OpenSSL's PKCS12_create() by default uses pbewithSHAAnd40BitRC2-CBC for
encryption of the certificates. However, in OpenSSL 3.0, the algorithm
is part of the legacy provider and is not enabled by default.
Specify another algorithm that is still in the default provider for
these test cases.
https://github.com/ruby/openssl/commit/998406d18f
OpenSSL 3.0 slightly changed the error message for a certificate
verification failure when an untrusted self-signed certificate is found
in the chain.
https://github.com/ruby/openssl/commit/b5a0a19850
Remove availability test for MD4 and RIPEMD160 as they are considered
legacy and may be missing depending on the compile-time options of
OpenSSL. OpenSSL 3.0 by default disables them.
https://github.com/ruby/openssl/commit/a3e59f4c2e
Disabling ECC support of OpenSSL is impractical nowadays.
We still try to have the C extension compile on no-ec builds (as well
as no-dh or no-engine, etc.) as long as we can, but keeping test cases
for such an extreme scenario is not worth the effort.
https://github.com/ruby/openssl/commit/2cd01d4676
It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not
work with OpenSSL 3.0. The same can easily be achieved using
PKey#public_to_der regardless of the key kind.
https://github.com/ruby/openssl/commit/7b66eaa2db
844588f9157b364244a7d34ee0fcc70ccc2a7dd9 made it so that trying to call
gc_verify_compaction_references on unsupported platform result in an
exception rather than a crash. Rescue the exception in a YJIT btest
that uses gc_verify_compaction_references.
It seems like `gc_verify_compaction_references` is not protected in case
alignment is wrong. This commit pushes the alignment check down to
`gc_start_internal` so that anyone trying to compact will check page
alignment
I think this method may be getting called on PowerPC and the alignment
might be wrong.
http://rubyci.s3.amazonaws.com/ppc64le/ruby-master/log/20211021T190006Z.fail.html.gz
2d98593bf54a37397c6e4886ccc7e3654c2eaf85 made it so that
attr_accessor methods fire C method tracing events.
Previously, we weren't checking for whether we are tracing before
compiling, leading to missed events.
Since global invalidation invalidates all code, and that attr_accessor
methods can never enable tracing while running, events are only dropped
when YJIT tries to compile when tracing is already enabled.
Factor out the code for checking tracing and check it before generating
code for attr_accessor methods.
This change fixes TestSetTraceFunc#test_tracepoint_attr when it's
ran in isolation.
I am not sure why this flag was turned off (it wasn't explained in my commit message in 0365dc852767ae589376a7aad1fb129738e408b0 or in my PR in #4411).
Whatever the reason, without `default_ignores` turned on, most default CI configurations will immediately fail, as they most likely vendor and cache their dependencies under `vendor`, which will cause standard to run against all the vendored gems and (most likely) fail. I think we should remove this before this feature is released.
https://github.com/rubygems/rubygems/commit/677f74be48
TestRubyOptions#test_enable was broken on OpenBSD after the yjit
merge. --yjit (and --enable-all, which enables --yjit) fails on
OpenBSD because yjit uses an insecure mmap call (both writable
and executable), in alloc_exec_mem, which OpenBSD does not allow.
This can probably be reverted if yjit switches to a more secure
mmap design (writable xor executable). This would involve
initially calling mmap with PROT_READ | PROT_WRITE, and after writing
of executable code has finished, using mprotect to switch to
PROT_READ | PROT_EXEC. I believe Firefox uses this approach for
their Javascript engine since Firefox 46.
