* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): extract callback
lookup to private Ruby methods. This means we can keep the default DH callback logic hidden from consumers. Also, since the SSLSocket always has a context, we can remove conditionals about that instance. * ext/openssl/ossl_ssl.c: move callback lookup methods to private Ruby methods. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
6373a1acc6
commit
1cb9949fad
11
ChangeLog
11
ChangeLog
@ -1,3 +1,14 @@
|
|||||||
|
Tue Aug 4 16:53:43 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
||||||
|
|
||||||
|
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): extract callback
|
||||||
|
lookup to private Ruby methods. This means we can keep the default
|
||||||
|
DH callback logic hidden from consumers. Also, since the SSLSocket
|
||||||
|
always has a context, we can remove conditionals about that
|
||||||
|
instance.
|
||||||
|
|
||||||
|
* ext/openssl/ossl_ssl.c: move callback lookup methods to private Ruby
|
||||||
|
methods.
|
||||||
|
|
||||||
Tue Aug 4 16:40:26 2015 Koichi Sasada <ko1@atdot.net>
|
Tue Aug 4 16:40:26 2015 Koichi Sasada <ko1@atdot.net>
|
||||||
|
|
||||||
* test/ruby/test_module.rb: should not expect a method table ordering.
|
* test/ruby/test_module.rb: should not expect a method table ordering.
|
||||||
|
@ -92,7 +92,7 @@ module OpenSSL
|
|||||||
# The callback must return an OpenSSL::PKey::DH instance of the correct
|
# The callback must return an OpenSSL::PKey::DH instance of the correct
|
||||||
# key length.
|
# key length.
|
||||||
|
|
||||||
attr_writer :tmp_dh_callback
|
attr_accessor :tmp_dh_callback
|
||||||
|
|
||||||
# call-seq:
|
# call-seq:
|
||||||
# SSLContext.new => ctx
|
# SSLContext.new => ctx
|
||||||
@ -125,10 +125,6 @@ module OpenSSL
|
|||||||
end
|
end
|
||||||
return params
|
return params
|
||||||
end
|
end
|
||||||
|
|
||||||
def tmp_dh_callback
|
|
||||||
@tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
module SocketForwarder
|
module SocketForwarder
|
||||||
@ -290,6 +286,26 @@ module OpenSSL
|
|||||||
ctx.ciphers = "aNULL"
|
ctx.ciphers = "aNULL"
|
||||||
ctx.ciphers.include?(cipher)
|
ctx.ciphers.include?(cipher)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def client_cert_cb
|
||||||
|
@context.client_cert_cb
|
||||||
|
end
|
||||||
|
|
||||||
|
def tmp_dh_callback
|
||||||
|
@context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
|
||||||
|
end
|
||||||
|
|
||||||
|
def tmp_ecdh_callback
|
||||||
|
@context.tmp_ecdh_callback
|
||||||
|
end
|
||||||
|
|
||||||
|
def session_new_cb
|
||||||
|
@context.session_new_cb
|
||||||
|
end
|
||||||
|
|
||||||
|
def session_get_cb
|
||||||
|
@context.session_get_cb
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
##
|
##
|
||||||
|
@ -132,7 +132,6 @@ static const struct {
|
|||||||
int ossl_ssl_ex_vcb_idx;
|
int ossl_ssl_ex_vcb_idx;
|
||||||
int ossl_ssl_ex_store_p;
|
int ossl_ssl_ex_store_p;
|
||||||
int ossl_ssl_ex_ptr_idx;
|
int ossl_ssl_ex_ptr_idx;
|
||||||
int ossl_ssl_ex_client_cert_cb_idx;
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
ossl_sslctx_free(void *ptr)
|
ossl_sslctx_free(void *ptr)
|
||||||
@ -169,6 +168,8 @@ ossl_sslctx_s_alloc(VALUE klass)
|
|||||||
}
|
}
|
||||||
SSL_CTX_set_mode(ctx, mode);
|
SSL_CTX_set_mode(ctx, mode);
|
||||||
RTYPEDDATA_DATA(obj) = ctx;
|
RTYPEDDATA_DATA(obj) = ctx;
|
||||||
|
SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)obj);
|
||||||
|
|
||||||
return obj;
|
return obj;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -211,11 +212,9 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
|
|||||||
static VALUE
|
static VALUE
|
||||||
ossl_call_client_cert_cb(VALUE obj)
|
ossl_call_client_cert_cb(VALUE obj)
|
||||||
{
|
{
|
||||||
VALUE cb, ary, cert, key;
|
VALUE cb, ary, cert, key, ctx;
|
||||||
SSL *ssl;
|
|
||||||
|
|
||||||
GetSSL(obj, ssl);
|
cb = rb_funcall(obj, rb_intern("client_cert_cb"), 0);
|
||||||
cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_client_cert_cb_idx);
|
|
||||||
if (NIL_P(cb)) return Qfalse;
|
if (NIL_P(cb)) return Qfalse;
|
||||||
ary = rb_funcall(cb, rb_intern("call"), 1, obj);
|
ary = rb_funcall(cb, rb_intern("call"), 1, obj);
|
||||||
Check_Type(ary, T_ARRAY);
|
Check_Type(ary, T_ARRAY);
|
||||||
@ -233,8 +232,7 @@ ossl_client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
|
|||||||
VALUE obj, success;
|
VALUE obj, success;
|
||||||
|
|
||||||
obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
|
obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
|
||||||
success = rb_protect((VALUE(*)_((VALUE)))ossl_call_client_cert_cb,
|
success = rb_protect(ossl_call_client_cert_cb, obj, NULL);
|
||||||
obj, NULL);
|
|
||||||
if (!RTEST(success)) return 0;
|
if (!RTEST(success)) return 0;
|
||||||
*x509 = DupX509CertPtr(ossl_ssl_get_x509(obj));
|
*x509 = DupX509CertPtr(ossl_ssl_get_x509(obj));
|
||||||
*pkey = DupPKeyPtr(ossl_ssl_get_key(obj));
|
*pkey = DupPKeyPtr(ossl_ssl_get_key(obj));
|
||||||
@ -249,8 +247,7 @@ ossl_call_tmp_dh_callback(VALUE args)
|
|||||||
VALUE cb, dh, ctx;
|
VALUE cb, dh, ctx;
|
||||||
EVP_PKEY *pkey;
|
EVP_PKEY *pkey;
|
||||||
|
|
||||||
ctx = rb_funcall(rb_ary_entry(args, 0), rb_intern("context"), 0);
|
cb = rb_funcall(rb_ary_entry(args, 0), rb_intern("tmp_dh_callback"), 0);
|
||||||
cb = rb_funcall(ctx, rb_intern("tmp_dh_callback"), 0);
|
|
||||||
|
|
||||||
if (NIL_P(cb)) return Qfalse;
|
if (NIL_P(cb)) return Qfalse;
|
||||||
dh = rb_apply(cb, rb_intern("call"), args);
|
dh = rb_apply(cb, rb_intern("call"), args);
|
||||||
@ -284,8 +281,7 @@ ossl_call_tmp_ecdh_callback(VALUE args)
|
|||||||
VALUE cb, ecdh, ctx;
|
VALUE cb, ecdh, ctx;
|
||||||
EVP_PKEY *pkey;
|
EVP_PKEY *pkey;
|
||||||
|
|
||||||
ctx = rb_funcall(rb_ary_entry(args, 0), rb_intern("context"), 0);
|
cb = rb_funcall(rb_ary_entry(args, 0), rb_intern("tmp_ecdh_callback"), 0);
|
||||||
cb = rb_funcall(ctx, rb_intern("tmp_ecdh_callback"), 0);
|
|
||||||
|
|
||||||
if (NIL_P(cb)) return Qfalse;
|
if (NIL_P(cb)) return Qfalse;
|
||||||
ecdh = rb_apply(cb, rb_intern("call"), args);
|
ecdh = rb_apply(cb, rb_intern("call"), args);
|
||||||
@ -332,9 +328,7 @@ ossl_call_session_get_cb(VALUE ary)
|
|||||||
Check_Type(ary, T_ARRAY);
|
Check_Type(ary, T_ARRAY);
|
||||||
ssl_obj = rb_ary_entry(ary, 0);
|
ssl_obj = rb_ary_entry(ary, 0);
|
||||||
|
|
||||||
sslctx_obj = rb_iv_get(ssl_obj, "@context");
|
cb = rb_funcall(ssl_obj, rb_intern("session_get_cb"), 0);
|
||||||
if (NIL_P(sslctx_obj)) return Qnil;
|
|
||||||
cb = rb_iv_get(sslctx_obj, "@session_get_cb");
|
|
||||||
if (NIL_P(cb)) return Qnil;
|
if (NIL_P(cb)) return Qnil;
|
||||||
|
|
||||||
return rb_funcall(cb, rb_intern("call"), 1, ary);
|
return rb_funcall(cb, rb_intern("call"), 1, ary);
|
||||||
@ -357,7 +351,7 @@ ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy)
|
|||||||
rb_ary_push(ary, ssl_obj);
|
rb_ary_push(ary, ssl_obj);
|
||||||
rb_ary_push(ary, rb_str_new((const char *)buf, len));
|
rb_ary_push(ary, rb_str_new((const char *)buf, len));
|
||||||
|
|
||||||
ret_obj = rb_protect((VALUE(*)_((VALUE)))ossl_call_session_get_cb, ary, &state);
|
ret_obj = rb_protect(ossl_call_session_get_cb, ary, &state);
|
||||||
if (state) {
|
if (state) {
|
||||||
rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state));
|
rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state));
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -379,9 +373,7 @@ ossl_call_session_new_cb(VALUE ary)
|
|||||||
Check_Type(ary, T_ARRAY);
|
Check_Type(ary, T_ARRAY);
|
||||||
ssl_obj = rb_ary_entry(ary, 0);
|
ssl_obj = rb_ary_entry(ary, 0);
|
||||||
|
|
||||||
sslctx_obj = rb_iv_get(ssl_obj, "@context");
|
cb = rb_funcall(ssl_obj, rb_intern("session_new_cb"), 0);
|
||||||
if (NIL_P(sslctx_obj)) return Qnil;
|
|
||||||
cb = rb_iv_get(sslctx_obj, "@session_new_cb");
|
|
||||||
if (NIL_P(cb)) return Qnil;
|
if (NIL_P(cb)) return Qnil;
|
||||||
|
|
||||||
return rb_funcall(cb, rb_intern("call"), 1, ary);
|
return rb_funcall(cb, rb_intern("call"), 1, ary);
|
||||||
@ -408,7 +400,7 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess)
|
|||||||
rb_ary_push(ary, ssl_obj);
|
rb_ary_push(ary, ssl_obj);
|
||||||
rb_ary_push(ary, sess_obj);
|
rb_ary_push(ary, sess_obj);
|
||||||
|
|
||||||
rb_protect((VALUE(*)_((VALUE)))ossl_call_session_new_cb, ary, &state);
|
rb_protect(ossl_call_session_new_cb, ary, &state);
|
||||||
if (state) {
|
if (state) {
|
||||||
rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state));
|
rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state));
|
||||||
}
|
}
|
||||||
@ -729,8 +721,6 @@ ossl_sslctx_setup(VALUE self)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)self);
|
|
||||||
|
|
||||||
val = ossl_sslctx_get_cert_store(self);
|
val = ossl_sslctx_get_cert_store(self);
|
||||||
if(!NIL_P(val)){
|
if(!NIL_P(val)){
|
||||||
/*
|
/*
|
||||||
@ -1274,8 +1264,6 @@ ossl_ssl_setup(VALUE self)
|
|||||||
SSL_set_ex_data(ssl, ossl_ssl_ex_ptr_idx, (void*)self);
|
SSL_set_ex_data(ssl, ossl_ssl_ex_ptr_idx, (void*)self);
|
||||||
cb = ossl_sslctx_get_verify_cb(v_ctx);
|
cb = ossl_sslctx_get_verify_cb(v_ctx);
|
||||||
SSL_set_ex_data(ssl, ossl_ssl_ex_vcb_idx, (void*)cb);
|
SSL_set_ex_data(ssl, ossl_ssl_ex_vcb_idx, (void*)cb);
|
||||||
cb = ossl_sslctx_get_client_cert_cb(v_ctx);
|
|
||||||
SSL_set_ex_data(ssl, ossl_ssl_ex_client_cert_cb_idx, (void*)cb);
|
|
||||||
SSL_set_info_callback(ssl, ssl_info_cb);
|
SSL_set_info_callback(ssl, ssl_info_cb);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1989,8 +1977,6 @@ Init_ossl_ssl(void)
|
|||||||
ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_vcb_idx",0,0,0);
|
ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_vcb_idx",0,0,0);
|
||||||
ossl_ssl_ex_store_p = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_store_p",0,0,0);
|
ossl_ssl_ex_store_p = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_store_p",0,0,0);
|
||||||
ossl_ssl_ex_ptr_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_ptr_idx",0,0,0);
|
ossl_ssl_ex_ptr_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_ptr_idx",0,0,0);
|
||||||
ossl_ssl_ex_client_cert_cb_idx =
|
|
||||||
SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_client_cert_cb_idx",0,0,0);
|
|
||||||
|
|
||||||
/* Document-module: OpenSSL::SSL
|
/* Document-module: OpenSSL::SSL
|
||||||
*
|
*
|
||||||
|
Loading…
x
Reference in New Issue
Block a user