openssl 3.3.3 → 4.0.0

data/ext/openssl/ossl_x509attr.c

@@ -13,14 +13,14 @@
     TypedData_Wrap_Struct((klass), &ossl_x509attr_type, 0)
 #define SetX509Attr(obj, attr) do { \
     if (!(attr)) { \
-	ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \
+        ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \
     } \
     RTYPEDDATA_DATA(obj) = (attr); \
 } while (0)
 #define GetX509Attr(obj, attr) do { \
     TypedData_Get_Struct((obj), X509_ATTRIBUTE, &ossl_x509attr_type, (attr)); \
     if (!(attr)) { \
-	ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \
+        ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \
     } \
 } while (0)
 
@@ -39,7 +39,7 @@ ossl_x509attr_free(void *ptr)
 static const rb_data_type_t ossl_x509attr_type = {
     "OpenSSL/X509/ATTRIBUTE",
     {
-	0, ossl_x509attr_free,
+        0, ossl_x509attr_free,
     },
     0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
 };
@@ -48,21 +48,15 @@ static const rb_data_type_t ossl_x509attr_type = {
  * Public
  */
 VALUE
-ossl_x509attr_new(const X509_ATTRIBUTE *attr)
+ossl_x509attr_new(X509_ATTRIBUTE *attr)
 {
     X509_ATTRIBUTE *new;
     VALUE obj;
 
     obj = NewX509Attr(cX509Attr);
-    if (!attr) {
-	new = X509_ATTRIBUTE_new();
-    } else {
-	/* OpenSSL 1.1.1 takes a non-const pointer */
-	new = X509_ATTRIBUTE_dup((X509_ATTRIBUTE *)attr);
-    }
-    if (!new) {
-	ossl_raise(eX509AttrError, NULL);
-    }
+    new = X509_ATTRIBUTE_dup(attr);
+    if (!new)
+        ossl_raise(eX509AttrError, "X509_ATTRIBUTE_dup");
     SetX509Attr(obj, new);
 
     return obj;
@@ -89,7 +83,7 @@ ossl_x509attr_alloc(VALUE klass)
 
     obj = NewX509Attr(klass);
     if (!(attr = X509_ATTRIBUTE_new()))
-	ossl_raise(eX509AttrError, NULL);
+        ossl_raise(eX509AttrError, NULL);
     SetX509Attr(obj, attr);
 
     return obj;
@@ -108,15 +102,15 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self)
 
     GetX509Attr(self, attr);
     if(rb_scan_args(argc, argv, "11", &oid, &value) == 1){
-	oid = ossl_to_der_if_possible(oid);
-	StringValue(oid);
-	p = (unsigned char *)RSTRING_PTR(oid);
-	x = d2i_X509_ATTRIBUTE(&attr, &p, RSTRING_LEN(oid));
-	DATA_PTR(self) = attr;
-	if(!x){
-	    ossl_raise(eX509AttrError, NULL);
-	}
-	return self;
+        oid = ossl_to_der_if_possible(oid);
+        StringValue(oid);
+        p = (unsigned char *)RSTRING_PTR(oid);
+        x = d2i_X509_ATTRIBUTE(&attr, &p, RSTRING_LEN(oid));
+        DATA_PTR(self) = attr;
+        if(!x){
+            ossl_raise(eX509AttrError, NULL);
+        }
+        return self;
     }
     rb_funcall(self, rb_intern("oid="), 1, oid);
     rb_funcall(self, rb_intern("value="), 1, value);
@@ -124,6 +118,7 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
 
+/* :nodoc: */
 static VALUE
 ossl_x509attr_initialize_copy(VALUE self, VALUE other)
 {
@@ -135,7 +130,7 @@ ossl_x509attr_initialize_copy(VALUE self, VALUE other)
 
     attr_new = X509_ATTRIBUTE_dup(attr_other);
     if (!attr_new)
-	ossl_raise(eX509AttrError, "X509_ATTRIBUTE_dup");
+        ossl_raise(eX509AttrError, "X509_ATTRIBUTE_dup");
 
     SetX509Attr(self, attr_new);
     X509_ATTRIBUTE_free(attr);
@@ -159,8 +154,8 @@ ossl_x509attr_set_oid(VALUE self, VALUE oid)
     obj = OBJ_txt2obj(s, 0);
     if(!obj) ossl_raise(eX509AttrError, NULL);
     if (!X509_ATTRIBUTE_set1_object(attr, obj)) {
-	ASN1_OBJECT_free(obj);
-	ossl_raise(eX509AttrError, "X509_ATTRIBUTE_set1_object");
+        ASN1_OBJECT_free(obj);
+        ossl_raise(eX509AttrError, "X509_ATTRIBUTE_set1_object");
     }
     ASN1_OBJECT_free(obj);
 
@@ -169,29 +164,18 @@ ossl_x509attr_set_oid(VALUE self, VALUE oid)
 
 /*
  * call-seq:
- *    attr.oid => string
+ *    attr.oid -> string
+ *
+ * Returns the OID of the attribute. Returns the short name or the dotted
+ * decimal notation.
  */
 static VALUE
 ossl_x509attr_get_oid(VALUE self)
 {
     X509_ATTRIBUTE *attr;
-    const ASN1_OBJECT *oid;
-    BIO *out;
-    VALUE ret;
-    int nid;
 
     GetX509Attr(self, attr);
-    oid = X509_ATTRIBUTE_get0_object(attr);
-    if ((nid = OBJ_obj2nid(oid)) != NID_undef)
-	ret = rb_str_new2(OBJ_nid2sn(nid));
-    else{
-	if (!(out = BIO_new(BIO_s_mem())))
-	    ossl_raise(eX509AttrError, NULL);
-	i2a_ASN1_OBJECT(out, (ASN1_OBJECT *)oid);
-	ret = ossl_membio2str(out);
-    }
-
-    return ret;
+    return ossl_asn1obj_to_string(X509_ATTRIBUTE_get0_object(attr));
 }
 
 /*
@@ -212,7 +196,7 @@ ossl_x509attr_set_value(VALUE self, VALUE value)
         ossl_raise(eX509AttrError, "attribute value must be ASN1::Set");
 
     if (X509_ATTRIBUTE_count(attr)) { /* populated, reset first */
-        const ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
+        ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
         X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, 0, NULL, -1);
         if (!new_attr) {
             sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
@@ -252,21 +236,21 @@ ossl_x509attr_get_value(VALUE self)
     GetX509Attr(self, attr);
     /* there is no X509_ATTRIBUTE_get0_set() :( */
     if (!(sk = sk_ASN1_TYPE_new_null()))
-	ossl_raise(eX509AttrError, "sk_new");
+        ossl_raise(eX509AttrError, "sk_new");
 
     count = X509_ATTRIBUTE_count(attr);
     for (i = 0; i < count; i++)
-        sk_ASN1_TYPE_push(sk, (ASN1_TYPE *)X509_ATTRIBUTE_get0_type(attr, i));
+        sk_ASN1_TYPE_push(sk, X509_ATTRIBUTE_get0_type(attr, i));
 
     if ((len = i2d_ASN1_SET_ANY(sk, NULL)) <= 0) {
-	sk_ASN1_TYPE_free(sk);
-	ossl_raise(eX509AttrError, NULL);
+        sk_ASN1_TYPE_free(sk);
+        ossl_raise(eX509AttrError, NULL);
     }
     str = rb_str_new(0, len);
     p = (unsigned char *)RSTRING_PTR(str);
     if (i2d_ASN1_SET_ANY(sk, &p) <= 0) {
-	sk_ASN1_TYPE_free(sk);
-	ossl_raise(eX509AttrError, NULL);
+        sk_ASN1_TYPE_free(sk);
+        ossl_raise(eX509AttrError, NULL);
     }
     ossl_str_adjust(str, p);
     sk_ASN1_TYPE_free(sk);
@@ -288,11 +272,11 @@ ossl_x509attr_to_der(VALUE self)
 
     GetX509Attr(self, attr);
     if((len = i2d_X509_ATTRIBUTE(attr, NULL)) <= 0)
-	ossl_raise(eX509AttrError, NULL);
+        ossl_raise(eX509AttrError, NULL);
     str = rb_str_new(0, len);
     p = (unsigned char *)RSTRING_PTR(str);
     if(i2d_X509_ATTRIBUTE(attr, &p) <= 0)
-	ossl_raise(eX509AttrError, NULL);
+        ossl_raise(eX509AttrError, NULL);
     ossl_str_adjust(str, p);
 
     return str;
@@ -304,12 +288,6 @@ ossl_x509attr_to_der(VALUE self)
 void
 Init_ossl_x509attr(void)
 {
-#if 0
-    mOSSL = rb_define_module("OpenSSL");
-    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
-    mX509 = rb_define_module_under(mOSSL, "X509");
-#endif
-
     eX509AttrError = rb_define_class_under(mX509, "AttributeError", eOSSLError);
 
     cX509Attr = rb_define_class_under(mX509, "Attribute", rb_cObject);

data/ext/openssl/ossl_x509cert.c

@@ -13,14 +13,14 @@
     TypedData_Wrap_Struct((klass), &ossl_x509_type, 0)
 #define SetX509(obj, x509) do { \
     if (!(x509)) { \
-	ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \
+        ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \
     } \
     RTYPEDDATA_DATA(obj) = (x509); \
 } while (0)
 #define GetX509(obj, x509) do { \
     TypedData_Get_Struct((obj), X509, &ossl_x509_type, (x509)); \
     if (!(x509)) { \
-	ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \
+        ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \
     } \
 } while (0)
 
@@ -39,7 +39,7 @@ ossl_x509_free(void *ptr)
 static const rb_data_type_t ossl_x509_type = {
     "OpenSSL/X509",
     {
-	0, ossl_x509_free,
+        0, ossl_x509_free,
     },
     0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
 };
@@ -48,21 +48,15 @@ static const rb_data_type_t ossl_x509_type = {
  * Public
  */
 VALUE
-ossl_x509_new(const X509 *x509)
+ossl_x509_new(X509 *x509)
 {
     X509 *new;
     VALUE obj;
 
     obj = NewX509(cX509Cert);
-    if (!x509) {
-	new = X509_new();
-    } else {
-	/* OpenSSL 1.1.1 takes a non-const pointer */
-	new = X509_dup((X509 *)x509);
-    }
-    if (!new) {
-	ossl_raise(eX509CertError, NULL);
-    }
+    new = X509_dup(x509);
+    if (!new)
+        ossl_raise(eX509CertError, "X509_dup");
     SetX509(obj, new);
 
     return obj;
@@ -121,8 +115,8 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self)
 
     rb_check_frozen(self);
     if (rb_scan_args(argc, argv, "01", &arg) == 0) {
-	/* create just empty X509Cert */
-	return self;
+        /* create just empty X509Cert */
+        return self;
     }
     arg = ossl_to_der_if_possible(arg);
     in = ossl_obj2bio(&arg);
@@ -141,6 +135,7 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
 
+/* :nodoc: */
 static VALUE
 ossl_x509_copy(VALUE self, VALUE other)
 {
@@ -175,11 +170,11 @@ ossl_x509_to_der(VALUE self)
 
     GetX509(self, x509);
     if ((len = i2d_X509(x509, NULL)) <= 0)
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     str = rb_str_new(0, len);
     p = (unsigned char *)RSTRING_PTR(str);
     if (i2d_X509(x509, &p) <= 0)
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     ossl_str_adjust(str, p);
 
     return str;
@@ -201,8 +196,8 @@ ossl_x509_to_pem(VALUE self)
     if (!out) ossl_raise(eX509CertError, NULL);
 
     if (!PEM_write_bio_X509(out, x509)) {
-	BIO_free(out);
-	ossl_raise(eX509CertError, NULL);
+        BIO_free(out);
+        ossl_raise(eX509CertError, NULL);
     }
     str = ossl_membio2str(out);
 
@@ -226,8 +221,8 @@ ossl_x509_to_text(VALUE self)
     if (!out) ossl_raise(eX509CertError, NULL);
 
     if (!X509_print(out, x509)) {
-	BIO_free(out);
-	ossl_raise(eX509CertError, NULL);
+        BIO_free(out);
+        ossl_raise(eX509CertError, NULL);
     }
     str = ossl_membio2str(out);
 
@@ -247,7 +242,7 @@ ossl_x509_to_req(VALUE self)
 
     GetX509(self, x509);
     if (!(req = X509_to_X509_REQ(x509, NULL, EVP_md5()))) {
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
     obj = ossl_x509req_new(req);
     X509_REQ_free(req);
@@ -281,11 +276,11 @@ ossl_x509_set_version(VALUE self, VALUE version)
     long ver;
 
     if ((ver = NUM2LONG(version)) < 0) {
-	ossl_raise(eX509CertError, "version must be >= 0!");
+        ossl_raise(eX509CertError, "version must be >= 0!");
     }
     GetX509(self, x509);
     if (!X509_set_version(x509, ver)) {
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 
     return version;
@@ -323,25 +318,23 @@ ossl_x509_set_serial(VALUE self, VALUE num)
 /*
  * call-seq:
  *    cert.signature_algorithm => string
+ *
+ * Returns the signature algorithm used to sign this certificate. This returns
+ * the algorithm name found in the TBSCertificate structure, not the outer
+ * \Certificate structure.
+ *
+ * Returns the long name of the signature algorithm, or the dotted decimal
+ * notation if \OpenSSL does not define a long name for it.
  */
 static VALUE
 ossl_x509_get_signature_algorithm(VALUE self)
 {
     X509 *x509;
-    BIO *out;
-    VALUE str;
+    const ASN1_OBJECT *obj;
 
     GetX509(self, x509);
-    out = BIO_new(BIO_s_mem());
-    if (!out) ossl_raise(eX509CertError, NULL);
-
-    if (!i2a_ASN1_OBJECT(out, X509_get0_tbs_sigalg(x509)->algorithm)) {
-	BIO_free(out);
-	ossl_raise(eX509CertError, NULL);
-    }
-    str = ossl_membio2str(out);
-
-    return str;
+    X509_ALGOR_get0(&obj, NULL, NULL, X509_get0_tbs_sigalg(x509));
+    return ossl_asn1obj_to_string_long_name(obj);
 }
 
 /*
@@ -352,11 +345,11 @@ static VALUE
 ossl_x509_get_subject(VALUE self)
 {
     X509 *x509;
-    const X509_NAME *name;
+    X509_NAME *name;
 
     GetX509(self, x509);
     if (!(name = X509_get_subject_name(x509))) { /* NO DUP - don't free! */
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 
     return ossl_x509name_new(name);
@@ -373,7 +366,7 @@ ossl_x509_set_subject(VALUE self, VALUE subject)
 
     GetX509(self, x509);
     if (!X509_set_subject_name(x509, GetX509NamePtr(subject))) { /* DUPs name */
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 
     return subject;
@@ -387,11 +380,11 @@ static VALUE
 ossl_x509_get_issuer(VALUE self)
 {
     X509 *x509;
-    const X509_NAME *name;
+    X509_NAME *name;
 
     GetX509(self, x509);
     if(!(name = X509_get_issuer_name(x509))) { /* NO DUP - don't free! */
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 
     return ossl_x509name_new(name);
@@ -408,7 +401,7 @@ ossl_x509_set_issuer(VALUE self, VALUE issuer)
 
     GetX509(self, x509);
     if (!X509_set_issuer_name(x509, GetX509NamePtr(issuer))) { /* DUPs name */
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 
     return issuer;
@@ -426,7 +419,7 @@ ossl_x509_get_not_before(VALUE self)
 
     GetX509(self, x509);
     if (!(asn1time = X509_get0_notBefore(x509))) {
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 
     return asn1time_to_time(asn1time);
@@ -445,8 +438,8 @@ ossl_x509_set_not_before(VALUE self, VALUE time)
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_set1_notBefore(x509, asn1time)) {
-	ASN1_TIME_free(asn1time);
-	ossl_raise(eX509CertError, "X509_set_notBefore");
+        ASN1_TIME_free(asn1time);
+        ossl_raise(eX509CertError, "X509_set_notBefore");
     }
     ASN1_TIME_free(asn1time);
 
@@ -465,7 +458,7 @@ ossl_x509_get_not_after(VALUE self)
 
     GetX509(self, x509);
     if (!(asn1time = X509_get0_notAfter(x509))) {
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 
     return asn1time_to_time(asn1time);
@@ -484,8 +477,8 @@ ossl_x509_set_not_after(VALUE self, VALUE time)
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_set1_notAfter(x509, asn1time)) {
-	ASN1_TIME_free(asn1time);
-	ossl_raise(eX509CertError, "X509_set_notAfter");
+        ASN1_TIME_free(asn1time);
+        ossl_raise(eX509CertError, "X509_set_notAfter");
     }
     ASN1_TIME_free(asn1time);
 
@@ -504,10 +497,10 @@ ossl_x509_get_public_key(VALUE self)
 
     GetX509(self, x509);
     if (!(pkey = X509_get_pubkey(x509))) { /* adds an reference */
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 
-    return ossl_pkey_new(pkey); /* NO DUP - OK */
+    return ossl_pkey_wrap(pkey);
 }
 
 /*
@@ -524,7 +517,7 @@ ossl_x509_set_public_key(VALUE self, VALUE key)
     pkey = GetPKeyPtr(key);
     ossl_pkey_check_public_key(pkey);
     if (!X509_set_pubkey(x509, pkey))
-	ossl_raise(eX509CertError, "X509_set_pubkey");
+        ossl_raise(eX509CertError, "X509_set_pubkey");
     return key;
 }
 
@@ -538,17 +531,14 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest)
     X509 *x509;
     EVP_PKEY *pkey;
     const EVP_MD *md;
+    VALUE md_holder;
 
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
-    if (NIL_P(digest)) {
-        md = NULL; /* needed for some key types, e.g. Ed25519 */
-    } else {
-        md = ossl_evp_get_digestbyname(digest);
-    }
+    /* NULL needed for some key types, e.g. Ed25519 */
+    md = NIL_P(digest) ? NULL : ossl_evp_md_fetch(digest, &md_holder);
     GetX509(self, x509);
-    if (!X509_sign(x509, pkey, md)) {
-	ossl_raise(eX509CertError, NULL);
-    }
+    if (!X509_sign(x509, pkey, md))
+        ossl_raise(eX509CertError, "X509_sign");
 
     return self;
 }
@@ -571,12 +561,12 @@ ossl_x509_verify(VALUE self, VALUE key)
     ossl_pkey_check_public_key(pkey);
     switch (X509_verify(x509, pkey)) {
       case 1:
-	return Qtrue;
+        return Qtrue;
       case 0:
-	ossl_clear_error();
-	return Qfalse;
+        ossl_clear_error();
+        return Qfalse;
       default:
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 }
 
@@ -597,8 +587,8 @@ ossl_x509_check_private_key(VALUE self, VALUE key)
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
     GetX509(self, x509);
     if (!X509_check_private_key(x509, pkey)) {
-	ossl_clear_error();
-	return Qfalse;
+        ossl_clear_error();
+        return Qfalse;
     }
 
     return Qtrue;
@@ -613,17 +603,15 @@ ossl_x509_get_extensions(VALUE self)
 {
     X509 *x509;
     int count, i;
+    X509_EXTENSION *ext;
     VALUE ary;
 
     GetX509(self, x509);
     count = X509_get_ext_count(x509);
-    if (count < 0) {
-	return rb_ary_new();
-    }
-    ary = rb_ary_new2(count);
+    ary = rb_ary_new_capa(count);
     for (i=0; i<count; i++) {
-	const X509_EXTENSION *ext = X509_get_ext(x509, i);
-	rb_ary_push(ary, ossl_x509ext_new(ext));
+        ext = X509_get_ext(x509, i); /* NO DUP - don't free! */
+        rb_ary_push(ary, ossl_x509ext_new(ext));
     }
 
     return ary;
@@ -643,16 +631,16 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
     Check_Type(ary, T_ARRAY);
     /* All ary's members should be X509Extension */
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
+        OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509(self, x509);
     for (i = X509_get_ext_count(x509); i > 0; i--)
         X509_EXTENSION_free(X509_delete_ext(x509, 0));
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	ext = GetX509ExtPtr(RARRAY_AREF(ary, i));
-	if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext */
-	    ossl_raise(eX509CertError, "X509_add_ext");
-	}
+        ext = GetX509ExtPtr(RARRAY_AREF(ary, i));
+        if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext */
+            ossl_raise(eX509CertError, "X509_add_ext");
+        }
     }
 
     return ary;
@@ -671,32 +659,24 @@ ossl_x509_add_extension(VALUE self, VALUE extension)
     GetX509(self, x509);
     ext = GetX509ExtPtr(extension);
     if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
-	ossl_raise(eX509CertError, NULL);
+        ossl_raise(eX509CertError, NULL);
     }
 
     return extension;
 }
 
-static VALUE
-ossl_x509_inspect(VALUE self)
-{
-    return rb_sprintf("#<%"PRIsVALUE": subject=%+"PRIsVALUE", "
-		      "issuer=%+"PRIsVALUE", serial=%+"PRIsVALUE", "
-		      "not_before=%+"PRIsVALUE", not_after=%+"PRIsVALUE">",
-		      rb_obj_class(self),
-		      ossl_x509_get_subject(self),
-		      ossl_x509_get_issuer(self),
-		      ossl_x509_get_serial(self),
-		      ossl_x509_get_not_before(self),
-		      ossl_x509_get_not_after(self));
-}
-
 /*
  * call-seq:
  *    cert1 == cert2 -> true | false
  *
  * Compares the two certificates. Note that this takes into account all fields,
  * not just the issuer name and the serial number.
+ *
+ * This method uses X509_cmp() from OpenSSL, which compares certificates based
+ * on their cached DER encodings. The comparison can be unreliable if a
+ * certificate is incomplete.
+ *
+ * See also the man page X509_cmp(3).
  */
 static VALUE
 ossl_x509_eq(VALUE self, VALUE other)
@@ -705,13 +685,12 @@ ossl_x509_eq(VALUE self, VALUE other)
 
     GetX509(self, a);
     if (!rb_obj_is_kind_of(other, cX509Cert))
-	return Qfalse;
+        return Qfalse;
     GetX509(other, b);
 
     return !X509_cmp(a, b) ? Qtrue : Qfalse;
 }
 
-#ifdef HAVE_I2D_RE_X509_TBS
 /*
  * call-seq:
  *    cert.tbs_bytes => string
@@ -741,7 +720,6 @@ ossl_x509_tbs_bytes(VALUE self)
 
     return str;
 }
-#endif
 
 struct load_chained_certificates_arguments {
     VALUE certificates;
@@ -802,7 +780,7 @@ load_chained_certificates_PEM(BIO *in) {
     certificates = load_chained_certificates_append(Qnil, certificate);
 
     while ((certificate = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
-      load_chained_certificates_append(certificates, certificate);
+        load_chained_certificates_append(certificates, certificate);
     }
 
     /* We tried to read one more certificate but could not read start line: */
@@ -900,12 +878,6 @@ ossl_x509_load(VALUE klass, VALUE buffer)
 void
 Init_ossl_x509cert(void)
 {
-#if 0
-    mOSSL = rb_define_module("OpenSSL");
-    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
-    mX509 = rb_define_module_under(mOSSL, "X509");
-#endif
-
     eX509CertError = rb_define_class_under(mX509, "CertificateError", eOSSLError);
 
     /* Document-class: OpenSSL::X509::Certificate
@@ -1033,9 +1005,6 @@ Init_ossl_x509cert(void)
     rb_define_method(cX509Cert, "extensions", ossl_x509_get_extensions, 0);
     rb_define_method(cX509Cert, "extensions=", ossl_x509_set_extensions, 1);
     rb_define_method(cX509Cert, "add_extension", ossl_x509_add_extension, 1);
-    rb_define_method(cX509Cert, "inspect", ossl_x509_inspect, 0);
     rb_define_method(cX509Cert, "==", ossl_x509_eq, 1);
-#ifdef HAVE_I2D_RE_X509_TBS
     rb_define_method(cX509Cert, "tbs_bytes", ossl_x509_tbs_bytes, 0);
-#endif
 }