Lines 49-67
Link Here
|
49 |
static int ossl_ssl_ex_vcb_idx; |
49 |
static int ossl_ssl_ex_vcb_idx; |
50 |
static int ossl_ssl_ex_ptr_idx; |
50 |
static int ossl_ssl_ex_ptr_idx; |
51 |
static int ossl_sslctx_ex_ptr_idx; |
51 |
static int ossl_sslctx_ex_ptr_idx; |
52 |
#if !defined(HAVE_X509_STORE_UP_REF) |
|
|
53 |
static int ossl_sslctx_ex_store_p; |
54 |
#endif |
55 |
|
52 |
|
56 |
static void |
53 |
static void |
57 |
ossl_sslctx_free(void *ptr) |
54 |
ossl_sslctx_free(void *ptr) |
58 |
{ |
55 |
{ |
59 |
SSL_CTX *ctx = ptr; |
56 |
SSL_CTX_free(ptr); |
60 |
#if !defined(HAVE_X509_STORE_UP_REF) |
|
|
61 |
if (ctx && SSL_CTX_get_ex_data(ctx, ossl_sslctx_ex_store_p)) |
62 |
ctx->cert_store = NULL; |
63 |
#endif |
64 |
SSL_CTX_free(ctx); |
65 |
} |
57 |
} |
66 |
|
58 |
|
67 |
static const rb_data_type_t ossl_sslctx_type = { |
59 |
static const rb_data_type_t ossl_sslctx_type = { |
Lines 95-101
Link Here
|
95 |
RTYPEDDATA_DATA(obj) = ctx; |
87 |
RTYPEDDATA_DATA(obj) = ctx; |
96 |
SSL_CTX_set_ex_data(ctx, ossl_sslctx_ex_ptr_idx, (void *)obj); |
88 |
SSL_CTX_set_ex_data(ctx, ossl_sslctx_ex_ptr_idx, (void *)obj); |
97 |
|
89 |
|
98 |
#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_ECDH_AUTO) |
90 |
#if !defined(OPENSSL_NO_EC) |
99 |
/* We use SSL_CTX_set1_curves_list() to specify the curve used in ECDH. It |
91 |
/* We use SSL_CTX_set1_curves_list() to specify the curve used in ECDH. It |
100 |
* allows to specify multiple curve names and OpenSSL will select |
92 |
* allows to specify multiple curve names and OpenSSL will select |
101 |
* automatically from them. In OpenSSL 1.0.2, the automatic selection has to |
93 |
* automatically from them. In OpenSSL 1.0.2, the automatic selection has to |
Lines 387-393
Link Here
|
387 |
} |
379 |
} |
388 |
|
380 |
|
389 |
static SSL_SESSION * |
381 |
static SSL_SESSION * |
390 |
#if (!defined(LIBRESSL_VERSION_NUMBER) ? OPENSSL_VERSION_NUMBER >= 0x10100000 : LIBRESSL_VERSION_NUMBER >= 0x2080000f) |
382 |
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER >= 0x10100000 |
391 |
ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy) |
383 |
ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy) |
392 |
#else |
384 |
#else |
393 |
ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy) |
385 |
ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy) |
Lines 596-603
Link Here
|
596 |
rb_funcallv(cb, id_call, 1, &ssl_obj); |
588 |
rb_funcallv(cb, id_call, 1, &ssl_obj); |
597 |
} |
589 |
} |
598 |
|
590 |
|
599 |
#if !defined(OPENSSL_NO_NEXTPROTONEG) || \ |
|
|
600 |
defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB) |
601 |
static VALUE |
591 |
static VALUE |
602 |
ssl_npn_encode_protocol_i(RB_BLOCK_CALL_FUNC_ARGLIST(cur, encoded)) |
592 |
ssl_npn_encode_protocol_i(RB_BLOCK_CALL_FUNC_ARGLIST(cur, encoded)) |
603 |
{ |
593 |
{ |
Lines 679-685
Link Here
|
679 |
|
669 |
|
680 |
return SSL_TLSEXT_ERR_OK; |
670 |
return SSL_TLSEXT_ERR_OK; |
681 |
} |
671 |
} |
682 |
#endif |
|
|
683 |
|
672 |
|
684 |
#ifndef OPENSSL_NO_NEXTPROTONEG |
673 |
#ifndef OPENSSL_NO_NEXTPROTONEG |
685 |
static int |
674 |
static int |
Lines 708-714
Link Here
|
708 |
} |
697 |
} |
709 |
#endif |
698 |
#endif |
710 |
|
699 |
|
711 |
#ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB |
|
|
712 |
static int |
700 |
static int |
713 |
ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, |
701 |
ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, |
714 |
const unsigned char *in, unsigned int inlen, void *arg) |
702 |
const unsigned char *in, unsigned int inlen, void *arg) |
Lines 720-726
Link Here
|
720 |
|
708 |
|
721 |
return ssl_npn_select_cb_common(ssl, cb, out, outlen, in, inlen); |
709 |
return ssl_npn_select_cb_common(ssl, cb, out, outlen, in, inlen); |
722 |
} |
710 |
} |
723 |
#endif |
|
|
724 |
|
711 |
|
725 |
/* This function may serve as the entry point to support further callbacks. */ |
712 |
/* This function may serve as the entry point to support further callbacks. */ |
726 |
static void |
713 |
static void |
Lines 825-841
Link Here
|
825 |
if (!NIL_P(val)) { |
812 |
if (!NIL_P(val)) { |
826 |
X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */ |
813 |
X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */ |
827 |
SSL_CTX_set_cert_store(ctx, store); |
814 |
SSL_CTX_set_cert_store(ctx, store); |
828 |
#if !defined(HAVE_X509_STORE_UP_REF) |
|
|
829 |
/* |
830 |
* WORKAROUND: |
831 |
* X509_STORE can count references, but |
832 |
* X509_STORE_free() doesn't care it. |
833 |
* So we won't increment it but mark it by ex_data. |
834 |
*/ |
835 |
SSL_CTX_set_ex_data(ctx, ossl_sslctx_ex_store_p, ctx); |
836 |
#else /* Fixed in OpenSSL 1.0.2; bff9ce4db38b (master), 5b4b9ce976fc (1.0.2) */ |
837 |
X509_STORE_up_ref(store); |
815 |
X509_STORE_up_ref(store); |
838 |
#endif |
|
|
839 |
} |
816 |
} |
840 |
|
817 |
|
841 |
val = rb_attr_get(self, id_i_extra_chain_cert); |
818 |
val = rb_attr_get(self, id_i_extra_chain_cert); |
Lines 917-923
Link Here
|
917 |
} |
894 |
} |
918 |
#endif |
895 |
#endif |
919 |
|
896 |
|
920 |
#ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB |
|
|
921 |
val = rb_attr_get(self, id_i_alpn_protocols); |
897 |
val = rb_attr_get(self, id_i_alpn_protocols); |
922 |
if (!NIL_P(val)) { |
898 |
if (!NIL_P(val)) { |
923 |
VALUE rprotos = ssl_encode_npn_protocols(val); |
899 |
VALUE rprotos = ssl_encode_npn_protocols(val); |
Lines 932-938
Link Here
|
932 |
SSL_CTX_set_alpn_select_cb(ctx, ssl_alpn_select_cb, (void *) self); |
908 |
SSL_CTX_set_alpn_select_cb(ctx, ssl_alpn_select_cb, (void *) self); |
933 |
OSSL_Debug("SSL ALPN select callback added"); |
909 |
OSSL_Debug("SSL ALPN select callback added"); |
934 |
} |
910 |
} |
935 |
#endif |
|
|
936 |
|
911 |
|
937 |
rb_obj_freeze(self); |
912 |
rb_obj_freeze(self); |
938 |
|
913 |
|
Lines 1065-1073
Link Here
|
1065 |
* Extension. For a server, the list is used by OpenSSL to determine the set of |
1040 |
* Extension. For a server, the list is used by OpenSSL to determine the set of |
1066 |
* shared curves. OpenSSL will pick the most appropriate one from it. |
1041 |
* shared curves. OpenSSL will pick the most appropriate one from it. |
1067 |
* |
1042 |
* |
1068 |
* Note that this works differently with old OpenSSL (<= 1.0.1). Only one curve |
|
|
1069 |
* can be set, and this has no effect for TLS clients. |
1070 |
* |
1071 |
* === Example |
1043 |
* === Example |
1072 |
* ctx1 = OpenSSL::SSL::SSLContext.new |
1044 |
* ctx1 = OpenSSL::SSL::SSLContext.new |
1073 |
* ctx1.ecdh_curves = "X25519:P-256:P-224" |
1045 |
* ctx1.ecdh_curves = "X25519:P-256:P-224" |
Lines 1091-1138
Link Here
|
1091 |
GetSSLCTX(self, ctx); |
1063 |
GetSSLCTX(self, ctx); |
1092 |
StringValueCStr(arg); |
1064 |
StringValueCStr(arg); |
1093 |
|
1065 |
|
1094 |
#if defined(HAVE_SSL_CTX_SET1_CURVES_LIST) |
|
|
1095 |
if (!SSL_CTX_set1_curves_list(ctx, RSTRING_PTR(arg))) |
1066 |
if (!SSL_CTX_set1_curves_list(ctx, RSTRING_PTR(arg))) |
1096 |
ossl_raise(eSSLError, NULL); |
1067 |
ossl_raise(eSSLError, NULL); |
1097 |
#else |
|
|
1098 |
/* OpenSSL does not have SSL_CTX_set1_curves_list()... Fallback to |
1099 |
* SSL_CTX_set_tmp_ecdh(). So only the first curve is used. */ |
1100 |
{ |
1101 |
VALUE curve, splitted; |
1102 |
EC_KEY *ec; |
1103 |
int nid; |
1104 |
|
1105 |
splitted = rb_str_split(arg, ":"); |
1106 |
if (!RARRAY_LEN(splitted)) |
1107 |
ossl_raise(eSSLError, "invalid input format"); |
1108 |
curve = RARRAY_AREF(splitted, 0); |
1109 |
StringValueCStr(curve); |
1110 |
|
1111 |
/* SSL_CTX_set1_curves_list() accepts NIST names */ |
1112 |
nid = EC_curve_nist2nid(RSTRING_PTR(curve)); |
1113 |
if (nid == NID_undef) |
1114 |
nid = OBJ_txt2nid(RSTRING_PTR(curve)); |
1115 |
if (nid == NID_undef) |
1116 |
ossl_raise(eSSLError, "unknown curve name"); |
1117 |
|
1118 |
ec = EC_KEY_new_by_curve_name(nid); |
1119 |
if (!ec) |
1120 |
ossl_raise(eSSLError, NULL); |
1121 |
EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); |
1122 |
if (!SSL_CTX_set_tmp_ecdh(ctx, ec)) { |
1123 |
EC_KEY_free(ec); |
1124 |
ossl_raise(eSSLError, "SSL_CTX_set_tmp_ecdh"); |
1125 |
} |
1126 |
EC_KEY_free(ec); |
1127 |
# if defined(HAVE_SSL_CTX_SET_ECDH_AUTO) |
1128 |
/* tmp_ecdh and ecdh_auto conflict. tmp_ecdh is ignored when ecdh_auto |
1129 |
* is enabled. So disable ecdh_auto. */ |
1130 |
if (!SSL_CTX_set_ecdh_auto(ctx, 0)) |
1131 |
ossl_raise(eSSLError, "SSL_CTX_set_ecdh_auto"); |
1132 |
# endif |
1133 |
} |
1134 |
#endif |
1135 |
|
1136 |
return arg; |
1068 |
return arg; |
1137 |
} |
1069 |
} |
1138 |
#else |
1070 |
#else |
Lines 1255-1264
Link Here
|
1255 |
* ecdsa_pkey = ... |
1187 |
* ecdsa_pkey = ... |
1256 |
* another_ca_cert = ... |
1188 |
* another_ca_cert = ... |
1257 |
* ctx.add_certificate(ecdsa_cert, ecdsa_pkey, [another_ca_cert]) |
1189 |
* ctx.add_certificate(ecdsa_cert, ecdsa_pkey, [another_ca_cert]) |
1258 |
* |
|
|
1259 |
* === Note |
1260 |
* OpenSSL before the version 1.0.2 could handle only one extra chain across |
1261 |
* all key types. Calling this method discards the chain set previously. |
1262 |
*/ |
1190 |
*/ |
1263 |
static VALUE |
1191 |
static VALUE |
1264 |
ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self) |
1192 |
ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self) |
Lines 1297-1330
Link Here
|
1297 |
sk_X509_pop_free(extra_chain, X509_free); |
1225 |
sk_X509_pop_free(extra_chain, X509_free); |
1298 |
ossl_raise(eSSLError, "SSL_CTX_use_PrivateKey"); |
1226 |
ossl_raise(eSSLError, "SSL_CTX_use_PrivateKey"); |
1299 |
} |
1227 |
} |
1300 |
|
1228 |
if (extra_chain && !SSL_CTX_set0_chain(ctx, extra_chain)) { |
1301 |
if (extra_chain) { |
1229 |
sk_X509_pop_free(extra_chain, X509_free); |
1302 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000 && !defined(LIBRESSL_VERSION_NUMBER) |
1230 |
ossl_raise(eSSLError, "SSL_CTX_set0_chain"); |
1303 |
if (!SSL_CTX_set0_chain(ctx, extra_chain)) { |
|
|
1304 |
sk_X509_pop_free(extra_chain, X509_free); |
1305 |
ossl_raise(eSSLError, "SSL_CTX_set0_chain"); |
1306 |
} |
1307 |
#else |
1308 |
STACK_OF(X509) *orig_extra_chain; |
1309 |
X509 *x509_tmp; |
1310 |
|
1311 |
/* First, clear the existing chain */ |
1312 |
SSL_CTX_get_extra_chain_certs(ctx, &orig_extra_chain); |
1313 |
if (orig_extra_chain && sk_X509_num(orig_extra_chain)) { |
1314 |
rb_warning("SSL_CTX_set0_chain() is not available; " \ |
1315 |
"clearing previously set certificate chain"); |
1316 |
SSL_CTX_clear_extra_chain_certs(ctx); |
1317 |
} |
1318 |
while ((x509_tmp = sk_X509_shift(extra_chain))) { |
1319 |
/* Transfers ownership */ |
1320 |
if (!SSL_CTX_add_extra_chain_cert(ctx, x509_tmp)) { |
1321 |
X509_free(x509_tmp); |
1322 |
sk_X509_pop_free(extra_chain, X509_free); |
1323 |
ossl_raise(eSSLError, "SSL_CTX_add_extra_chain_cert"); |
1324 |
} |
1325 |
} |
1326 |
sk_X509_free(extra_chain); |
1327 |
#endif |
1328 |
} |
1231 |
} |
1329 |
return self; |
1232 |
return self; |
1330 |
} |
1233 |
} |
Lines 2410-2416
Link Here
|
2410 |
} |
2313 |
} |
2411 |
# endif |
2314 |
# endif |
2412 |
|
2315 |
|
2413 |
# ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB |
|
|
2414 |
/* |
2316 |
/* |
2415 |
* call-seq: |
2317 |
* call-seq: |
2416 |
* ssl.alpn_protocol => String | nil |
2318 |
* ssl.alpn_protocol => String | nil |
Lines 2433-2441
Link Here
|
2433 |
else |
2335 |
else |
2434 |
return rb_str_new((const char *) out, outlen); |
2336 |
return rb_str_new((const char *) out, outlen); |
2435 |
} |
2337 |
} |
2436 |
# endif |
|
|
2437 |
|
2338 |
|
2438 |
# ifdef HAVE_SSL_GET_SERVER_TMP_KEY |
|
|
2439 |
/* |
2339 |
/* |
2440 |
* call-seq: |
2340 |
* call-seq: |
2441 |
* ssl.tmp_key => PKey or nil |
2341 |
* ssl.tmp_key => PKey or nil |
Lines 2453-2459
Link Here
|
2453 |
return Qnil; |
2353 |
return Qnil; |
2454 |
return ossl_pkey_new(key); |
2354 |
return ossl_pkey_new(key); |
2455 |
} |
2355 |
} |
2456 |
# endif /* defined(HAVE_SSL_GET_SERVER_TMP_KEY) */ |
|
|
2457 |
#endif /* !defined(OPENSSL_NO_SOCK) */ |
2356 |
#endif /* !defined(OPENSSL_NO_SOCK) */ |
2458 |
|
2357 |
|
2459 |
void |
2358 |
void |
Lines 2478-2488
Link Here
|
2478 |
ossl_sslctx_ex_ptr_idx = SSL_CTX_get_ex_new_index(0, (void *)"ossl_sslctx_ex_ptr_idx", 0, 0, 0); |
2377 |
ossl_sslctx_ex_ptr_idx = SSL_CTX_get_ex_new_index(0, (void *)"ossl_sslctx_ex_ptr_idx", 0, 0, 0); |
2479 |
if (ossl_sslctx_ex_ptr_idx < 0) |
2378 |
if (ossl_sslctx_ex_ptr_idx < 0) |
2480 |
ossl_raise(rb_eRuntimeError, "SSL_CTX_get_ex_new_index"); |
2379 |
ossl_raise(rb_eRuntimeError, "SSL_CTX_get_ex_new_index"); |
2481 |
#if !defined(HAVE_X509_STORE_UP_REF) |
|
|
2482 |
ossl_sslctx_ex_store_p = SSL_CTX_get_ex_new_index(0, (void *)"ossl_sslctx_ex_store_p", 0, 0, 0); |
2483 |
if (ossl_sslctx_ex_store_p < 0) |
2484 |
ossl_raise(rb_eRuntimeError, "SSL_CTX_get_ex_new_index"); |
2485 |
#endif |
2486 |
|
2380 |
|
2487 |
/* Document-module: OpenSSL::SSL |
2381 |
/* Document-module: OpenSSL::SSL |
2488 |
* |
2382 |
* |
Lines 2733-2739
Link Here
|
2733 |
rb_attr(cSSLContext, rb_intern_const("npn_select_cb"), 1, 1, Qfalse); |
2627 |
rb_attr(cSSLContext, rb_intern_const("npn_select_cb"), 1, 1, Qfalse); |
2734 |
#endif |
2628 |
#endif |
2735 |
|
2629 |
|
2736 |
#ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB |
|
|
2737 |
/* |
2630 |
/* |
2738 |
* An Enumerable of Strings. Each String represents a protocol to be |
2631 |
* An Enumerable of Strings. Each String represents a protocol to be |
2739 |
* advertised as the list of supported protocols for Application-Layer |
2632 |
* advertised as the list of supported protocols for Application-Layer |
Lines 2763-2769
Link Here
|
2763 |
* end |
2656 |
* end |
2764 |
*/ |
2657 |
*/ |
2765 |
rb_attr(cSSLContext, rb_intern_const("alpn_select_cb"), 1, 1, Qfalse); |
2658 |
rb_attr(cSSLContext, rb_intern_const("alpn_select_cb"), 1, 1, Qfalse); |
2766 |
#endif |
|
|
2767 |
|
2659 |
|
2768 |
rb_define_alias(cSSLContext, "ssl_timeout", "timeout"); |
2660 |
rb_define_alias(cSSLContext, "ssl_timeout", "timeout"); |
2769 |
rb_define_alias(cSSLContext, "ssl_timeout=", "timeout="); |
2661 |
rb_define_alias(cSSLContext, "ssl_timeout=", "timeout="); |
Lines 2877-2888
Link Here
|
2877 |
rb_define_method(cSSLSocket, "hostname=", ossl_ssl_set_hostname, 1); |
2769 |
rb_define_method(cSSLSocket, "hostname=", ossl_ssl_set_hostname, 1); |
2878 |
rb_define_method(cSSLSocket, "finished_message", ossl_ssl_get_finished, 0); |
2770 |
rb_define_method(cSSLSocket, "finished_message", ossl_ssl_get_finished, 0); |
2879 |
rb_define_method(cSSLSocket, "peer_finished_message", ossl_ssl_get_peer_finished, 0); |
2771 |
rb_define_method(cSSLSocket, "peer_finished_message", ossl_ssl_get_peer_finished, 0); |
2880 |
# ifdef HAVE_SSL_GET_SERVER_TMP_KEY |
|
|
2881 |
rb_define_method(cSSLSocket, "tmp_key", ossl_ssl_tmp_key, 0); |
2772 |
rb_define_method(cSSLSocket, "tmp_key", ossl_ssl_tmp_key, 0); |
2882 |
# endif |
|
|
2883 |
# ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB |
2884 |
rb_define_method(cSSLSocket, "alpn_protocol", ossl_ssl_alpn_protocol, 0); |
2773 |
rb_define_method(cSSLSocket, "alpn_protocol", ossl_ssl_alpn_protocol, 0); |
2885 |
# endif |
|
|
2886 |
# ifndef OPENSSL_NO_NEXTPROTONEG |
2774 |
# ifndef OPENSSL_NO_NEXTPROTONEG |
2887 |
rb_define_method(cSSLSocket, "npn_protocol", ossl_ssl_npn_protocol, 0); |
2775 |
rb_define_method(cSSLSocket, "npn_protocol", ossl_ssl_npn_protocol, 0); |
2888 |
# endif |
2776 |
# endif |
Lines 2895-2906
Link Here
|
2895 |
|
2783 |
|
2896 |
rb_define_const(mSSL, "OP_ALL", ULONG2NUM(SSL_OP_ALL)); |
2784 |
rb_define_const(mSSL, "OP_ALL", ULONG2NUM(SSL_OP_ALL)); |
2897 |
rb_define_const(mSSL, "OP_LEGACY_SERVER_CONNECT", ULONG2NUM(SSL_OP_LEGACY_SERVER_CONNECT)); |
2785 |
rb_define_const(mSSL, "OP_LEGACY_SERVER_CONNECT", ULONG2NUM(SSL_OP_LEGACY_SERVER_CONNECT)); |
2898 |
#ifdef SSL_OP_TLSEXT_PADDING /* OpenSSL 1.0.1h and OpenSSL 1.0.2 */ |
|
|
2899 |
rb_define_const(mSSL, "OP_TLSEXT_PADDING", ULONG2NUM(SSL_OP_TLSEXT_PADDING)); |
2786 |
rb_define_const(mSSL, "OP_TLSEXT_PADDING", ULONG2NUM(SSL_OP_TLSEXT_PADDING)); |
2900 |
#endif |
|
|
2901 |
#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG /* OpenSSL 1.0.1f and OpenSSL 1.0.2 */ |
2902 |
rb_define_const(mSSL, "OP_SAFARI_ECDHE_ECDSA_BUG", ULONG2NUM(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)); |
2787 |
rb_define_const(mSSL, "OP_SAFARI_ECDHE_ECDSA_BUG", ULONG2NUM(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)); |
2903 |
#endif |
|
|
2904 |
#ifdef SSL_OP_ALLOW_NO_DHE_KEX /* OpenSSL 1.1.1 */ |
2788 |
#ifdef SSL_OP_ALLOW_NO_DHE_KEX /* OpenSSL 1.1.1 */ |
2905 |
rb_define_const(mSSL, "OP_ALLOW_NO_DHE_KEX", ULONG2NUM(SSL_OP_ALLOW_NO_DHE_KEX)); |
2789 |
rb_define_const(mSSL, "OP_ALLOW_NO_DHE_KEX", ULONG2NUM(SSL_OP_ALLOW_NO_DHE_KEX)); |
2906 |
#endif |
2790 |
#endif |