OpenSSL::X509::Store{,Context}#flags= does not clear existing flags. Instead, it ORs new flags to the current set. This is contrary to normal convention and likely unintentional, but changing the behavior would not be acceptable for comp...rhenium (Kazuki Yamaguchi)
Do not raise FrozenError in SSLServer.new when SSLContext#session_id_context cannot be updated. session_id_context is only necessary for session resumption, so its absence is not critical. Fixes https://github.com/ruby/openssl/pull/742 ...rhenium (Kazuki Yamaguchi)
OSSL_3_const was useful when supporting OpenSSL 1.0.2-3.x at the same time. Since support for OpenSSL < 1.1.1 has been dropped, most uses can simply be replaced with plain const. https://github.com/ruby/openssl/commit/ce050d7740rhenium (Kazuki Yamaguchi)
As @kou pointed out in <https://bugs.ruby-lang.org/issues/19315#note-36>, `rb_str_to_cstr()` in string.c returns NULL if the string is found to contain NUL bytes in the middle. IMO an exception more often is desirable for typical use ...rhenium (Kazuki Yamaguchi)
Extracted from https://bugs.ruby-lang.org/issues/19315#note-35 It would be nice to have a utility function whose sole purpose is to obtain a C string (NUL-terminated and containing no NUL bytes) from a Ruby String. I suggest adding so...rhenium (Kazuki Yamaguchi)
kou (Kouhei Sutou) wrote in #note-36: > rhenium (Kazuki Yamaguchi) wrote in #note-35: > ... On top of my head: I think some users will have to choose between adding new `RB_GC_GUARD()` for temporary objects on the stack or migrating to...rhenium (Kazuki Yamaguchi)
kou (Kouhei Sutou) wrote in #note-27: > I think that the current `RSTRING_PTR()` for non frozen `String` also has similar situation. If arbitrary Ruby code changes the target `String`, pointer returned by `RSTRING_PTR()` may be invalid:...rhenium (Kazuki Yamaguchi)
Eregon (Benoit Daloze) wrote in #note-22: > What's the problem? > ... I think it would also be a problem in `some_function_call(RSTRING_PTR(str), RSTRING_END(str))`, where the evaluation order is not guaranteed. --- himura467 (Ak...rhenium (Kazuki Yamaguchi)
Feeding a deeply nested constructed encoding to OpenSSL::ASN1.decode, .decode_all, or .traverse can cause unbounded recursion and result in SystemStackError. Add an explicit nesting depth limit of 200 levels and raise OpenSSL::ASN1::ASN...rhenium (Kazuki Yamaguchi)