Ruby 1.8.7-p174 and OpenSSL 1.0.0a

Because of some compile errors with openssl 1.0.0a, I’ve tried to change source code to match new openssl version and be able to recompile 1.8.7-p174 with new openssl version. Ruby 1.8.7-p299 doesn’t need any changes and works with openssl-1.0.0a like a charm.

I’m using rvm, so following steps will be described about that fact.

at first, you need to fetch $ rvm install ruby-1.8.7-p174 or go to the ruby-1.8.7 $ cd ~/.rvm/src/ruby-1.8.7-p174 . Then download/create the following patch and apply to the code patch -p1 < patch.txt . When patch is successfuly applied, try to run

$ rvm reload ruby-1.8.7-p174
$ rvm install ruby-1.8.7-p174

if everything is OK, you could continue with

$ rvm use 1.8.7-p174
$ irb
ruby-1.8.7-p174 > require 'openssl'
 => true 
ruby-1.8.7-p174 > OpenSSL::OPENSSL_VERSION
 => "OpenSSL 1.0.0a 1 Jun 2010"

patch is here:

diff -Naur ruby-1.8.7-p174_orig/ext/openssl/ossl.c ruby-1.8.7-p174/ext/openssl/ossl.c
--- ruby-1.8.7-p174_orig/ext/openssl/ossl.c	2007-06-08 17:02:04.000000000 +0200
+++ ruby-1.8.7-p174/ext/openssl/ossl.c	2010-07-02 23:08:11.000000000 +0200
@@ -15,7 +15,7 @@
  * String to HEXString conversion
  */
 int
-string2hex(char *buf, int buf_len, char **hexbuf, int *hexbuf_len)
+string2hex(const unsigned char *buf, int buf_len, char **hexbuf, int *hexbuf_len)
 {
     static const char hex[]="0123456789abcdef";
     int i, len = 2 * buf_len;
@@ -48,7 +48,7 @@
  * Data Conversion
  */
 STACK_OF(X509) *
-ossl_x509_ary2sk0(VALUE ary)  
+ossl_x509_ary2sk0(VALUE ary)
 {
     STACK_OF(X509) *sk;
     VALUE val;
@@ -57,13 +57,13 @@
 
     Check_Type(ary, T_ARRAY);
     sk = sk_X509_new_null();
-    if (!sk) ossl_raise(eOSSLError, NULL); 
+    if (!sk) ossl_raise(eOSSLError, NULL);
 
     for (i = 0; i < RARRAY_LEN(ary); i++) {
         val = rb_ary_entry(ary, i);
         if (!rb_obj_is_kind_of(val, cX509Cert)) {
             sk_X509_pop_free(sk, X509_free);
-            ossl_raise(eOSSLError, "object not X509 cert in array"); 
+            ossl_raise(eOSSLError, "object not X509 cert in array");
         }
         x509 = DupX509CertPtr(val); /* NEED TO DUP */
         sk_X509_push(sk, x509);
@@ -92,7 +92,7 @@
 
 #define OSSL_IMPL_SK2ARY(name, type)	        \
 VALUE						\
-ossl_##name##_sk2ary(STACK *sk)			\
+ossl_##name##_sk2ary(STACK_OF(type) *sk)	\
 {						\
     type *t;					\
     int i, num;					\
@@ -102,7 +102,7 @@
 	OSSL_Debug("empty sk!");		\
 	return Qnil;				\
     }						\
-    num = sk_num(sk);				\
+    num = sk_##type##_num(sk);			\
     if (num < 0) {				\
 	OSSL_Debug("items in sk < -1???");	\
 	return rb_ary_new();			\
@@ -110,7 +110,7 @@
     ary = rb_ary_new2(num);			\
 						\
     for (i=0; id.sign->cert;
-        crls = pkcs7->d.sign->crl;
         break;
     case NID_pkcs7_signedAndEnveloped:
         certs = pkcs7->d.signed_and_enveloped->cert;
-        crls = pkcs7->d.signed_and_enveloped->crl;
         break;
     default:
-        certs = crls = NULL;
+        certs = NULL;
     }
 
-    return want_certs ? certs : crls;
+    return certs;
+}
+static STACK_OF(X509_CRL) *
+pkcs7_get_crls(VALUE self)
+{
+    PKCS7 *pkcs7;
+    STACK_OF(X509_CRL) *crls;
+    int i;
+
+    GetPKCS7(self, pkcs7);
+    i = OBJ_obj2nid(pkcs7->type);
+    switch(i){
+      case NID_pkcs7_signed:
+        crls = pkcs7->d.sign->crl;
+        break;
+      case NID_pkcs7_signedAndEnveloped:
+        crls = pkcs7->d.signed_and_enveloped->crl;
+        break;
+      default:
+        crls = NULL;
+      }
+
+      return crls;
 }
 
 static VALUE
@@ -608,7 +627,7 @@
     STACK_OF(X509) *certs;
     X509 *cert;
 
-    certs = pkcs7_get_certs_or_crls(self, 1);
+    certs = pkcs7_get_certs(self);
     while((cert = sk_X509_pop(certs))) X509_free(cert);
     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
 
@@ -618,7 +637,7 @@
 static VALUE
 ossl_pkcs7_get_certificates(VALUE self)
 {
-    return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
+    return ossl_x509_sk2ary(pkcs7_get_certs(self));
 }
 
 static VALUE
@@ -648,7 +667,7 @@
     STACK_OF(X509_CRL) *crls;
     X509_CRL *crl;
 
-    crls = pkcs7_get_certs_or_crls(self, 0);
+    crls = pkcs7_get_crls(self);
     while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
 
@@ -658,7 +677,7 @@
 static VALUE
 ossl_pkcs7_get_crls(VALUE self)
 {
-    return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
+    return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
 }
 
 static VALUE
diff -Naur ruby-1.8.7-p174_orig/ext/openssl/ossl_ssl.c ruby-1.8.7-p174/ext/openssl/ossl_ssl.c
--- ruby-1.8.7-p174_orig/ext/openssl/ossl_ssl.c	2008-06-06 10:05:24.000000000 +0200
+++ ruby-1.8.7-p174/ext/openssl/ossl_ssl.c	2010-07-02 23:49:51.000000000 +0200
@@ -89,13 +89,19 @@
 static const char *ossl_ssl_attrs[] = { "sync_close", };
 
 ID ID_callback_state;
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#define OSSL_MORE_CONST const
+#define STACK _STACK
+#else
+#define OSSL_MORE_CONST
+#endif
 
 /*
  * SSLContext class
  */
 struct {
     const char *name;
-    SSL_METHOD *(*func)(void);
+    OSSL_MORE_CONST SSL_METHOD *(*func)(void);
 } ossl_ssl_method_tab[] = {
 #define OSSL_SSL_METHOD_ENTRY(name) { #name, name##_method }
     OSSL_SSL_METHOD_ENTRY(TLSv1),
@@ -122,8 +128,9 @@
 static void
 ossl_sslctx_free(SSL_CTX *ctx)
 {
+    if(ctx && ctx->references > 1) return;
     if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1)
-	ctx->cert_store = NULL;
+	    ctx->cert_store = NULL;
     SSL_CTX_free(ctx);
 }
 
@@ -144,7 +151,7 @@
 static VALUE
 ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
 {
-    SSL_METHOD *method = NULL;
+    OSSL_MORE_CONST SSL_METHOD *method = NULL;
     const char *s;
     int i;
 
@@ -585,7 +592,7 @@
 }
 
 static VALUE
-ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
+ossl_ssl_cipher_to_ary(OSSL_MORE_CONST SSL_CIPHER *cipher)
 {
     VALUE ary;
     int bits, alg_bits;
@@ -609,7 +616,7 @@
 {
     SSL_CTX *ctx;
     STACK_OF(SSL_CIPHER) *ciphers;
-    SSL_CIPHER *cipher;
+    OSSL_MORE_CONST SSL_CIPHER *cipher;
     VALUE ary;
     int i, num;

Leave a Reply

Your email address will not be published. Required fields are marked *

55 − = 48