Project

General

Profile

Feature #11356

Add ECDH support to OpenSSL wrapper

Added by tenderlovemaking (Aaron Patterson) almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:69986]

Description

FireFox wants to use ECDH on HTTP/2 connections, and there is no way to add it to the SSL context. This patch adds an ECDH callback (similar to the DH callback).

With this patch and #9390, I am able to get an HTTP/2 server running in Chrome and FireFox! :)


Files

0001-add-ecdh-support.patch (6.81 KB) 0001-add-ecdh-support.patch tenderlovemaking (Aaron Patterson), 07/15/2015 09:10 PM
0001-add-ecdh-support.patch (6.78 KB) 0001-add-ecdh-support.patch tenderlovemaking (Aaron Patterson), 07/17/2015 03:08 PM

Related issues

Related to Ruby trunk - Bug #10497: OpenSSL Servers Do Not Support EC CertificatesClosedActions
Related to Ruby trunk - Bug #11739: OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuitesRejectedActions

Associated revisions

Revision 5326593a
Added by tenderlove almost 4 years ago

  • ext/openssl/ossl_ssl.c: add ECDH callback support. [Feature #11356]

  • test/openssl/test_pair.rb: test for ECDH callback support

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51348 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 51348
Added by tenderlovemaking (Aaron Patterson) almost 4 years ago

  • ext/openssl/ossl_ssl.c: add ECDH callback support. [Feature #11356]

  • test/openssl/test_pair.rb: test for ECDH callback support

Revision 51348
Added by tenderlove almost 4 years ago

  • ext/openssl/ossl_ssl.c: add ECDH callback support. [Feature #11356]

  • test/openssl/test_pair.rb: test for ECDH callback support

Revision 51348
Added by tenderlove almost 4 years ago

  • ext/openssl/ossl_ssl.c: add ECDH callback support. [Feature #11356]

  • test/openssl/test_pair.rb: test for ECDH callback support

Revision 51348
Added by tenderlove almost 4 years ago

  • ext/openssl/ossl_ssl.c: add ECDH callback support. [Feature #11356]

  • test/openssl/test_pair.rb: test for ECDH callback support

Revision 51348
Added by tenderlove almost 4 years ago

  • ext/openssl/ossl_ssl.c: add ECDH callback support. [Feature #11356]

  • test/openssl/test_pair.rb: test for ECDH callback support

History

Updated by nobu (Nobuyoshi Nakada) almost 4 years ago

static VALUE
ossl_call_tmp_ecdh_callback(VALUE *args)

I think this argument should be a VALUE and casted in the function.

    success = rb_protect((VALUE(*)_((VALUE)))ossl_call_tmp_ecdh_callback,
                         (VALUE)args, NULL);

Then we can remove the cast of the function and an indirect cast.

Updated by tenderlovemaking (Aaron Patterson) almost 4 years ago

nobu (Nobuyoshi Nakada),

Thanks for the feedback! I've attached a new patch that refactors those parts.

#3

Updated by Anonymous almost 4 years ago

  • Status changed from Open to Closed

Applied in changeset r51348.


  • ext/openssl/ossl_ssl.c: add ECDH callback support. [Feature #11356]

  • test/openssl/test_pair.rb: test for ECDH callback support

#4

Updated by rhenium (Kazuki Yamaguchi) almost 3 years ago

  • Related to Bug #10497: OpenSSL Servers Do Not Support EC Certificates added
#5

Updated by rhenium (Kazuki Yamaguchi) almost 3 years ago

  • Related to Bug #11739: OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites added

Also available in: Atom PDF