* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.

* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
  new method to set suitable SSL parameters.

* lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, 
  test/openssl/test_ssl.rb: follow above change.

* test/net/http/test_https.rb: refine error case.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14479 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,15 @@
+Sat Dec 22 17:06:50 2007  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
+
+	* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
+	  new method to set suitable SSL parameters.
+
+	* lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, 
+	  test/openssl/test_ssl.rb: follow above change.
+
+	* test/net/http/test_https.rb: refine error case.
+
 Sat Dec 22 16:58:49 2007  Shugo Maeda  <shugo@ruby-lang.org>
 
 	* lib/net/imap.rb (encode_utf7): accept UTF-8 strings.
@@ -19,7 +31,7 @@ Sat Dec 22 15:45:45 2007  Martin Duerst  <duerst@it.aoyama.ac.jp>
 	* transcode_data_japanese: new data file for EUC-JP and SHIFT_JIS
 	  (not yet optimized; tests to follow; data from
 	  http://nkf.sourceforge.jp/ucm/{SJIS|eucJP}-nkf.ucm)
-    
+
 	* common.mk, transcode.c: Adjusted for transcode_data_japanese
 
 Sat Dec 22 15:30:13 2007  NAKAMURA Usaku  <usa@ruby-lang.org>

ext/openssl/lib/openssl/ssl.rb

@@ -21,30 +21,28 @@ require "fcntl"
 module OpenSSL
   module SSL
     class SSLContext
-      class <<self
+      DEFAULT_PARAMS = {
-        def build(params={})
+        :ssl_version => "SSLv23",
-          default_params = {
+        :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-            :ssl_version => "SSLv23",
+        :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
-            :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+        :options => OpenSSL::SSL::OP_ALL,
-            :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
+      }
-            :options => OpenSSL::SSL::OP_ALL,
+
-          }
+      DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
-          params = default_params.merge(params)
+      DEFAULT_CERT_STORE.set_default_paths
-          ctx = new()
+      if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
-          params.each{|name, value| ctx.__send__("#{name}=", value) }
+        DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-          ctx.verify_mode ||= OpenSSL::SSL::VERIFY_NONE
+      end
-          if ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE
+
-            unless ctx.ca_file or ctx.ca_path or
+      def set_params(params={})
-                     ctx.cert_store or ctx.verify_callback
+        params = DEFAULT_PARAMS.merge(params)
-              ctx.cert_store = OpenSSL::X509::Store.new
+        params.each{|name, value| self.__send__("#{name}=", value) }
-              if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+        if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
-                ctx.cert_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+          unless self.ca_file or self.ca_path or self.cert_store
-              end
+            self.cert_store = DEFAULT_CERT_STORE
-              ctx.cert_store.set_default_paths
-            end
           end
-          return ctx
         end
+        return params
       end
     end
 

lib/net/http.rb

@@ -581,7 +581,8 @@ module Net   #:nodoc:
             ssl_parameters[name] = value
           end
         end
-        @ssl_context = OpenSSL::SSL::SSLContext.build(ssl_parameters)
+        @ssl_context = OpenSSL::SSL::SSLContext.new
+        @ssl_context.set_params(ssl_parameters)
         s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
         s.sync_close = true
       end

lib/net/imap.rb

@@ -892,7 +892,7 @@ module Net
     #         OpenSSL [OSSL] and the Ruby OpenSSL [RSSL] extensions need to
     #         be installed.
     #         if options[:ssl] is a hash, it's passed to 
-    #         OpenSSL::SSL::SSLContext.build as parameters.
+    #         OpenSSL::SSL::SSLContext#set_params as parameters.
     #
     # The most common errors are:
     #
@@ -1263,7 +1263,8 @@ module Net
       rescue NoMethodError
         params = {}
       end
-      context = SSLContext.build(params)
+      context = SSLContext.new
+      context.set_params(params)
       if defined?(VerifyCallbackProc)
         context.verify_callback = VerifyCallbackProc 
       end

lib/net/pop.rb

@@ -328,7 +328,7 @@ module Net
     #    Net::POP.enable_ssl(params = {})
     #
     # Enable SSL for all new instances.
-    # +params+ is passed to OpenSSL::SSLContext.build.
+    # +params+ is passed to OpenSSL::SSLContext#set_params.
     def POP3.enable_ssl(*args)
       @ssl_params = create_ssl_params(*args)
     end
@@ -441,7 +441,7 @@ module Net
     # Enables SSL for this instance.  Must be called before the connection is
     # established to have any effect.
     # +params[:port]+ is port to establish the SSL connection on; Defaults to 995.
-    # +params+ (except :port) is passed to OpenSSL::SSLContext.build.
+    # +params+ (except :port) is passed to OpenSSL::SSLContext#set_params.
     def enable_ssl(verify_or_params = {}, certs = nil, port = nil)
       begin
         @ssl_params = verify_or_params.to_hash.dup
@@ -534,7 +534,8 @@ module Net
       s = timeout(@open_timeout) { TCPSocket.open(@address, port) }
       if use_ssl?
         raise 'openssl library not installed' unless defined?(OpenSSL)
-        context = OpenSSL::SSL::SSLContext.build(@ssl_params)
+        context = OpenSSL::SSL::SSLContext.new
+        context.set_params(@ssl_params)
         s = OpenSSL::SSL::SSLSocket.new(s, context)
         s.sync_close = true
         s.connect

test/net/http/test_https.rb

@@ -59,7 +59,7 @@ class TestNetHTTPS < Test::Unit::TestCase
       http = Net::HTTP.new("ssl.netlab.jp", 443)
       http.use_ssl = true
       assert(
-        http.request_head("/"){|res| },
+        (http.request_head("/"){|res| } rescue false),
         "The system may not have default CA certificate store."
       )
     end

test/openssl/test_ssl.rb

@@ -245,13 +245,15 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
   def test_verify_result
     start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
       sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.build
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params
       ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
       assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
       assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
 
       sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.build(
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params(
         :verify_callback => Proc.new do |preverify_ok, store_ctx|
           store_ctx.error = OpenSSL::X509::V_OK
           true
@@ -262,7 +264,8 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
       assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
 
       sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.build(
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params(
         :verify_callback => Proc.new do |preverify_ok, store_ctx|
           store_ctx.error = OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION
           false
@@ -274,10 +277,11 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
     }
   end
 
-  def test_sslctx_build
+  def test_sslctx_set_params
     start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
       sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.build
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params
       assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode)
       assert_equal(OpenSSL::SSL::OP_ALL, ctx.options)
       ciphers = ctx.ciphers