On Tue, 18 Aug 2020 at 15:41:16 -0700, Jeremy Evans wrote: > On 08/18 04:17, Aaron Bieber wrote: > > Hi Jeremy! > > > > Here is a diff tb@ was kind enough to smack together when I was trying to > > track > > down why TLS 1.3 was not available in ruby. > > > > I have tested on a few different machines with no ill effect. > > > > I also ran the tests which resulted in: > > Finished tests in 1463.007495s, 14.3492 tests/s, 1858.9283 assertions/s. > > 20993 tests, 2719626 assertions, 14 failures, 0 errors, 73 skips > > I'm OK adding this as long as it doesn't cause any regressions. > > What the results you are getting for the tests without this patch? I > would expect some failures, as I know I've made changes to the ruby > master branch to fix issues in OpenBSD-current, and those fixes would > not be present in Ruby 2.7.1. However, if anything additional breaks, > we need to investigate and determine if it is an issue with the tests > or a regression that needs to be addressed.
Results actually look better with the patch! Before: Finished tests in 896.442532s, 23.4204 tests/s, 3034.9296 assertions/s. 20995 tests, 2720640 assertions, 16 failures, 0 errors, 78 skips > > Thanks, > Jeremy > > > > > And some irb action for good measure: > > > > qbit@tal[0]:~$ irb27 > > irb(main):001:0> require 'openssl' > > => true > > irb(main):002:0> OpenSSL::SSL::TLS1_3_VERSION > > => 772 > > irb(main):003:0> > > > > I am also able to connect to Google via tls 1.3 using the below: > > > > #!/usr/bin/env ruby > > > > require 'socket' > > require 'openssl' > > > > hostname = "google.com" > > > > ctx = OpenSSL::SSL::SSLContext.new() > > s = TCPSocket.new(hostname, 443) > > ssl = OpenSSL::SSL::SSLSocket.new(s, ctx) > > ssl.hostname = hostname > > ssl.connect > > > > p ssl.ssl_version > > p ssl.peer_cert > > > > ssl.sync_close = true > > ssl.close > > > > Any thoughts on adding this? > > > > Cheers, > > Aaron > > > > diff refs/heads/master refs/heads/ruby_tls13 > > blob - 64d2b8a0f4fca132c9c60418a41b461a17901b8d > > blob + 150b0490e7b3006ef7ddb581224adfbba400ed81 > > --- lang/ruby/2.7/Makefile > > +++ lang/ruby/2.7/Makefile > > @@ -6,7 +6,7 @@ SHARED_LIBS = ruby27 0.0 > > NEXTVER = 2.8 > > PKGSPEC-main ?= ruby->=2.7.0,<${NEXTVER} > > > > -REVISION-main = 0 > > +REVISION-main = 1 > > > > PSEUDO_FLAVORS= no_ri_docs bootstrap > > # Do not build the RI docs on slow arches > > blob - /dev/null > > blob + 795924e7187f8cdadc87117a475035ff9ed98273 (mode 644) > > --- /dev/null > > +++ lang/ruby/2.7/patches/patch-ext_openssl_ossl_ssl_c > > @@ -0,0 +1,16 @@ > > +$OpenBSD$ > > + > > +Index: ext/openssl/ossl_ssl.c > > +--- ext/openssl/ossl_ssl.c.orig > > ++++ ext/openssl/ossl_ssl.c > > +@@ -13,6 +13,10 @@ > > + > > + #define numberof(ary) (int)(sizeof(ary)/sizeof((ary)[0])) > > + > > ++#ifndef TLS1_3_VERSION > > ++# define TLS1_3_VERSION 0x0304 > > ++#endif > > ++ > > + #ifdef _WIN32 > > + # define TO_SOCKET(s) _get_osfhandle(s) > > + #else