From: Eric Wong <normalperson@...>
Date: 2016-12-17T09:09:49+00:00
Subject: [ruby-core:78702] Re: [Ruby trunk Feature#12324] Support OpenSSL 1.1.0 (and drop support for 0.9.6/0.9.7)

Kazuki Yamaguchi <k@rhe.jp> wrote:
> On Sat, Dec 17, 2016 at 01:31:12AM +0000, Eric Wong wrote:
> > k@rhe.jp wrote:
> > > Feature #12324: Support OpenSSL 1.1.0 (and drop support for 0.9.6/0.9.7)
> > > https://bugs.ruby-lang.org/issues/12324
> > >
> > rhe: did you commit all of these?
> > 
> > I notice SSL_CTX_clear_options is still missing on an ancient
> > CentOS 5.x machine with 0.9.8e.  Thanks.
> 
> I dropped that patch. I found the OpenSSL 0.9.8e package in RHEL/CentOS
> 5 has backported SSL_CTX_clear_options() as part of CVE-2009-3555 fix,
> and no one except them would use < 0.9.8m anymore.

Thanks for the response.  I'll work with my sysadmins and see
if they're willing to upgrade OpenSSL; but they may not :<

If they are not, would you be willing to add
SSL_CTX_clear_options?  I could carry the patch myself, but
maybe there are other ancient places who don't patch :<



Fwiw, I recommend using functions with custom name to emulate
missing functions, and #define to the official name:

    static unsigned long
    rb_SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
    {
        return ctx->options &= ~op;
    }
    #define SSL_CTX_clear_options(ctx,op) rb_SSL_CTX_clear_options((ctx),(op))

It makes debugging easier since the internal symbol name won't
conflict with the official version.

Thanks.

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>