Skip to content

Commit 060184c

Browse files
author
emboss
committed
* ext/openssl/ossl_ssl.c: support TLSv1.1 & TLSv1.1. Add
 SSLContext#version to inspect the version that was negotiated for a given connection. * ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support. * test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they are supported by the native OpenSSL being used. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
1 parent 6a7666e commit 060184c

File tree

4 files changed

+82
-5
lines changed

4 files changed

+82
-5
lines changed

ChangeLog

+9
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,12 @@
1+
Mon May 07 09:14:11 2012 Martin Bosslet <[email protected]>
2+
3+
* ext/openssl/ossl_ssl.c: support TLSv1.1 & TLSv1.1. Add
4+
SSLContext#version to inspect the version that was negotiated for
5+
a given connection.
6+
* ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support.
7+
* test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they
8+
are supported by the native OpenSSL being used.
9+
110
Sun May 6 21:34:29 2012 NARUSE, Yui <[email protected]>
211

312
* io.c (io_encoding_set): suppress warnings. [ruby-dev:45627]

ext/openssl/extconf.rb

+6
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,12 @@
103103
have_func("SSLv2_method")
104104
have_func("SSLv2_server_method")
105105
have_func("SSLv2_client_method")
106+
have_func("TLSv1_1_method")
107+
have_func("TLSv1_1_server_method")
108+
have_func("TLSv1_1_client_method")
109+
have_func("TLSv1_2_method")
110+
have_func("TLSv1_2_server_method")
111+
have_func("TLSv1_2_client_method")
106112
unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
107113
have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
108114
end

ext/openssl/ossl_ssl.c

+38-5
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,18 @@ struct {
107107
OSSL_SSL_METHOD_ENTRY(TLSv1),
108108
OSSL_SSL_METHOD_ENTRY(TLSv1_server),
109109
OSSL_SSL_METHOD_ENTRY(TLSv1_client),
110+
#if defined(HAVE_TLSV1_2_METHOD) && defined(HAVE_TLSV1_2_SERVER_METHOD) && \
111+
defined(HAVE_TLSV1_2_CLIENT_METHOD)
112+
OSSL_SSL_METHOD_ENTRY(TLSv1_2),
113+
OSSL_SSL_METHOD_ENTRY(TLSv1_2_server),
114+
OSSL_SSL_METHOD_ENTRY(TLSv1_2_client),
115+
#endif
116+
#if defined(HAVE_TLSV1_1_METHOD) && defined(HAVE_TLSV1_1_SERVER_METHOD) && \
117+
defined(HAVE_TLSV1_1_CLIENT_METHOD)
118+
OSSL_SSL_METHOD_ENTRY(TLSv1_1),
119+
OSSL_SSL_METHOD_ENTRY(TLSv1_1_server),
120+
OSSL_SSL_METHOD_ENTRY(TLSv1_1_client),
121+
#endif
110122
#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
111123
defined(HAVE_SSLV2_CLIENT_METHOD)
112124
OSSL_SSL_METHOD_ENTRY(SSLv2),
@@ -1505,11 +1517,31 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
15051517
}
15061518

15071519
/*
1508-
* call-seq:
1509-
* ssl.cipher => [name, version, bits, alg_bits]
1510-
*
1511-
* The cipher being used for the current connection
1512-
*/
1520+
* call-seq:
1521+
* ssl.version => String
1522+
*
1523+
* Returns a String representing the SSL/TLS version that was negotiated
1524+
* for the connection, for example "TLSv1.2".
1525+
*/
1526+
static VALUE
1527+
ossl_ssl_get_version(VALUE self)
1528+
{
1529+
SSL *ssl;
1530+
1531+
Data_Get_Struct(self, SSL, ssl);
1532+
if (!ssl) {
1533+
rb_warning("SSL session is not started yet.");
1534+
return Qnil;
1535+
}
1536+
return rb_str_new2(SSL_get_version(ssl));
1537+
}
1538+
1539+
/*
1540+
* call-seq:
1541+
* ssl.cipher => [name, version, bits, alg_bits]
1542+
*
1543+
* The cipher being used for the current connection
1544+
*/
15131545
static VALUE
15141546
ossl_ssl_get_cipher(VALUE self)
15151547
{
@@ -1957,6 +1989,7 @@ Init_ossl_ssl()
19571989
rb_define_method(cSSLSocket, "cert", ossl_ssl_get_cert, 0);
19581990
rb_define_method(cSSLSocket, "peer_cert", ossl_ssl_get_peer_cert, 0);
19591991
rb_define_method(cSSLSocket, "peer_cert_chain", ossl_ssl_get_peer_cert_chain, 0);
1992+
rb_define_method(cSSLSocket, "ssl_version", ossl_ssl_get_version, 0);
19601993
rb_define_method(cSSLSocket, "cipher", ossl_ssl_get_cipher, 0);
19611994
rb_define_method(cSSLSocket, "state", ossl_ssl_get_state, 0);
19621995
rb_define_method(cSSLSocket, "pending", ossl_ssl_pending, 0);

test/openssl/test_ssl.rb

+29
Original file line numberDiff line numberDiff line change
@@ -437,6 +437,35 @@ def test_unset_OP_ALL
437437
ssl.close
438438
}
439439
end
440+
441+
def test_tls_v_1_1
442+
ctx_proc = Proc.new { |ctx|
443+
ctx.ssl_version = :TLSv1_1
444+
}
445+
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc) { |server, port|
446+
sock = TCPSocket.new("127.0.0.1", port)
447+
ssl = OpenSSL::SSL::SSLSocket.new(sock)
448+
ssl.sync_close = true
449+
ssl.connect
450+
assert_equal("TLSv1.1", ssl.ssl_version)
451+
ssl.close
452+
}
453+
end if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_1
454+
455+
def test_tls_v_1_2
456+
ctx_proc = Proc.new { |ctx|
457+
ctx.ssl_version = :TLSv1_2
458+
}
459+
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc) { |server, port|
460+
sock = TCPSocket.new("127.0.0.1", port)
461+
ssl = OpenSSL::SSL::SSLSocket.new(sock)
462+
ssl.sync_close = true
463+
ssl.connect
464+
assert_equal("TLSv1.2", ssl.ssl_version)
465+
ssl.close
466+
}
467+
end if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
468+
440469
end
441470

442471
end

0 commit comments

Comments
 (0)