You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

63 lines
1.9KB

  1. diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
  2. index 57519f2..c5b0c8b 100644
  3. --- a/ext/openssl/lib/openssl/ssl.rb
  4. +++ b/ext/openssl/lib/openssl/ssl.rb
  5. @@ -105,11 +105,12 @@ class SSLContext
  6. # SSLContext.new("SSLv23_client") => ctx
  7. #
  8. # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
  9. - def initialize(version = nil)
  10. + def initialize(version = nil, fallback_scsv = false)
  11. INIT_VARS.each { |v| instance_variable_set v, nil }
  12. self.options = self.options | OpenSSL::SSL::OP_ALL
  13. return unless version
  14. self.ssl_version = version
  15. + self.enable_fallback_scsv if fallback_scsv
  16. end
  17. ##
  18. diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
  19. index bcc624f..0c1780b 100644
  20. --- a/ext/openssl/ossl_ssl.c
  21. +++ b/ext/openssl/ossl_ssl.c
  22. @@ -978,6 +978,31 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
  23. return v;
  24. }
  25. +/*
  26. + * call-seq:
  27. + * ctx.enable_fallback_scsv() => nil
  28. + *
  29. + * Activate TLS_FALLBACK_SCSV for this context.
  30. + * See RFC 7507.
  31. + */
  32. +static VALUE
  33. +ossl_sslctx_enable_fallback_scsv(VALUE self)
  34. +{
  35. + SSL_CTX *ctx;
  36. +
  37. + GetSSLCTX(self, ctx);
  38. + if(!ctx){
  39. + rb_warning("SSL_CTX is not initialized.");
  40. + return Qnil;
  41. + }
  42. +
  43. + long modes = SSL_CTX_get_mode(ctx);
  44. + modes |= SSL_MODE_SEND_FALLBACK_SCSV;
  45. + SSL_CTX_set_mode(ctx, modes);
  46. +
  47. + return Qnil;
  48. +}
  49. +
  50. #if !defined(OPENSSL_NO_EC)
  51. /*
  52. * call-seq:
  53. @@ -2330,6 +2355,7 @@ Init_ossl_ssl(void)
  54. rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
  55. rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
  56. rb_define_method(cSSLContext, "ecdh_curves=", ossl_sslctx_set_ecdh_curves, 1);
  57. + rb_define_method(cSSLContext, "enable_fallback_scsv", ossl_sslctx_enable_fallback_scsv, 0);
  58. rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0);