Support for DH parameters

v1
Nicolas Vinot 2015-08-04 00:44:52 +02:00
parent 340c4a445d
commit 5d4da09550
2 changed files with 49 additions and 14 deletions

View File

@ -1,7 +1,7 @@
PWD = $(shell pwd)
export CPATH = $(PWD)/openssl/include
export LIBRARY_PATH = $(PWD)/openssl
OPENSSL_VERSION = 1.0.1m
OPENSSL_VERSION = 1.0.2d
OPENSSL_DIR = openssl-$(OPENSSL_VERSION)
RUBY_MAJOR_VERSION = 2.2
RUBY_VERSION = $(RUBY_MAJOR_VERSION).2
@ -16,16 +16,22 @@ all: libs ext
clean:
rm -rf $(RUBY_DIR) $(OPENSSL_DIR)
clean-libs:
find $(OPENSSL_DIR) \( -name "*.o" -o -name "*.so" \) -delete
rm -f lib/libcrypto.so lib/libssl.so
clean-ext:
find $(RUBY_OPENSSL_EXT_DIR) \( -name "*.o" -o -name "*.so" \) -delete
rm -f lib/openssl.so
mr-proper: clean
rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so
rm -rf lib/libcrypto.so lib/libssl.so lib/openssl.so
$(OPENSSL_DIR)/:
wget https://www.openssl.org/source/$(OPENSSL_DIR).tar.gz
tar xf $(OPENSSL_DIR).tar.gz
rm -rf $(OPENSSL_DIR).tar.gz
$(OPENSSL_DIR)/Makefile: $(OPENSSL_DIR)/
$(OPENSSL_DIR)/Makefile: | $(OPENSSL_DIR)/
cd $(OPENSSL_DIR); ./config shared
$(OPENSSL_DIR)/libssl.so.1.0.0 $(OPENSSL_DIR)/libcrypto.so.1.0.0: $(OPENSSL_DIR)/Makefile
@ -34,19 +40,16 @@ $(OPENSSL_DIR)/libssl.so.1.0.0 $(OPENSSL_DIR)/libcrypto.so.1.0.0: $(OPENSSL_DIR)
lib/%.so.1.0.0: $(OPENSSL_DIR)/%.so.1.0.0
cp $< $@
lib/%.so: lib/%.so.1.0.0
ln -s $(notdir $<) $@
libs: lib/libssl.so.1.0.0 lib/libcrypto.so.1.0.0
libs: lib/libssl.so lib/libcrypto.so
$(RUBY_DIR):
$(RUBY_DIR)/:
wget http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_DIR).tar.gz
tar xf $(RUBY_DIR).tar.gz
rm -f $(RUBY_DIR).tar.gz
$(RUBY_OPENSSL_EXT_DIR)/Makefile: libs $(RUBY_DIR)
$(RUBY_OPENSSL_EXT_DIR)/Makefile: libs | $(RUBY_DIR)/
cd $(RUBY_OPENSSL_EXT_DIR); ruby extconf.rb
patch $@ patch
patch -p0 -d $(RUBY_OPENSSL_EXT_DIR) < patch
$(RUBY_OPENSSL_EXT_DIR)/openssl.so: libs $(RUBY_OPENSSL_EXT_DIR)/Makefile
$(MAKE) -C $(RUBY_OPENSSL_EXT_DIR)
@ -54,4 +57,4 @@ $(RUBY_OPENSSL_EXT_DIR)/openssl.so: libs $(RUBY_OPENSSL_EXT_DIR)/Makefile
lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
cp $< $@
ext: lib/openssl.so
ext: lib/openssl.so

38
patch
View File

@ -1,6 +1,6 @@
--- Makefile 2014-12-13 01:20:15.025576957 +0100
+++ Makefile 2014-12-13 01:26:44.801203932 +0100
@@ -60,6 +60,7 @@
--- Makefile 2014-12-12 22:58:34.000000000 +0100
+++ Makefile 2015-08-03 23:40:32.177619138 +0200
@@ -61,6 +61,7 @@
sbindir = $(exec_prefix)/sbin
bindir = $(exec_prefix)/bin
archdir = $(rubyarchdir)
@ -8,3 +8,35 @@
CC = gcc
--- ossl_ssl.c 2014-12-12 22:58:34.000000000 +0100
+++ ossl_ssl.c 2015-08-03 23:40:32.177619138 +0200
@@ -1878,6 +1878,19 @@
# endif
#endif /* !defined(OPENSSL_NO_SOCK) */
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+static VALUE
+ossl_ssl_tmp_key(VALUE self)
+{
+ SSL *ssl;
+ EVP_PKEY *key;
+ ossl_ssl_data_get_struct(self, ssl);
+ if (!SSL_get_server_tmp_key(ssl, &key))
+ return Qnil;
+ return ossl_pkey_new(key);
+}
+#endif
+
void
Init_ossl_ssl(void)
{
@@ -2238,6 +2241,9 @@
rb_define_method(cSSLSocket, "session=", ossl_ssl_set_session, 1);
rb_define_method(cSSLSocket, "verify_result", ossl_ssl_get_verify_result, 0);
rb_define_method(cSSLSocket, "client_ca", ossl_ssl_get_client_ca_list, 0);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ rb_define_method(cSSLSocket, "tmp_key", ossl_ssl_tmp_key, 0);
+#endif
# ifdef HAVE_OPENSSL_NPN_NEGOTIATED
rb_define_method(cSSLSocket, "npn_protocol", ossl_ssl_npn_protocol, 0);
# endif