chore(deps): bump openssl from 3.2.0 to 3.3.0 #1783

dependabot · 2024-12-23T21:56:03Z

Bumps openssl from 3.2.0 to 3.3.0.

Release notes

v3.3.0

What's Changed

Exact checks with assert_include by @nobu in ruby/openssl#683

Exact checks with assert_include by @nobu in ruby/openssl#684

CI: Upgrade OpenSSL and LibreSSL versions. by @junaruga in ruby/openssl#689

CONTRIBUTING.md: Update testing with debugging and FIPS use cases. [ci skip] by @junaruga in ruby/openssl#688

CI: Add OpenSSL 3.2.0. by @junaruga in ruby/openssl#698

History.md: Escape Markdown syntax Italic "*". [ci skip] by @junaruga in ruby/openssl#697

Use Markdown reference-style links in documents. [ci skip] by @junaruga in ruby/openssl#696

Fix test_pkey_dh.rb in FIPS. by @junaruga in ruby/openssl#694

Windows Ruby 3.3: Workaround: Set OPENSSL_MODULES to find providers. by @junaruga in ruby/openssl#712

CI: Added the rubyinstaller2 issue link that legacy provider is not loaded. by @junaruga in ruby/openssl#713

Add more methods to SocketForwarder. by @ioquatix in ruby/openssl#708

Only set min_version on OpenSSL < 1.1.0 by @ekohl in ruby/openssl#710

Add support for IO#timeout. by @ioquatix in ruby/openssl#714

test/openssl/test_ocsp.rb: fix flaky test by @rhenium in ruby/openssl#702

CI: Upgrade OpenSSL and LibreSSL versions. by @junaruga in ruby/openssl#720

omit tests related legacy provider by @hsbt in ruby/openssl#718

test_asn1.rb: Remove the assertions of the time string format without second. by @junaruga in ruby/openssl#728

test_provider.rb: Make a legacy provider test optional. by @junaruga in ruby/openssl#721

Revert openssl dir workaround on TruffleRuby by @eregon in ruby/openssl#705

Fix test_pkey_dsa.rb in FIPS. by @junaruga in ruby/openssl#729

Use www.rfc-editor.org for RFC text. by @hsbt in ruby/openssl#737

CI: Upgrade OpenSSL and LibreSSL versions. by @junaruga in ruby/openssl#745

Only CSR version 1 (encoded as 0) is allowed by PKIX standards by @botovq in ruby/openssl#747

Introduce basic support for close_read and close_write. by @ioquatix in ruby/openssl#743

CI: Remove workaround for Ruby-3.2 and 3.3 on Windows by @larskanis in ruby/openssl#748

Add OpenSSL::Digest.digests to get a list of available digests by @bdewater in ruby/openssl#726

Remove trailing space in test_ssl.rb by @peterzhu2118 in ruby/openssl#750

asn1: check error return from i2d_ASN1_TYPE() by @rhenium in ruby/openssl#755

read: don't clear buffer when nothing can be read by @casperisfine in ruby/openssl#739

Add to_text for PKCS7 and Timestamp::Response by @segiddins in ruby/openssl#756

[CI] test.yml - use bundle exec, use setup-ruby bundler-cache, fixes Windows issue by @MSP-Greg in ruby/openssl#758

Don't download OpenSSL from ftp.openssl.org anyomre by @KJTsanaktsidis in ruby/openssl#763

Fix test_create_with_mac_iter accidently setting keytype not maciter by @KJTsanaktsidis in ruby/openssl#762

Add X509::Certificate#tbs_bytes by @segiddins in ruby/openssl#753

Clarify license by @rhenium in ruby/openssl#754

Automatically update GitHub Pages from master branch by @rhenium in ruby/openssl#764

CI: Rely on setup-ruby to install Bundler gems by @olleolleolle in ruby/openssl#766

Pass through nil as digest when signing certificates by @gartens in ruby/openssl#761

rewriting most of the asn1 init code in ruby by @HoneyryderChuck in ruby/openssl#740

Add SSLSocket#readbyte by @lwoggardner in ruby/openssl#771

A temporary workaround to download OpenSSL archive files. by @junaruga in ruby/openssl#779

x509attr: avoid using OpenSSL::ASN1 internals in #value= by @rhenium in ruby/openssl#773

Set time directly on the x509 store by @segiddins in ruby/openssl#770

Revert "A temporary workaround to download OpenSSL archive files." by @junaruga in ruby/openssl#781

CI: Upgrade OpenSSL and LibreSSL versions by @junaruga in ruby/openssl#782

Make "rake debug" protective for a Ruby OpenSSL loading error. by @junaruga in ruby/openssl#783

Update .github/workflows/test.yml by @rhenium in ruby/openssl#784

test_s_generate_parameters: Consider a DSA error in FIPS. by @junaruga in ruby/openssl#786

... (truncated)

Changelog

Sourced from openssl's changelog.

Version 3.3.0

Compatibility

Ruby version: 2.7 or later

OpenSSL version: OpenSSL 1.0.2 or later, and LibreSSL 3.1 or later

Notable changes

OpenSSL::SSL

OpenSSL::SSL::SSLSocket#set_params no longer sets #min_version= to TLS 1.0 except when OpenSSL 1.0.2 is used. This has been done to disable SSL 3.0, which is not supported by default in OpenSSL 1.1.0 or later, or in LibreSSL. This lets it respect the system default if the system-wide configuration file specifies a higher minimum protocol version. [[GitHub #710]](ruby/openssl#710)

OpenSSL::SSL::SSLSocket.new no longer enables the OpenSSL::SSL::OP_ALL SSL options by default and follows the system default. [[GitHub #767]](ruby/openssl#767)

Add the following IO methods to OpenSSL::SSL::SSLSocket, which will pass along to the underlying socket: #local_address, #remote_address, #close_on_exec=, #close_on_exec?, #wait, #wait_readable, and #wait_writable. [[GitHub #708]](ruby/openssl#708)

Update OpenSSL::SSL::SSLSocket#gets to take the chomp keyword argument. [[GitHub #708]](ruby/openssl#708)

Make OpenSSL::SSL::SSLSocket respect the IO#timeout value of the underlying socket on Ruby 3.2 or later. #timeout and #timeout= methods are also added. [[GitHub #714]](ruby/openssl#714)

Add OpenSSL::SSL::SSLSocket#close_read and #close_write. [[GitHub #743]](ruby/openssl#743)

Add OpenSSL::Digest.digests to get a list of all available digest algorithms. [[GitHub #726]](ruby/openssl#726)

Fix OpenSSL::SSL::SSLSocket#read_nonblock clearing the passed String buffer when nothing can be read from the connection. [[GitHub #739]](ruby/openssl#739)

Add #to_text methods to OpenSSL::Timestamp::Response, OpenSSL::Timestamp::Request, OpenSSL::Timestamp::TokenInfo, and OpenSSL::PKCS7 to get a human-readable representation of the object. [[GitHub #756]](ruby/openssl#756)

Add OpenSSL::X509::Certificate#tbs_bytes to get the DER encoding of the TBSCertificate. [[GitHub #753]](ruby/openssl#753)

Allow passing nil as the digest algorithm to #sign methods on OpenSSL::X509::Certificate, OpenSSL::X509::Request, and

... (truncated)

Commits

e5153db Ruby/OpenSSL 3.3.0
a6947fe Merge pull request #829 from rhenium/ky/ssl-test-fix-test_ctx_client_session_...
210ba03 ssl: fix flaky test case test_ctx_client_session_cb_tls13_exception
f4e7c4b Merge pull request #825 from rhenium/ky/digest-remove-finish-opt
dcb2a4f digest: remove optional parameter from OpenSSL::Digest#finish
b718965 Merge pull request #788 from rhenium/ky/pkcs12-set-mac
3f9a87a Merge branch 'maint-3.2'
2d7247e Ruby/OpenSSL 3.2.1
d484254 Merge pull request #815 from rhenium/ky/use-rubygems-trusted-publishing
1269785 Configure RubyGems Trusted Publishing
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [openssl](https://github.com/ruby/openssl) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/ruby/openssl/releases) - [Changelog](https://github.com/ruby/openssl/blob/master/History.md) - [Commits](ruby/openssl@v3.2.0...v3.3.0) --- updated-dependencies: - dependency-name: openssl dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Dec 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump openssl from 3.2.0 to 3.3.0 #1783

chore(deps): bump openssl from 3.2.0 to 3.3.0 #1783

dependabot bot commented on behalf of github Dec 23, 2024

chore(deps): bump openssl from 3.2.0 to 3.3.0 #1783

Are you sure you want to change the base?

chore(deps): bump openssl from 3.2.0 to 3.3.0 #1783

Conversation

dependabot bot commented on behalf of github Dec 23, 2024

v3.3.0

What's Changed

Version 3.3.0

Compatibility

Notable changes