On 08/18 04:17, Aaron Bieber wrote:
> Hi Jeremy!
>
> Here is a diff tb@ was kind enough to smack together when I was trying to
> track
> down why TLS 1.3 was not available in ruby.
>
> I have tested on a few different machines with no ill effect.
>
> I also ran the tests which resulted in:
> Finished tests in 1463.007495s, 14.3492 tests/s, 1858.9283 assertions/s.
> 20993 tests, 2719626 assertions, 14 failures, 0 errors, 73 skips
I'm OK adding this as long as it doesn't cause any regressions.
What the results you are getting for the tests without this patch? I
would expect some failures, as I know I've made changes to the ruby
master branch to fix issues in OpenBSD-current, and those fixes would
not be present in Ruby 2.7.1. However, if anything additional breaks,
we need to investigate and determine if it is an issue with the tests
or a regression that needs to be addressed.
Thanks,
Jeremy
>
> And some irb action for good measure:
>
> qbit@tal[0]:~$ irb27
> irb(main):001:0> require 'openssl'
> => true
> irb(main):002:0> OpenSSL::SSL::TLS1_3_VERSION
> => 772
> irb(main):003:0>
>
> I am also able to connect to Google via tls 1.3 using the below:
>
> #!/usr/bin/env ruby
>
> require 'socket'
> require 'openssl'
>
> hostname = "google.com"
>
> ctx = OpenSSL::SSL::SSLContext.new()
> s = TCPSocket.new(hostname, 443)
> ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
> ssl.hostname = hostname
> ssl.connect
>
> p ssl.ssl_version
> p ssl.peer_cert
>
> ssl.sync_close = true
> ssl.close
>
> Any thoughts on adding this?
>
> Cheers,
> Aaron
>
> diff refs/heads/master refs/heads/ruby_tls13
> blob - 64d2b8a0f4fca132c9c60418a41b461a17901b8d
> blob + 150b0490e7b3006ef7ddb581224adfbba400ed81
> --- lang/ruby/2.7/Makefile
> +++ lang/ruby/2.7/Makefile
> @@ -6,7 +6,7 @@ SHARED_LIBS = ruby27 0.0
> NEXTVER = 2.8
> PKGSPEC-main ?= ruby->=2.7.0,<${NEXTVER}
>
> -REVISION-main = 0
> +REVISION-main = 1
>
> PSEUDO_FLAVORS= no_ri_docs bootstrap
> # Do not build the RI docs on slow arches
> blob - /dev/null
> blob + 795924e7187f8cdadc87117a475035ff9ed98273 (mode 644)
> --- /dev/null
> +++ lang/ruby/2.7/patches/patch-ext_openssl_ossl_ssl_c
> @@ -0,0 +1,16 @@
> +$OpenBSD$
> +
> +Index: ext/openssl/ossl_ssl.c
> +--- ext/openssl/ossl_ssl.c.orig
> ++++ ext/openssl/ossl_ssl.c
> +@@ -13,6 +13,10 @@
> +
> + #define numberof(ary) (int)(sizeof(ary)/sizeof((ary)[0]))
> +
> ++#ifndef TLS1_3_VERSION
> ++# define TLS1_3_VERSION 0x0304
> ++#endif
> ++
> + #ifdef _WIN32
> + # define TO_SOCKET(s) _get_osfhandle(s)
> + #else
