Ruby Issue Tracking System

04/08/2026

01:00 PM Ruby Revision 7209523f (git): [ruby/openssl] kdf: fix wrong OPENSSL_cleanse() calls

Embarrassingly, the previous commits introduced OPENSSL_cleanse() calls
against the temporary struct instead of the buffer content. Thanks to
nagachika for noticing.
https://github.com/ruby/openssl/commit/8eca3efad4 rhenium (Kazuki Yamaguchi)

11:08 AM Ruby Revision 5c7e3c20 (git): [ruby/openssl] kdf: release GVL in OpenSSL::KDF.pbkdf2_hmac

Since PBKDF2 runs single-threaded and is typically configured to take
several hundred milliseconds or longer, it is a perfect candidate to be
run without the GVL.
https://github.com/ruby/openssl/commit/2a24966414 rhenium (Kazuki Yamaguchi)

11:08 AM Ruby Revision a5c9e840 (git): [ruby/openssl] kdf: release GVL in OpenSSL::KDF.scrypt

scrypt is another password hashing algorithm, so releasing the GVL is
useful.
https://github.com/ruby/openssl/commit/dd2f6ba892 rhenium (Kazuki Yamaguchi)

03/31/2026

03:14 PM Ruby Revision de1d14c0 (git): [ruby/openssl] Add const qualifiers for OpenSSL 4.0 compatibility

OpenSSL's master branch is changing functions to return const pointers
where the returned objects are not meant to be modified by the caller.
Update ossl_*_new() to take const pointers accordingly. Unfortunately,
*_dup() in older versio... rhenium (Kazuki Yamaguchi)

03:14 PM Ruby Revision f17a0af9 (git): [ruby/openssl] pkey: remove unnecessary prototype from ossl_pkey.h

ossl_ec_new() was removed in commit https://github.com/ruby/openssl/commit/94aeab2f265d (pkey: simplify
ossl_pkey_new(), 2017-03-16), but it forgot to remove the declaration
while doing so.
https://github.com/ruby/openssl/commit/faad7a0811 rhenium (Kazuki Yamaguchi)

03:14 PM Ruby Revision b41b1430 (git): [ruby/openssl] asn1: use new ASN1_BIT_STRING accessor functions with OpenSSL 4.0

ASN1_STRING has been made opaque in OpenSSL's master branch. Use the
new accessor functions instead of accessing fields directly.
Other uses of ASN1_STRING fields were already updated in
<https://github.com/ruby/openssl/pull/978>. This ... rhenium (Kazuki Yamaguchi)

03:14 PM Ruby Revision 5973d619 (git): [ruby/openssl] ssl: fix test_tmp_dh and test_tmp_dh_callback with OpenSSL 4.0

OpenSSL master added support for RFC 7919 groups in TLS 1.2. They are
preferred over SSLContext#tmp_dh= or #tmp_dh_callback= values if the
client advertises them in the supported_groups extension.
https://github.com/ruby/openssl/commit/... rhenium (Kazuki Yamaguchi)

02/16/2026

04:59 PM Ruby Revision f5f9fe24 (git): [ruby/openssl] Ruby/OpenSSL 4.0.1

https://github.com/ruby/openssl/commit/38a1a4a8f0 rhenium (Kazuki Yamaguchi)

02/15/2026

05:50 PM Ruby Bug #21879 (Rejected): OpenSSL::SSL::SSLContext does not perform peer verification by default

Please include the description in the description field rather than as a PDF attachment.
`OpenSSL::SSL::SSLContext.new` uses the OpenSSL defaults, which don't enable peer verification. TLS is more than just HTTPS and there is no singl... rhenium (Kazuki Yamaguchi)

01/23/2026

04:47 PM Ruby Revision 48848e8d (git): [ruby/openssl] ssl: update tests for SSLContext#servername_cb callback

If an exception is raised by the SSLContext#servername_cb proc, the
handshake should be canceled by sending an "unrecognized_name" alert to
the client, and the exception should be re-raised from SSLSocket#accept.
Add more direct asserti... rhenium (Kazuki Yamaguchi)