Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Miscellaneous changes for OpenSSL 3.0 support #468

Merged
merged 13 commits into from
Oct 24, 2021
+168 −150
Merged

Miscellaneous changes for OpenSSL 3.0 support #468

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
00abee7
ext/openssl/ossl.h: add helper macros for OpenSSL/LibreSSL versions
rhenium Sep 27, 2021
8e98d2e
ossl.c: use ERR_get_error_all() if available
rhenium Feb 22, 2020
2be6779
ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs
rhenium Feb 21, 2020
5375a55
ssl: use SSL_CTX_load_verify_{file,dir}() if available
rhenium Feb 21, 2020
e95ee24
ssl: use SSL_get_rbio() to check if SSL is started or not
rhenium Mar 19, 2021
90d51ef
bn: use BN_check_prime() in OpenSSL::BN#prime{,_fasttest}?
rhenium Feb 21, 2020
0a25302
digest: use EVP_MD_CTX_get0_md() instead of EVP_MD_CTX_md() if exists
rhenium Apr 22, 2021
c106d88
hmac: use EVP_MD_CTX_get_pkey_ctx() instead of EVP_MD_CTX_pkey_ctx()
rhenium Jun 22, 2021
e2cc81f
pkey/ec: deprecate PKey::EC::Point#make_affine! and make it a no-op
rhenium Jun 30, 2020
e93a5fd
pkey/ec: use EC_GROUP_free() instead of EC_GROUP_clear_free()
rhenium Feb 21, 2020
d42bd7f
pkey, ssl: use EVP_PKEY_eq() instead of EVP_PKEY_cmp()
rhenium May 17, 2021
2d34e85
bn: make BN.pseudo_rand{,_range} an alias of BN.rand{,_range}
rhenium Mar 20, 2021
7c2fc00
bn: expand BIGNUM_RAND and BIGNUM_RAND_RANGE macros
rhenium Oct 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs 
OpenSSL 3.0 fixed the typo in the function name and replaced the
current 'CTS' version with a macro.
@rhenium
rhenium committed Oct 24, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
commit 2be6779b08161a084a1a5d2758de21a913740b94
3 changes: 2 additions & 1 deletion ext/openssl/extconf.rb
View file
Original file line number Diff line number Diff line change
@@ -160,7 +160,7 @@ def find_openssl_library
have_func("TS_STATUS_INFO_get0_status")
have_func("TS_STATUS_INFO_get0_text")
have_func("TS_STATUS_INFO_get0_failure_info")
have_func("TS_VERIFY_CTS_set_certs")
have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h")
have_func("TS_VERIFY_CTX_set_store")
have_func("TS_VERIFY_CTX_add_flags")
have_func("TS_RESP_CTX_set_time_cb")
@@ -173,6 +173,7 @@ def find_openssl_library
# added in 3.0.0
have_func("SSL_set0_tmp_dh_pkey")
have_func("ERR_get_error_all")
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")

Logging::message "=== Checking done. ===\n"

5 changes: 5 additions & 0 deletions ext/openssl/openssl_missing.h
View file
Original file line number Diff line number Diff line change
@@ -214,4 +214,9 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
} while (0)
#endif

/* added in 3.0.0 */
#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
# define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
#endif

#endif /* _OSSL_OPENSSL_MISSING_H_ */
2 changes: 1 addition & 1 deletion ext/openssl/ossl_ts.c
View file
Original file line number Diff line number Diff line change
@@ -826,7 +826,7 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self)
X509_up_ref(cert);
}

TS_VERIFY_CTS_set_certs(ctx, x509inter);
TS_VERIFY_CTX_set_certs(ctx, x509inter);
TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE);
TS_VERIFY_CTX_set_store(ctx, x509st);