rubysl-openssl 1.0.2 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +5 -6
- data/ext/rubysl/openssl/.gitignore +3 -0
- data/ext/rubysl/openssl/deprecation.rb +21 -0
- data/ext/rubysl/openssl/extconf.rb +45 -32
- data/ext/rubysl/openssl/openssl_missing.c +20 -7
- data/ext/rubysl/openssl/openssl_missing.h +22 -15
- data/ext/rubysl/openssl/ossl.c +610 -61
- data/ext/rubysl/openssl/ossl.h +31 -17
- data/ext/rubysl/openssl/ossl_asn1.c +974 -183
- data/ext/rubysl/openssl/ossl_asn1.h +3 -3
- data/ext/rubysl/openssl/ossl_bio.c +4 -3
- data/ext/rubysl/openssl/ossl_bio.h +1 -1
- data/ext/rubysl/openssl/ossl_bn.c +32 -28
- data/ext/rubysl/openssl/ossl_bn.h +1 -1
- data/ext/rubysl/openssl/ossl_cipher.c +494 -93
- data/ext/rubysl/openssl/ossl_cipher.h +1 -1
- data/ext/rubysl/openssl/ossl_config.c +4 -5
- data/ext/rubysl/openssl/ossl_config.h +1 -1
- data/ext/rubysl/openssl/ossl_digest.c +206 -24
- data/ext/rubysl/openssl/ossl_digest.h +1 -1
- data/ext/rubysl/openssl/ossl_engine.c +48 -26
- data/ext/rubysl/openssl/ossl_engine.h +1 -1
- data/ext/rubysl/openssl/ossl_hmac.c +40 -38
- data/ext/rubysl/openssl/ossl_hmac.h +1 -1
- data/ext/rubysl/openssl/ossl_ns_spki.c +157 -25
- data/ext/rubysl/openssl/ossl_ns_spki.h +1 -1
- data/ext/rubysl/openssl/ossl_ocsp.c +57 -40
- data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
- data/ext/rubysl/openssl/ossl_pkcs12.c +15 -13
- data/ext/rubysl/openssl/ossl_pkcs12.h +1 -1
- data/ext/rubysl/openssl/ossl_pkcs5.c +108 -18
- data/ext/rubysl/openssl/ossl_pkcs7.c +44 -37
- data/ext/rubysl/openssl/ossl_pkcs7.h +1 -1
- data/ext/rubysl/openssl/ossl_pkey.c +211 -15
- data/ext/rubysl/openssl/ossl_pkey.h +19 -9
- data/ext/rubysl/openssl/ossl_pkey_dh.c +180 -47
- data/ext/rubysl/openssl/ossl_pkey_dsa.c +184 -47
- data/ext/rubysl/openssl/ossl_pkey_ec.c +177 -93
- data/ext/rubysl/openssl/ossl_pkey_rsa.c +209 -102
- data/ext/rubysl/openssl/ossl_rand.c +15 -15
- data/ext/rubysl/openssl/ossl_rand.h +1 -1
- data/ext/rubysl/openssl/ossl_ssl.c +939 -192
- data/ext/rubysl/openssl/ossl_ssl.h +6 -6
- data/ext/rubysl/openssl/ossl_ssl_session.c +78 -62
- data/ext/rubysl/openssl/ossl_version.h +2 -2
- data/ext/rubysl/openssl/ossl_x509.c +1 -1
- data/ext/rubysl/openssl/ossl_x509.h +1 -1
- data/ext/rubysl/openssl/ossl_x509attr.c +20 -19
- data/ext/rubysl/openssl/ossl_x509cert.c +169 -67
- data/ext/rubysl/openssl/ossl_x509crl.c +41 -39
- data/ext/rubysl/openssl/ossl_x509ext.c +51 -38
- data/ext/rubysl/openssl/ossl_x509name.c +139 -29
- data/ext/rubysl/openssl/ossl_x509req.c +42 -40
- data/ext/rubysl/openssl/ossl_x509revoked.c +20 -20
- data/ext/rubysl/openssl/ossl_x509store.c +99 -47
- data/ext/rubysl/openssl/ruby_missing.h +3 -16
- data/lib/openssl/bn.rb +19 -19
- data/lib/openssl/buffering.rb +222 -14
- data/lib/openssl/cipher.rb +20 -20
- data/lib/openssl/config.rb +1 -4
- data/lib/openssl/digest.rb +47 -19
- data/lib/openssl/ssl.rb +197 -1
- data/lib/openssl/x509.rb +162 -1
- data/lib/rubysl/openssl.rb +4 -8
- data/lib/rubysl/openssl/version.rb +1 -1
- data/rubysl-openssl.gemspec +1 -2
- metadata +16 -34
- data/ext/rubysl/openssl/extconf.h +0 -50
- data/lib/openssl/net/ftptls.rb +0 -53
- data/lib/openssl/net/telnets.rb +0 -251
- data/lib/openssl/pkcs7.rb +0 -25
- data/lib/openssl/ssl-internal.rb +0 -187
- data/lib/openssl/x509-internal.rb +0 -153
@@ -1,5 +1,5 @@
|
|
1
1
|
/*
|
2
|
-
* $Id
|
2
|
+
* $Id$
|
3
3
|
* 'OpenSSL for Ruby' project
|
4
4
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
5
|
* All rights reserved.
|
@@ -11,20 +11,20 @@
|
|
11
11
|
#include "ossl.h"
|
12
12
|
|
13
13
|
#define WrapX509Rev(klass, obj, rev) do { \
|
14
|
-
if (!rev) { \
|
14
|
+
if (!(rev)) { \
|
15
15
|
ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \
|
16
16
|
} \
|
17
|
-
obj = Data_Wrap_Struct(klass, 0, X509_REVOKED_free, rev); \
|
17
|
+
(obj) = Data_Wrap_Struct((klass), 0, X509_REVOKED_free, (rev)); \
|
18
18
|
} while (0)
|
19
19
|
#define GetX509Rev(obj, rev) do { \
|
20
|
-
Data_Get_Struct(obj, X509_REVOKED, rev); \
|
21
|
-
if (!rev) { \
|
20
|
+
Data_Get_Struct((obj), X509_REVOKED, (rev)); \
|
21
|
+
if (!(rev)) { \
|
22
22
|
ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \
|
23
23
|
} \
|
24
24
|
} while (0)
|
25
25
|
#define SafeGetX509Rev(obj, rev) do { \
|
26
|
-
OSSL_Check_Kind(obj, cX509Rev); \
|
27
|
-
GetX509Rev(obj, rev); \
|
26
|
+
OSSL_Check_Kind((obj), cX509Rev); \
|
27
|
+
GetX509Rev((obj), (rev)); \
|
28
28
|
} while (0)
|
29
29
|
|
30
30
|
/*
|
@@ -36,7 +36,7 @@ VALUE eX509RevError;
|
|
36
36
|
/*
|
37
37
|
* PUBLIC
|
38
38
|
*/
|
39
|
-
VALUE
|
39
|
+
VALUE
|
40
40
|
ossl_x509revoked_new(X509_REVOKED *rev)
|
41
41
|
{
|
42
42
|
X509_REVOKED *new;
|
@@ -71,7 +71,7 @@ DupX509RevokedPtr(VALUE obj)
|
|
71
71
|
/*
|
72
72
|
* PRIVATE
|
73
73
|
*/
|
74
|
-
static VALUE
|
74
|
+
static VALUE
|
75
75
|
ossl_x509revoked_alloc(VALUE klass)
|
76
76
|
{
|
77
77
|
X509_REVOKED *rev;
|
@@ -85,14 +85,14 @@ ossl_x509revoked_alloc(VALUE klass)
|
|
85
85
|
return obj;
|
86
86
|
}
|
87
87
|
|
88
|
-
static VALUE
|
88
|
+
static VALUE
|
89
89
|
ossl_x509revoked_initialize(int argc, VALUE *argv, VALUE self)
|
90
90
|
{
|
91
91
|
/* EMPTY */
|
92
92
|
return self;
|
93
93
|
}
|
94
94
|
|
95
|
-
static VALUE
|
95
|
+
static VALUE
|
96
96
|
ossl_x509revoked_get_serial(VALUE self)
|
97
97
|
{
|
98
98
|
X509_REVOKED *rev;
|
@@ -102,7 +102,7 @@ ossl_x509revoked_get_serial(VALUE self)
|
|
102
102
|
return asn1integer_to_num(rev->serialNumber);
|
103
103
|
}
|
104
104
|
|
105
|
-
static VALUE
|
105
|
+
static VALUE
|
106
106
|
ossl_x509revoked_set_serial(VALUE self, VALUE num)
|
107
107
|
{
|
108
108
|
X509_REVOKED *rev;
|
@@ -113,17 +113,17 @@ ossl_x509revoked_set_serial(VALUE self, VALUE num)
|
|
113
113
|
return num;
|
114
114
|
}
|
115
115
|
|
116
|
-
static VALUE
|
116
|
+
static VALUE
|
117
117
|
ossl_x509revoked_get_time(VALUE self)
|
118
118
|
{
|
119
119
|
X509_REVOKED *rev;
|
120
|
-
|
120
|
+
|
121
121
|
GetX509Rev(self, rev);
|
122
122
|
|
123
123
|
return asn1time_to_time(rev->revocationDate);
|
124
124
|
}
|
125
125
|
|
126
|
-
static VALUE
|
126
|
+
static VALUE
|
127
127
|
ossl_x509revoked_set_time(VALUE self, VALUE time)
|
128
128
|
{
|
129
129
|
X509_REVOKED *rev;
|
@@ -140,7 +140,7 @@ ossl_x509revoked_set_time(VALUE self, VALUE time)
|
|
140
140
|
/*
|
141
141
|
* Gets X509v3 extensions as array of X509Ext objects
|
142
142
|
*/
|
143
|
-
static VALUE
|
143
|
+
static VALUE
|
144
144
|
ossl_x509revoked_get_extensions(VALUE self)
|
145
145
|
{
|
146
146
|
X509_REVOKED *rev;
|
@@ -166,7 +166,7 @@ ossl_x509revoked_get_extensions(VALUE self)
|
|
166
166
|
/*
|
167
167
|
* Sets X509_EXTENSIONs
|
168
168
|
*/
|
169
|
-
static VALUE
|
169
|
+
static VALUE
|
170
170
|
ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
|
171
171
|
{
|
172
172
|
X509_REVOKED *rev;
|
@@ -196,7 +196,7 @@ static VALUE
|
|
196
196
|
ossl_x509revoked_add_extension(VALUE self, VALUE ext)
|
197
197
|
{
|
198
198
|
X509_REVOKED *rev;
|
199
|
-
|
199
|
+
|
200
200
|
GetX509Rev(self, rev);
|
201
201
|
if(!X509_REVOKED_add_ext(rev, DupX509ExtPtr(ext), -1)) {
|
202
202
|
ossl_raise(eX509RevError, NULL);
|
@@ -214,10 +214,10 @@ Init_ossl_x509revoked()
|
|
214
214
|
eX509RevError = rb_define_class_under(mX509, "RevokedError", eOSSLError);
|
215
215
|
|
216
216
|
cX509Rev = rb_define_class_under(mX509, "Revoked", rb_cObject);
|
217
|
-
|
217
|
+
|
218
218
|
rb_define_alloc_func(cX509Rev, ossl_x509revoked_alloc);
|
219
219
|
rb_define_method(cX509Rev, "initialize", ossl_x509revoked_initialize, -1);
|
220
|
-
|
220
|
+
|
221
221
|
rb_define_method(cX509Rev, "serial", ossl_x509revoked_get_serial, 0);
|
222
222
|
rb_define_method(cX509Rev, "serial=", ossl_x509revoked_set_serial, 1);
|
223
223
|
rb_define_method(cX509Rev, "time", ossl_x509revoked_get_time, 0);
|
@@ -1,5 +1,5 @@
|
|
1
1
|
/*
|
2
|
-
* $Id
|
2
|
+
* $Id$
|
3
3
|
* 'OpenSSL for Ruby' project
|
4
4
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
5
5
|
* All rights reserved.
|
@@ -9,40 +9,39 @@
|
|
9
9
|
* (See the file 'LICENCE'.)
|
10
10
|
*/
|
11
11
|
#include "ossl.h"
|
12
|
-
#include <rubysig.h>
|
13
12
|
|
14
13
|
#define WrapX509Store(klass, obj, st) do { \
|
15
|
-
if (!st) { \
|
14
|
+
if (!(st)) { \
|
16
15
|
ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
|
17
16
|
} \
|
18
|
-
obj = Data_Wrap_Struct(klass, 0, X509_STORE_free, st); \
|
17
|
+
(obj) = Data_Wrap_Struct((klass), 0, X509_STORE_free, (st)); \
|
19
18
|
} while (0)
|
20
19
|
#define GetX509Store(obj, st) do { \
|
21
|
-
Data_Get_Struct(obj, X509_STORE, st); \
|
22
|
-
if (!st) { \
|
20
|
+
Data_Get_Struct((obj), X509_STORE, (st)); \
|
21
|
+
if (!(st)) { \
|
23
22
|
ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
|
24
23
|
} \
|
25
24
|
} while (0)
|
26
25
|
#define SafeGetX509Store(obj, st) do { \
|
27
|
-
OSSL_Check_Kind(obj, cX509Store); \
|
28
|
-
GetX509Store(obj, st); \
|
26
|
+
OSSL_Check_Kind((obj), cX509Store); \
|
27
|
+
GetX509Store((obj), (st)); \
|
29
28
|
} while (0)
|
30
29
|
|
31
30
|
#define WrapX509StCtx(klass, obj, ctx) do { \
|
32
|
-
if (!ctx) { \
|
31
|
+
if (!(ctx)) { \
|
33
32
|
ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
|
34
33
|
} \
|
35
|
-
obj = Data_Wrap_Struct(klass, 0, ossl_x509stctx_free, ctx); \
|
34
|
+
(obj) = Data_Wrap_Struct((klass), 0, ossl_x509stctx_free, (ctx)); \
|
36
35
|
} while (0)
|
37
36
|
#define GetX509StCtx(obj, ctx) do { \
|
38
|
-
Data_Get_Struct(obj, X509_STORE_CTX, ctx); \
|
39
|
-
if (!ctx) { \
|
37
|
+
Data_Get_Struct((obj), X509_STORE_CTX, (ctx)); \
|
38
|
+
if (!(ctx)) { \
|
40
39
|
ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
|
41
40
|
} \
|
42
41
|
} while (0)
|
43
42
|
#define SafeGetX509StCtx(obj, storep) do { \
|
44
|
-
OSSL_Check_Kind(obj, cX509StoreContext); \
|
45
|
-
GetX509Store(obj, ctx); \
|
43
|
+
OSSL_Check_Kind((obj), cX509StoreContext); \
|
44
|
+
GetX509Store((obj), (ctx)); \
|
46
45
|
} while (0)
|
47
46
|
|
48
47
|
/*
|
@@ -55,7 +54,7 @@ VALUE eX509StoreError;
|
|
55
54
|
/*
|
56
55
|
* Public functions
|
57
56
|
*/
|
58
|
-
VALUE
|
57
|
+
VALUE
|
59
58
|
ossl_x509store_new(X509_STORE *store)
|
60
59
|
{
|
61
60
|
VALUE obj;
|
@@ -77,19 +76,19 @@ GetX509StorePtr(VALUE obj)
|
|
77
76
|
|
78
77
|
X509_STORE *
|
79
78
|
DupX509StorePtr(VALUE obj)
|
80
|
-
{
|
79
|
+
{
|
81
80
|
X509_STORE *store;
|
82
81
|
|
83
82
|
SafeGetX509Store(obj, store);
|
84
83
|
CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
|
85
|
-
|
84
|
+
|
86
85
|
return store;
|
87
86
|
}
|
88
87
|
|
89
88
|
/*
|
90
89
|
* Private functions
|
91
90
|
*/
|
92
|
-
static VALUE
|
91
|
+
static VALUE
|
93
92
|
ossl_x509store_alloc(VALUE klass)
|
94
93
|
{
|
95
94
|
X509_STORE *store;
|
@@ -171,8 +170,8 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
|
|
171
170
|
{
|
172
171
|
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
173
172
|
X509_STORE *store;
|
174
|
-
|
175
|
-
|
173
|
+
int p = NUM2INT(purpose);
|
174
|
+
|
176
175
|
GetX509Store(self, store);
|
177
176
|
X509_STORE_set_purpose(store, p);
|
178
177
|
#else
|
@@ -187,7 +186,7 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
|
|
187
186
|
{
|
188
187
|
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
189
188
|
X509_STORE *store;
|
190
|
-
|
189
|
+
int t = NUM2INT(trust);
|
191
190
|
|
192
191
|
GetX509Store(self, store);
|
193
192
|
X509_STORE_set_trust(store, t);
|
@@ -198,14 +197,23 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
|
|
198
197
|
return trust;
|
199
198
|
}
|
200
199
|
|
201
|
-
static VALUE
|
200
|
+
static VALUE
|
202
201
|
ossl_x509store_set_time(VALUE self, VALUE time)
|
203
202
|
{
|
204
203
|
rb_iv_set(self, "@time", time);
|
205
204
|
return time;
|
206
205
|
}
|
207
206
|
|
208
|
-
|
207
|
+
/*
|
208
|
+
* call-seq:
|
209
|
+
* store.add_file(file) -> store
|
210
|
+
*
|
211
|
+
*
|
212
|
+
* Adds the certificates in +file+ to the certificate store. The +file+ can
|
213
|
+
* contain multiple PEM-encoded certificates.
|
214
|
+
*/
|
215
|
+
|
216
|
+
static VALUE
|
209
217
|
ossl_x509store_add_file(VALUE self, VALUE file)
|
210
218
|
{
|
211
219
|
X509_STORE *store;
|
@@ -213,7 +221,7 @@ ossl_x509store_add_file(VALUE self, VALUE file)
|
|
213
221
|
char *path = NULL;
|
214
222
|
|
215
223
|
if(file != Qnil){
|
216
|
-
|
224
|
+
SafeStringValue(file);
|
217
225
|
path = RSTRING_PTR(file);
|
218
226
|
}
|
219
227
|
GetX509Store(self, store);
|
@@ -226,7 +234,7 @@ ossl_x509store_add_file(VALUE self, VALUE file)
|
|
226
234
|
return self;
|
227
235
|
}
|
228
236
|
|
229
|
-
static VALUE
|
237
|
+
static VALUE
|
230
238
|
ossl_x509store_add_path(VALUE self, VALUE dir)
|
231
239
|
{
|
232
240
|
X509_STORE *store;
|
@@ -234,7 +242,7 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
|
|
234
242
|
char *path = NULL;
|
235
243
|
|
236
244
|
if(dir != Qnil){
|
237
|
-
|
245
|
+
SafeStringValue(dir);
|
238
246
|
path = RSTRING_PTR(dir);
|
239
247
|
}
|
240
248
|
GetX509Store(self, store);
|
@@ -247,6 +255,16 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
|
|
247
255
|
return self;
|
248
256
|
}
|
249
257
|
|
258
|
+
/*
|
259
|
+
* call-seq:
|
260
|
+
* store.set_default_path
|
261
|
+
*
|
262
|
+
* Adds the default certificates to the certificate store. These certificates
|
263
|
+
* are loaded from the default configuration directory which can usually be
|
264
|
+
* determined by:
|
265
|
+
*
|
266
|
+
* File.dirname OpenSSL::Config::DEFAULT_CONFIG_FILE
|
267
|
+
*/
|
250
268
|
static VALUE
|
251
269
|
ossl_x509store_set_default_paths(VALUE self)
|
252
270
|
{
|
@@ -260,6 +278,13 @@ ossl_x509store_set_default_paths(VALUE self)
|
|
260
278
|
return Qnil;
|
261
279
|
}
|
262
280
|
|
281
|
+
/*
|
282
|
+
* call-seq:
|
283
|
+
* store.add_cert(cert)
|
284
|
+
*
|
285
|
+
* Adds the OpenSSL::X509::Certificate +cert+ to the certificate store.
|
286
|
+
*/
|
287
|
+
|
263
288
|
static VALUE
|
264
289
|
ossl_x509store_add_cert(VALUE self, VALUE arg)
|
265
290
|
{
|
@@ -294,7 +319,7 @@ static VALUE ossl_x509stctx_get_err(VALUE);
|
|
294
319
|
static VALUE ossl_x509stctx_get_err_string(VALUE);
|
295
320
|
static VALUE ossl_x509stctx_get_chain(VALUE);
|
296
321
|
|
297
|
-
static VALUE
|
322
|
+
static VALUE
|
298
323
|
ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
|
299
324
|
{
|
300
325
|
VALUE cert, chain;
|
@@ -351,7 +376,7 @@ ossl_x509stctx_free(X509_STORE_CTX *ctx)
|
|
351
376
|
X509_STORE_CTX_free(ctx);
|
352
377
|
}
|
353
378
|
|
354
|
-
static VALUE
|
379
|
+
static VALUE
|
355
380
|
ossl_x509stctx_alloc(VALUE klass)
|
356
381
|
{
|
357
382
|
X509_STORE_CTX *ctx;
|
@@ -443,7 +468,7 @@ ossl_x509stctx_get_chain(VALUE self)
|
|
443
468
|
return ary;
|
444
469
|
}
|
445
470
|
|
446
|
-
static VALUE
|
471
|
+
static VALUE
|
447
472
|
ossl_x509stctx_get_err(VALUE self)
|
448
473
|
{
|
449
474
|
X509_STORE_CTX *ctx;
|
@@ -464,7 +489,7 @@ ossl_x509stctx_set_error(VALUE self, VALUE err)
|
|
464
489
|
return err;
|
465
490
|
}
|
466
491
|
|
467
|
-
static VALUE
|
492
|
+
static VALUE
|
468
493
|
ossl_x509stctx_get_err_string(VALUE self)
|
469
494
|
{
|
470
495
|
X509_STORE_CTX *ctx;
|
@@ -476,7 +501,7 @@ ossl_x509stctx_get_err_string(VALUE self)
|
|
476
501
|
return rb_str_new2(X509_verify_cert_error_string(err));
|
477
502
|
}
|
478
503
|
|
479
|
-
static VALUE
|
504
|
+
static VALUE
|
480
505
|
ossl_x509stctx_get_err_depth(VALUE self)
|
481
506
|
{
|
482
507
|
X509_STORE_CTX *ctx;
|
@@ -486,7 +511,7 @@ ossl_x509stctx_get_err_depth(VALUE self)
|
|
486
511
|
return INT2FIX(X509_STORE_CTX_get_error_depth(ctx));
|
487
512
|
}
|
488
513
|
|
489
|
-
static VALUE
|
514
|
+
static VALUE
|
490
515
|
ossl_x509stctx_get_curr_cert(VALUE self)
|
491
516
|
{
|
492
517
|
X509_STORE_CTX *ctx;
|
@@ -511,17 +536,6 @@ ossl_x509stctx_get_curr_crl(VALUE self)
|
|
511
536
|
#endif
|
512
537
|
}
|
513
538
|
|
514
|
-
static VALUE
|
515
|
-
ossl_x509stctx_cleanup(VALUE self)
|
516
|
-
{
|
517
|
-
X509_STORE_CTX *ctx;
|
518
|
-
|
519
|
-
GetX509StCtx(self, ctx);
|
520
|
-
X509_STORE_CTX_cleanup(ctx);
|
521
|
-
|
522
|
-
return self;
|
523
|
-
}
|
524
|
-
|
525
539
|
static VALUE
|
526
540
|
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
|
527
541
|
{
|
@@ -538,7 +552,7 @@ static VALUE
|
|
538
552
|
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
|
539
553
|
{
|
540
554
|
X509_STORE_CTX *store;
|
541
|
-
|
555
|
+
int p = NUM2INT(purpose);
|
542
556
|
|
543
557
|
GetX509StCtx(self, store);
|
544
558
|
X509_STORE_CTX_set_purpose(store, p);
|
@@ -550,7 +564,7 @@ static VALUE
|
|
550
564
|
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
|
551
565
|
{
|
552
566
|
X509_STORE_CTX *store;
|
553
|
-
|
567
|
+
int t = NUM2INT(trust);
|
554
568
|
|
555
569
|
GetX509StCtx(self, store);
|
556
570
|
X509_STORE_CTX_set_trust(store, t);
|
@@ -578,13 +592,52 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
|
|
578
592
|
/*
|
579
593
|
* INIT
|
580
594
|
*/
|
581
|
-
void
|
595
|
+
void
|
582
596
|
Init_ossl_x509store()
|
583
597
|
{
|
584
598
|
VALUE x509stctx;
|
585
599
|
|
600
|
+
#if 0
|
601
|
+
mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
|
602
|
+
mX509 = rb_define_module_under(mOSSL, "X509");
|
603
|
+
#endif
|
604
|
+
|
586
605
|
eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError);
|
587
606
|
|
607
|
+
/* Document-class: OpenSSL::X509::Store
|
608
|
+
*
|
609
|
+
* The X509 certificate store holds trusted CA certificates used to verify
|
610
|
+
* peer certificates.
|
611
|
+
*
|
612
|
+
* The easiest way to create a useful certificate store is:
|
613
|
+
*
|
614
|
+
* cert_store = OpenSSL::X509::Store.new
|
615
|
+
* cert_store.set_default_paths
|
616
|
+
*
|
617
|
+
* This will use your system's built-in certificates.
|
618
|
+
*
|
619
|
+
* If your system does not have a default set of certificates you can
|
620
|
+
* obtain a set from Mozilla here: http://curl.haxx.se/docs/caextract.html
|
621
|
+
* (Note that this set does not have an HTTPS download option so you may
|
622
|
+
* wish to use the firefox-db2pem.sh script to extract the certificates
|
623
|
+
* from a local install to avoid man-in-the-middle attacks.)
|
624
|
+
*
|
625
|
+
* After downloading or generating a cacert.pem from the above link you
|
626
|
+
* can create a certificate store from the pem file like this:
|
627
|
+
*
|
628
|
+
* cert_store = OpenSSL::X509::Store.new
|
629
|
+
* cert_store.add_file 'cacert.pem'
|
630
|
+
*
|
631
|
+
* The certificate store can be used with an SSLSocket like this:
|
632
|
+
*
|
633
|
+
* ssl_context = OpenSSL::SSL::SSLContext.new
|
634
|
+
* ssl_context.cert_store = cert_store
|
635
|
+
*
|
636
|
+
* tcp_socket = TCPSocket.open 'example.com', 443
|
637
|
+
*
|
638
|
+
* ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
|
639
|
+
*/
|
640
|
+
|
588
641
|
cX509Store = rb_define_class_under(mX509, "Store", rb_cObject);
|
589
642
|
rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse);
|
590
643
|
rb_attr(cX509Store, rb_intern("error"), 1, 0, Qfalse);
|
@@ -616,7 +669,6 @@ Init_ossl_x509store()
|
|
616
669
|
rb_define_method(x509stctx,"error_depth", ossl_x509stctx_get_err_depth, 0);
|
617
670
|
rb_define_method(x509stctx,"current_cert",ossl_x509stctx_get_curr_cert, 0);
|
618
671
|
rb_define_method(x509stctx,"current_crl", ossl_x509stctx_get_curr_crl, 0);
|
619
|
-
rb_define_method(x509stctx,"cleanup", ossl_x509stctx_cleanup, 0);
|
620
672
|
rb_define_method(x509stctx,"flags=", ossl_x509stctx_set_flags, 1);
|
621
673
|
rb_define_method(x509stctx,"purpose=", ossl_x509stctx_set_purpose, 1);
|
622
674
|
rb_define_method(x509stctx,"trust=", ossl_x509stctx_set_trust, 1);
|