From: Hongli Lai <redmine@...>
Date: 2010-01-05T19:05:54+09:00
Subject: [ruby-core:27417] [Feature #2022] Patch for openssl-1.0

Issue #2022 has been updated by Hongli Lai.

File 0001-Apply-Jeroen-van-Meeuwen-s-and-Nobu-Nakada-s-OpenSSL.patch added
File 0002-Fix-some-various-OpenSSL-compilation-and-runtime-war.patch added
File 0003-Fix-some-OpenSSL-extension-unit-tests-for-OpenSSL-1..patch added

I verify that Nobuyoshi Nakada's and Jeroen van Meeuwen's patch works on both OpenSSL 0.9 and 1.0. I've tested on the following systems:

- OS X Snow Leopard
  All Ruby OpenSSL tests pass, and all RubySpec OpenSSL tests pass.

- Fedora 12, x86_64
  There are some compilation warnings. All RubySpec OpenSSL tests pass, but some Ruby OpenSSL tests fail. It seems that OpenSSL changed somewhat in behavior; for example some #verify methods now raise an error instead of returning false.
  The attached patches fixes some compilation warnings and fixes some unit tests.

Following tests still fail on Fedora 12:

    1) Failure:
  test_sign_and_verify(OpenSSL::TestX509Certificate) [./openssl/test_x509cert.rb:168]:
  <OpenSSL::X509::CertificateError> exception expected but none was thrown.
  
    2) Failure:
  test_sign_and_verify(OpenSSL::TestX509Request) [./openssl/test_x509req.rb:133]:
  <OpenSSL::X509::RequestError> exception expected but none was thrown.


I am not able to reproduce Nikolai Lugovoi's segfaults. According to the man page for ssl_cx_free (http://linux.die.net/man/3/ssl_ctx_free) that function only frees the context if the reference count drops to 0. There should be no need to check ctx->references.
----------------------------------------
http://redmine.ruby-lang.org/issues/show/2022

----------------------------------------
http://redmine.ruby-lang.org