openssl 2.0.0.beta.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of openssl might be problematic. Click here for more details.

Files changed (71) hide show
  1. checksums.yaml +7 -0
  2. data/BSDL +22 -0
  3. data/CONTRIBUTING.md +130 -0
  4. data/History.md +118 -0
  5. data/LICENSE.txt +56 -0
  6. data/README.md +70 -0
  7. data/ext/openssl/deprecation.rb +26 -0
  8. data/ext/openssl/extconf.rb +158 -0
  9. data/ext/openssl/openssl_missing.c +173 -0
  10. data/ext/openssl/openssl_missing.h +244 -0
  11. data/ext/openssl/ossl.c +1201 -0
  12. data/ext/openssl/ossl.h +222 -0
  13. data/ext/openssl/ossl_asn1.c +1992 -0
  14. data/ext/openssl/ossl_asn1.h +66 -0
  15. data/ext/openssl/ossl_bio.c +87 -0
  16. data/ext/openssl/ossl_bio.h +19 -0
  17. data/ext/openssl/ossl_bn.c +1153 -0
  18. data/ext/openssl/ossl_bn.h +23 -0
  19. data/ext/openssl/ossl_cipher.c +1085 -0
  20. data/ext/openssl/ossl_cipher.h +20 -0
  21. data/ext/openssl/ossl_config.c +89 -0
  22. data/ext/openssl/ossl_config.h +19 -0
  23. data/ext/openssl/ossl_digest.c +453 -0
  24. data/ext/openssl/ossl_digest.h +20 -0
  25. data/ext/openssl/ossl_engine.c +580 -0
  26. data/ext/openssl/ossl_engine.h +19 -0
  27. data/ext/openssl/ossl_hmac.c +398 -0
  28. data/ext/openssl/ossl_hmac.h +18 -0
  29. data/ext/openssl/ossl_ns_spki.c +406 -0
  30. data/ext/openssl/ossl_ns_spki.h +19 -0
  31. data/ext/openssl/ossl_ocsp.c +2013 -0
  32. data/ext/openssl/ossl_ocsp.h +23 -0
  33. data/ext/openssl/ossl_pkcs12.c +259 -0
  34. data/ext/openssl/ossl_pkcs12.h +13 -0
  35. data/ext/openssl/ossl_pkcs5.c +180 -0
  36. data/ext/openssl/ossl_pkcs5.h +6 -0
  37. data/ext/openssl/ossl_pkcs7.c +1125 -0
  38. data/ext/openssl/ossl_pkcs7.h +20 -0
  39. data/ext/openssl/ossl_pkey.c +435 -0
  40. data/ext/openssl/ossl_pkey.h +245 -0
  41. data/ext/openssl/ossl_pkey_dh.c +650 -0
  42. data/ext/openssl/ossl_pkey_dsa.c +672 -0
  43. data/ext/openssl/ossl_pkey_ec.c +1899 -0
  44. data/ext/openssl/ossl_pkey_rsa.c +768 -0
  45. data/ext/openssl/ossl_rand.c +238 -0
  46. data/ext/openssl/ossl_rand.h +18 -0
  47. data/ext/openssl/ossl_ssl.c +2679 -0
  48. data/ext/openssl/ossl_ssl.h +41 -0
  49. data/ext/openssl/ossl_ssl_session.c +352 -0
  50. data/ext/openssl/ossl_version.h +15 -0
  51. data/ext/openssl/ossl_x509.c +186 -0
  52. data/ext/openssl/ossl_x509.h +119 -0
  53. data/ext/openssl/ossl_x509attr.c +328 -0
  54. data/ext/openssl/ossl_x509cert.c +860 -0
  55. data/ext/openssl/ossl_x509crl.c +565 -0
  56. data/ext/openssl/ossl_x509ext.c +480 -0
  57. data/ext/openssl/ossl_x509name.c +547 -0
  58. data/ext/openssl/ossl_x509req.c +492 -0
  59. data/ext/openssl/ossl_x509revoked.c +279 -0
  60. data/ext/openssl/ossl_x509store.c +846 -0
  61. data/ext/openssl/ruby_missing.h +32 -0
  62. data/lib/openssl.rb +21 -0
  63. data/lib/openssl/bn.rb +39 -0
  64. data/lib/openssl/buffering.rb +451 -0
  65. data/lib/openssl/cipher.rb +67 -0
  66. data/lib/openssl/config.rb +473 -0
  67. data/lib/openssl/digest.rb +78 -0
  68. data/lib/openssl/pkey.rb +44 -0
  69. data/lib/openssl/ssl.rb +416 -0
  70. data/lib/openssl/x509.rb +176 -0
  71. metadata +178 -0
@@ -0,0 +1,41 @@
1
+ /*
2
+ * 'OpenSSL for Ruby' project
3
+ * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
4
+ * All rights reserved.
5
+ */
6
+ /*
7
+ * This program is licensed under the same licence as Ruby.
8
+ * (See the file 'LICENCE'.)
9
+ */
10
+ #if !defined(_OSSL_SSL_H_)
11
+ #define _OSSL_SSL_H_
12
+
13
+ #define GetSSL(obj, ssl) do { \
14
+ TypedData_Get_Struct((obj), SSL, &ossl_ssl_type, (ssl)); \
15
+ if (!(ssl)) { \
16
+ ossl_raise(rb_eRuntimeError, "SSL is not initialized"); \
17
+ } \
18
+ } while (0)
19
+
20
+ #define GetSSLSession(obj, sess) do { \
21
+ TypedData_Get_Struct((obj), SSL_SESSION, &ossl_ssl_session_type, (sess)); \
22
+ if (!(sess)) { \
23
+ ossl_raise(rb_eRuntimeError, "SSL Session wasn't initialized."); \
24
+ } \
25
+ } while (0)
26
+
27
+ #define SafeGetSSLSession(obj, sess) do { \
28
+ OSSL_Check_Kind((obj), cSSLSession); \
29
+ GetSSLSession((obj), (sess)); \
30
+ } while (0)
31
+
32
+ extern const rb_data_type_t ossl_ssl_type;
33
+ extern const rb_data_type_t ossl_ssl_session_type;
34
+ extern VALUE mSSL;
35
+ extern VALUE cSSLSocket;
36
+ extern VALUE cSSLSession;
37
+
38
+ void Init_ossl_ssl(void);
39
+ void Init_ossl_ssl_session(void);
40
+
41
+ #endif /* _OSSL_SSL_H_ */
@@ -0,0 +1,352 @@
1
+ /*
2
+ * Copyright (C) 2004-2007 Technorama Ltd. <oss-ruby@technorama.net>
3
+ */
4
+
5
+ #include "ossl.h"
6
+
7
+ VALUE cSSLSession;
8
+ static VALUE eSSLSession;
9
+
10
+ static void
11
+ ossl_ssl_session_free(void *ptr)
12
+ {
13
+ SSL_SESSION_free(ptr);
14
+ }
15
+
16
+ const rb_data_type_t ossl_ssl_session_type = {
17
+ "OpenSSL/SSL/Session",
18
+ {
19
+ 0, ossl_ssl_session_free,
20
+ },
21
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
22
+ };
23
+
24
+ static VALUE ossl_ssl_session_alloc(VALUE klass)
25
+ {
26
+ return TypedData_Wrap_Struct(klass, &ossl_ssl_session_type, NULL);
27
+ }
28
+
29
+ /*
30
+ * call-seq:
31
+ * Session.new(ssl_socket) -> Session
32
+ * Session.new(string) -> Session
33
+ *
34
+ * Creates a new Session object from an instance of SSLSocket or DER/PEM encoded
35
+ * String.
36
+ */
37
+ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
38
+ {
39
+ SSL_SESSION *ctx = NULL;
40
+
41
+ if (RDATA(self)->data)
42
+ ossl_raise(eSSLSession, "SSL Session already initialized");
43
+
44
+ if (rb_obj_is_instance_of(arg1, cSSLSocket)) {
45
+ SSL *ssl;
46
+
47
+ GetSSL(arg1, ssl);
48
+
49
+ if ((ctx = SSL_get1_session(ssl)) == NULL)
50
+ ossl_raise(eSSLSession, "no session available");
51
+ } else {
52
+ BIO *in = ossl_obj2bio(arg1);
53
+
54
+ ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
55
+
56
+ if (!ctx) {
57
+ OSSL_BIO_reset(in);
58
+ ctx = d2i_SSL_SESSION_bio(in, NULL);
59
+ }
60
+
61
+ BIO_free(in);
62
+
63
+ if (!ctx)
64
+ ossl_raise(rb_eArgError, "unknown type");
65
+ }
66
+
67
+ /* should not happen */
68
+ if (ctx == NULL)
69
+ ossl_raise(eSSLSession, "ctx not set - internal error");
70
+
71
+ RDATA(self)->data = ctx;
72
+
73
+ return self;
74
+ }
75
+
76
+ static VALUE
77
+ ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
78
+ {
79
+ SSL_SESSION *sess, *sess_other, *sess_new;
80
+
81
+ rb_check_frozen(self);
82
+ sess = RTYPEDDATA_DATA(self); /* XXX */
83
+ SafeGetSSLSession(other, sess_other);
84
+
85
+ sess_new = ASN1_dup((i2d_of_void *)i2d_SSL_SESSION, (d2i_of_void *)d2i_SSL_SESSION,
86
+ (char *)sess_other);
87
+ if (!sess_new)
88
+ ossl_raise(eSSLSession, "ASN1_dup");
89
+
90
+ RTYPEDDATA_DATA(self) = sess_new;
91
+ SSL_SESSION_free(sess);
92
+
93
+ return self;
94
+ }
95
+
96
+ #if HAVE_SSL_SESSION_CMP == 0
97
+ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
98
+ {
99
+ unsigned int a_len;
100
+ const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
101
+ unsigned int b_len;
102
+ const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
103
+
104
+ #if !defined(HAVE_OPAQUE_OPENSSL) /* missing SSL_SESSION_get_ssl_version() ? */
105
+ if (a->ssl_version != b->ssl_version)
106
+ return 1;
107
+ #endif
108
+ if (a_len != b_len)
109
+ return 1;
110
+
111
+ #if defined(_WIN32)
112
+ return memcmp(a_sid, b_sid, a_len);
113
+ #else
114
+ return CRYPTO_memcmp(a_sid, b_sid, a_len);
115
+ #endif
116
+ }
117
+ #endif
118
+
119
+ /*
120
+ * call-seq:
121
+ * session1 == session2 -> boolean
122
+ *
123
+ * Returns true if the two Session is the same, false if not.
124
+ */
125
+ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
126
+ {
127
+ SSL_SESSION *ctx1, *ctx2;
128
+
129
+ GetSSLSession(val1, ctx1);
130
+ SafeGetSSLSession(val2, ctx2);
131
+
132
+ switch (SSL_SESSION_cmp(ctx1, ctx2)) {
133
+ case 0: return Qtrue;
134
+ default: return Qfalse;
135
+ }
136
+ }
137
+
138
+ /*
139
+ * call-seq:
140
+ * session.time -> Time
141
+ *
142
+ * Returns the time at which the session was established.
143
+ */
144
+ static VALUE ossl_ssl_session_get_time(VALUE self)
145
+ {
146
+ SSL_SESSION *ctx;
147
+ time_t t;
148
+
149
+ GetSSLSession(self, ctx);
150
+
151
+ t = SSL_SESSION_get_time(ctx);
152
+
153
+ if (t == 0)
154
+ return Qnil;
155
+
156
+ return rb_funcall(rb_cTime, rb_intern("at"), 1, TIMET2NUM(t));
157
+ }
158
+
159
+ /*
160
+ * call-seq:
161
+ * session.timeout -> Integer
162
+ *
163
+ * Returns the timeout value set for the session, in seconds from the
164
+ * established time.
165
+ *
166
+ */
167
+ static VALUE ossl_ssl_session_get_timeout(VALUE self)
168
+ {
169
+ SSL_SESSION *ctx;
170
+ time_t t;
171
+
172
+ GetSSLSession(self, ctx);
173
+
174
+ t = SSL_SESSION_get_timeout(ctx);
175
+
176
+ return TIMET2NUM(t);
177
+ }
178
+
179
+ /*
180
+ * call-seq:
181
+ * session.time = time
182
+ * session.time = integer
183
+ *
184
+ * Sets start time of the session. Time resolution is in seconds.
185
+ *
186
+ */
187
+ static VALUE ossl_ssl_session_set_time(VALUE self, VALUE time_v)
188
+ {
189
+ SSL_SESSION *ctx;
190
+ long t;
191
+
192
+ GetSSLSession(self, ctx);
193
+ if (rb_obj_is_instance_of(time_v, rb_cTime)) {
194
+ time_v = rb_funcall(time_v, rb_intern("to_i"), 0);
195
+ }
196
+ t = NUM2LONG(time_v);
197
+ SSL_SESSION_set_time(ctx, t);
198
+ return ossl_ssl_session_get_time(self);
199
+ }
200
+
201
+ /*
202
+ * call-seq:
203
+ * session.timeout = integer
204
+ *
205
+ * Sets how long until the session expires in seconds.
206
+ */
207
+ static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
208
+ {
209
+ SSL_SESSION *ctx;
210
+ long t;
211
+
212
+ GetSSLSession(self, ctx);
213
+ t = NUM2LONG(time_v);
214
+ SSL_SESSION_set_timeout(ctx, t);
215
+ return ossl_ssl_session_get_timeout(self);
216
+ }
217
+
218
+ /*
219
+ * call-seq:
220
+ * session.id -> String
221
+ *
222
+ * Returns the Session ID.
223
+ */
224
+ static VALUE ossl_ssl_session_get_id(VALUE self)
225
+ {
226
+ SSL_SESSION *ctx;
227
+ const unsigned char *p = NULL;
228
+ unsigned int i = 0;
229
+
230
+ GetSSLSession(self, ctx);
231
+
232
+ p = SSL_SESSION_get_id(ctx, &i);
233
+
234
+ return rb_str_new((const char *) p, i);
235
+ }
236
+
237
+ /*
238
+ * call-seq:
239
+ * session.to_der -> String
240
+ *
241
+ * Returns an ASN1 encoded String that contains the Session object.
242
+ */
243
+ static VALUE ossl_ssl_session_to_der(VALUE self)
244
+ {
245
+ SSL_SESSION *ctx;
246
+ unsigned char *p;
247
+ int len;
248
+ VALUE str;
249
+
250
+ GetSSLSession(self, ctx);
251
+ len = i2d_SSL_SESSION(ctx, NULL);
252
+ if (len <= 0) {
253
+ ossl_raise(eSSLSession, "i2d_SSL_SESSION");
254
+ }
255
+
256
+ str = rb_str_new(0, len);
257
+ p = (unsigned char *)RSTRING_PTR(str);
258
+ i2d_SSL_SESSION(ctx, &p);
259
+ ossl_str_adjust(str, p);
260
+ return str;
261
+ }
262
+
263
+ /*
264
+ * call-seq:
265
+ * session.to_pem -> String
266
+ *
267
+ * Returns a PEM encoded String that contains the Session object.
268
+ */
269
+ static VALUE ossl_ssl_session_to_pem(VALUE self)
270
+ {
271
+ SSL_SESSION *ctx;
272
+ BIO *out;
273
+ BUF_MEM *buf;
274
+ VALUE str;
275
+ int i;
276
+
277
+ GetSSLSession(self, ctx);
278
+
279
+ if (!(out = BIO_new(BIO_s_mem()))) {
280
+ ossl_raise(eSSLSession, "BIO_s_mem()");
281
+ }
282
+
283
+ if (!(i=PEM_write_bio_SSL_SESSION(out, ctx))) {
284
+ BIO_free(out);
285
+ ossl_raise(eSSLSession, "SSL_SESSION_print()");
286
+ }
287
+
288
+ BIO_get_mem_ptr(out, &buf);
289
+ str = rb_str_new(buf->data, buf->length);
290
+ BIO_free(out);
291
+
292
+ return str;
293
+ }
294
+
295
+
296
+ /*
297
+ * call-seq:
298
+ * session.to_text -> String
299
+ *
300
+ * Shows everything in the Session object. This is for diagnostic purposes.
301
+ */
302
+ static VALUE ossl_ssl_session_to_text(VALUE self)
303
+ {
304
+ SSL_SESSION *ctx;
305
+ BIO *out;
306
+ BUF_MEM *buf;
307
+ VALUE str;
308
+
309
+ GetSSLSession(self, ctx);
310
+
311
+ if (!(out = BIO_new(BIO_s_mem()))) {
312
+ ossl_raise(eSSLSession, "BIO_s_mem()");
313
+ }
314
+
315
+ if (!SSL_SESSION_print(out, ctx)) {
316
+ BIO_free(out);
317
+ ossl_raise(eSSLSession, "SSL_SESSION_print()");
318
+ }
319
+
320
+ BIO_get_mem_ptr(out, &buf);
321
+ str = rb_str_new(buf->data, buf->length);
322
+ BIO_free(out);
323
+
324
+ return str;
325
+ }
326
+
327
+
328
+ void Init_ossl_ssl_session(void)
329
+ {
330
+ #if 0
331
+ mOSSL = rb_define_module("OpenSSL");
332
+ mSSL = rb_define_module_under(mOSSL, "SSL");
333
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
334
+ #endif
335
+ cSSLSession = rb_define_class_under(mSSL, "Session", rb_cObject);
336
+ eSSLSession = rb_define_class_under(cSSLSession, "SessionError", eOSSLError);
337
+
338
+ rb_define_alloc_func(cSSLSession, ossl_ssl_session_alloc);
339
+ rb_define_method(cSSLSession, "initialize", ossl_ssl_session_initialize, 1);
340
+ rb_define_copy_func(cSSLSession, ossl_ssl_session_initialize_copy);
341
+
342
+ rb_define_method(cSSLSession, "==", ossl_ssl_session_eq, 1);
343
+
344
+ rb_define_method(cSSLSession, "time", ossl_ssl_session_get_time, 0);
345
+ rb_define_method(cSSLSession, "time=", ossl_ssl_session_set_time, 1);
346
+ rb_define_method(cSSLSession, "timeout", ossl_ssl_session_get_timeout, 0);
347
+ rb_define_method(cSSLSession, "timeout=", ossl_ssl_session_set_timeout, 1);
348
+ rb_define_method(cSSLSession, "id", ossl_ssl_session_get_id, 0);
349
+ rb_define_method(cSSLSession, "to_der", ossl_ssl_session_to_der, 0);
350
+ rb_define_method(cSSLSession, "to_pem", ossl_ssl_session_to_pem, 0);
351
+ rb_define_method(cSSLSession, "to_text", ossl_ssl_session_to_text, 0);
352
+ }
@@ -0,0 +1,15 @@
1
+ /*
2
+ * 'OpenSSL for Ruby' project
3
+ * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
4
+ * All rights reserved.
5
+ */
6
+ /*
7
+ * This program is licensed under the same licence as Ruby.
8
+ * (See the file 'LICENCE'.)
9
+ */
10
+ #if !defined(_OSSL_VERSION_H_)
11
+ #define _OSSL_VERSION_H_
12
+
13
+ #define OSSL_VERSION "2.0.0"
14
+
15
+ #endif /* _OSSL_VERSION_H_ */
@@ -0,0 +1,186 @@
1
+ /*
2
+ * 'OpenSSL for Ruby' project
3
+ * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
4
+ * All rights reserved.
5
+ */
6
+ /*
7
+ * This program is licensed under the same licence as Ruby.
8
+ * (See the file 'LICENCE'.)
9
+ */
10
+ #include "ossl.h"
11
+
12
+ VALUE mX509;
13
+
14
+ #define DefX509Const(x) rb_define_const(mX509, #x, INT2NUM(X509_##x))
15
+ #define DefX509Default(x,i) \
16
+ rb_define_const(mX509, "DEFAULT_" #x, rb_str_new2(X509_get_default_##i()))
17
+
18
+ ASN1_TIME *
19
+ ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
20
+ {
21
+ time_t sec;
22
+
23
+ #if defined(HAVE_ASN1_TIME_ADJ)
24
+ int off_days;
25
+
26
+ ossl_time_split(time, &sec, &off_days);
27
+ return X509_time_adj_ex(s, off_days, 0, &sec);
28
+ #else
29
+ sec = time_to_time_t(time);
30
+ return X509_time_adj(s, 0, &sec);
31
+ #endif
32
+ }
33
+
34
+ void
35
+ Init_ossl_x509(void)
36
+ {
37
+ #if 0
38
+ mOSSL = rb_define_module("OpenSSL");
39
+ #endif
40
+
41
+ mX509 = rb_define_module_under(mOSSL, "X509");
42
+
43
+ Init_ossl_x509attr();
44
+ Init_ossl_x509cert();
45
+ Init_ossl_x509crl();
46
+ Init_ossl_x509ext();
47
+ Init_ossl_x509name();
48
+ Init_ossl_x509req();
49
+ Init_ossl_x509revoked();
50
+ Init_ossl_x509store();
51
+
52
+ DefX509Const(V_OK);
53
+ DefX509Const(V_ERR_UNABLE_TO_GET_ISSUER_CERT);
54
+ DefX509Const(V_ERR_UNABLE_TO_GET_CRL);
55
+ DefX509Const(V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE);
56
+ DefX509Const(V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE);
57
+ DefX509Const(V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY);
58
+ DefX509Const(V_ERR_CERT_SIGNATURE_FAILURE);
59
+ DefX509Const(V_ERR_CRL_SIGNATURE_FAILURE);
60
+ DefX509Const(V_ERR_CERT_NOT_YET_VALID);
61
+ DefX509Const(V_ERR_CERT_HAS_EXPIRED);
62
+ DefX509Const(V_ERR_CRL_NOT_YET_VALID);
63
+ DefX509Const(V_ERR_CRL_HAS_EXPIRED);
64
+ DefX509Const(V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD);
65
+ DefX509Const(V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD);
66
+ DefX509Const(V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD);
67
+ DefX509Const(V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
68
+ DefX509Const(V_ERR_OUT_OF_MEM);
69
+ DefX509Const(V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
70
+ DefX509Const(V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
71
+ DefX509Const(V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
72
+ DefX509Const(V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
73
+ DefX509Const(V_ERR_CERT_CHAIN_TOO_LONG);
74
+ DefX509Const(V_ERR_CERT_REVOKED);
75
+ DefX509Const(V_ERR_INVALID_CA);
76
+ DefX509Const(V_ERR_PATH_LENGTH_EXCEEDED);
77
+ DefX509Const(V_ERR_INVALID_PURPOSE);
78
+ DefX509Const(V_ERR_CERT_UNTRUSTED);
79
+ DefX509Const(V_ERR_CERT_REJECTED);
80
+ DefX509Const(V_ERR_SUBJECT_ISSUER_MISMATCH);
81
+ DefX509Const(V_ERR_AKID_SKID_MISMATCH);
82
+ DefX509Const(V_ERR_AKID_ISSUER_SERIAL_MISMATCH);
83
+ DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
84
+ DefX509Const(V_ERR_APPLICATION_VERIFICATION);
85
+
86
+ /* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for the
87
+ * certificate chain leaf. */
88
+ DefX509Const(V_FLAG_CRL_CHECK);
89
+ /* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for all
90
+ * certificates in the certificate chain */
91
+ DefX509Const(V_FLAG_CRL_CHECK_ALL);
92
+ /* Set by Store#flags= and StoreContext#flags=. Disables critical extension
93
+ * checking. */
94
+ DefX509Const(V_FLAG_IGNORE_CRITICAL);
95
+ /* Set by Store#flags= and StoreContext#flags=. Disables workarounds for
96
+ * broken certificates. */
97
+ DefX509Const(V_FLAG_X509_STRICT);
98
+ /* Set by Store#flags= and StoreContext#flags=. Enables proxy certificate
99
+ * verification. */
100
+ DefX509Const(V_FLAG_ALLOW_PROXY_CERTS);
101
+ /* Set by Store#flags= and StoreContext#flags=. Enables certificate policy
102
+ * constraints checking. */
103
+ DefX509Const(V_FLAG_POLICY_CHECK);
104
+ /* Set by Store#flags= and StoreContext#flags=.
105
+ * Implies V_FLAG_POLICY_CHECK */
106
+ DefX509Const(V_FLAG_EXPLICIT_POLICY);
107
+ /* Set by Store#flags= and StoreContext#flags=.
108
+ * Implies V_FLAG_POLICY_CHECK */
109
+ DefX509Const(V_FLAG_INHIBIT_ANY);
110
+ /* Set by Store#flags= and StoreContext#flags=.
111
+ * Implies V_FLAG_POLICY_CHECK */
112
+ DefX509Const(V_FLAG_INHIBIT_MAP);
113
+ /* Set by Store#flags= and StoreContext#flags=. */
114
+ DefX509Const(V_FLAG_NOTIFY_POLICY);
115
+ #if defined(X509_V_FLAG_EXTENDED_CRL_SUPPORT)
116
+ /* Set by Store#flags= and StoreContext#flags=. Enables some additional
117
+ * features including support for indirect signed CRLs. */
118
+ DefX509Const(V_FLAG_EXTENDED_CRL_SUPPORT);
119
+ #endif
120
+ #if defined(X509_V_FLAG_USE_DELTAS)
121
+ /* Set by Store#flags= and StoreContext#flags=. Uses delta CRLs. If not
122
+ * specified, deltas are ignored. */
123
+ DefX509Const(V_FLAG_USE_DELTAS);
124
+ #endif
125
+ #if defined(X509_V_FLAG_CHECK_SS_SIGNATURE)
126
+ /* Set by Store#flags= and StoreContext#flags=. Enables checking of the
127
+ * signature of the root self-signed CA. */
128
+ DefX509Const(V_FLAG_CHECK_SS_SIGNATURE);
129
+ #endif
130
+ #if defined(X509_V_FLAG_TRUSTED_FIRST)
131
+ /* Set by Store#flags= and StoreContext#flags=. When constructing a
132
+ * certificate chain, search the Store first for the issuer certificate.
133
+ * Enabled by default in OpenSSL >= 1.1.0. */
134
+ DefX509Const(V_FLAG_TRUSTED_FIRST);
135
+ #endif
136
+ #if defined(X509_V_FLAG_NO_ALT_CHAINS)
137
+ /* Set by Store#flags= and StoreContext#flags=. Suppresses searching for
138
+ * a alternative chain. No effect in OpenSSL >= 1.1.0. */
139
+ DefX509Const(V_FLAG_NO_ALT_CHAINS);
140
+ #endif
141
+ #if defined(X509_V_FLAG_NO_CHECK_TIME)
142
+ /* Set by Store#flags= and StoreContext#flags=. Suppresses checking the
143
+ * validity period of certificates and CRLs. No effect when the current
144
+ * time is explicitly set by Store#time= or StoreContext#time=. */
145
+ DefX509Const(V_FLAG_NO_CHECK_TIME);
146
+ #endif
147
+
148
+ /* Set by Store#purpose=. SSL/TLS client. */
149
+ DefX509Const(PURPOSE_SSL_CLIENT);
150
+ /* Set by Store#purpose=. SSL/TLS server. */
151
+ DefX509Const(PURPOSE_SSL_SERVER);
152
+ /* Set by Store#purpose=. Netscape SSL server. */
153
+ DefX509Const(PURPOSE_NS_SSL_SERVER);
154
+ /* Set by Store#purpose=. S/MIME signing. */
155
+ DefX509Const(PURPOSE_SMIME_SIGN);
156
+ /* Set by Store#purpose=. S/MIME encryption. */
157
+ DefX509Const(PURPOSE_SMIME_ENCRYPT);
158
+ /* Set by Store#purpose=. CRL signing */
159
+ DefX509Const(PURPOSE_CRL_SIGN);
160
+ /* Set by Store#purpose=. No checks. */
161
+ DefX509Const(PURPOSE_ANY);
162
+ /* Set by Store#purpose=. OCSP helper. */
163
+ DefX509Const(PURPOSE_OCSP_HELPER);
164
+ #if defined(X509_PURPOSE_TIMESTAMP_SIGN)
165
+ /* Set by Store#purpose=. Time stamps signer. */
166
+ DefX509Const(PURPOSE_TIMESTAMP_SIGN);
167
+ #endif
168
+
169
+ DefX509Const(TRUST_COMPAT);
170
+ DefX509Const(TRUST_SSL_CLIENT);
171
+ DefX509Const(TRUST_SSL_SERVER);
172
+ DefX509Const(TRUST_EMAIL);
173
+ DefX509Const(TRUST_OBJECT_SIGN);
174
+ DefX509Const(TRUST_OCSP_SIGN);
175
+ DefX509Const(TRUST_OCSP_REQUEST);
176
+ #if defined(X509_TRUST_TSA)
177
+ DefX509Const(TRUST_TSA);
178
+ #endif
179
+
180
+ DefX509Default(CERT_AREA, cert_area);
181
+ DefX509Default(CERT_DIR, cert_dir);
182
+ DefX509Default(CERT_FILE, cert_file);
183
+ DefX509Default(CERT_DIR_ENV, cert_dir_env);
184
+ DefX509Default(CERT_FILE_ENV, cert_file_env);
185
+ DefX509Default(PRIVATE_DIR, private_dir);
186
+ }