diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0c6053158..985a626b3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -73,15 +73,16 @@ jobs: - openssl-1.0.1u # EOL - openssl-1.0.2u # EOL - openssl-1.1.0l # EOL - - openssl-1.1.1d + - openssl-1.1.1g # - libressl-2.3.7 # EOL # - libressl-2.4.5 # EOL # - libressl-2.5.5 # EOL # - libressl-2.6.5 # EOL - - libressl-2.7.5 # EOL - - libressl-2.8.3 # EOL - - libressl-2.9.2 + # - libressl-2.7.5 # EOL + # - libressl-2.8.3 # EOL + - libressl-2.9.2 # EOL - libressl-3.0.2 + - libressl-3.1.1 steps: - name: repo checkout uses: actions/checkout@v2 diff --git a/History.md b/History.md index 9e4294491..a4a82a146 100644 --- a/History.md +++ b/History.md @@ -1,4 +1,4 @@ -Version 2.2.0 (not yet released) +Version 2.2.0 ============= Compatibility notes diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index 8074afcd7..c20f506bd 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -88,9 +88,8 @@ VALUE ossl_buf2str(char *buf, int len); VALUE ossl_str_new(const char *, long, int *); #define ossl_str_adjust(str, p) \ do{\ - long len = RSTRING_LEN(str);\ long newlen = (long)((p) - (unsigned char*)RSTRING_PTR(str));\ - assert(newlen <= len);\ + assert(newlen <= RSTRING_LEN(str));\ rb_str_set_len((str), newlen);\ }while(0) /* diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 34bb636ea..fe2e85b86 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -1329,21 +1329,6 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self) return self; } -static VALUE -ossl_sslctx_add_certificate_chain_file(VALUE self, VALUE path) -{ - SSL_CTX *ctx; - int ret; - - GetSSLCTX(self, ctx); - StringValueCStr(path); - ret = SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(path)); - if (ret != 1) - ossl_raise(eSSLError, "SSL_CTX_use_certificate_chain_file"); - - return Qtrue; -} - /* * call-seq: * ctx.session_add(session) -> true | false @@ -2324,7 +2309,7 @@ ossl_ssl_get_verify_result(VALUE self) GetSSL(self, ssl); - return INT2NUM(SSL_get_verify_result(ssl)); + return LONG2NUM(SSL_get_verify_result(ssl)); } /* @@ -2795,7 +2780,6 @@ Init_ossl_ssl(void) rb_define_method(cSSLContext, "enable_fallback_scsv", ossl_sslctx_enable_fallback_scsv, 0); #endif rb_define_method(cSSLContext, "add_certificate", ossl_sslctx_add_certificate, -1); - rb_define_method(cSSLContext, "add_certificate_chain_file", ossl_sslctx_add_certificate_chain_file, 1); rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0); rb_define_alias(cSSLContext, "freeze", "setup"); diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 4598927a1..6095d545b 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -189,34 +189,6 @@ def test_add_certificate_multiple_certs end end - def test_add_certificate_chain_file - # Create chain certificates file - certs = Tempfile.open { |f| f << @svr_cert.to_pem << @ca_cert.to_pem; f } - pkey = Tempfile.open { |f| f << @svr_key.to_pem; f } - - ctx_proc = -> ctx { - # FIXME: This is a temporary test case written just to match the current - # state. ctx.add_certificate_chain_file should take two arguments. - ctx.add_certificate_chain_file(certs.path) - # # Unset values set by start_server - # ctx.cert = ctx.key = ctx.extra_chain_cert = nil - # assert_nothing_raised { ctx.add_certificate_chain_file(certs.path, pkey.path) } - } - - start_server(ctx_proc: ctx_proc) { |port| - server_connect(port) { |ssl| - assert_equal @svr_cert.subject, ssl.peer_cert.subject - assert_equal [@svr_cert.subject, @ca_cert.subject], - ssl.peer_cert_chain.map(&:subject) - - ssl.puts "abc"; assert_equal "abc\n", ssl.gets - } - } - ensure - certs&.unlink - pkey&.unlink - end - def test_sysread_and_syswrite start_server { |port| server_connect(port) { |ssl|