Ruby Issue Tracking System

03/31/2026

03:14 PM Ruby Revision de1d14c0 (git): [ruby/openssl] Add const qualifiers for OpenSSL 4.0 compatibility

OpenSSL's master branch is changing functions to return const pointers
where the returned objects are not meant to be modified by the caller.
Update ossl_*_new() to take const pointers accordingly. Unfortunately,
*_dup() in older versio... rhenium (Kazuki Yamaguchi)

03:14 PM Ruby Revision f17a0af9 (git): [ruby/openssl] pkey: remove unnecessary prototype from ossl_pkey.h

ossl_ec_new() was removed in commit https://github.com/ruby/openssl/commit/94aeab2f265d (pkey: simplify
ossl_pkey_new(), 2017-03-16), but it forgot to remove the declaration
while doing so.
https://github.com/ruby/openssl/commit/faad7a0811 rhenium (Kazuki Yamaguchi)

03:14 PM Ruby Revision b41b1430 (git): [ruby/openssl] asn1: use new ASN1_BIT_STRING accessor functions with OpenSSL 4.0

ASN1_STRING has been made opaque in OpenSSL's master branch. Use the
new accessor functions instead of accessing fields directly.
Other uses of ASN1_STRING fields were already updated in
<https://github.com/ruby/openssl/pull/978>. This ... rhenium (Kazuki Yamaguchi)

03:14 PM Ruby Revision 5973d619 (git): [ruby/openssl] ssl: fix test_tmp_dh and test_tmp_dh_callback with OpenSSL 4.0

OpenSSL master added support for RFC 7919 groups in TLS 1.2. They are
preferred over SSLContext#tmp_dh= or #tmp_dh_callback= values if the
client advertises them in the supported_groups extension.
https://github.com/ruby/openssl/commit/... rhenium (Kazuki Yamaguchi)

02/16/2026

04:59 PM Ruby Revision f5f9fe24 (git): [ruby/openssl] Ruby/OpenSSL 4.0.1

https://github.com/ruby/openssl/commit/38a1a4a8f0 rhenium (Kazuki Yamaguchi)

02/15/2026

05:50 PM Ruby Bug #21879 (Rejected): OpenSSL::SSL::SSLContext does not perform peer verification by default

Please include the description in the description field rather than as a PDF attachment.
`OpenSSL::SSL::SSLContext.new` uses the OpenSSL defaults, which don't enable peer verification. TLS is more than just HTTPS and there is no singl... rhenium (Kazuki Yamaguchi)

01/23/2026

04:47 PM Ruby Revision 48848e8d (git): [ruby/openssl] ssl: update tests for SSLContext#servername_cb callback

If an exception is raised by the SSLContext#servername_cb proc, the
handshake should be canceled by sending an "unrecognized_name" alert to
the client, and the exception should be re-raised from SSLSocket#accept.
Add more direct asserti... rhenium (Kazuki Yamaguchi)

04:41 PM Ruby Revision 0379aab6 (git): [ruby/openssl] ssl: fix errno display in exception messages

The errno reported in an OpenSSL::SSL::SSLError raised by
SSLSocket#accept and #connect sometimes does not match what SSL_accept()
or SSL_connect() actually encountered. Depending on the evaluation order
of arguments passed to ossl_raise... rhenium (Kazuki Yamaguchi)

04:41 PM Ruby Revision 0fddb9af (git): [ruby/openssl] ssl: refactor peeraddr_ip_str()

Remove an unnecessary instance variable lookup and constant lookup.
Ruby's public headers provide rb_eSystemCallError.
https://github.com/ruby/openssl/commit/46c92233fb rhenium (Kazuki Yamaguchi)

12/27/2025

07:46 AM Ruby Revision 3c9e61f5 (git): [ruby/openssl] cipher: remove incorrect assertion in Cipher#update

Commit https://github.com/ruby/openssl/commit/1de3b80a46c2 (cipher: make output buffer String independent,
2024-12-10) ensures the output buffer String has sufficient capacity,
bu the length can be shorter. The assert() is simply incorre... rhenium (Kazuki Yamaguchi)