openssl
openssl copied to clipboard
ruby
Provides SSL, TLS and general purpose cryptography.
MacOS Monterey 12.6.2 (Interl-based iMac), OpenSSL-1.1.1s (also have OpenSSL-3.0.7, but it fails to build extension exactly the same way), Macports-installed Ruby-3.2 (same results with Ruby-3.1). The problem seems to be...
I would like to use this ticket to manage all the issues related to OpenSSL 3 FIPS. The goal of this ticket is to pass all the unit tests with...
Openssl 3 still supports loading engines and some engines still haven't migrated to using providers. In such cases it is possible to continue using engines. They can be loaded using...
https://github.com/ruby/openssl/issues/724 reminded me of this issue. Due to an insufficient error check with `sscanf()` in `asn1time_to_time()`, `OpenSSL::ASN1.decode` ignores any fractional seconds or time zone information in DER/BER. ``` $ ruby...
OpenSSL::Cipher#update currently allocates the output buffer with size (input data length)+(the block size of the cipher). This is insufficient for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers. They have a...
https://github.com/ruby/openssl/blob/94fb921540fe49d3842b0ae562efbfea62a42901/ext/openssl/ossl_ssl.c#L2124 According to the documentation, SSL_shutdown can: > If the underlying BIO is nonblocking, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() to...
I had the same problem, see https://github.com/ruby/openssl/issues/562, to open a key and got the error `OpenSSL::PKey::RSAError: incorrect pkey type: RSASSA-PSS`. So I used the mentioned method and called `OpenSSL::PKey.read`. But...
Very recently MSYS2 (Windows ucrt & mingw builds) upgraded their OpenSSL package from OpenSSL 3.1.4 to 3.2.0. As we've seen, there are issues with a net-http test failing, which is...
There are some situation the actual key size in bits are required, for example for display or analysis. For EC/RSA etc, the key size is fixed which is not really...
While the struct is currently still public in OpenSSL, there has been an accessor since OpenSSL 0.9.8h. It would be nice if this accessor could be used so that the...
