openssl 2.1.4 → 2.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +9 -7
- data/History.md +100 -0
- data/README.md +2 -2
- data/ext/openssl/extconf.rb +24 -15
- data/ext/openssl/openssl_missing.h +36 -1
- data/ext/openssl/ossl.c +58 -25
- data/ext/openssl/ossl.h +7 -4
- data/ext/openssl/ossl_asn1.c +25 -0
- data/ext/openssl/ossl_bn.c +65 -10
- data/ext/openssl/ossl_bn.h +2 -1
- data/ext/openssl/ossl_cipher.c +33 -24
- data/ext/openssl/ossl_digest.c +16 -51
- data/ext/openssl/ossl_engine.c +2 -12
- data/ext/openssl/ossl_hmac.c +5 -11
- data/ext/openssl/ossl_kdf.c +3 -19
- data/ext/openssl/ossl_ns_spki.c +1 -1
- data/ext/openssl/ossl_ocsp.c +6 -11
- data/ext/openssl/ossl_ocsp.h +3 -3
- data/ext/openssl/ossl_pkcs7.c +3 -19
- data/ext/openssl/ossl_pkcs7.h +16 -0
- data/ext/openssl/ossl_pkey.c +180 -14
- data/ext/openssl/ossl_pkey_dsa.c +2 -2
- data/ext/openssl/ossl_pkey_ec.c +29 -0
- data/ext/openssl/ossl_pkey_rsa.c +17 -9
- data/ext/openssl/ossl_rand.c +2 -32
- data/ext/openssl/ossl_ssl.c +94 -42
- data/ext/openssl/ossl_ts.c +1524 -0
- data/ext/openssl/ossl_ts.h +16 -0
- data/ext/openssl/ossl_x509cert.c +2 -2
- data/ext/openssl/ossl_x509ext.c +14 -0
- data/ext/openssl/ossl_x509name.c +7 -3
- data/lib/openssl/bn.rb +1 -1
- data/lib/openssl/buffering.rb +28 -5
- data/lib/openssl/cipher.rb +1 -1
- data/lib/openssl/config.rb +17 -8
- data/lib/openssl/digest.rb +10 -12
- data/lib/openssl/hmac.rb +13 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs5.rb +1 -1
- data/lib/openssl/pkey.rb +18 -1
- data/lib/openssl/ssl.rb +40 -2
- data/lib/openssl/version.rb +5 -0
- data/lib/openssl/x509.rb +155 -1
- data/lib/openssl.rb +25 -9
- metadata +6 -3
- data/ext/openssl/deprecation.rb +0 -27
- data/ext/openssl/ossl_version.h +0 -15
data/ext/openssl/ossl_ssl.c
CHANGED
|
@@ -830,6 +830,10 @@ ossl_sslctx_setup(VALUE self)
|
|
|
830
830
|
}
|
|
831
831
|
#endif /* OPENSSL_NO_EC */
|
|
832
832
|
|
|
833
|
+
#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
|
|
834
|
+
SSL_CTX_set_post_handshake_auth(ctx, 1);
|
|
835
|
+
#endif
|
|
836
|
+
|
|
833
837
|
val = rb_attr_get(self, id_i_cert_store);
|
|
834
838
|
if (!NIL_P(val)) {
|
|
835
839
|
X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */
|
|
@@ -2352,7 +2356,57 @@ ossl_ssl_get_verify_result(VALUE self)
|
|
|
2352
2356
|
|
|
2353
2357
|
GetSSL(self, ssl);
|
|
2354
2358
|
|
|
2355
|
-
return
|
|
2359
|
+
return LONG2NUM(SSL_get_verify_result(ssl));
|
|
2360
|
+
}
|
|
2361
|
+
|
|
2362
|
+
/*
|
|
2363
|
+
* call-seq:
|
|
2364
|
+
* ssl.finished_message => "finished message"
|
|
2365
|
+
*
|
|
2366
|
+
* Returns the last *Finished* message sent
|
|
2367
|
+
*
|
|
2368
|
+
*/
|
|
2369
|
+
static VALUE
|
|
2370
|
+
ossl_ssl_get_finished(VALUE self)
|
|
2371
|
+
{
|
|
2372
|
+
SSL *ssl;
|
|
2373
|
+
char sizer[1], *buf;
|
|
2374
|
+
size_t len;
|
|
2375
|
+
|
|
2376
|
+
GetSSL(self, ssl);
|
|
2377
|
+
|
|
2378
|
+
len = SSL_get_finished(ssl, sizer, 0);
|
|
2379
|
+
if (len == 0)
|
|
2380
|
+
return Qnil;
|
|
2381
|
+
|
|
2382
|
+
buf = ALLOCA_N(char, len);
|
|
2383
|
+
SSL_get_finished(ssl, buf, len);
|
|
2384
|
+
return rb_str_new(buf, len);
|
|
2385
|
+
}
|
|
2386
|
+
|
|
2387
|
+
/*
|
|
2388
|
+
* call-seq:
|
|
2389
|
+
* ssl.peer_finished_message => "peer finished message"
|
|
2390
|
+
*
|
|
2391
|
+
* Returns the last *Finished* message received
|
|
2392
|
+
*
|
|
2393
|
+
*/
|
|
2394
|
+
static VALUE
|
|
2395
|
+
ossl_ssl_get_peer_finished(VALUE self)
|
|
2396
|
+
{
|
|
2397
|
+
SSL *ssl;
|
|
2398
|
+
char sizer[1], *buf;
|
|
2399
|
+
size_t len;
|
|
2400
|
+
|
|
2401
|
+
GetSSL(self, ssl);
|
|
2402
|
+
|
|
2403
|
+
len = SSL_get_peer_finished(ssl, sizer, 0);
|
|
2404
|
+
if (len == 0)
|
|
2405
|
+
return Qnil;
|
|
2406
|
+
|
|
2407
|
+
buf = ALLOCA_N(char, len);
|
|
2408
|
+
SSL_get_peer_finished(ssl, buf, len);
|
|
2409
|
+
return rb_str_new(buf, len);
|
|
2356
2410
|
}
|
|
2357
2411
|
|
|
2358
2412
|
/*
|
|
@@ -2449,8 +2503,6 @@ ossl_ssl_tmp_key(VALUE self)
|
|
|
2449
2503
|
# endif /* defined(HAVE_SSL_GET_SERVER_TMP_KEY) */
|
|
2450
2504
|
#endif /* !defined(OPENSSL_NO_SOCK) */
|
|
2451
2505
|
|
|
2452
|
-
#undef rb_intern
|
|
2453
|
-
#define rb_intern(s) rb_intern_const(s)
|
|
2454
2506
|
void
|
|
2455
2507
|
Init_ossl_ssl(void)
|
|
2456
2508
|
{
|
|
@@ -2461,8 +2513,8 @@ Init_ossl_ssl(void)
|
|
|
2461
2513
|
rb_mWaitWritable = rb_define_module_under(rb_cIO, "WaitWritable");
|
|
2462
2514
|
#endif
|
|
2463
2515
|
|
|
2464
|
-
id_call =
|
|
2465
|
-
ID_callback_state =
|
|
2516
|
+
id_call = rb_intern_const("call");
|
|
2517
|
+
ID_callback_state = rb_intern_const("callback_state");
|
|
2466
2518
|
|
|
2467
2519
|
ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0, (void *)"ossl_ssl_ex_vcb_idx", 0, 0, 0);
|
|
2468
2520
|
if (ossl_ssl_ex_vcb_idx < 0)
|
|
@@ -2529,7 +2581,7 @@ Init_ossl_ssl(void)
|
|
|
2529
2581
|
* The _cert_, _key_, and _extra_chain_cert_ attributes are deprecated.
|
|
2530
2582
|
* It is recommended to use #add_certificate instead.
|
|
2531
2583
|
*/
|
|
2532
|
-
rb_attr(cSSLContext,
|
|
2584
|
+
rb_attr(cSSLContext, rb_intern_const("cert"), 1, 1, Qfalse);
|
|
2533
2585
|
|
|
2534
2586
|
/*
|
|
2535
2587
|
* Context private key
|
|
@@ -2537,29 +2589,29 @@ Init_ossl_ssl(void)
|
|
|
2537
2589
|
* The _cert_, _key_, and _extra_chain_cert_ attributes are deprecated.
|
|
2538
2590
|
* It is recommended to use #add_certificate instead.
|
|
2539
2591
|
*/
|
|
2540
|
-
rb_attr(cSSLContext,
|
|
2592
|
+
rb_attr(cSSLContext, rb_intern_const("key"), 1, 1, Qfalse);
|
|
2541
2593
|
|
|
2542
2594
|
/*
|
|
2543
2595
|
* A certificate or Array of certificates that will be sent to the client.
|
|
2544
2596
|
*/
|
|
2545
|
-
rb_attr(cSSLContext,
|
|
2597
|
+
rb_attr(cSSLContext, rb_intern_const("client_ca"), 1, 1, Qfalse);
|
|
2546
2598
|
|
|
2547
2599
|
/*
|
|
2548
2600
|
* The path to a file containing a PEM-format CA certificate
|
|
2549
2601
|
*/
|
|
2550
|
-
rb_attr(cSSLContext,
|
|
2602
|
+
rb_attr(cSSLContext, rb_intern_const("ca_file"), 1, 1, Qfalse);
|
|
2551
2603
|
|
|
2552
2604
|
/*
|
|
2553
2605
|
* The path to a directory containing CA certificates in PEM format.
|
|
2554
2606
|
*
|
|
2555
2607
|
* Files are looked up by subject's X509 name's hash value.
|
|
2556
2608
|
*/
|
|
2557
|
-
rb_attr(cSSLContext,
|
|
2609
|
+
rb_attr(cSSLContext, rb_intern_const("ca_path"), 1, 1, Qfalse);
|
|
2558
2610
|
|
|
2559
2611
|
/*
|
|
2560
2612
|
* Maximum session lifetime in seconds.
|
|
2561
2613
|
*/
|
|
2562
|
-
rb_attr(cSSLContext,
|
|
2614
|
+
rb_attr(cSSLContext, rb_intern_const("timeout"), 1, 1, Qfalse);
|
|
2563
2615
|
|
|
2564
2616
|
/*
|
|
2565
2617
|
* Session verification mode.
|
|
@@ -2572,12 +2624,12 @@ Init_ossl_ssl(void)
|
|
|
2572
2624
|
*
|
|
2573
2625
|
* See SSL_CTX_set_verify(3) for details.
|
|
2574
2626
|
*/
|
|
2575
|
-
rb_attr(cSSLContext,
|
|
2627
|
+
rb_attr(cSSLContext, rb_intern_const("verify_mode"), 1, 1, Qfalse);
|
|
2576
2628
|
|
|
2577
2629
|
/*
|
|
2578
2630
|
* Number of CA certificates to walk when verifying a certificate chain.
|
|
2579
2631
|
*/
|
|
2580
|
-
rb_attr(cSSLContext,
|
|
2632
|
+
rb_attr(cSSLContext, rb_intern_const("verify_depth"), 1, 1, Qfalse);
|
|
2581
2633
|
|
|
2582
2634
|
/*
|
|
2583
2635
|
* A callback for additional certificate verification. The callback is
|
|
@@ -2591,7 +2643,7 @@ Init_ossl_ssl(void)
|
|
|
2591
2643
|
* If the callback returns +false+, the chain verification is immediately
|
|
2592
2644
|
* stopped and a bad_certificate alert is then sent.
|
|
2593
2645
|
*/
|
|
2594
|
-
rb_attr(cSSLContext,
|
|
2646
|
+
rb_attr(cSSLContext, rb_intern_const("verify_callback"), 1, 1, Qfalse);
|
|
2595
2647
|
|
|
2596
2648
|
/*
|
|
2597
2649
|
* Whether to check the server certificate is valid for the hostname.
|
|
@@ -2599,12 +2651,12 @@ Init_ossl_ssl(void)
|
|
|
2599
2651
|
* In order to make this work, verify_mode must be set to VERIFY_PEER and
|
|
2600
2652
|
* the server hostname must be given by OpenSSL::SSL::SSLSocket#hostname=.
|
|
2601
2653
|
*/
|
|
2602
|
-
rb_attr(cSSLContext,
|
|
2654
|
+
rb_attr(cSSLContext, rb_intern_const("verify_hostname"), 1, 1, Qfalse);
|
|
2603
2655
|
|
|
2604
2656
|
/*
|
|
2605
2657
|
* An OpenSSL::X509::Store used for certificate verification.
|
|
2606
2658
|
*/
|
|
2607
|
-
rb_attr(cSSLContext,
|
|
2659
|
+
rb_attr(cSSLContext, rb_intern_const("cert_store"), 1, 1, Qfalse);
|
|
2608
2660
|
|
|
2609
2661
|
/*
|
|
2610
2662
|
* An Array of extra X509 certificates to be added to the certificate
|
|
@@ -2613,7 +2665,7 @@ Init_ossl_ssl(void)
|
|
|
2613
2665
|
* The _cert_, _key_, and _extra_chain_cert_ attributes are deprecated.
|
|
2614
2666
|
* It is recommended to use #add_certificate instead.
|
|
2615
2667
|
*/
|
|
2616
|
-
rb_attr(cSSLContext,
|
|
2668
|
+
rb_attr(cSSLContext, rb_intern_const("extra_chain_cert"), 1, 1, Qfalse);
|
|
2617
2669
|
|
|
2618
2670
|
/*
|
|
2619
2671
|
* A callback invoked when a client certificate is requested by a server
|
|
@@ -2623,7 +2675,7 @@ Init_ossl_ssl(void)
|
|
|
2623
2675
|
* containing an OpenSSL::X509::Certificate and an OpenSSL::PKey. If any
|
|
2624
2676
|
* other value is returned the handshake is suspended.
|
|
2625
2677
|
*/
|
|
2626
|
-
rb_attr(cSSLContext,
|
|
2678
|
+
rb_attr(cSSLContext, rb_intern_const("client_cert_cb"), 1, 1, Qfalse);
|
|
2627
2679
|
|
|
2628
2680
|
#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
|
|
2629
2681
|
/*
|
|
@@ -2636,7 +2688,7 @@ Init_ossl_ssl(void)
|
|
|
2636
2688
|
* The callback is deprecated. This does not work with recent versions of
|
|
2637
2689
|
* OpenSSL. Use OpenSSL::SSL::SSLContext#ecdh_curves= instead.
|
|
2638
2690
|
*/
|
|
2639
|
-
rb_attr(cSSLContext,
|
|
2691
|
+
rb_attr(cSSLContext, rb_intern_const("tmp_ecdh_callback"), 1, 1, Qfalse);
|
|
2640
2692
|
#endif
|
|
2641
2693
|
|
|
2642
2694
|
/*
|
|
@@ -2644,7 +2696,7 @@ Init_ossl_ssl(void)
|
|
|
2644
2696
|
* sessions for multiple applications to be distinguished, for example, by
|
|
2645
2697
|
* name.
|
|
2646
2698
|
*/
|
|
2647
|
-
rb_attr(cSSLContext,
|
|
2699
|
+
rb_attr(cSSLContext, rb_intern_const("session_id_context"), 1, 1, Qfalse);
|
|
2648
2700
|
|
|
2649
2701
|
/*
|
|
2650
2702
|
* A callback invoked on a server when a session is proposed by the client
|
|
@@ -2653,7 +2705,7 @@ Init_ossl_ssl(void)
|
|
|
2653
2705
|
* The callback is invoked with the SSLSocket and session id. The
|
|
2654
2706
|
* callback may return a Session from an external cache.
|
|
2655
2707
|
*/
|
|
2656
|
-
rb_attr(cSSLContext,
|
|
2708
|
+
rb_attr(cSSLContext, rb_intern_const("session_get_cb"), 1, 1, Qfalse);
|
|
2657
2709
|
|
|
2658
2710
|
/*
|
|
2659
2711
|
* A callback invoked when a new session was negotiated.
|
|
@@ -2661,7 +2713,7 @@ Init_ossl_ssl(void)
|
|
|
2661
2713
|
* The callback is invoked with an SSLSocket. If +false+ is returned the
|
|
2662
2714
|
* session will be removed from the internal cache.
|
|
2663
2715
|
*/
|
|
2664
|
-
rb_attr(cSSLContext,
|
|
2716
|
+
rb_attr(cSSLContext, rb_intern_const("session_new_cb"), 1, 1, Qfalse);
|
|
2665
2717
|
|
|
2666
2718
|
/*
|
|
2667
2719
|
* A callback invoked when a session is removed from the internal cache.
|
|
@@ -2672,18 +2724,18 @@ Init_ossl_ssl(void)
|
|
|
2672
2724
|
* multi-threaded application. The callback is called inside a global lock
|
|
2673
2725
|
* and it can randomly cause deadlock on Ruby thread switching.
|
|
2674
2726
|
*/
|
|
2675
|
-
rb_attr(cSSLContext,
|
|
2727
|
+
rb_attr(cSSLContext, rb_intern_const("session_remove_cb"), 1, 1, Qfalse);
|
|
2676
2728
|
|
|
2677
2729
|
rb_define_const(mSSLExtConfig, "HAVE_TLSEXT_HOST_NAME", Qtrue);
|
|
2678
2730
|
|
|
2679
2731
|
/*
|
|
2680
|
-
* A callback invoked whenever a new handshake is initiated
|
|
2681
|
-
* to disable renegotiation entirely.
|
|
2732
|
+
* A callback invoked whenever a new handshake is initiated on an
|
|
2733
|
+
* established connection. May be used to disable renegotiation entirely.
|
|
2682
2734
|
*
|
|
2683
2735
|
* The callback is invoked with the active SSLSocket. The callback's
|
|
2684
|
-
* return value is
|
|
2736
|
+
* return value is ignored. A normal return indicates "approval" of the
|
|
2685
2737
|
* renegotiation and will continue the process. To forbid renegotiation
|
|
2686
|
-
* and to cancel the process, an
|
|
2738
|
+
* and to cancel the process, raise an exception within the callback.
|
|
2687
2739
|
*
|
|
2688
2740
|
* === Disable client renegotiation
|
|
2689
2741
|
*
|
|
@@ -2691,13 +2743,11 @@ Init_ossl_ssl(void)
|
|
|
2691
2743
|
* renegotiation entirely. You may use a callback as follows to implement
|
|
2692
2744
|
* this feature:
|
|
2693
2745
|
*
|
|
2694
|
-
* num_handshakes = 0
|
|
2695
2746
|
* ctx.renegotiation_cb = lambda do |ssl|
|
|
2696
|
-
*
|
|
2697
|
-
* raise RuntimeError.new("Client renegotiation disabled") if num_handshakes > 1
|
|
2747
|
+
* raise RuntimeError, "Client renegotiation disabled"
|
|
2698
2748
|
* end
|
|
2699
2749
|
*/
|
|
2700
|
-
rb_attr(cSSLContext,
|
|
2750
|
+
rb_attr(cSSLContext, rb_intern_const("renegotiation_cb"), 1, 1, Qfalse);
|
|
2701
2751
|
#ifndef OPENSSL_NO_NEXTPROTONEG
|
|
2702
2752
|
/*
|
|
2703
2753
|
* An Enumerable of Strings. Each String represents a protocol to be
|
|
@@ -2710,7 +2760,7 @@ Init_ossl_ssl(void)
|
|
|
2710
2760
|
*
|
|
2711
2761
|
* ctx.npn_protocols = ["http/1.1", "spdy/2"]
|
|
2712
2762
|
*/
|
|
2713
|
-
rb_attr(cSSLContext,
|
|
2763
|
+
rb_attr(cSSLContext, rb_intern_const("npn_protocols"), 1, 1, Qfalse);
|
|
2714
2764
|
/*
|
|
2715
2765
|
* A callback invoked on the client side when the client needs to select
|
|
2716
2766
|
* a protocol from the list sent by the server. Supported in OpenSSL 1.0.1
|
|
@@ -2727,7 +2777,7 @@ Init_ossl_ssl(void)
|
|
|
2727
2777
|
* protocols.first
|
|
2728
2778
|
* end
|
|
2729
2779
|
*/
|
|
2730
|
-
rb_attr(cSSLContext,
|
|
2780
|
+
rb_attr(cSSLContext, rb_intern_const("npn_select_cb"), 1, 1, Qfalse);
|
|
2731
2781
|
#endif
|
|
2732
2782
|
|
|
2733
2783
|
#ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
|
|
@@ -2742,7 +2792,7 @@ Init_ossl_ssl(void)
|
|
|
2742
2792
|
*
|
|
2743
2793
|
* ctx.alpn_protocols = ["http/1.1", "spdy/2", "h2"]
|
|
2744
2794
|
*/
|
|
2745
|
-
rb_attr(cSSLContext,
|
|
2795
|
+
rb_attr(cSSLContext, rb_intern_const("alpn_protocols"), 1, 1, Qfalse);
|
|
2746
2796
|
/*
|
|
2747
2797
|
* A callback invoked on the server side when the server needs to select
|
|
2748
2798
|
* a protocol from the list sent by the client. Supported in OpenSSL 1.0.2
|
|
@@ -2759,7 +2809,7 @@ Init_ossl_ssl(void)
|
|
|
2759
2809
|
* protocols.first
|
|
2760
2810
|
* end
|
|
2761
2811
|
*/
|
|
2762
|
-
rb_attr(cSSLContext,
|
|
2812
|
+
rb_attr(cSSLContext, rb_intern_const("alpn_select_cb"), 1, 1, Qfalse);
|
|
2763
2813
|
#endif
|
|
2764
2814
|
|
|
2765
2815
|
rb_define_alias(cSSLContext, "ssl_timeout", "timeout");
|
|
@@ -2872,6 +2922,8 @@ Init_ossl_ssl(void)
|
|
|
2872
2922
|
rb_define_method(cSSLSocket, "client_ca", ossl_ssl_get_client_ca_list, 0);
|
|
2873
2923
|
/* #hostname is defined in lib/openssl/ssl.rb */
|
|
2874
2924
|
rb_define_method(cSSLSocket, "hostname=", ossl_ssl_set_hostname, 1);
|
|
2925
|
+
rb_define_method(cSSLSocket, "finished_message", ossl_ssl_get_finished, 0);
|
|
2926
|
+
rb_define_method(cSSLSocket, "peer_finished_message", ossl_ssl_get_peer_finished, 0);
|
|
2875
2927
|
# ifdef HAVE_SSL_GET_SERVER_TMP_KEY
|
|
2876
2928
|
rb_define_method(cSSLSocket, "tmp_key", ossl_ssl_tmp_key, 0);
|
|
2877
2929
|
# endif
|
|
@@ -2985,17 +3037,17 @@ Init_ossl_ssl(void)
|
|
|
2985
3037
|
#endif
|
|
2986
3038
|
|
|
2987
3039
|
|
|
2988
|
-
sym_exception = ID2SYM(
|
|
2989
|
-
sym_wait_readable = ID2SYM(
|
|
2990
|
-
sym_wait_writable = ID2SYM(
|
|
3040
|
+
sym_exception = ID2SYM(rb_intern_const("exception"));
|
|
3041
|
+
sym_wait_readable = ID2SYM(rb_intern_const("wait_readable"));
|
|
3042
|
+
sym_wait_writable = ID2SYM(rb_intern_const("wait_writable"));
|
|
2991
3043
|
|
|
2992
|
-
id_tmp_dh_callback =
|
|
2993
|
-
id_tmp_ecdh_callback =
|
|
2994
|
-
id_npn_protocols_encoded =
|
|
3044
|
+
id_tmp_dh_callback = rb_intern_const("tmp_dh_callback");
|
|
3045
|
+
id_tmp_ecdh_callback = rb_intern_const("tmp_ecdh_callback");
|
|
3046
|
+
id_npn_protocols_encoded = rb_intern_const("npn_protocols_encoded");
|
|
2995
3047
|
id_each = rb_intern_const("each");
|
|
2996
3048
|
|
|
2997
3049
|
#define DefIVarID(name) do \
|
|
2998
|
-
id_i_##name =
|
|
3050
|
+
id_i_##name = rb_intern_const("@"#name); while (0)
|
|
2999
3051
|
|
|
3000
3052
|
DefIVarID(cert_store);
|
|
3001
3053
|
DefIVarID(ca_file);
|