On Tue, 18 Aug 2020 at 15:41:16 -0700, Jeremy Evans wrote:
> On 08/18 04:17, Aaron Bieber wrote:
> > Hi Jeremy!
> >
> > Here is a diff tb@ was kind enough to smack together when I was trying to
> > track
> > down why TLS 1.3 was not available in ruby.
> >
> > I have tested on a few different machines with no ill effect.
> >
> > I also ran the tests which resulted in:
> > Finished tests in 1463.007495s, 14.3492 tests/s, 1858.9283 assertions/s.
> > 20993 tests, 2719626 assertions, 14 failures, 0 errors, 73 skips
>
> I'm OK adding this as long as it doesn't cause any regressions.
>
> What the results you are getting for the tests without this patch? I
> would expect some failures, as I know I've made changes to the ruby
> master branch to fix issues in OpenBSD-current, and those fixes would
> not be present in Ruby 2.7.1. However, if anything additional breaks,
> we need to investigate and determine if it is an issue with the tests
> or a regression that needs to be addressed.
Results actually look better with the patch!
Before:
Finished tests in 896.442532s, 23.4204 tests/s, 3034.9296 assertions/s.
20995 tests, 2720640 assertions, 16 failures, 0 errors, 78 skips
>
> Thanks,
> Jeremy
>
> >
> > And some irb action for good measure:
> >
> > qbit@tal[0]:~$ irb27
> > irb(main):001:0> require 'openssl'
> > => true
> > irb(main):002:0> OpenSSL::SSL::TLS1_3_VERSION
> > => 772
> > irb(main):003:0>
> >
> > I am also able to connect to Google via tls 1.3 using the below:
> >
> > #!/usr/bin/env ruby
> >
> > require 'socket'
> > require 'openssl'
> >
> > hostname = "google.com"
> >
> > ctx = OpenSSL::SSL::SSLContext.new()
> > s = TCPSocket.new(hostname, 443)
> > ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
> > ssl.hostname = hostname
> > ssl.connect
> >
> > p ssl.ssl_version
> > p ssl.peer_cert
> >
> > ssl.sync_close = true
> > ssl.close
> >
> > Any thoughts on adding this?
> >
> > Cheers,
> > Aaron
> >
> > diff refs/heads/master refs/heads/ruby_tls13
> > blob - 64d2b8a0f4fca132c9c60418a41b461a17901b8d
> > blob + 150b0490e7b3006ef7ddb581224adfbba400ed81
> > --- lang/ruby/2.7/Makefile
> > +++ lang/ruby/2.7/Makefile
> > @@ -6,7 +6,7 @@ SHARED_LIBS = ruby27 0.0
> > NEXTVER = 2.8
> > PKGSPEC-main ?= ruby->=2.7.0,<${NEXTVER}
> >
> > -REVISION-main = 0
> > +REVISION-main = 1
> >
> > PSEUDO_FLAVORS= no_ri_docs bootstrap
> > # Do not build the RI docs on slow arches
> > blob - /dev/null
> > blob + 795924e7187f8cdadc87117a475035ff9ed98273 (mode 644)
> > --- /dev/null
> > +++ lang/ruby/2.7/patches/patch-ext_openssl_ossl_ssl_c
> > @@ -0,0 +1,16 @@
> > +$OpenBSD$
> > +
> > +Index: ext/openssl/ossl_ssl.c
> > +--- ext/openssl/ossl_ssl.c.orig
> > ++++ ext/openssl/ossl_ssl.c
> > +@@ -13,6 +13,10 @@
> > +
> > + #define numberof(ary) (int)(sizeof(ary)/sizeof((ary)[0]))
> > +
> > ++#ifndef TLS1_3_VERSION
> > ++# define TLS1_3_VERSION 0x0304
> > ++#endif
> > ++
> > + #ifdef _WIN32
> > + # define TO_SOCKET(s) _get_osfhandle(s)
> > + #else
