From a3d230d4e08bef42e0ab9071bd0c03731724d4e9 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 23 Dec 2022 04:06:12 +0900 Subject: [PATCH 1/3] test/openssl/test_ssl.rb: do not run SSL tests if not available --- test/openssl/test_pair.rb | 2 +- test/openssl/test_ssl.rb | 2 +- test/openssl/test_ssl_session.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb index 4249b4afb..14786100d 100644 --- a/test/openssl/test_pair.rb +++ b/test/openssl/test_pair.rb @@ -2,7 +2,7 @@ require_relative 'utils' require_relative 'ut_eof' -if defined?(OpenSSL) +if defined?(OpenSSL::SSL) module OpenSSL::SSLPairM def setup diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 945cc7c48..fc1c8d122 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::SSL) class OpenSSL::TestSSL < OpenSSL::SSLTestCase def test_bad_socket diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index b72b10d3b..b243201e1 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true require_relative "utils" -if defined?(OpenSSL) +if defined?(OpenSSL::SSL) class OpenSSL::TestSSLSession < OpenSSL::SSLTestCase def test_session From eed3894bdab29fc889ce76fc345927bf63cf9b6d Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 23 Dec 2022 04:34:43 +0900 Subject: [PATCH 2/3] ssl: remove OpenSSL::ExtConfig This module was introduced in 2015 for internal use within this library. Neither of the two constants in it is used anymore. I don't think we will be adding a new constant in the foreseeable future, either. OPENSSL_NO_SOCK is unused since commit 998d66712a78 (r55191). HAVE_TLSEXT_HOST_NAME is unused since commit 4eb4b3297a92. --- ext/openssl/ossl_ssl.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 478ff869a..9af1675b5 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -30,7 +30,6 @@ } while (0) VALUE mSSL; -static VALUE mSSLExtConfig; static VALUE eSSLError; VALUE cSSLContext; VALUE cSSLSocket; @@ -2588,16 +2587,6 @@ Init_ossl_ssl(void) */ mSSL = rb_define_module_under(mOSSL, "SSL"); - /* Document-module: OpenSSL::ExtConfig - * - * This module contains configuration information about the SSL extension, - * for example if socket support is enabled, or the host name TLS extension - * is enabled. Constants in this module will always be defined, but contain - * +true+ or +false+ values depending on the configuration of your OpenSSL - * installation. - */ - mSSLExtConfig = rb_define_module_under(mOSSL, "ExtConfig"); - /* Document-class: OpenSSL::SSL::SSLError * * Generic error class raised by SSLSocket and SSLContext. @@ -2760,8 +2749,6 @@ Init_ossl_ssl(void) */ rb_attr(cSSLContext, rb_intern_const("session_remove_cb"), 1, 1, Qfalse); - rb_define_const(mSSLExtConfig, "HAVE_TLSEXT_HOST_NAME", Qtrue); - /* * A callback invoked whenever a new handshake is initiated on an * established connection. May be used to disable renegotiation entirely. @@ -2953,10 +2940,8 @@ Init_ossl_ssl(void) */ cSSLSocket = rb_define_class_under(mSSL, "SSLSocket", rb_cObject); #ifdef OPENSSL_NO_SOCK - rb_define_const(mSSLExtConfig, "OPENSSL_NO_SOCK", Qtrue); rb_define_method(cSSLSocket, "initialize", rb_f_notimplement, -1); #else - rb_define_const(mSSLExtConfig, "OPENSSL_NO_SOCK", Qfalse); rb_define_alloc_func(cSSLSocket, ossl_ssl_s_alloc); rb_define_method(cSSLSocket, "initialize", ossl_ssl_initialize, -1); rb_undef_method(cSSLSocket, "initialize_copy"); From b0cfac6a960591501e218efe47ab0815d1e2b9f8 Mon Sep 17 00:00:00 2001 From: Yuta Saito Date: Mon, 31 Oct 2022 11:07:57 +0000 Subject: [PATCH 3/3] Undefine `OpenSSL::SSL` for no socket platforms This fixes a linkage error about `ossl_ssl_type` on platforms which do not have socket, like WASI. Even before this patch, some items are disabled under `OPENSSL_NO_SOCK` since https://github.com/ruby/ruby/commit/ee22fad45d394818690c4a7586d7bb576ba67c56 However, due to some new use of OpenSSL::SSL::Socket over the past few years, the build under `OPENSSL_NO_SOCK` had been broken. This patch guards whole `OpenSSL::SSL` items by `OPENSSL_NO_SOCK`. [ky: adjusted to apply on top of my previous commit that removed the OpenSSL::ExtConfig, and added a guard to lib/openssl/ssl.rb.] --- ext/openssl/ossl_ssl.c | 8 +++----- ext/openssl/ossl_ssl_session.c | 4 ++++ lib/openssl/ssl.rb | 5 +++++ 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 9af1675b5..4ac740dbc 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -11,6 +11,7 @@ */ #include "ossl.h" +#ifndef OPENSSL_NO_SOCK #define numberof(ary) (int)(sizeof(ary)/sizeof((ary)[0])) #if !defined(TLS1_3_VERSION) && \ @@ -1537,7 +1538,6 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self) /* * SSLSocket class */ -#ifndef OPENSSL_NO_SOCK static inline int ssl_started(SSL *ssl) { @@ -2565,6 +2565,7 @@ Init_ossl_ssl(void) rb_mWaitWritable = rb_define_module_under(rb_cIO, "WaitWritable"); #endif +#ifndef OPENSSL_NO_SOCK id_call = rb_intern_const("call"); ID_callback_state = rb_intern_const("callback_state"); @@ -2939,9 +2940,6 @@ Init_ossl_ssl(void) * Document-class: OpenSSL::SSL::SSLSocket */ cSSLSocket = rb_define_class_under(mSSL, "SSLSocket", rb_cObject); -#ifdef OPENSSL_NO_SOCK - rb_define_method(cSSLSocket, "initialize", rb_f_notimplement, -1); -#else rb_define_alloc_func(cSSLSocket, ossl_ssl_s_alloc); rb_define_method(cSSLSocket, "initialize", ossl_ssl_initialize, -1); rb_undef_method(cSSLSocket, "initialize_copy"); @@ -2976,7 +2974,6 @@ Init_ossl_ssl(void) # ifndef OPENSSL_NO_NEXTPROTONEG rb_define_method(cSSLSocket, "npn_protocol", ossl_ssl_npn_protocol, 0); # endif -#endif rb_define_const(mSSL, "VERIFY_NONE", INT2NUM(SSL_VERIFY_NONE)); rb_define_const(mSSL, "VERIFY_PEER", INT2NUM(SSL_VERIFY_PEER)); @@ -3138,4 +3135,5 @@ Init_ossl_ssl(void) DefIVarID(io); DefIVarID(context); DefIVarID(hostname); +#endif /* !defined(OPENSSL_NO_SOCK) */ } diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index 92eb1365f..139a474b0 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -4,6 +4,7 @@ #include "ossl.h" +#ifndef OPENSSL_NO_SOCK VALUE cSSLSession; static VALUE eSSLSession; @@ -299,6 +300,7 @@ static VALUE ossl_ssl_session_to_text(VALUE self) return ossl_membio2str(out); } +#endif /* !defined(OPENSSL_NO_SOCK) */ void Init_ossl_ssl_session(void) { @@ -307,6 +309,7 @@ void Init_ossl_ssl_session(void) mSSL = rb_define_module_under(mOSSL, "SSL"); eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); #endif +#ifndef OPENSSL_NO_SOCK cSSLSession = rb_define_class_under(mSSL, "Session", rb_cObject); eSSLSession = rb_define_class_under(cSSLSession, "SessionError", eOSSLError); @@ -324,4 +327,5 @@ void Init_ossl_ssl_session(void) rb_define_method(cSSLSession, "to_der", ossl_ssl_session_to_der, 0); rb_define_method(cSSLSession, "to_pem", ossl_ssl_session_to_pem, 0); rb_define_method(cSSLSession, "to_text", ossl_ssl_session_to_text, 0); +#endif /* !defined(OPENSSL_NO_SOCK) */ } diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb index a9103ecd2..ea8bb2a18 100644 --- a/lib/openssl/ssl.rb +++ b/lib/openssl/ssl.rb @@ -11,6 +11,9 @@ =end require "openssl/buffering" + +if defined?(OpenSSL::SSL) + require "io/nonblock" require "ipaddr" require "socket" @@ -540,3 +543,5 @@ def close end end end + +end