Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 9f879f2417f7
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: acbfa26d81eb
Choose a head ref
  • 3 commits
  • 5 files changed
  • 1 contributor

Commits on Nov 2, 2017

  1. copy over openssl/config.rb from Ruby 2.3 (to make sure we're in sync)

    @kares
    kares committed Nov 2, 2017
    Copy the full SHA
    b080b73 View commit details

  2. let's set the DEFAULT_CONFIG_FILE to nil (just to have constant around)

    @kares
    kares committed Nov 2, 2017
    Copy the full SHA
    dcc9543 View commit details

  3. setup OpenSSL::ExtConfig emulation - mostly (conservative) guesses

    @kares
    kares committed Nov 2, 2017
    Copy the full SHA
    acbfa26 View commit details
106 changes: 53 additions & 53 deletions lib/jopenssl23/openssl/config.rb
View file
Original file line number Diff line number Diff line change
@@ -71,7 +71,7 @@ def get_key_string(data, section, key) # :nodoc:
end
end

private
private

def parse_config_lines(io)
section = 'default'
@@ -110,10 +110,10 @@ def parse_config_lines(io)
QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
# escaped char map
ESCAPE_MAP = {
"r" => "\r",
"n" => "\n",
"b" => "\b",
"t" => "\t",
"r" => "\r",
"n" => "\n",
"b" => "\b",
"t" => "\t",
}

def unescape_value(data, section, value)
@@ -123,36 +123,36 @@ def unescape_value(data, section, value)
c = m[0]
value = m.post_match
case c
when "'"
if m = value.match(QUOTE_REGEXP_SQ)
scanned << m[1].gsub(/\\(.)/, '\\1')
value = m.post_match
else
break
end
when '"'
if m = value.match(QUOTE_REGEXP_DQ)
scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
value = m.post_match
else
break
end
when "\\"
c = value.slice!(0, 1)
scanned << (ESCAPE_MAP[c] || c)
when "$"
ref, value = extract_reference(value)
refsec = section
if ref.index('::')
refsec, ref = ref.split('::', 2)
end
if v = get_key_string(data, refsec, ref)
scanned << v
when "'"
if m = value.match(QUOTE_REGEXP_SQ)
scanned << m[1].gsub(/\\(.)/, '\\1')
value = m.post_match
else
break
end
when '"'
if m = value.match(QUOTE_REGEXP_DQ)
scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
value = m.post_match
else
break
end
when "\\"
c = value.slice!(0, 1)
scanned << (ESCAPE_MAP[c] || c)
when "$"
ref, value = extract_reference(value)
refsec = section
if ref.index('::')
refsec, ref = ref.split('::', 2)
end
if v = get_key_string(data, refsec, ref)
scanned << v
else
raise ConfigError, "variable has no value"
end
else
raise ConfigError, "variable has no value"
end
else
raise 'must not reaced'
raise 'must not reaced'
end
end
scanned << value
@@ -186,25 +186,25 @@ def clear_comments(line)
c = m[0]
line = m.post_match
case c
when '#'
line = nil
break
when "'", '"'
regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
scanned << c
if m = line.match(regexp)
scanned << m[0]
line = m.post_match
else
scanned << line
when '#'
line = nil
break
end
when "\\"
scanned << c
scanned << line.slice!(0, 1)
else
raise 'must not reaced'
when "'", '"'
regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
scanned << c
if m = line.match(regexp)
scanned << m[0]
line = m.post_match
else
scanned << line
line = nil
break
end
when "\\"
scanned << c
scanned << line.slice!(0, 1)
else
raise 'must not reaced'
end
end
scanned << line
@@ -450,13 +450,13 @@ def inspect
"#<#{self.class.name} sections=#{sections.inspect}>"
end

protected
protected

def data # :nodoc:
@data
end

private
private

def initialize_copy(other)
@data = other.data.dup
18 changes: 10 additions & 8 deletions src/main/java/org/jruby/ext/openssl/Config.java
View file
Original file line number Diff line number Diff line change
@@ -32,18 +32,20 @@
import org.jruby.RubyModule;

/**
* OpenSSL::Config (native parts)
* @author <a href="mailto:ola.bini@ki.se">Ola Bini</a>
*/
public class Config {
// TODO: we cannot detect OS's default config file. ignore?
public static final String DEFAULT_CONFIG_FILE = "./openssl.cnf";
// public static final String DEFAULT_CONFIG_FILE = "./openssl.cnf";

public static void createConfig(Ruby runtime, RubyModule mOSSL) {
RubyClass cConfig = mOSSL.defineClassUnder("Config", runtime.getObject(), runtime.getObject().getAllocator());
cConfig.defineAnnotatedMethods(Config.class);
RubyClass openSSLError = mOSSL.getClass("OpenSSLError");
mOSSL.defineClassUnder("ConfigError", openSSLError, openSSLError.getAllocator());
public static void createConfig(Ruby runtime, RubyModule OpenSSL) {
RubyClass Config = OpenSSL.defineClassUnder("Config", runtime.getObject(), runtime.getObject().getAllocator());
Config.defineAnnotatedMethods(Config.class);
RubyClass openSSLError = OpenSSL.getClass("OpenSSLError");
OpenSSL.defineClassUnder("ConfigError", openSSLError, openSSLError.getAllocator());
// TODO: we should define this constant with proper path. (see above)
//cConfig.setConstant("DEFAULT_CONFIG_FILE", runtime.newString(DEFAULT_CONFIG_FILE));
Config.setConstant("DEFAULT_CONFIG_FILE", runtime.getNil()); // runtime.newString(DEFAULT_CONFIG_FILE)
}
}// Config

}
30 changes: 30 additions & 0 deletions src/main/java/org/jruby/ext/openssl/ExtConfig.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*
* Copyright (c) 2017 Karol Bucek.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.jruby.ext.openssl;

import org.jruby.Ruby;
import org.jruby.RubyModule;

/**
* OpenSSL::ExtConfig (emulation)
*
* @author kares
*/
public class ExtConfig {

static void create(Ruby runtime, RubyModule OpenSSL) {
RubyModule ExtConfig = OpenSSL.defineModuleUnder("ExtConfig");
ExtConfig.defineAnnotatedMethods(ExtConfig.class);

ExtConfig.setConstant("OPENSSL_NO_SOCK", runtime.getNil()); // true/false (default) on MRI
// TODO: we really should attempt to detect whether we support this :
ExtConfig.setConstant("TLS_DH_anon_WITH_AES_256_GCM_SHA384", runtime.getFalse());
ExtConfig.setConstant("HAVE_TLSEXT_HOST_NAME", runtime.getTrue());
}

}
13 changes: 5 additions & 8 deletions src/main/java/org/jruby/ext/openssl/OpenSSL.java
View file
Original file line number Diff line number Diff line change
@@ -67,13 +67,14 @@ public static void createOpenSSL(final Ruby runtime) {
final String warn = SafePropertyAccessor.getProperty("jruby.openssl.warn");
if ( warn != null ) OpenSSL.warn = Boolean.parseBoolean(warn);

Config.createConfig(runtime, _OpenSSL);
ExtConfig.create(runtime, _OpenSSL);
PKey.createPKey(runtime, _OpenSSL);
BN.createBN(runtime, _OpenSSL);
Digest.createDigest(runtime, _OpenSSL);
Cipher.createCipher(runtime, _OpenSSL);
Random.createRandom(runtime, _OpenSSL);
HMAC.createHMAC(runtime, _OpenSSL);
Config.createConfig(runtime, _OpenSSL);
ASN1.createASN1(runtime, _OpenSSL);
X509.createX509(runtime, _OpenSSL);
NetscapeSPKI.createNetscapeSPKI(runtime, _OpenSSL);
@@ -96,8 +97,6 @@ public static void createOpenSSL(final Ruby runtime) {
// OpenSSL::FIPS: false

final byte[] version = { '1','.','1','.','0' };
final boolean ruby18 = runtime.getInstanceConfig().getCompatVersion() == CompatVersion.RUBY1_8;
if ( ruby18 ) version[2] = '0'; // 1.0.0 compatible on 1.8

_OpenSSL.setConstant("VERSION", StringHelper.newString(runtime, version));

@@ -115,11 +114,9 @@ public static void createOpenSSL(final Ruby runtime) {
final RubyString VERSION;
_OpenSSL.setConstant("OPENSSL_VERSION", VERSION = runtime.newString(OPENSSL_VERSION));
_OpenSSL.setConstant("OPENSSL_VERSION_NUMBER", runtime.newFixnum(OPENSSL_VERSION_NUMBER));
if ( ! ruby18 ) {
// MRI 2.3 tests do: /\AOpenSSL +0\./ !~ OpenSSL::OPENSSL_LIBRARY_VERSION
_OpenSSL.setConstant("OPENSSL_LIBRARY_VERSION", VERSION);
_OpenSSL.setConstant("OPENSSL_FIPS", runtime.getFalse());
}
// MRI 2.3 tests do: /\AOpenSSL +0\./ !~ OpenSSL::OPENSSL_LIBRARY_VERSION
_OpenSSL.setConstant("OPENSSL_LIBRARY_VERSION", VERSION);
_OpenSSL.setConstant("OPENSSL_FIPS", runtime.getFalse());
}

static RubyClass _OpenSSLError(final Ruby runtime) {
12 changes: 12 additions & 0 deletions src/test/ruby/ssl/test_ssl.rb
View file
Original file line number Diff line number Diff line change
@@ -82,6 +82,18 @@ def test_post_connection_check
end
end

def test_post_connect_check_with_anon_ciphers
start_server(OpenSSL::SSL::VERIFY_NONE, true, { use_anon_cipher: true }) { |server, port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.ciphers = "aNULL"
server_connect(port, ctx) { |ssl|
msg = "Peer verification enabled, but no certificate received. Anonymous cipher suite " \
"ADH-AES256-GCM-SHA384 was negotiated. Anonymous suites must be disabled to use peer verification."
assert_raise_with_message(OpenSSL::SSL::SSLError, msg){ssl.post_connection_check("localhost.localdomain")}
}
}
end if OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384

def test_ssl_version_tlsv1
ctx_proc = Proc.new do |ctx|
ctx.ssl_version = "TLSv1"