Project

General

Profile

Bug #12868

Please backport r55074 (openssl, fix ex_data index for X509_STORE_CTX)

Added by rhenium (Kazuki Yamaguchi) almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-dev:49843]

Description

Please backport r55074 ("openssl: register ex_data index for X509_STORE{_CTX,} respectively").

In Ruby <= 2.3, ext/openssl misused one ex_data index for both X509_STORE and X509_STORE_CTX, and it was working just by chance. This will also fix the symbol conflict which happens when ext/openssl is built with OpenSSL <= 1.0.2 and 1.1.0 is loaded by another dependency (#12830).

Associated revisions

Revision 93bceb14
Added by nagachika (Tomoyuki Chikanaga) almost 3 years ago

merge revision(s) 55074: [Backport #12868]

    * ext/openssl/ossl.c (Init_openssl): register an ex_data index for
      X509_STORE and X509_STORE_CTX respectively. Since they don't share
      the ex_data index registry, we can't use the same index.
      (ossl_verify_cb): use the the correct index.

    * ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto.

    * ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto.
      (ossl_x509stctx_verify): ditto.

    * ext/openssl/ossl.h (void ossl_clear_error): add extern declarations
      of ossl_store_{ctx_,}ex_verify_cb_idx.

    * ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and
      X509_STORE_get_ex_data.

    * ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data,
      X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@56565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 56565
Added by nagachika (Tomoyuki Chikanaga) almost 3 years ago

merge revision(s) 55074: [Backport #12868]

* ext/openssl/ossl.c (Init_openssl): register an ex_data index for
  X509_STORE and X509_STORE_CTX respectively. Since they don't share
  the ex_data index registry, we can't use the same index.
  (ossl_verify_cb): use the the correct index.

* ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto.

* ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto.
  (ossl_x509stctx_verify): ditto.

* ext/openssl/ossl.h (void ossl_clear_error): add extern declarations
  of ossl_store_{ctx_,}ex_verify_cb_idx.

* ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and
  X509_STORE_get_ex_data.

* ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data,
  X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros.

Revision a240b37c
Added by usa (Usaku NAKAMURA) almost 3 years ago

merge revision(s) 55074: [Backport #12868]

    * ext/openssl/ossl.c (Init_openssl): register an ex_data index for
      X509_STORE and X509_STORE_CTX respectively. Since they don't share
      the ex_data index registry, we can't use the same index.
      (ossl_verify_cb): use the the correct index.

    * ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto.

    * ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto.
      (ossl_x509stctx_verify): ditto.

    * ext/openssl/ossl.h (void ossl_clear_error): add extern declarations
      of ossl_store_{ctx_,}ex_verify_cb_idx.

    * ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and
      X509_STORE_get_ex_data.

    * ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data,
      X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56727 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 56727
Added by usa (Usaku NAKAMURA) almost 3 years ago

merge revision(s) 55074: [Backport #12868]

* ext/openssl/ossl.c (Init_openssl): register an ex_data index for
  X509_STORE and X509_STORE_CTX respectively. Since they don't share
  the ex_data index registry, we can't use the same index.
  (ossl_verify_cb): use the the correct index.

* ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto.

* ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto.
  (ossl_x509stctx_verify): ditto.

* ext/openssl/ossl.h (void ossl_clear_error): add extern declarations
  of ossl_store_{ctx_,}ex_verify_cb_idx.

* ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and
  X509_STORE_get_ex_data.

* ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data,
  X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros.

History

Updated by vo.x (Vit Ondruch) almost 3 years ago

I am going to use this patch 1 in Fedora if it helps.

Updated by nagachika (Tomoyuki Chikanaga) almost 3 years ago

  • Backport changed from 2.1: UNKNOWN, 2.2: REQUIRED, 2.3: REQUIRED to 2.1: UNKNOWN, 2.2: REQUIRED, 2.3: DONE

ruby_2_3 r56565 merged revision(s) 55074.

Updated by usa (Usaku NAKAMURA) almost 3 years ago

  • Backport changed from 2.1: UNKNOWN, 2.2: REQUIRED, 2.3: DONE to 2.1: UNKNOWN, 2.2: DONE, 2.3: DONE

ruby_2_2 r56727 merged revision(s) 55074.

Also available in: Atom PDF