openssl 2.2.2 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +32 -44
- data/History.md +99 -13
- data/ext/openssl/extconf.rb +26 -28
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +26 -45
- data/ext/openssl/ossl.c +59 -46
- data/ext/openssl/ossl.h +20 -6
- data/ext/openssl/ossl_asn1.c +16 -4
- data/ext/openssl/ossl_bn.c +188 -126
- data/ext/openssl/ossl_cipher.c +11 -11
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +9 -9
- data/ext/openssl/ossl_engine.c +16 -15
- data/ext/openssl/ossl_hmac.c +48 -135
- data/ext/openssl/ossl_kdf.c +8 -0
- data/ext/openssl/ossl_ocsp.c +3 -51
- data/ext/openssl/ossl_pkcs12.c +21 -3
- data/ext/openssl/ossl_pkcs7.c +42 -59
- data/ext/openssl/ossl_pkey.c +1102 -191
- data/ext/openssl/ossl_pkey.h +35 -72
- data/ext/openssl/ossl_pkey_dh.c +124 -334
- data/ext/openssl/ossl_pkey_dsa.c +93 -398
- data/ext/openssl/ossl_pkey_ec.c +126 -318
- data/ext/openssl/ossl_pkey_rsa.c +100 -487
- data/ext/openssl/ossl_ssl.c +256 -355
- data/ext/openssl/ossl_ssl_session.c +24 -29
- data/ext/openssl/ossl_ts.c +35 -20
- data/ext/openssl/ossl_x509.c +0 -6
- data/ext/openssl/ossl_x509cert.c +164 -8
- data/ext/openssl/ossl_x509crl.c +10 -7
- data/ext/openssl/ossl_x509ext.c +1 -2
- data/ext/openssl/ossl_x509name.c +9 -2
- data/ext/openssl/ossl_x509req.c +10 -7
- data/ext/openssl/ossl_x509store.c +154 -70
- data/lib/openssl/buffering.rb +9 -0
- data/lib/openssl/hmac.rb +65 -0
- data/lib/openssl/pkey.rb +417 -0
- data/lib/openssl/ssl.rb +7 -7
- data/lib/openssl/version.rb +1 -1
- data/lib/openssl/x509.rb +22 -0
- data/lib/openssl.rb +0 -1
- metadata +5 -77
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -501
@@ -52,8 +52,15 @@ struct ossl_verify_cb_args {
|
|
52
52
|
};
|
53
53
|
|
54
54
|
static VALUE
|
55
|
-
|
55
|
+
ossl_x509stctx_new_i(VALUE arg)
|
56
56
|
{
|
57
|
+
return ossl_x509stctx_new((X509_STORE_CTX *)arg);
|
58
|
+
}
|
59
|
+
|
60
|
+
static VALUE
|
61
|
+
call_verify_cb_proc(VALUE arg)
|
62
|
+
{
|
63
|
+
struct ossl_verify_cb_args *args = (struct ossl_verify_cb_args *)arg;
|
57
64
|
return rb_funcall(args->proc, rb_intern("call"), 2,
|
58
65
|
args->preverify_ok, args->store_ctx);
|
59
66
|
}
|
@@ -69,7 +76,7 @@ ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
|
|
69
76
|
return ok;
|
70
77
|
|
71
78
|
ret = Qfalse;
|
72
|
-
rctx = rb_protect(
|
79
|
+
rctx = rb_protect(ossl_x509stctx_new_i, (VALUE)ctx, &state);
|
73
80
|
if (state) {
|
74
81
|
rb_set_errinfo(Qnil);
|
75
82
|
rb_warn("StoreContext initialization failure");
|
@@ -78,7 +85,7 @@ ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
|
|
78
85
|
args.proc = proc;
|
79
86
|
args.preverify_ok = ok ? Qtrue : Qfalse;
|
80
87
|
args.store_ctx = rctx;
|
81
|
-
ret = rb_protect(
|
88
|
+
ret = rb_protect(call_verify_cb_proc, (VALUE)&args, &state);
|
82
89
|
if (state) {
|
83
90
|
rb_set_errinfo(Qnil);
|
84
91
|
rb_warn("exception in verify_callback is ignored");
|
@@ -164,9 +171,8 @@ ossl_x509store_alloc(VALUE klass)
|
|
164
171
|
VALUE obj;
|
165
172
|
|
166
173
|
obj = NewX509Store(klass);
|
167
|
-
if((store = X509_STORE_new()) == NULL)
|
168
|
-
ossl_raise(eX509StoreError,
|
169
|
-
}
|
174
|
+
if ((store = X509_STORE_new()) == NULL)
|
175
|
+
ossl_raise(eX509StoreError, "X509_STORE_new");
|
170
176
|
SetX509Store(obj, store);
|
171
177
|
|
172
178
|
return obj;
|
@@ -199,8 +205,9 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
|
|
199
205
|
{
|
200
206
|
X509_STORE *store;
|
201
207
|
|
202
|
-
/* BUG: This method takes any number of arguments but appears to ignore them. */
|
203
208
|
GetX509Store(self, store);
|
209
|
+
if (argc != 0)
|
210
|
+
rb_warn("OpenSSL::X509::Store.new does not take any arguments");
|
204
211
|
#if !defined(HAVE_OPAQUE_OPENSSL)
|
205
212
|
/* [Bug #405] [Bug #1678] [Bug #3000]; already fixed? */
|
206
213
|
store->ex_data.sk = NULL;
|
@@ -221,8 +228,16 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
|
|
221
228
|
* call-seq:
|
222
229
|
* store.flags = flags
|
223
230
|
*
|
224
|
-
* Sets
|
225
|
-
*
|
231
|
+
* Sets the default flags used by certificate chain verification performed with
|
232
|
+
* the Store.
|
233
|
+
*
|
234
|
+
* _flags_ consists of zero or more of the constants defined in OpenSSL::X509
|
235
|
+
* with name V_FLAG_* or'ed together.
|
236
|
+
*
|
237
|
+
* OpenSSL::X509::StoreContext#flags= can be used to change the flags for a
|
238
|
+
* single verification operation.
|
239
|
+
*
|
240
|
+
* See also the man page X509_VERIFY_PARAM_set_flags(3).
|
226
241
|
*/
|
227
242
|
static VALUE
|
228
243
|
ossl_x509store_set_flags(VALUE self, VALUE flags)
|
@@ -240,9 +255,9 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
|
|
240
255
|
* call-seq:
|
241
256
|
* store.purpose = purpose
|
242
257
|
*
|
243
|
-
* Sets the store's
|
244
|
-
* the store will check every
|
245
|
-
* with the purpose. The purpose is specified by constants:
|
258
|
+
* Sets the store's default verification purpose. If specified,
|
259
|
+
* the verifications on the store will check every certificate's extensions are
|
260
|
+
* consistent with the purpose. The purpose is specified by constants:
|
246
261
|
*
|
247
262
|
* * X509::PURPOSE_SSL_CLIENT
|
248
263
|
* * X509::PURPOSE_SSL_SERVER
|
@@ -253,6 +268,11 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
|
|
253
268
|
* * X509::PURPOSE_ANY
|
254
269
|
* * X509::PURPOSE_OCSP_HELPER
|
255
270
|
* * X509::PURPOSE_TIMESTAMP_SIGN
|
271
|
+
*
|
272
|
+
* OpenSSL::X509::StoreContext#purpose= can be used to change the value for a
|
273
|
+
* single verification operation.
|
274
|
+
*
|
275
|
+
* See also the man page X509_VERIFY_PARAM_set_purpose(3).
|
256
276
|
*/
|
257
277
|
static VALUE
|
258
278
|
ossl_x509store_set_purpose(VALUE self, VALUE purpose)
|
@@ -269,6 +289,14 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
|
|
269
289
|
/*
|
270
290
|
* call-seq:
|
271
291
|
* store.trust = trust
|
292
|
+
*
|
293
|
+
* Sets the default trust settings used by the certificate verification with
|
294
|
+
* the store.
|
295
|
+
*
|
296
|
+
* OpenSSL::X509::StoreContext#trust= can be used to change the value for a
|
297
|
+
* single verification operation.
|
298
|
+
*
|
299
|
+
* See also the man page X509_VERIFY_PARAM_set_trust(3).
|
272
300
|
*/
|
273
301
|
static VALUE
|
274
302
|
ossl_x509store_set_trust(VALUE self, VALUE trust)
|
@@ -286,7 +314,13 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
|
|
286
314
|
* call-seq:
|
287
315
|
* store.time = time
|
288
316
|
*
|
289
|
-
* Sets the time to be used in verifications.
|
317
|
+
* Sets the time to be used in the certificate verifications with the store.
|
318
|
+
* By default, if not specified, the current system time is used.
|
319
|
+
*
|
320
|
+
* OpenSSL::X509::StoreContext#time= can be used to change the value for a
|
321
|
+
* single verification operation.
|
322
|
+
*
|
323
|
+
* See also the man page X509_VERIFY_PARAM_set_time(3).
|
290
324
|
*/
|
291
325
|
static VALUE
|
292
326
|
ossl_x509store_set_time(VALUE self, VALUE time)
|
@@ -302,23 +336,23 @@ ossl_x509store_set_time(VALUE self, VALUE time)
|
|
302
336
|
* Adds the certificates in _file_ to the certificate store. _file_ is the path
|
303
337
|
* to the file, and the file contains one or more certificates in PEM format
|
304
338
|
* concatenated together.
|
339
|
+
*
|
340
|
+
* See also the man page X509_LOOKUP_file(3).
|
305
341
|
*/
|
306
342
|
static VALUE
|
307
343
|
ossl_x509store_add_file(VALUE self, VALUE file)
|
308
344
|
{
|
309
345
|
X509_STORE *store;
|
310
346
|
X509_LOOKUP *lookup;
|
311
|
-
char *path
|
347
|
+
const char *path;
|
312
348
|
|
313
|
-
if(file != Qnil){
|
314
|
-
path = StringValueCStr(file);
|
315
|
-
}
|
316
349
|
GetX509Store(self, store);
|
350
|
+
path = StringValueCStr(file);
|
317
351
|
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
|
318
|
-
if(lookup
|
319
|
-
|
320
|
-
|
321
|
-
|
352
|
+
if (!lookup)
|
353
|
+
ossl_raise(eX509StoreError, "X509_STORE_add_lookup");
|
354
|
+
if (X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1)
|
355
|
+
ossl_raise(eX509StoreError, "X509_LOOKUP_load_file");
|
322
356
|
#if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
|
323
357
|
/*
|
324
358
|
* X509_load_cert_crl_file() which is called from X509_LOOKUP_load_file()
|
@@ -337,23 +371,23 @@ ossl_x509store_add_file(VALUE self, VALUE file)
|
|
337
371
|
* store.add_path(path) -> self
|
338
372
|
*
|
339
373
|
* Adds _path_ as the hash dir to be looked up by the store.
|
374
|
+
*
|
375
|
+
* See also the man page X509_LOOKUP_hash_dir(3).
|
340
376
|
*/
|
341
377
|
static VALUE
|
342
378
|
ossl_x509store_add_path(VALUE self, VALUE dir)
|
343
379
|
{
|
344
380
|
X509_STORE *store;
|
345
381
|
X509_LOOKUP *lookup;
|
346
|
-
char *path
|
382
|
+
const char *path;
|
347
383
|
|
348
|
-
if(dir != Qnil){
|
349
|
-
path = StringValueCStr(dir);
|
350
|
-
}
|
351
384
|
GetX509Store(self, store);
|
385
|
+
path = StringValueCStr(dir);
|
352
386
|
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
|
353
|
-
if(lookup
|
354
|
-
|
355
|
-
|
356
|
-
|
387
|
+
if (!lookup)
|
388
|
+
ossl_raise(eX509StoreError, "X509_STORE_add_lookup");
|
389
|
+
if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
|
390
|
+
ossl_raise(eX509StoreError, "X509_LOOKUP_add_dir");
|
357
391
|
|
358
392
|
return self;
|
359
393
|
}
|
@@ -368,6 +402,8 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
|
|
368
402
|
*
|
369
403
|
* * OpenSSL::X509::DEFAULT_CERT_FILE
|
370
404
|
* * OpenSSL::X509::DEFAULT_CERT_DIR
|
405
|
+
*
|
406
|
+
* See also the man page X509_STORE_set_default_paths(3).
|
371
407
|
*/
|
372
408
|
static VALUE
|
373
409
|
ossl_x509store_set_default_paths(VALUE self)
|
@@ -375,18 +411,19 @@ ossl_x509store_set_default_paths(VALUE self)
|
|
375
411
|
X509_STORE *store;
|
376
412
|
|
377
413
|
GetX509Store(self, store);
|
378
|
-
if (X509_STORE_set_default_paths(store) != 1)
|
379
|
-
ossl_raise(eX509StoreError,
|
380
|
-
}
|
414
|
+
if (X509_STORE_set_default_paths(store) != 1)
|
415
|
+
ossl_raise(eX509StoreError, "X509_STORE_set_default_paths");
|
381
416
|
|
382
417
|
return Qnil;
|
383
418
|
}
|
384
419
|
|
385
420
|
/*
|
386
421
|
* call-seq:
|
387
|
-
* store.add_cert(cert)
|
422
|
+
* store.add_cert(cert) -> self
|
388
423
|
*
|
389
424
|
* Adds the OpenSSL::X509::Certificate _cert_ to the certificate store.
|
425
|
+
*
|
426
|
+
* See also the man page X509_STORE_add_cert(3).
|
390
427
|
*/
|
391
428
|
static VALUE
|
392
429
|
ossl_x509store_add_cert(VALUE self, VALUE arg)
|
@@ -396,9 +433,8 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
|
|
396
433
|
|
397
434
|
cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
|
398
435
|
GetX509Store(self, store);
|
399
|
-
if (X509_STORE_add_cert(store, cert) != 1)
|
400
|
-
ossl_raise(eX509StoreError,
|
401
|
-
}
|
436
|
+
if (X509_STORE_add_cert(store, cert) != 1)
|
437
|
+
ossl_raise(eX509StoreError, "X509_STORE_add_cert");
|
402
438
|
|
403
439
|
return self;
|
404
440
|
}
|
@@ -408,6 +444,8 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
|
|
408
444
|
* store.add_crl(crl) -> self
|
409
445
|
*
|
410
446
|
* Adds the OpenSSL::X509::CRL _crl_ to the store.
|
447
|
+
*
|
448
|
+
* See also the man page X509_STORE_add_crl(3).
|
411
449
|
*/
|
412
450
|
static VALUE
|
413
451
|
ossl_x509store_add_crl(VALUE self, VALUE arg)
|
@@ -417,9 +455,8 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
|
|
417
455
|
|
418
456
|
crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
|
419
457
|
GetX509Store(self, store);
|
420
|
-
if (X509_STORE_add_crl(store, crl) != 1)
|
421
|
-
ossl_raise(eX509StoreError,
|
422
|
-
}
|
458
|
+
if (X509_STORE_add_crl(store, crl) != 1)
|
459
|
+
ossl_raise(eX509StoreError, "X509_STORE_add_crl");
|
423
460
|
|
424
461
|
return self;
|
425
462
|
}
|
@@ -499,9 +536,8 @@ ossl_x509stctx_alloc(VALUE klass)
|
|
499
536
|
VALUE obj;
|
500
537
|
|
501
538
|
obj = NewX509StCtx(klass);
|
502
|
-
if((ctx = X509_STORE_CTX_new()) == NULL)
|
503
|
-
ossl_raise(eX509StoreError,
|
504
|
-
}
|
539
|
+
if ((ctx = X509_STORE_CTX_new()) == NULL)
|
540
|
+
ossl_raise(eX509StoreError, "X509_STORE_CTX_new");
|
505
541
|
SetX509StCtx(obj, ctx);
|
506
542
|
|
507
543
|
return obj;
|
@@ -567,6 +603,10 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
|
|
567
603
|
/*
|
568
604
|
* call-seq:
|
569
605
|
* stctx.verify -> true | false
|
606
|
+
*
|
607
|
+
* Performs the certificate verification using the parameters set to _stctx_.
|
608
|
+
*
|
609
|
+
* See also the man page X509_verify_cert(3).
|
570
610
|
*/
|
571
611
|
static VALUE
|
572
612
|
ossl_x509stctx_verify(VALUE self)
|
@@ -579,48 +619,45 @@ ossl_x509stctx_verify(VALUE self)
|
|
579
619
|
|
580
620
|
switch (X509_verify_cert(ctx)) {
|
581
621
|
case 1:
|
582
|
-
|
622
|
+
return Qtrue;
|
583
623
|
case 0:
|
584
|
-
|
585
|
-
|
624
|
+
ossl_clear_error();
|
625
|
+
return Qfalse;
|
586
626
|
default:
|
587
|
-
|
627
|
+
ossl_raise(eX509CertError, "X509_verify_cert");
|
588
628
|
}
|
589
629
|
}
|
590
630
|
|
591
631
|
/*
|
592
632
|
* call-seq:
|
593
|
-
* stctx.chain -> Array of X509::Certificate
|
633
|
+
* stctx.chain -> nil | Array of X509::Certificate
|
634
|
+
*
|
635
|
+
* Returns the verified chain.
|
636
|
+
*
|
637
|
+
* See also the man page X509_STORE_CTX_set0_verified_chain(3).
|
594
638
|
*/
|
595
639
|
static VALUE
|
596
640
|
ossl_x509stctx_get_chain(VALUE self)
|
597
641
|
{
|
598
642
|
X509_STORE_CTX *ctx;
|
599
|
-
STACK_OF(X509) *chain;
|
600
|
-
X509 *x509;
|
601
|
-
int i, num;
|
602
|
-
VALUE ary;
|
643
|
+
const STACK_OF(X509) *chain;
|
603
644
|
|
604
645
|
GetX509StCtx(self, ctx);
|
605
|
-
|
606
|
-
|
607
|
-
|
608
|
-
|
609
|
-
OSSL_Debug("certs in chain < 0???");
|
610
|
-
return rb_ary_new();
|
611
|
-
}
|
612
|
-
ary = rb_ary_new2(num);
|
613
|
-
for(i = 0; i < num; i++) {
|
614
|
-
x509 = sk_X509_value(chain, i);
|
615
|
-
rb_ary_push(ary, ossl_x509_new(x509));
|
616
|
-
}
|
617
|
-
|
618
|
-
return ary;
|
646
|
+
chain = X509_STORE_CTX_get0_chain(ctx);
|
647
|
+
if (!chain)
|
648
|
+
return Qnil; /* Could be an empty array instead? */
|
649
|
+
return ossl_x509_sk2ary(chain);
|
619
650
|
}
|
620
651
|
|
621
652
|
/*
|
622
653
|
* call-seq:
|
623
654
|
* stctx.error -> Integer
|
655
|
+
*
|
656
|
+
* Returns the error code of _stctx_. This is typically called after #verify
|
657
|
+
* is done, or from the verification callback set to
|
658
|
+
* OpenSSL::X509::Store#verify_callback=.
|
659
|
+
*
|
660
|
+
* See also the man page X509_STORE_CTX_get_error(3).
|
624
661
|
*/
|
625
662
|
static VALUE
|
626
663
|
ossl_x509stctx_get_err(VALUE self)
|
@@ -635,6 +672,11 @@ ossl_x509stctx_get_err(VALUE self)
|
|
635
672
|
/*
|
636
673
|
* call-seq:
|
637
674
|
* stctx.error = error_code
|
675
|
+
*
|
676
|
+
* Sets the error code of _stctx_. This is used by the verification callback
|
677
|
+
* set to OpenSSL::X509::Store#verify_callback=.
|
678
|
+
*
|
679
|
+
* See also the man page X509_STORE_CTX_set_error(3).
|
638
680
|
*/
|
639
681
|
static VALUE
|
640
682
|
ossl_x509stctx_set_error(VALUE self, VALUE err)
|
@@ -651,7 +693,10 @@ ossl_x509stctx_set_error(VALUE self, VALUE err)
|
|
651
693
|
* call-seq:
|
652
694
|
* stctx.error_string -> String
|
653
695
|
*
|
654
|
-
* Returns the error string corresponding to the error code
|
696
|
+
* Returns the human readable error string corresponding to the error code
|
697
|
+
* retrieved by #error.
|
698
|
+
*
|
699
|
+
* See also the man page X509_verify_cert_error_string(3).
|
655
700
|
*/
|
656
701
|
static VALUE
|
657
702
|
ossl_x509stctx_get_err_string(VALUE self)
|
@@ -668,6 +713,10 @@ ossl_x509stctx_get_err_string(VALUE self)
|
|
668
713
|
/*
|
669
714
|
* call-seq:
|
670
715
|
* stctx.error_depth -> Integer
|
716
|
+
*
|
717
|
+
* Returns the depth of the chain. This is used in combination with #error.
|
718
|
+
*
|
719
|
+
* See also the man page X509_STORE_CTX_get_error_depth(3).
|
671
720
|
*/
|
672
721
|
static VALUE
|
673
722
|
ossl_x509stctx_get_err_depth(VALUE self)
|
@@ -682,6 +731,10 @@ ossl_x509stctx_get_err_depth(VALUE self)
|
|
682
731
|
/*
|
683
732
|
* call-seq:
|
684
733
|
* stctx.current_cert -> X509::Certificate
|
734
|
+
*
|
735
|
+
* Returns the certificate which caused the error.
|
736
|
+
*
|
737
|
+
* See also the man page X509_STORE_CTX_get_current_cert(3).
|
685
738
|
*/
|
686
739
|
static VALUE
|
687
740
|
ossl_x509stctx_get_curr_cert(VALUE self)
|
@@ -696,6 +749,10 @@ ossl_x509stctx_get_curr_cert(VALUE self)
|
|
696
749
|
/*
|
697
750
|
* call-seq:
|
698
751
|
* stctx.current_crl -> X509::CRL
|
752
|
+
*
|
753
|
+
* Returns the CRL which caused the error.
|
754
|
+
*
|
755
|
+
* See also the man page X509_STORE_CTX_get_current_crl(3).
|
699
756
|
*/
|
700
757
|
static VALUE
|
701
758
|
ossl_x509stctx_get_curr_crl(VALUE self)
|
@@ -715,7 +772,10 @@ ossl_x509stctx_get_curr_crl(VALUE self)
|
|
715
772
|
* call-seq:
|
716
773
|
* stctx.flags = flags
|
717
774
|
*
|
718
|
-
* Sets the verification flags to the context.
|
775
|
+
* Sets the verification flags to the context. This overrides the default value
|
776
|
+
* set by Store#flags=.
|
777
|
+
*
|
778
|
+
* See also the man page X509_VERIFY_PARAM_set_flags(3).
|
719
779
|
*/
|
720
780
|
static VALUE
|
721
781
|
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
|
@@ -733,7 +793,10 @@ ossl_x509stctx_set_flags(VALUE self, VALUE flags)
|
|
733
793
|
* call-seq:
|
734
794
|
* stctx.purpose = purpose
|
735
795
|
*
|
736
|
-
* Sets the purpose of the context.
|
796
|
+
* Sets the purpose of the context. This overrides the default value set by
|
797
|
+
* Store#purpose=.
|
798
|
+
*
|
799
|
+
* See also the man page X509_VERIFY_PARAM_set_purpose(3).
|
737
800
|
*/
|
738
801
|
static VALUE
|
739
802
|
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
|
@@ -750,6 +813,11 @@ ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
|
|
750
813
|
/*
|
751
814
|
* call-seq:
|
752
815
|
* stctx.trust = trust
|
816
|
+
*
|
817
|
+
* Sets the trust settings of the context. This overrides the default value set
|
818
|
+
* by Store#trust=.
|
819
|
+
*
|
820
|
+
* See also the man page X509_VERIFY_PARAM_set_trust(3).
|
753
821
|
*/
|
754
822
|
static VALUE
|
755
823
|
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
|
@@ -768,6 +836,8 @@ ossl_x509stctx_set_trust(VALUE self, VALUE trust)
|
|
768
836
|
* stctx.time = time
|
769
837
|
*
|
770
838
|
* Sets the time used in the verification. If not set, the current time is used.
|
839
|
+
*
|
840
|
+
* See also the man page X509_VERIFY_PARAM_set_time(3).
|
771
841
|
*/
|
772
842
|
static VALUE
|
773
843
|
ossl_x509stctx_set_time(VALUE self, VALUE time)
|
@@ -843,23 +913,37 @@ Init_ossl_x509store(void)
|
|
843
913
|
cX509Store = rb_define_class_under(mX509, "Store", rb_cObject);
|
844
914
|
/*
|
845
915
|
* The callback for additional certificate verification. It is invoked for
|
846
|
-
* each
|
916
|
+
* each certificate in the chain and can be used to implement custom
|
917
|
+
* certificate verification conditions.
|
847
918
|
*
|
848
919
|
* The callback is invoked with two values, a boolean that indicates if the
|
849
920
|
* pre-verification by OpenSSL has succeeded or not, and the StoreContext in
|
850
|
-
* use.
|
921
|
+
* use.
|
922
|
+
*
|
923
|
+
* The callback can use StoreContext#error= to change the error code as
|
924
|
+
* needed. The callback must return either true or false.
|
925
|
+
*
|
926
|
+
* NOTE: any exception raised within the callback will be ignored.
|
927
|
+
*
|
928
|
+
* See also the man page X509_STORE_CTX_set_verify_cb(3).
|
851
929
|
*/
|
852
930
|
rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse);
|
853
931
|
/*
|
854
932
|
* The error code set by the last call of #verify.
|
933
|
+
*
|
934
|
+
* See also StoreContext#error.
|
855
935
|
*/
|
856
936
|
rb_attr(cX509Store, rb_intern("error"), 1, 0, Qfalse);
|
857
937
|
/*
|
858
938
|
* The description for the error code set by the last call of #verify.
|
939
|
+
*
|
940
|
+
* See also StoreContext#error_string.
|
859
941
|
*/
|
860
942
|
rb_attr(cX509Store, rb_intern("error_string"), 1, 0, Qfalse);
|
861
943
|
/*
|
862
944
|
* The certificate chain constructed by the last call of #verify.
|
945
|
+
*
|
946
|
+
* See also StoreContext#chain.
|
863
947
|
*/
|
864
948
|
rb_attr(cX509Store, rb_intern("chain"), 1, 0, Qfalse);
|
865
949
|
rb_define_alloc_func(cX509Store, ossl_x509store_alloc);
|
data/lib/openssl/buffering.rb
CHANGED
@@ -101,6 +101,15 @@ module OpenSSL::Buffering
|
|
101
101
|
|
102
102
|
public
|
103
103
|
|
104
|
+
# call-seq:
|
105
|
+
# ssl.getbyte => 81
|
106
|
+
#
|
107
|
+
# Get the next 8bit byte from `ssl`. Returns `nil` on EOF
|
108
|
+
def getbyte
|
109
|
+
byte = read(1)
|
110
|
+
byte && byte.unpack1("C")
|
111
|
+
end
|
112
|
+
|
104
113
|
##
|
105
114
|
# Reads _size_ bytes from the stream. If _buf_ is provided it must
|
106
115
|
# reference a string which will receive the data.
|
data/lib/openssl/hmac.rb
CHANGED
@@ -9,5 +9,70 @@ module OpenSSL
|
|
9
9
|
|
10
10
|
OpenSSL.fixed_length_secure_compare(self.digest, other.digest)
|
11
11
|
end
|
12
|
+
|
13
|
+
# :call-seq:
|
14
|
+
# hmac.base64digest -> string
|
15
|
+
#
|
16
|
+
# Returns the authentication code an a Base64-encoded string.
|
17
|
+
def base64digest
|
18
|
+
[digest].pack("m0")
|
19
|
+
end
|
20
|
+
|
21
|
+
class << self
|
22
|
+
# :call-seq:
|
23
|
+
# HMAC.digest(digest, key, data) -> aString
|
24
|
+
#
|
25
|
+
# Returns the authentication code as a binary string. The _digest_ parameter
|
26
|
+
# specifies the digest algorithm to use. This may be a String representing
|
27
|
+
# the algorithm name or an instance of OpenSSL::Digest.
|
28
|
+
#
|
29
|
+
# === Example
|
30
|
+
# key = 'key'
|
31
|
+
# data = 'The quick brown fox jumps over the lazy dog'
|
32
|
+
#
|
33
|
+
# hmac = OpenSSL::HMAC.digest('SHA1', key, data)
|
34
|
+
# #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
|
35
|
+
def digest(digest, key, data)
|
36
|
+
hmac = new(key, digest)
|
37
|
+
hmac << data
|
38
|
+
hmac.digest
|
39
|
+
end
|
40
|
+
|
41
|
+
# :call-seq:
|
42
|
+
# HMAC.hexdigest(digest, key, data) -> aString
|
43
|
+
#
|
44
|
+
# Returns the authentication code as a hex-encoded string. The _digest_
|
45
|
+
# parameter specifies the digest algorithm to use. This may be a String
|
46
|
+
# representing the algorithm name or an instance of OpenSSL::Digest.
|
47
|
+
#
|
48
|
+
# === Example
|
49
|
+
# key = 'key'
|
50
|
+
# data = 'The quick brown fox jumps over the lazy dog'
|
51
|
+
#
|
52
|
+
# hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
|
53
|
+
# #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
|
54
|
+
def hexdigest(digest, key, data)
|
55
|
+
hmac = new(key, digest)
|
56
|
+
hmac << data
|
57
|
+
hmac.hexdigest
|
58
|
+
end
|
59
|
+
|
60
|
+
# :call-seq:
|
61
|
+
# HMAC.base64digest(digest, key, data) -> aString
|
62
|
+
#
|
63
|
+
# Returns the authentication code as a Base64-encoded string. The _digest_
|
64
|
+
# parameter specifies the digest algorithm to use. This may be a String
|
65
|
+
# representing the algorithm name or an instance of OpenSSL::Digest.
|
66
|
+
#
|
67
|
+
# === Example
|
68
|
+
# key = 'key'
|
69
|
+
# data = 'The quick brown fox jumps over the lazy dog'
|
70
|
+
#
|
71
|
+
# hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
|
72
|
+
# #=> "3nybhbi3iqa8ino29wqQcBydtNk="
|
73
|
+
def base64digest(digest, key, data)
|
74
|
+
[digest(digest, key, data)].pack("m0")
|
75
|
+
end
|
76
|
+
end
|
12
77
|
end
|
13
78
|
end
|