OpenSSL 3.0 Support

[sukeerthiadiga]

No description provided.

[bak1an]

@sukeerthiadiga Are you seeing any specific issues with openssl 3.0?

[bak1an]

Ok, I found exact issue.

With following patch I have tests passing with ruby 3.2 and openssl gem 3.2 (required to get OpenSSL::Provider, else openssl env config required for legacy ciphers) built against openssl 3.3:

3.2.4 :001 > require 'openssl'
 => true
3.2.4 :002 > OpenSSL::VERSION
 => "3.2.0"
3.2.4 :003 > OpenSSL::OPENSSL_LIBRARY_VERSION
 => "OpenSSL 3.3.0 9 Apr 2024"
3.2.4 :004 > RUBY_VERSION
 => "3.2.4"

diff --git a/lib/ntlm/util.rb b/lib/ntlm/util.rb
index 4eaeac2..77fdc7c 100644
--- a/lib/ntlm/util.rb
+++ b/lib/ntlm/util.rb
@@ -2,6 +2,10 @@

 require 'openssl'

+if defined?(OpenSSL::Provider)
+  OpenSSL::Provider.load('legacy')
+end
+
 module NTLM
   module Util

@@ -54,7 +58,7 @@ module NTLM
       keys = create_des_keys(key[0, key_length])

       result = ''
-      cipher = OpenSSL::Cipher::DES.new
+      cipher = OpenSSL::Cipher::DES.new(:ecb)
       keys.each do |k|
         cipher.encrypt
         cipher.key = k
diff --git a/ruby-ntlm.gemspec b/ruby-ntlm.gemspec
index 4d41fc7..4c2f42d 100644
--- a/ruby-ntlm.gemspec
+++ b/ruby-ntlm.gemspec
@@ -18,7 +18,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]

-  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_dependency "openssl", "~> 3.2.0"
+
   spec.add_development_dependency "rake"
   spec.add_development_dependency "test-unit"
 end

bundle exec rake test                                                                                                                1 -I-
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
/Users/bak1an/.rvm/rubies/ruby-3.2.4/bin/ruby -w -I"lib:lib:test" /Users/bak1an/.rvm/gems/ruby-3.2.4@ntlm/gems/rake-13.2.1/lib/rake/rake_test_loader.rb "test/auth_test.rb" "test/function_test.rb"
/Users/bak1an/.rvm/gems/ruby-3.2.4@ntlm/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/error.rb:105: warning: constant DidYouMean::SPELL_CHECKERS is deprecated
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
LOADING LEGECY PROVIDER
Loaded suite /Users/bak1an/.rvm/gems/ruby-3.2.4@ntlm/gems/rake-13.2.1/lib/rake/rake_test_loader
Started
Finished in 0.002056 seconds.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
6 tests, 9 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
100% passed
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2918.29 tests/s, 4377.43 assertions/s

[bak1an]

I do have a branch for this there master...bak1an:ruby-ntlm:openssl3

@macks Would you be interested in a PR to properly release this?

[bak1an]

Having openssl 3.2 gem as a dependency will require limiting minimal ruby version to 2.7 (and will ideally mean some code cleanup here) but it seems fine to me. Older ruby version will not be affected by openssl 3 anyway so they can just use older gem version.

[bak1an]

https://github.com/bak1an/net-smtp-auth_ntlm

Made rubyntlm wrapper for smtp. Does not require any openssl tricks.