_CERT_DIR_EVP = "SSL_CERT_DIR";