openssl 2.0.9 → 2.1.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of openssl might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/History.md +28 -69
- data/README.md +1 -1
- data/ext/openssl/deprecation.rb +0 -3
- data/ext/openssl/extconf.rb +8 -52
- data/ext/openssl/openssl_missing.c +0 -67
- data/ext/openssl/openssl_missing.h +3 -50
- data/ext/openssl/ossl.c +81 -74
- data/ext/openssl/ossl.h +14 -27
- data/ext/openssl/ossl_asn1.c +287 -374
- data/ext/openssl/ossl_asn1.h +0 -4
- data/ext/openssl/ossl_bio.c +5 -20
- data/ext/openssl/ossl_bio.h +0 -2
- data/ext/openssl/ossl_bn.c +70 -28
- data/ext/openssl/ossl_cipher.c +18 -42
- data/ext/openssl/ossl_cipher.h +1 -1
- data/ext/openssl/ossl_digest.c +8 -12
- data/ext/openssl/ossl_digest.h +1 -1
- data/ext/openssl/ossl_engine.c +47 -47
- data/ext/openssl/ossl_hmac.c +19 -22
- data/ext/openssl/ossl_kdf.c +221 -0
- data/ext/openssl/ossl_kdf.h +6 -0
- data/ext/openssl/ossl_ns_spki.c +17 -21
- data/ext/openssl/ossl_ocsp.c +85 -80
- data/ext/openssl/ossl_pkcs12.c +15 -21
- data/ext/openssl/ossl_pkcs7.c +8 -21
- data/ext/openssl/ossl_pkey.c +24 -48
- data/ext/openssl/ossl_pkey.h +1 -6
- data/ext/openssl/ossl_pkey_dh.c +11 -11
- data/ext/openssl/ossl_pkey_dsa.c +16 -22
- data/ext/openssl/ossl_pkey_ec.c +43 -56
- data/ext/openssl/ossl_pkey_rsa.c +19 -19
- data/ext/openssl/ossl_rand.c +12 -12
- data/ext/openssl/ossl_ssl.c +291 -243
- data/ext/openssl/ossl_ssl.h +0 -5
- data/ext/openssl/ossl_ssl_session.c +7 -9
- data/ext/openssl/ossl_version.h +1 -1
- data/ext/openssl/ossl_x509.c +0 -15
- data/ext/openssl/ossl_x509.h +0 -7
- data/ext/openssl/ossl_x509attr.c +3 -7
- data/ext/openssl/ossl_x509cert.c +17 -54
- data/ext/openssl/ossl_x509crl.c +15 -25
- data/ext/openssl/ossl_x509ext.c +9 -14
- data/ext/openssl/ossl_x509name.c +76 -41
- data/ext/openssl/ossl_x509req.c +10 -47
- data/ext/openssl/ossl_x509revoked.c +8 -8
- data/ext/openssl/ossl_x509store.c +15 -45
- data/ext/openssl/ruby_missing.h +2 -13
- data/lib/openssl.rb +1 -0
- data/lib/openssl/bn.rb +2 -1
- data/lib/openssl/buffering.rb +24 -23
- data/lib/openssl/config.rb +12 -11
- data/lib/openssl/digest.rb +3 -6
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/pkey.rb +0 -41
- data/lib/openssl/ssl.rb +118 -16
- data/lib/openssl/x509.rb +7 -1
- metadata +8 -7
- data/ext/openssl/ossl_pkcs5.c +0 -180
- data/ext/openssl/ossl_pkcs5.h +0 -6
data/ext/openssl/ossl_ssl.h
CHANGED
@@ -24,11 +24,6 @@
|
|
24
24
|
} \
|
25
25
|
} while (0)
|
26
26
|
|
27
|
-
#define SafeGetSSLSession(obj, sess) do { \
|
28
|
-
OSSL_Check_Kind((obj), cSSLSession); \
|
29
|
-
GetSSLSession((obj), (sess)); \
|
30
|
-
} while (0)
|
31
|
-
|
32
27
|
extern const rb_data_type_t ossl_ssl_type;
|
33
28
|
extern const rb_data_type_t ossl_ssl_session_type;
|
34
29
|
extern VALUE mSSL;
|
@@ -80,7 +80,7 @@ ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
|
|
80
80
|
|
81
81
|
rb_check_frozen(self);
|
82
82
|
sess = RTYPEDDATA_DATA(self); /* XXX */
|
83
|
-
|
83
|
+
GetSSLSession(other, sess_other);
|
84
84
|
|
85
85
|
sess_new = ASN1_dup((i2d_of_void *)i2d_SSL_SESSION, (d2i_of_void *)d2i_SSL_SESSION,
|
86
86
|
(char *)sess_other);
|
@@ -93,8 +93,8 @@ ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
|
|
93
93
|
return self;
|
94
94
|
}
|
95
95
|
|
96
|
-
|
97
|
-
|
96
|
+
static int
|
97
|
+
ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
|
98
98
|
{
|
99
99
|
unsigned int a_len;
|
100
100
|
const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
|
@@ -108,23 +108,21 @@ int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
|
|
108
108
|
|
109
109
|
return CRYPTO_memcmp(a_sid, b_sid, a_len);
|
110
110
|
}
|
111
|
-
#define SSL_SESSION_cmp(a, b) ossl_SSL_SESSION_cmp(a, b)
|
112
|
-
#endif
|
113
111
|
|
114
112
|
/*
|
115
113
|
* call-seq:
|
116
114
|
* session1 == session2 -> boolean
|
117
115
|
*
|
118
|
-
* Returns true if the two Session is the same, false if not.
|
116
|
+
* Returns +true+ if the two Session is the same, +false+ if not.
|
119
117
|
*/
|
120
118
|
static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
|
121
119
|
{
|
122
120
|
SSL_SESSION *ctx1, *ctx2;
|
123
121
|
|
124
122
|
GetSSLSession(val1, ctx1);
|
125
|
-
|
123
|
+
GetSSLSession(val2, ctx2);
|
126
124
|
|
127
|
-
switch (
|
125
|
+
switch (ossl_SSL_SESSION_cmp(ctx1, ctx2)) {
|
128
126
|
case 0: return Qtrue;
|
129
127
|
default: return Qfalse;
|
130
128
|
}
|
@@ -319,7 +317,7 @@ void Init_ossl_ssl_session(void)
|
|
319
317
|
|
320
318
|
rb_define_alloc_func(cSSLSession, ossl_ssl_session_alloc);
|
321
319
|
rb_define_method(cSSLSession, "initialize", ossl_ssl_session_initialize, 1);
|
322
|
-
|
320
|
+
rb_define_method(cSSLSession, "initialize_copy", ossl_ssl_session_initialize_copy, 1);
|
323
321
|
|
324
322
|
rb_define_method(cSSLSession, "==", ossl_ssl_session_eq, 1);
|
325
323
|
|
data/ext/openssl/ossl_version.h
CHANGED
data/ext/openssl/ossl_x509.c
CHANGED
@@ -20,15 +20,10 @@ ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
|
|
20
20
|
{
|
21
21
|
time_t sec;
|
22
22
|
|
23
|
-
#if defined(HAVE_ASN1_TIME_ADJ)
|
24
23
|
int off_days;
|
25
24
|
|
26
25
|
ossl_time_split(time, &sec, &off_days);
|
27
26
|
return X509_time_adj_ex(s, off_days, 0, &sec);
|
28
|
-
#else
|
29
|
-
sec = time_to_time_t(time);
|
30
|
-
return X509_time_adj(s, 0, &sec);
|
31
|
-
#endif
|
32
27
|
}
|
33
28
|
|
34
29
|
void
|
@@ -112,21 +107,15 @@ Init_ossl_x509(void)
|
|
112
107
|
DefX509Const(V_FLAG_INHIBIT_MAP);
|
113
108
|
/* Set by Store#flags= and StoreContext#flags=. */
|
114
109
|
DefX509Const(V_FLAG_NOTIFY_POLICY);
|
115
|
-
#if defined(X509_V_FLAG_EXTENDED_CRL_SUPPORT)
|
116
110
|
/* Set by Store#flags= and StoreContext#flags=. Enables some additional
|
117
111
|
* features including support for indirect signed CRLs. */
|
118
112
|
DefX509Const(V_FLAG_EXTENDED_CRL_SUPPORT);
|
119
|
-
#endif
|
120
|
-
#if defined(X509_V_FLAG_USE_DELTAS)
|
121
113
|
/* Set by Store#flags= and StoreContext#flags=. Uses delta CRLs. If not
|
122
114
|
* specified, deltas are ignored. */
|
123
115
|
DefX509Const(V_FLAG_USE_DELTAS);
|
124
|
-
#endif
|
125
|
-
#if defined(X509_V_FLAG_CHECK_SS_SIGNATURE)
|
126
116
|
/* Set by Store#flags= and StoreContext#flags=. Enables checking of the
|
127
117
|
* signature of the root self-signed CA. */
|
128
118
|
DefX509Const(V_FLAG_CHECK_SS_SIGNATURE);
|
129
|
-
#endif
|
130
119
|
#if defined(X509_V_FLAG_TRUSTED_FIRST)
|
131
120
|
/* Set by Store#flags= and StoreContext#flags=. When constructing a
|
132
121
|
* certificate chain, search the Store first for the issuer certificate.
|
@@ -161,10 +150,8 @@ Init_ossl_x509(void)
|
|
161
150
|
DefX509Const(PURPOSE_ANY);
|
162
151
|
/* Set by Store#purpose=. OCSP helper. */
|
163
152
|
DefX509Const(PURPOSE_OCSP_HELPER);
|
164
|
-
#if defined(X509_PURPOSE_TIMESTAMP_SIGN)
|
165
153
|
/* Set by Store#purpose=. Time stamps signer. */
|
166
154
|
DefX509Const(PURPOSE_TIMESTAMP_SIGN);
|
167
|
-
#endif
|
168
155
|
|
169
156
|
DefX509Const(TRUST_COMPAT);
|
170
157
|
DefX509Const(TRUST_SSL_CLIENT);
|
@@ -173,9 +160,7 @@ Init_ossl_x509(void)
|
|
173
160
|
DefX509Const(TRUST_OBJECT_SIGN);
|
174
161
|
DefX509Const(TRUST_OCSP_SIGN);
|
175
162
|
DefX509Const(TRUST_OCSP_REQUEST);
|
176
|
-
#if defined(X509_TRUST_TSA)
|
177
163
|
DefX509Const(TRUST_TSA);
|
178
|
-
#endif
|
179
164
|
|
180
165
|
DefX509Default(CERT_AREA, cert_area);
|
181
166
|
DefX509Default(CERT_DIR, cert_dir);
|
data/ext/openssl/ossl_x509.h
CHANGED
@@ -41,7 +41,6 @@ extern VALUE cX509Cert;
|
|
41
41
|
extern VALUE eX509CertError;
|
42
42
|
|
43
43
|
VALUE ossl_x509_new(X509 *);
|
44
|
-
VALUE ossl_x509_new_from_file(VALUE);
|
45
44
|
X509 *GetX509CertPtr(VALUE);
|
46
45
|
X509 *DupX509CertPtr(VALUE);
|
47
46
|
void Init_ossl_x509cert(void);
|
@@ -54,7 +53,6 @@ extern VALUE eX509CRLError;
|
|
54
53
|
|
55
54
|
VALUE ossl_x509crl_new(X509_CRL *);
|
56
55
|
X509_CRL *GetX509CRLPtr(VALUE);
|
57
|
-
X509_CRL *DupX509CRLPtr(VALUE);
|
58
56
|
void Init_ossl_x509crl(void);
|
59
57
|
|
60
58
|
/*
|
@@ -84,9 +82,7 @@ void Init_ossl_x509name(void);
|
|
84
82
|
extern VALUE cX509Req;
|
85
83
|
extern VALUE eX509ReqError;
|
86
84
|
|
87
|
-
VALUE ossl_x509req_new(X509_REQ *);
|
88
85
|
X509_REQ *GetX509ReqPtr(VALUE);
|
89
|
-
X509_REQ *DupX509ReqPtr(VALUE);
|
90
86
|
void Init_ossl_x509req(void);
|
91
87
|
|
92
88
|
/*
|
@@ -106,11 +102,8 @@ extern VALUE cX509Store;
|
|
106
102
|
extern VALUE cX509StoreContext;
|
107
103
|
extern VALUE eX509StoreError;
|
108
104
|
|
109
|
-
VALUE ossl_x509store_new(X509_STORE *);
|
110
105
|
X509_STORE *GetX509StorePtr(VALUE);
|
111
|
-
X509_STORE *DupX509StorePtr(VALUE);
|
112
106
|
|
113
|
-
X509_STORE_CTX *GetX509StCtxtPtr(VALUE);
|
114
107
|
void Init_ossl_x509store(void);
|
115
108
|
|
116
109
|
/*
|
data/ext/openssl/ossl_x509attr.c
CHANGED
@@ -23,10 +23,6 @@
|
|
23
23
|
ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \
|
24
24
|
} \
|
25
25
|
} while (0)
|
26
|
-
#define SafeGetX509Attr(obj, attr) do { \
|
27
|
-
OSSL_Check_Kind((obj), cX509Attr); \
|
28
|
-
GetX509Attr((obj), (attr)); \
|
29
|
-
} while (0)
|
30
26
|
|
31
27
|
/*
|
32
28
|
* Classes
|
@@ -76,7 +72,7 @@ GetX509AttrPtr(VALUE obj)
|
|
76
72
|
{
|
77
73
|
X509_ATTRIBUTE *attr;
|
78
74
|
|
79
|
-
|
75
|
+
GetX509Attr(obj, attr);
|
80
76
|
|
81
77
|
return attr;
|
82
78
|
}
|
@@ -134,7 +130,7 @@ ossl_x509attr_initialize_copy(VALUE self, VALUE other)
|
|
134
130
|
|
135
131
|
rb_check_frozen(self);
|
136
132
|
GetX509Attr(self, attr);
|
137
|
-
|
133
|
+
GetX509Attr(other, attr_other);
|
138
134
|
|
139
135
|
attr_new = X509_ATTRIBUTE_dup(attr_other);
|
140
136
|
if (!attr_new)
|
@@ -319,7 +315,7 @@ Init_ossl_x509attr(void)
|
|
319
315
|
cX509Attr = rb_define_class_under(mX509, "Attribute", rb_cObject);
|
320
316
|
rb_define_alloc_func(cX509Attr, ossl_x509attr_alloc);
|
321
317
|
rb_define_method(cX509Attr, "initialize", ossl_x509attr_initialize, -1);
|
322
|
-
|
318
|
+
rb_define_method(cX509Attr, "initialize_copy", ossl_x509attr_initialize_copy, 1);
|
323
319
|
rb_define_method(cX509Attr, "oid=", ossl_x509attr_set_oid, 1);
|
324
320
|
rb_define_method(cX509Attr, "oid", ossl_x509attr_get_oid, 0);
|
325
321
|
rb_define_method(cX509Attr, "value=", ossl_x509attr_set_value, 1);
|
data/ext/openssl/ossl_x509cert.c
CHANGED
@@ -23,10 +23,6 @@
|
|
23
23
|
ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \
|
24
24
|
} \
|
25
25
|
} while (0)
|
26
|
-
#define SafeGetX509(obj, x509) do { \
|
27
|
-
OSSL_Check_Kind((obj), cX509Cert); \
|
28
|
-
GetX509((obj), (x509)); \
|
29
|
-
} while (0)
|
30
26
|
|
31
27
|
/*
|
32
28
|
* Classes
|
@@ -71,46 +67,12 @@ ossl_x509_new(X509 *x509)
|
|
71
67
|
return obj;
|
72
68
|
}
|
73
69
|
|
74
|
-
VALUE
|
75
|
-
ossl_x509_new_from_file(VALUE filename)
|
76
|
-
{
|
77
|
-
X509 *x509;
|
78
|
-
FILE *fp;
|
79
|
-
VALUE obj;
|
80
|
-
|
81
|
-
rb_check_safe_obj(filename);
|
82
|
-
obj = NewX509(cX509Cert);
|
83
|
-
if (!(fp = fopen(StringValueCStr(filename), "r"))) {
|
84
|
-
ossl_raise(eX509CertError, "%s", strerror(errno));
|
85
|
-
}
|
86
|
-
rb_fd_fix_cloexec(fileno(fp));
|
87
|
-
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
|
88
|
-
/*
|
89
|
-
* prepare for DER...
|
90
|
-
#if !defined(OPENSSL_NO_FP_API)
|
91
|
-
if (!x509) {
|
92
|
-
(void)ERR_get_error();
|
93
|
-
rewind(fp);
|
94
|
-
|
95
|
-
x509 = d2i_X509_fp(fp, NULL);
|
96
|
-
}
|
97
|
-
#endif
|
98
|
-
*/
|
99
|
-
fclose(fp);
|
100
|
-
if (!x509) {
|
101
|
-
ossl_raise(eX509CertError, NULL);
|
102
|
-
}
|
103
|
-
SetX509(obj, x509);
|
104
|
-
|
105
|
-
return obj;
|
106
|
-
}
|
107
|
-
|
108
70
|
X509 *
|
109
71
|
GetX509CertPtr(VALUE obj)
|
110
72
|
{
|
111
73
|
X509 *x509;
|
112
74
|
|
113
|
-
|
75
|
+
GetX509(obj, x509);
|
114
76
|
|
115
77
|
return x509;
|
116
78
|
}
|
@@ -120,7 +82,7 @@ DupX509CertPtr(VALUE obj)
|
|
120
82
|
{
|
121
83
|
X509 *x509;
|
122
84
|
|
123
|
-
|
85
|
+
GetX509(obj, x509);
|
124
86
|
|
125
87
|
X509_up_ref(x509);
|
126
88
|
|
@@ -184,7 +146,7 @@ ossl_x509_copy(VALUE self, VALUE other)
|
|
184
146
|
if (self == other) return self;
|
185
147
|
|
186
148
|
GetX509(self, a);
|
187
|
-
|
149
|
+
GetX509(other, b);
|
188
150
|
|
189
151
|
x509 = X509_dup(b);
|
190
152
|
if (!x509) ossl_raise(eX509CertError, NULL);
|
@@ -546,19 +508,18 @@ ossl_x509_get_public_key(VALUE self)
|
|
546
508
|
|
547
509
|
/*
|
548
510
|
* call-seq:
|
549
|
-
* cert.public_key = key
|
511
|
+
* cert.public_key = key => key
|
550
512
|
*/
|
551
513
|
static VALUE
|
552
514
|
ossl_x509_set_public_key(VALUE self, VALUE key)
|
553
515
|
{
|
554
516
|
X509 *x509;
|
555
|
-
EVP_PKEY *pkey;
|
556
517
|
|
557
518
|
GetX509(self, x509);
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
|
519
|
+
if (!X509_set_pubkey(x509, GetPKeyPtr(key))) { /* DUPs pkey */
|
520
|
+
ossl_raise(eX509CertError, NULL);
|
521
|
+
}
|
522
|
+
|
562
523
|
return key;
|
563
524
|
}
|
564
525
|
|
@@ -574,7 +535,7 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest)
|
|
574
535
|
const EVP_MD *md;
|
575
536
|
|
576
537
|
pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
|
577
|
-
md =
|
538
|
+
md = ossl_evp_get_digestbyname(digest);
|
578
539
|
GetX509(self, x509);
|
579
540
|
if (!X509_sign(x509, pkey, md)) {
|
580
541
|
ossl_raise(eX509CertError, NULL);
|
@@ -587,7 +548,8 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest)
|
|
587
548
|
* call-seq:
|
588
549
|
* cert.verify(key) => true | false
|
589
550
|
*
|
590
|
-
*
|
551
|
+
* Verifies the signature of the certificate, with the public key _key_. _key_
|
552
|
+
* must be an instance of OpenSSL::PKey.
|
591
553
|
*/
|
592
554
|
static VALUE
|
593
555
|
ossl_x509_verify(VALUE self, VALUE key)
|
@@ -595,9 +557,9 @@ ossl_x509_verify(VALUE self, VALUE key)
|
|
595
557
|
X509 *x509;
|
596
558
|
EVP_PKEY *pkey;
|
597
559
|
|
560
|
+
pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
|
598
561
|
GetX509(self, x509);
|
599
|
-
|
600
|
-
ossl_pkey_check_public_key(pkey);
|
562
|
+
|
601
563
|
switch (X509_verify(x509, pkey)) {
|
602
564
|
case 1:
|
603
565
|
return Qtrue;
|
@@ -611,9 +573,10 @@ ossl_x509_verify(VALUE self, VALUE key)
|
|
611
573
|
|
612
574
|
/*
|
613
575
|
* call-seq:
|
614
|
-
* cert.check_private_key(key)
|
576
|
+
* cert.check_private_key(key) -> true | false
|
615
577
|
*
|
616
|
-
*
|
578
|
+
* Returns +true+ if _key_ is the corresponding private key to the Subject
|
579
|
+
* Public Key Information, +false+ otherwise.
|
617
580
|
*/
|
618
581
|
static VALUE
|
619
582
|
ossl_x509_check_private_key(VALUE self, VALUE key)
|
@@ -830,7 +793,7 @@ Init_ossl_x509cert(void)
|
|
830
793
|
|
831
794
|
rb_define_alloc_func(cX509Cert, ossl_x509_alloc);
|
832
795
|
rb_define_method(cX509Cert, "initialize", ossl_x509_initialize, -1);
|
833
|
-
|
796
|
+
rb_define_method(cX509Cert, "initialize_copy", ossl_x509_copy, 1);
|
834
797
|
|
835
798
|
rb_define_method(cX509Cert, "to_der", ossl_x509_to_der, 0);
|
836
799
|
rb_define_method(cX509Cert, "to_pem", ossl_x509_to_pem, 0);
|
data/ext/openssl/ossl_x509crl.c
CHANGED
@@ -23,10 +23,6 @@
|
|
23
23
|
ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
|
24
24
|
} \
|
25
25
|
} while (0)
|
26
|
-
#define SafeGetX509CRL(obj, crl) do { \
|
27
|
-
OSSL_Check_Kind((obj), cX509CRL); \
|
28
|
-
GetX509CRL((obj), (crl)); \
|
29
|
-
} while (0)
|
30
26
|
|
31
27
|
/*
|
32
28
|
* Classes
|
@@ -56,18 +52,7 @@ GetX509CRLPtr(VALUE obj)
|
|
56
52
|
{
|
57
53
|
X509_CRL *crl;
|
58
54
|
|
59
|
-
|
60
|
-
|
61
|
-
return crl;
|
62
|
-
}
|
63
|
-
|
64
|
-
X509_CRL *
|
65
|
-
DupX509CRLPtr(VALUE obj)
|
66
|
-
{
|
67
|
-
X509_CRL *crl;
|
68
|
-
|
69
|
-
SafeGetX509CRL(obj, crl);
|
70
|
-
X509_CRL_up_ref(crl);
|
55
|
+
GetX509CRL(obj, crl);
|
71
56
|
|
72
57
|
return crl;
|
73
58
|
}
|
@@ -137,7 +122,7 @@ ossl_x509crl_copy(VALUE self, VALUE other)
|
|
137
122
|
rb_check_frozen(self);
|
138
123
|
if (self == other) return self;
|
139
124
|
GetX509CRL(self, a);
|
140
|
-
|
125
|
+
GetX509CRL(other, b);
|
141
126
|
if (!(crl = X509_CRL_dup(b))) {
|
142
127
|
ossl_raise(eX509CRLError, NULL);
|
143
128
|
}
|
@@ -223,10 +208,14 @@ static VALUE
|
|
223
208
|
ossl_x509crl_get_last_update(VALUE self)
|
224
209
|
{
|
225
210
|
X509_CRL *crl;
|
211
|
+
const ASN1_TIME *time;
|
226
212
|
|
227
213
|
GetX509CRL(self, crl);
|
214
|
+
time = X509_CRL_get0_lastUpdate(crl);
|
215
|
+
if (!time)
|
216
|
+
return Qnil;
|
228
217
|
|
229
|
-
return asn1time_to_time(
|
218
|
+
return asn1time_to_time(time);
|
230
219
|
}
|
231
220
|
|
232
221
|
static VALUE
|
@@ -250,10 +239,14 @@ static VALUE
|
|
250
239
|
ossl_x509crl_get_next_update(VALUE self)
|
251
240
|
{
|
252
241
|
X509_CRL *crl;
|
242
|
+
const ASN1_TIME *time;
|
253
243
|
|
254
244
|
GetX509CRL(self, crl);
|
245
|
+
time = X509_CRL_get0_nextUpdate(crl);
|
246
|
+
if (!time)
|
247
|
+
return Qnil;
|
255
248
|
|
256
|
-
return asn1time_to_time(
|
249
|
+
return asn1time_to_time(time);
|
257
250
|
}
|
258
251
|
|
259
252
|
static VALUE
|
@@ -354,7 +347,7 @@ ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest)
|
|
354
347
|
|
355
348
|
GetX509CRL(self, crl);
|
356
349
|
pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
|
357
|
-
md =
|
350
|
+
md = ossl_evp_get_digestbyname(digest);
|
358
351
|
if (!X509_CRL_sign(crl, pkey, md)) {
|
359
352
|
ossl_raise(eX509CRLError, NULL);
|
360
353
|
}
|
@@ -366,12 +359,9 @@ static VALUE
|
|
366
359
|
ossl_x509crl_verify(VALUE self, VALUE key)
|
367
360
|
{
|
368
361
|
X509_CRL *crl;
|
369
|
-
EVP_PKEY *pkey;
|
370
362
|
|
371
363
|
GetX509CRL(self, crl);
|
372
|
-
|
373
|
-
ossl_pkey_check_public_key(pkey);
|
374
|
-
switch (X509_CRL_verify(crl, pkey)) {
|
364
|
+
switch (X509_CRL_verify(crl, GetPKeyPtr(key))) {
|
375
365
|
case 1:
|
376
366
|
return Qtrue;
|
377
367
|
case 0:
|
@@ -523,7 +513,7 @@ Init_ossl_x509crl(void)
|
|
523
513
|
|
524
514
|
rb_define_alloc_func(cX509CRL, ossl_x509crl_alloc);
|
525
515
|
rb_define_method(cX509CRL, "initialize", ossl_x509crl_initialize, -1);
|
526
|
-
|
516
|
+
rb_define_method(cX509CRL, "initialize_copy", ossl_x509crl_copy, 1);
|
527
517
|
|
528
518
|
rb_define_method(cX509CRL, "version", ossl_x509crl_get_version, 0);
|
529
519
|
rb_define_method(cX509CRL, "version=", ossl_x509crl_set_version, 1);
|