initial DTLS work for ruby-openssl

DTLS.md

@@ -0,0 +1,43 @@
+
+In order to get DTLS to work, you need a patched copy of Openssl.
+Get it here:
+   https://github.com/mcr/openssl/tree/dtls-listen-refactor
+
+build and install it.  You might want to compile without DSO support, as that will
+make it easier for the ruby-openssl module to link in the right code. To do
+that you can do:
+     ./Configure no-shared --prefix=/sandel/3rd/openssl --debug linux-x86_64
+
+(--debug being optional)
+
+The resulting openssl.so will be significantly bigger, btw:
+    %size tmp/x86_64-linux/openssl/2.4.1/openssl.so
+       text    data     bss     dec     hex filename
+    3889567  261788   16856 4168211  3f9a13 tmp/x86_64-linux/openssl/2.4.1/openssl.so
+
+
+Pick a --prefix which is not on your regular paths.  Probably gem can be
+persuaded to do all of this, but hopefully the code will upstreamed sooner
+and the problem will go away.
+
+If DTLSv1_accept() is not available, then the DTLS support will not include
+server side code, only client side code.  No patches are necessary to make
+client-side DTLS work.  To be sure that the patch has been found is enabled
+check for:
+
+    checking for DTLSv1_accept()... yes
+
+
+Then build with:
+
+    rake compile -- --with-openssl-dir=/sandel/3rd/openssl
+
+I don't know how to add the extra arguments required to your Gemfile so that
+it will be built properly during bundle processing. I'm sure that there is a way,
+patches welcome. I do:
+    gem build openssl
+    gem install ./openssl-2.2.0.pre.mcr1.gem
+
+BTW: the pull request is at:
+    https://github.com/openssl/openssl/pull/5024
+and comments would be welcome.

README.md

@@ -6,6 +6,8 @@
 OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
 OpenSSL library.
 
+[DTLS] support is being worked on.
+
 ## Installation
 
 The openssl gem is available at [rubygems.org](https://rubygems.org/gems/openssl).

ext/openssl/extconf.rb

@@ -149,6 +149,10 @@ def find_openssl_library
 have_func("X509_STORE_up_ref")
 have_func("SSL_SESSION_up_ref")
 have_func("EVP_PKEY_up_ref")
+
+# added after 1.1.0
+have_func("DTLSv1_accept")
+
 OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
 OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
 have_func("SSL_CTX_get_security_level")

ext/openssl/ossl.c

@@ -1204,6 +1204,7 @@ Init_openssl(void)
     Init_ossl_pkey();
     Init_ossl_rand();
     Init_ossl_ssl();
+    Init_ossl_dtls();  /* must be after _ssl */
     Init_ossl_x509();
     Init_ossl_ocsp();
     Init_ossl_engine();

ext/openssl/ossl.h

@@ -41,6 +41,15 @@
 #include <openssl/evp.h>
 #include <openssl/dh.h>
 
+#ifndef OPENSSL_VERSION_AT_LEAST
+/* this will show up in a future version of opensslv.h */
+
+#define OPENSSL_MAKE_VERSION(maj,min,fix,patch,status) (((maj&0xf) << 28)+((min&0xff)<<20)+((fix&0xff)<<12)+((patch&0xff)<<4)+status)
+/* use this for #if tests, should never depend upon patch/status */
+#define OPENSSL_VERSION_AT_LEAST(maj,min,fix) (OPENSSL_MAKE_VERSION(maj,min,fix, 0, 0) >= OPENSSL_VERSION_NUMBER)
+
+#endif
+
 /*
  * Common Module
  */
@@ -168,6 +177,7 @@ void ossl_debug(const char *, ...);
 #include "ossl_pkey.h"
 #include "ossl_rand.h"
 #include "ossl_ssl.h"
+#include "ossl_dtls.h"
 #include "ossl_version.h"
 #include "ossl_x509.h"
 #include "ossl_engine.h"