Ruby Issue Tracking System

11/22/2025

04:48 PM Ruby Revision 424499dd (git): [ruby/openssl] ts: refactor converting string to ASN1_OBJECT

obj_to_asn1obj() in ossl_ts.c and ossl_asn1.c are identical. Let's
remove one in ossl_ts.c.
eASN1Error can now be made static to ossl_asn1.c.
https://github.com/ruby/openssl/commit/dcb05c40c2 rhenium (Kazuki Yamaguchi)

04:48 PM Ruby Revision dd489ee9 (git): [ruby/openssl] asn1: refactor converting ASN1_OBJECT to string

ruby/openssl exposes OIDs to Ruby as strings in many places, but the
conversion logic has been duplicated and the behavior is inconsistent.
There are mainly two patterns:
- Returns the short name associated with the OID/NID, or the dot... rhenium (Kazuki Yamaguchi)

02:25 PM Ruby Revision f9efa0cc (git): [ruby/openssl] pkey/ec: fix OpenSSL::PKey::EC::Group#curve_name for unknown curves

EC_GROUP_get_curve_name() returns NID_undef when OpenSSL does not
recognize the curve and there is no associated OID.
Handle this case explicitly and return nil instead of the string
"UNDEF", which should not be exposed outside the exte... rhenium (Kazuki Yamaguchi)

11/18/2025

12:49 PM Ruby Revision 522b7d82 (git): [ruby/openssl] ssl: fix test_pqc_sigalg on RHEL 9.7

RHEL 9.7 ships OpenSSL 3.5.1 with ML-DSA support, but it is disabled
for TLS by default, according to the system configuration file:
/etc/crypto-policies/back-ends/opensslcnf.config
Specify SSLContext#sigalgs to override the default lis... rhenium (Kazuki Yamaguchi)

11/06/2025

04:19 PM Ruby Revision f7e7443a (git): Adjust OpenSSL specs for digest algorithm lookup

https://github.com/ruby/openssl/pull/958 changed the common logic for
digest algorithm lookup:
- If the argument is neither an OpenSSL::Digest instance nor a String,
it is now implicitly converted to String with #to_str. This is
... rhenium (Kazuki Yamaguchi)

01:40 PM Ruby Revision 87ae631b (git): [ruby/openssl] pkey/rsa: fix usage of eRSAError

This is a follow-up to commit https://github.com/ruby/openssl/commit/e74ff3e2722f, which missed the line added
in a different PR.
https://github.com/ruby/openssl/commit/1b01d19456 rhenium (Kazuki Yamaguchi)

01:33 PM Ruby Revision 16b1aa4e (git): [ruby/openssl] pkey: unify error classes into PKeyError

Remove the following subclasses of OpenSSL::PKey::PKeyError and make
them aliases of it.
- OpenSSL::PKey::DHError
- OpenSSL::PKey::DSAError
- OpenSSL::PKey::ECError
- OpenSSL::PKey::RSAError
Historically, methods defined on OpenSSL... rhenium (Kazuki Yamaguchi)

01:25 PM Ruby Revision 26751e40 (git): [ruby/openssl] cipher: raise CipherError for unsupported algorithm name

Raise OpenSSL::Cipher::CipherError instead of ArgumentError or
RuntimeError for consistency.
https://github.com/ruby/openssl/commit/78601c9c34 rhenium (Kazuki Yamaguchi)

01:25 PM Ruby Revision 10d2311e (git): [ruby/openssl] digest: use EVP_MD_fetch() if available

With the introduction of OpenSSL 3 providers, newly implemented
algorithms do not necessarily have a corresponding NID assigned. To use
such an algorithm, it has to be "fetched" from providers using the new
EVP_*_fetch() functions.
For ... rhenium (Kazuki Yamaguchi)

01:25 PM Ruby Revision 57aaf86b (git): [ruby/openssl] cipher: use EVP_CIPHER_fetch() if available

Likewise, use EVP_MD_fetch() if it is available.
This adds support for AES-GCM-SIV with OpenSSL 3.2 or later.
https://github.com/ruby/openssl/commit/0e565a215e rhenium (Kazuki Yamaguchi)