12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- diff --git a/ext/openssl/deprecation.rb b/ext/openssl/deprecation.rb
- index d773536..f4a6c4b 100644
- --- a/ext/openssl/deprecation.rb
- +++ b/ext/openssl/deprecation.rb
- @@ -19,4 +19,9 @@ def self.check_func(func, header)
- have_func(func, header, deprecated_warning_flag) and
- have_header(header, nil, deprecated_warning_flag)
- end
- +
- + def self.check_func_or_macro(func, header)
- + check_func(func, header) or
- + have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
- + end
- end
- diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
- index 9893757..bcb167e 100644
- --- a/ext/openssl/lib/openssl/ssl.rb
- +++ b/ext/openssl/lib/openssl/ssl.rb
- @@ -105,11 +105,12 @@ class SSLContext
- # SSLContext.new("SSLv23_client") => ctx
- #
- # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
- - def initialize(version = nil)
- + def initialize(version = nil, fallback_scsv: false)
- INIT_VARS.each { |v| instance_variable_set v, nil }
- self.options = self.options | OpenSSL::SSL::OP_ALL
- return unless version
- self.ssl_version = version
- + self.enable_fallback_scsv if fallback_scsv
- end
-
- ##
- diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
- index cc17a0c..9f7ee0b 100644
- --- a/ext/openssl/ossl_ssl.c
- +++ b/ext/openssl/ossl_ssl.c
- @@ -978,6 +978,31 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
- return v;
- }
-
- +/*
- + * call-seq:
- + * ctx.enable_fallback_scsv() => nil
- + *
- + * Activate TLS_FALLBACK_SCSV for this context.
- + * See RFC 7507.
- + */
- +static VALUE
- +ossl_sslctx_enable_fallback_scsv(VALUE self)
- +{
- + SSL_CTX *ctx;
- +
- + GetSSLCTX(self, ctx);
- + if(!ctx){
- + rb_warning("SSL_CTX is not initialized.");
- + return Qnil;
- + }
- +
- + long modes = SSL_CTX_get_mode(ctx);
- + modes |= SSL_MODE_SEND_FALLBACK_SCSV;
- + SSL_CTX_set_mode(ctx, modes);
- +
- + return Qnil;
- +}
- +
- #if !defined(OPENSSL_NO_EC)
- /*
- * call-seq:
- @@ -2330,6 +2355,7 @@ Init_ossl_ssl(void)
- rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
- rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
- rb_define_method(cSSLContext, "ecdh_curves=", ossl_sslctx_set_ecdh_curves, 1);
- + rb_define_method(cSSLContext, "enable_fallback_scsv", ossl_sslctx_enable_fallback_scsv, 0);
-
- rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0);
-
|