From e1e8f3cebe37c7ba032388fef7ce127a17903d30 Mon Sep 17 00:00:00 2001 From: Joe Truba Date: Sat, 19 Nov 2022 21:46:49 +0000 Subject: [PATCH 01/11] raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true --- ext/openssl/ossl_pkey_ec.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 1d105abd3..3ea35f8a3 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -860,10 +860,11 @@ static VALUE ossl_ec_group_eql(VALUE a, VALUE b) GetECGroup(a, group1); GetECGroup(b, group2); - if (EC_GROUP_cmp(group1, group2, ossl_bn_ctx) == 1) - return Qfalse; - - return Qtrue; + switch (EC_GROUP_cmp(group1, group2, ossl_bn_ctx)) { + case 0: return Qtrue; + case 1: return Qfalse; + default: ossl_raise(eEC_GROUP, "EC_GROUP_cmp"); + } } /* @@ -1424,10 +1425,13 @@ static VALUE ossl_ec_point_eql(VALUE a, VALUE b) GetECPoint(b, point2); GetECGroup(group_v1, group); - if (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx) == 1) - return Qfalse; + switch (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx)) { + case 0: return Qtrue; + case 1: return Qfalse; + default: ossl_raise(eEC_POINT, "EC_POINT_cmp"); + } - return Qtrue; + UNREACHABLE; } /* From b2e9f5e1322f3ea80b77679726ea6df78abe35b4 Mon Sep 17 00:00:00 2001 From: Joe Truba Date: Fri, 25 Nov 2022 22:30:01 +0000 Subject: [PATCH 02/11] pkey/ec: fix ossl_raise() calls using cEC_POINT instead of eEC_POINT --- ext/openssl/ossl_pkey_ec.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 1d105abd3..e70198582 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -1445,7 +1445,7 @@ static VALUE ossl_ec_point_is_at_infinity(VALUE self) switch (EC_POINT_is_at_infinity(group, point)) { case 1: return Qtrue; case 0: return Qfalse; - default: ossl_raise(cEC_POINT, "EC_POINT_is_at_infinity"); + default: ossl_raise(eEC_POINT, "EC_POINT_is_at_infinity"); } UNREACHABLE; @@ -1466,7 +1466,7 @@ static VALUE ossl_ec_point_is_on_curve(VALUE self) switch (EC_POINT_is_on_curve(group, point, ossl_bn_ctx)) { case 1: return Qtrue; case 0: return Qfalse; - default: ossl_raise(cEC_POINT, "EC_POINT_is_on_curve"); + default: ossl_raise(eEC_POINT, "EC_POINT_is_on_curve"); } UNREACHABLE; @@ -1485,7 +1485,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self) GetECPointGroup(self, group); if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1) - ossl_raise(cEC_POINT, "EC_POINT_make_affine"); + ossl_raise(eEC_POINT, "EC_POINT_make_affine"); return self; } @@ -1503,7 +1503,7 @@ static VALUE ossl_ec_point_invert(VALUE self) GetECPointGroup(self, group); if (EC_POINT_invert(group, point, ossl_bn_ctx) != 1) - ossl_raise(cEC_POINT, "EC_POINT_invert"); + ossl_raise(eEC_POINT, "EC_POINT_invert"); return self; } @@ -1521,7 +1521,7 @@ static VALUE ossl_ec_point_set_to_infinity(VALUE self) GetECPointGroup(self, group); if (EC_POINT_set_to_infinity(group, point) != 1) - ossl_raise(cEC_POINT, "EC_POINT_set_to_infinity"); + ossl_raise(eEC_POINT, "EC_POINT_set_to_infinity"); return self; } From a33427c9fcf82cf447f1757a2738c2c52aa90868 Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Mon, 28 Nov 2022 12:10:43 -0600 Subject: [PATCH 03/11] Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3 --- .github/workflows/test.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bd7f44d9c..aa85a14aa 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,11 +10,12 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest, macos-latest ] + # ubuntu-latest is 22.04, uses OpenSSL 3 + os: [ ubuntu-20.04, macos-latest ] ruby: [ head, "3.0", "2.7", "2.6", "2.5", "2.4", "2.3" ] steps: - name: repo checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: load ruby uses: ruby/setup-ruby@v1 @@ -38,12 +39,11 @@ jobs: fail-fast: false matrix: os: [ windows-latest ] - ruby: [ mswin, mingw, "3.0", "2.7", "2.6", "2.5", "2.4", "2.3" ] - exclude: - - { os: "windows-latest", ruby: "mswin" } # OpenSSL 3.0 + # current mswin build uses OpenSSL 3 + ruby: [ mingw, "3.0", "2.7", "2.6", "2.5", "2.4", "2.3" ] steps: - name: repo checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: load ruby, install/update gcc, install openssl uses: MSP-Greg/setup-ruby-pkgs@v1 @@ -82,7 +82,7 @@ jobs: - libressl-3.3.4 steps: - name: repo checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: prepare openssl run: | From e38a63ab3d76dbe406a30e8fc4485e17bf7019b1 Mon Sep 17 00:00:00 2001 From: Joe Truba Date: Sun, 20 Nov 2022 00:54:32 +0000 Subject: [PATCH 04/11] pkey/ec: check private key validity with OpenSSL 3 The behavior of EVP_PKEY_public_check changed between OpenSSL 1.1.1 and 3.0 so that it no longer validates the private key. Instead, private keys can be validated through EVP_PKEY_private_check and EVP_PKEY_pairwise_check. [ky: simplified condition to use either EVP_PKEY_check() or EVP_PKEY_public_check().] --- ext/openssl/ossl_pkey_ec.c | 22 ++++++++++++++----- test/openssl/fixtures/pkey/p256_too_large.pem | 5 +++++ test/openssl/fixtures/pkey/p384_invalid.pem | 6 +++++ test/openssl/test_pkey_ec.rb | 7 ++++++ 4 files changed, 35 insertions(+), 5 deletions(-) create mode 100644 test/openssl/fixtures/pkey/p256_too_large.pem create mode 100644 test/openssl/fixtures/pkey/p384_invalid.pem diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 06d59c2a4..3918d45d4 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -483,16 +483,28 @@ static VALUE ossl_ec_key_check_key(VALUE self) #ifdef HAVE_EVP_PKEY_CHECK EVP_PKEY *pkey; EVP_PKEY_CTX *pctx; - int ret; + EC_KEY *ec; GetPKey(self, pkey); + GetEC(self, ec); pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL); if (!pctx) - ossl_raise(eDHError, "EVP_PKEY_CTX_new"); - ret = EVP_PKEY_public_check(pctx); + ossl_raise(eECError, "EVP_PKEY_CTX_new"); + + if (EC_KEY_get0_private_key(ec) != NULL) { + if (EVP_PKEY_check(pctx) != 1) { + EVP_PKEY_CTX_free(pctx); + ossl_raise(eECError, "EVP_PKEY_check"); + } + } + else { + if (EVP_PKEY_public_check(pctx) != 1) { + EVP_PKEY_CTX_free(pctx); + ossl_raise(eECError, "EVP_PKEY_public_check"); + } + } + EVP_PKEY_CTX_free(pctx); - if (ret != 1) - ossl_raise(eECError, "EVP_PKEY_public_check"); #else EC_KEY *ec; diff --git a/test/openssl/fixtures/pkey/p256_too_large.pem b/test/openssl/fixtures/pkey/p256_too_large.pem new file mode 100644 index 000000000..a73ac37f8 --- /dev/null +++ b/test/openssl/fixtures/pkey/p256_too_large.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIP+TT0V8Fndsnacji9tyf6hmhHywcOWTee9XkiBeJoVloAoGCCqGSM49 +AwEHoUQDQgAEBkhhJIU/2/YdPSlY2I1k25xjK4trr5OXSgXvBC21PtY0HQ7lor7A +jzT0giJITqmcd81fwGw5+96zLcdxTF1hVQ== +-----END EC PRIVATE KEY----- diff --git a/test/openssl/fixtures/pkey/p384_invalid.pem b/test/openssl/fixtures/pkey/p384_invalid.pem new file mode 100644 index 000000000..d5cdc9a3a --- /dev/null +++ b/test/openssl/fixtures/pkey/p384_invalid.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDDA1Tm0m7YhkfeVpFuarAJYVlHp2tQj+1fOBiLa10t9E8TiQO/hVfxB +vGaVEQwOheWgBwYFK4EEACKhZANiAASyGqmryZGqdpsq5gEDIfNvgC3AwSJxiBCL +XKHBTFRp+tCezLDOK/6V8KK/vVGBJlGFW6/I7ahyXprxS7xs7hPA9iz5YiuqXlu+ +lbrIpZOz7b73hyQQCkvbBO/Avg+hPAk= +-----END EC PRIVATE KEY----- diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index 9a4818de8..37c1fa61d 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -90,6 +90,13 @@ def test_check_key assert_equal(true, key2.public?) assert_equal(true, key2.check_key) + # Behavior of EVP_PKEY_public_check changes between OpenSSL 1.1.1 and 3.0 + key4 = Fixtures.pkey("p256_too_large") + assert_raise(OpenSSL::PKey::ECError) { key4.check_key } + + key5 = Fixtures.pkey("p384_invalid") + assert_raise(OpenSSL::PKey::ECError) { key5.check_key } + # EC#private_key= is deprecated in 3.0 and won't work on OpenSSL 3.0 if !openssl?(3, 0, 0) key2.private_key += 1 From f2e2a5e5ed8ef3f78b2306e4a16ecbb10597910c Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 23 Dec 2022 06:04:20 +0900 Subject: [PATCH 05/11] test/openssl/test_pkey.rb: allow failures in test_s_generate_parameters The root cause has been fixed by OpenSSL 3.0.6, but Ubuntu 22.04's OpenSSL package has not backported the patch yet. Reference: https://github.com/ruby/openssl/issues/492 --- test/openssl/test_pkey.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb index 544340e37..1219f3f1d 100644 --- a/test/openssl/test_pkey.rb +++ b/test/openssl/test_pkey.rb @@ -47,6 +47,11 @@ def test_s_generate_parameters raise "exit!" if cb_called.size == 3 } } + if !cb_called && openssl?(3, 0, 0) && !openssl?(3, 0, 6) + # Errors in BN_GENCB were not properly handled. This special pend is to + # suppress failures on Ubuntu 22.04, which uses OpenSSL 3.0.2. + pend "unstable test on OpenSSL 3.0.[0-5]" + end assert_not_empty cb_called end From 075b68e6ec81b8b51a810d3c707eb579be3fec38 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 23 Dec 2022 07:32:34 +0900 Subject: [PATCH 06/11] ocsp: disable OCSP_basic_verify() workaround on LibreSSL 3.5 The workaround is not needed on LibreSSL 3.5. LibreSSL 3.5 at the same time made the structure opaque, so it does not compile. This is a patch to the 2.2 branch; the code no longer exists in v3.0. --- ext/openssl/ossl_ocsp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index 7a92e5df6..450a08950 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -1069,7 +1069,8 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self) x509st = GetX509StorePtr(store); flg = NIL_P(flags) ? 0 : NUM2INT(flags); x509s = ossl_x509_ary2sk(certs); -#if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || defined(LIBRESSL_VERSION_NUMBER) +#if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || \ + defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000 /* * OpenSSL had a bug that it doesn't use the certificates in x509s for * verifying the chain. This can be a problem when the response is signed by From ec19e47a0ac520911435b5b49c0335a2ed02e144 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Sat, 22 Feb 2020 05:37:01 +0900 Subject: [PATCH 07/11] ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs [ This is a backport to the 2.2 branch to fix build with LibreSSL. ] OpenSSL 3.0 fixed the typo in the function name and replaced the current 'CTS' version with a macro. (cherry picked from commit 2be6779b08161a084a1a5d2758de21a913740b94) --- ext/openssl/extconf.rb | 5 ++++- ext/openssl/openssl_missing.h | 5 +++++ ext/openssl/ossl_ts.c | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 0dc1a5eb4..ada1f3f81 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -176,13 +176,16 @@ def find_openssl_library have_func("TS_STATUS_INFO_get0_status") have_func("TS_STATUS_INFO_get0_text") have_func("TS_STATUS_INFO_get0_failure_info") -have_func("TS_VERIFY_CTS_set_certs") +have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h") have_func("TS_VERIFY_CTX_set_store") have_func("TS_VERIFY_CTX_add_flags") have_func("TS_RESP_CTX_set_time_cb") have_func("EVP_PBE_scrypt") have_func("SSL_CTX_set_post_handshake_auth") +# added in 3.0.0 +have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h") + Logging::message "=== Checking done. ===\n" create_header diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 7d218f86f..42b3cca5b 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -254,4 +254,9 @@ IMPL_PKEY_GETTER(EC_KEY, ec) } while (0) #endif +/* added in 3.0.0 */ +#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS) +# define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts) +#endif + #endif /* _OSSL_OPENSSL_MISSING_H_ */ diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c index cff9b7bff..821741553 100644 --- a/ext/openssl/ossl_ts.c +++ b/ext/openssl/ossl_ts.c @@ -820,7 +820,7 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self) X509_up_ref(cert); } - TS_VERIFY_CTS_set_certs(ctx, x509inter); + TS_VERIFY_CTX_set_certs(ctx, x509inter); TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE); TS_VERIFY_CTX_set_store(ctx, x509st); From 04acccd69263dc0818aa5e2180f70e8514388e43 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 23 Dec 2022 08:40:26 +0900 Subject: [PATCH 08/11] Ruby/OpenSSL 2.2.3 --- History.md | 15 +++++++++++++++ lib/openssl/version.rb | 2 +- openssl.gemspec | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/History.md b/History.md index 60b9dd882..b4dddd17a 100644 --- a/History.md +++ b/History.md @@ -1,3 +1,18 @@ +Version 2.2.3 +============= + +Bug fixes +--------- + +* Fix serveral methods in OpenSSL::PKey::EC::Point attempting to raise an error + with an incorrect class, which would end up with a TypeError. + [[GitHub #570]](https://github.com/ruby/openssl/pull/570) +* Fix OpenSSL::PKey::EC::Point#eql? and OpenSSL::PKey::EC::Group#eql? + incorrectly treated OpenSSL's internal errors as "not equal". + [[GitHub #564]](https://github.com/ruby/openssl/pull/564) +* Fix build with LibreSSL 3.5 or later. + + Version 2.2.2 ============= diff --git a/lib/openssl/version.rb b/lib/openssl/version.rb index 89e052069..4bb2ca125 100644 --- a/lib/openssl/version.rb +++ b/lib/openssl/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module OpenSSL - VERSION = "2.2.2" + VERSION = "2.2.3" end diff --git a/openssl.gemspec b/openssl.gemspec index c8e3cc3fc..426cbfb6f 100644 --- a/openssl.gemspec +++ b/openssl.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |spec| spec.name = "openssl" - spec.version = "2.2.2" + spec.version = "2.2.3" spec.authors = ["Martin Bosslet", "SHIBATA Hiroshi", "Zachary Scott", "Kazuki Yamaguchi"] spec.email = ["ruby-core@ruby-lang.org"] spec.summary = %q{OpenSSL provides SSL, TLS and general purpose cryptography.} From 394ca93fe94d75387816bec9089e6efdcc10bc13 Mon Sep 17 00:00:00 2001 From: Jeremy Evans Date: Fri, 25 Mar 2022 13:39:45 -0700 Subject: [PATCH 09/11] Fix operator precedence in OSSL_OPENSSL_PREREQ and OSSL_LIBRESSL_PREREQ [ This is a backport to the 3.0 branch. ] (cherry picked from commit b02815271fcc295cb8b07ef740684b88a10f2760) --- ext/openssl/ossl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index 4b5126893..2ab8aeaeb 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -43,13 +43,13 @@ #ifndef LIBRESSL_VERSION_NUMBER # define OSSL_IS_LIBRESSL 0 # define OSSL_OPENSSL_PREREQ(maj, min, pat) \ - (OPENSSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12)) + (OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12))) # define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0 #else # define OSSL_IS_LIBRESSL 1 # define OSSL_OPENSSL_PREREQ(maj, min, pat) 0 # define OSSL_LIBRESSL_PREREQ(maj, min, pat) \ - (LIBRESSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12)) + (LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12))) #endif #if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0) From 1f4c9d860d426f6335524fdb31128c76d65dcd73 Mon Sep 17 00:00:00 2001 From: Jeremy Evans Date: Fri, 25 Mar 2022 13:11:31 -0700 Subject: [PATCH 10/11] Fix build with LibreSSL 3.5 [ This is a backport to the 3.0 branch. ] (cherry picked from commit e25fb0d0d86da5a9398ebdc9216b2ea89f80fa3d) --- ext/openssl/ossl_pkey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index ee143d66e..ec39e8bd7 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -710,7 +710,7 @@ ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self, int to_der) } } else { -#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) +#if OSSL_OPENSSL_PREREQ(1, 1, 0) || OSSL_LIBRESSL_PREREQ(3, 5, 0) if (!PEM_write_bio_PrivateKey_traditional(bio, pkey, enc, NULL, 0, ossl_pem_passwd_cb, (void *)pass)) { From 466d1be205901c19c2b61bbeba13177bef758b99 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 23 Dec 2022 08:49:36 +0900 Subject: [PATCH 11/11] Ruby/OpenSSL 3.0.2 --- History.md | 14 ++++++++++++++ lib/openssl/version.rb | 2 +- openssl.gemspec | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/History.md b/History.md index de13e1f32..876c37a31 100644 --- a/History.md +++ b/History.md @@ -1,3 +1,17 @@ +Version 3.0.2 +============= + +Merged changes in 2.2.3. Additionally, the following issues are fixed by this +release. + +Bug fixes +--------- + +* Fix OpenSSL::PKey::EC#check_key not working correctly on OpenSSL 3.0. + [[GitHub #563]](https://github.com/ruby/openssl/issues/563) + [[GitHub #580]](https://github.com/ruby/openssl/pull/580) + + Version 3.0.1 ============= diff --git a/lib/openssl/version.rb b/lib/openssl/version.rb index b9e8444d4..194e4fb77 100644 --- a/lib/openssl/version.rb +++ b/lib/openssl/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module OpenSSL - VERSION = "3.0.1" + VERSION = "3.0.2" end diff --git a/openssl.gemspec b/openssl.gemspec index 1c13505b9..1c6f0fcb9 100644 --- a/openssl.gemspec +++ b/openssl.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |spec| spec.name = "openssl" - spec.version = "3.0.1" + spec.version = "3.0.2" spec.authors = ["Martin Bosslet", "SHIBATA Hiroshi", "Zachary Scott", "Kazuki Yamaguchi"] spec.email = ["ruby-core@ruby-lang.org"] spec.summary = %q{OpenSSL provides SSL, TLS and general purpose cryptography.}