rubysl-openssl 1.0.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +5 -6
  3. data/ext/rubysl/openssl/.gitignore +3 -0
  4. data/ext/rubysl/openssl/deprecation.rb +21 -0
  5. data/ext/rubysl/openssl/extconf.rb +45 -32
  6. data/ext/rubysl/openssl/openssl_missing.c +20 -7
  7. data/ext/rubysl/openssl/openssl_missing.h +22 -15
  8. data/ext/rubysl/openssl/ossl.c +610 -61
  9. data/ext/rubysl/openssl/ossl.h +31 -17
  10. data/ext/rubysl/openssl/ossl_asn1.c +974 -183
  11. data/ext/rubysl/openssl/ossl_asn1.h +3 -3
  12. data/ext/rubysl/openssl/ossl_bio.c +4 -3
  13. data/ext/rubysl/openssl/ossl_bio.h +1 -1
  14. data/ext/rubysl/openssl/ossl_bn.c +32 -28
  15. data/ext/rubysl/openssl/ossl_bn.h +1 -1
  16. data/ext/rubysl/openssl/ossl_cipher.c +494 -93
  17. data/ext/rubysl/openssl/ossl_cipher.h +1 -1
  18. data/ext/rubysl/openssl/ossl_config.c +4 -5
  19. data/ext/rubysl/openssl/ossl_config.h +1 -1
  20. data/ext/rubysl/openssl/ossl_digest.c +206 -24
  21. data/ext/rubysl/openssl/ossl_digest.h +1 -1
  22. data/ext/rubysl/openssl/ossl_engine.c +48 -26
  23. data/ext/rubysl/openssl/ossl_engine.h +1 -1
  24. data/ext/rubysl/openssl/ossl_hmac.c +40 -38
  25. data/ext/rubysl/openssl/ossl_hmac.h +1 -1
  26. data/ext/rubysl/openssl/ossl_ns_spki.c +157 -25
  27. data/ext/rubysl/openssl/ossl_ns_spki.h +1 -1
  28. data/ext/rubysl/openssl/ossl_ocsp.c +57 -40
  29. data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
  30. data/ext/rubysl/openssl/ossl_pkcs12.c +15 -13
  31. data/ext/rubysl/openssl/ossl_pkcs12.h +1 -1
  32. data/ext/rubysl/openssl/ossl_pkcs5.c +108 -18
  33. data/ext/rubysl/openssl/ossl_pkcs7.c +44 -37
  34. data/ext/rubysl/openssl/ossl_pkcs7.h +1 -1
  35. data/ext/rubysl/openssl/ossl_pkey.c +211 -15
  36. data/ext/rubysl/openssl/ossl_pkey.h +19 -9
  37. data/ext/rubysl/openssl/ossl_pkey_dh.c +180 -47
  38. data/ext/rubysl/openssl/ossl_pkey_dsa.c +184 -47
  39. data/ext/rubysl/openssl/ossl_pkey_ec.c +177 -93
  40. data/ext/rubysl/openssl/ossl_pkey_rsa.c +209 -102
  41. data/ext/rubysl/openssl/ossl_rand.c +15 -15
  42. data/ext/rubysl/openssl/ossl_rand.h +1 -1
  43. data/ext/rubysl/openssl/ossl_ssl.c +939 -192
  44. data/ext/rubysl/openssl/ossl_ssl.h +6 -6
  45. data/ext/rubysl/openssl/ossl_ssl_session.c +78 -62
  46. data/ext/rubysl/openssl/ossl_version.h +2 -2
  47. data/ext/rubysl/openssl/ossl_x509.c +1 -1
  48. data/ext/rubysl/openssl/ossl_x509.h +1 -1
  49. data/ext/rubysl/openssl/ossl_x509attr.c +20 -19
  50. data/ext/rubysl/openssl/ossl_x509cert.c +169 -67
  51. data/ext/rubysl/openssl/ossl_x509crl.c +41 -39
  52. data/ext/rubysl/openssl/ossl_x509ext.c +51 -38
  53. data/ext/rubysl/openssl/ossl_x509name.c +139 -29
  54. data/ext/rubysl/openssl/ossl_x509req.c +42 -40
  55. data/ext/rubysl/openssl/ossl_x509revoked.c +20 -20
  56. data/ext/rubysl/openssl/ossl_x509store.c +99 -47
  57. data/ext/rubysl/openssl/ruby_missing.h +3 -16
  58. data/lib/openssl/bn.rb +19 -19
  59. data/lib/openssl/buffering.rb +222 -14
  60. data/lib/openssl/cipher.rb +20 -20
  61. data/lib/openssl/config.rb +1 -4
  62. data/lib/openssl/digest.rb +47 -19
  63. data/lib/openssl/ssl.rb +197 -1
  64. data/lib/openssl/x509.rb +162 -1
  65. data/lib/rubysl/openssl.rb +4 -8
  66. data/lib/rubysl/openssl/version.rb +1 -1
  67. data/rubysl-openssl.gemspec +1 -2
  68. metadata +16 -34
  69. data/ext/rubysl/openssl/extconf.h +0 -50
  70. data/lib/openssl/net/ftptls.rb +0 -53
  71. data/lib/openssl/net/telnets.rb +0 -251
  72. data/lib/openssl/pkcs7.rb +0 -25
  73. data/lib/openssl/ssl-internal.rb +0 -187
  74. data/lib/openssl/x509-internal.rb +0 -153
@@ -1,5 +1,5 @@
1
1
  /*
2
- * $Id: ossl_x509revoked.c 12496 2007-06-08 15:02:04Z technorama $
2
+ * $Id$
3
3
  * 'OpenSSL for Ruby' project
4
4
  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
5
5
  * All rights reserved.
@@ -11,20 +11,20 @@
11
11
  #include "ossl.h"
12
12
 
13
13
  #define WrapX509Rev(klass, obj, rev) do { \
14
- if (!rev) { \
14
+ if (!(rev)) { \
15
15
  ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \
16
16
  } \
17
- obj = Data_Wrap_Struct(klass, 0, X509_REVOKED_free, rev); \
17
+ (obj) = Data_Wrap_Struct((klass), 0, X509_REVOKED_free, (rev)); \
18
18
  } while (0)
19
19
  #define GetX509Rev(obj, rev) do { \
20
- Data_Get_Struct(obj, X509_REVOKED, rev); \
21
- if (!rev) { \
20
+ Data_Get_Struct((obj), X509_REVOKED, (rev)); \
21
+ if (!(rev)) { \
22
22
  ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \
23
23
  } \
24
24
  } while (0)
25
25
  #define SafeGetX509Rev(obj, rev) do { \
26
- OSSL_Check_Kind(obj, cX509Rev); \
27
- GetX509Rev(obj, rev); \
26
+ OSSL_Check_Kind((obj), cX509Rev); \
27
+ GetX509Rev((obj), (rev)); \
28
28
  } while (0)
29
29
 
30
30
  /*
@@ -36,7 +36,7 @@ VALUE eX509RevError;
36
36
  /*
37
37
  * PUBLIC
38
38
  */
39
- VALUE
39
+ VALUE
40
40
  ossl_x509revoked_new(X509_REVOKED *rev)
41
41
  {
42
42
  X509_REVOKED *new;
@@ -71,7 +71,7 @@ DupX509RevokedPtr(VALUE obj)
71
71
  /*
72
72
  * PRIVATE
73
73
  */
74
- static VALUE
74
+ static VALUE
75
75
  ossl_x509revoked_alloc(VALUE klass)
76
76
  {
77
77
  X509_REVOKED *rev;
@@ -85,14 +85,14 @@ ossl_x509revoked_alloc(VALUE klass)
85
85
  return obj;
86
86
  }
87
87
 
88
- static VALUE
88
+ static VALUE
89
89
  ossl_x509revoked_initialize(int argc, VALUE *argv, VALUE self)
90
90
  {
91
91
  /* EMPTY */
92
92
  return self;
93
93
  }
94
94
 
95
- static VALUE
95
+ static VALUE
96
96
  ossl_x509revoked_get_serial(VALUE self)
97
97
  {
98
98
  X509_REVOKED *rev;
@@ -102,7 +102,7 @@ ossl_x509revoked_get_serial(VALUE self)
102
102
  return asn1integer_to_num(rev->serialNumber);
103
103
  }
104
104
 
105
- static VALUE
105
+ static VALUE
106
106
  ossl_x509revoked_set_serial(VALUE self, VALUE num)
107
107
  {
108
108
  X509_REVOKED *rev;
@@ -113,17 +113,17 @@ ossl_x509revoked_set_serial(VALUE self, VALUE num)
113
113
  return num;
114
114
  }
115
115
 
116
- static VALUE
116
+ static VALUE
117
117
  ossl_x509revoked_get_time(VALUE self)
118
118
  {
119
119
  X509_REVOKED *rev;
120
-
120
+
121
121
  GetX509Rev(self, rev);
122
122
 
123
123
  return asn1time_to_time(rev->revocationDate);
124
124
  }
125
125
 
126
- static VALUE
126
+ static VALUE
127
127
  ossl_x509revoked_set_time(VALUE self, VALUE time)
128
128
  {
129
129
  X509_REVOKED *rev;
@@ -140,7 +140,7 @@ ossl_x509revoked_set_time(VALUE self, VALUE time)
140
140
  /*
141
141
  * Gets X509v3 extensions as array of X509Ext objects
142
142
  */
143
- static VALUE
143
+ static VALUE
144
144
  ossl_x509revoked_get_extensions(VALUE self)
145
145
  {
146
146
  X509_REVOKED *rev;
@@ -166,7 +166,7 @@ ossl_x509revoked_get_extensions(VALUE self)
166
166
  /*
167
167
  * Sets X509_EXTENSIONs
168
168
  */
169
- static VALUE
169
+ static VALUE
170
170
  ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
171
171
  {
172
172
  X509_REVOKED *rev;
@@ -196,7 +196,7 @@ static VALUE
196
196
  ossl_x509revoked_add_extension(VALUE self, VALUE ext)
197
197
  {
198
198
  X509_REVOKED *rev;
199
-
199
+
200
200
  GetX509Rev(self, rev);
201
201
  if(!X509_REVOKED_add_ext(rev, DupX509ExtPtr(ext), -1)) {
202
202
  ossl_raise(eX509RevError, NULL);
@@ -214,10 +214,10 @@ Init_ossl_x509revoked()
214
214
  eX509RevError = rb_define_class_under(mX509, "RevokedError", eOSSLError);
215
215
 
216
216
  cX509Rev = rb_define_class_under(mX509, "Revoked", rb_cObject);
217
-
217
+
218
218
  rb_define_alloc_func(cX509Rev, ossl_x509revoked_alloc);
219
219
  rb_define_method(cX509Rev, "initialize", ossl_x509revoked_initialize, -1);
220
-
220
+
221
221
  rb_define_method(cX509Rev, "serial", ossl_x509revoked_get_serial, 0);
222
222
  rb_define_method(cX509Rev, "serial=", ossl_x509revoked_set_serial, 1);
223
223
  rb_define_method(cX509Rev, "time", ossl_x509revoked_get_time, 0);
@@ -1,5 +1,5 @@
1
1
  /*
2
- * $Id: ossl_x509store.c 16691 2008-05-29 17:45:47Z knu $
2
+ * $Id$
3
3
  * 'OpenSSL for Ruby' project
4
4
  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
5
5
  * All rights reserved.
@@ -9,40 +9,39 @@
9
9
  * (See the file 'LICENCE'.)
10
10
  */
11
11
  #include "ossl.h"
12
- #include <rubysig.h>
13
12
 
14
13
  #define WrapX509Store(klass, obj, st) do { \
15
- if (!st) { \
14
+ if (!(st)) { \
16
15
  ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
17
16
  } \
18
- obj = Data_Wrap_Struct(klass, 0, X509_STORE_free, st); \
17
+ (obj) = Data_Wrap_Struct((klass), 0, X509_STORE_free, (st)); \
19
18
  } while (0)
20
19
  #define GetX509Store(obj, st) do { \
21
- Data_Get_Struct(obj, X509_STORE, st); \
22
- if (!st) { \
20
+ Data_Get_Struct((obj), X509_STORE, (st)); \
21
+ if (!(st)) { \
23
22
  ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
24
23
  } \
25
24
  } while (0)
26
25
  #define SafeGetX509Store(obj, st) do { \
27
- OSSL_Check_Kind(obj, cX509Store); \
28
- GetX509Store(obj, st); \
26
+ OSSL_Check_Kind((obj), cX509Store); \
27
+ GetX509Store((obj), (st)); \
29
28
  } while (0)
30
29
 
31
30
  #define WrapX509StCtx(klass, obj, ctx) do { \
32
- if (!ctx) { \
31
+ if (!(ctx)) { \
33
32
  ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
34
33
  } \
35
- obj = Data_Wrap_Struct(klass, 0, ossl_x509stctx_free, ctx); \
34
+ (obj) = Data_Wrap_Struct((klass), 0, ossl_x509stctx_free, (ctx)); \
36
35
  } while (0)
37
36
  #define GetX509StCtx(obj, ctx) do { \
38
- Data_Get_Struct(obj, X509_STORE_CTX, ctx); \
39
- if (!ctx) { \
37
+ Data_Get_Struct((obj), X509_STORE_CTX, (ctx)); \
38
+ if (!(ctx)) { \
40
39
  ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
41
40
  } \
42
41
  } while (0)
43
42
  #define SafeGetX509StCtx(obj, storep) do { \
44
- OSSL_Check_Kind(obj, cX509StoreContext); \
45
- GetX509Store(obj, ctx); \
43
+ OSSL_Check_Kind((obj), cX509StoreContext); \
44
+ GetX509Store((obj), (ctx)); \
46
45
  } while (0)
47
46
 
48
47
  /*
@@ -55,7 +54,7 @@ VALUE eX509StoreError;
55
54
  /*
56
55
  * Public functions
57
56
  */
58
- VALUE
57
+ VALUE
59
58
  ossl_x509store_new(X509_STORE *store)
60
59
  {
61
60
  VALUE obj;
@@ -77,19 +76,19 @@ GetX509StorePtr(VALUE obj)
77
76
 
78
77
  X509_STORE *
79
78
  DupX509StorePtr(VALUE obj)
80
- {
79
+ {
81
80
  X509_STORE *store;
82
81
 
83
82
  SafeGetX509Store(obj, store);
84
83
  CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
85
-
84
+
86
85
  return store;
87
86
  }
88
87
 
89
88
  /*
90
89
  * Private functions
91
90
  */
92
- static VALUE
91
+ static VALUE
93
92
  ossl_x509store_alloc(VALUE klass)
94
93
  {
95
94
  X509_STORE *store;
@@ -171,8 +170,8 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
171
170
  {
172
171
  #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
173
172
  X509_STORE *store;
174
- long p = NUM2LONG(purpose);
175
-
173
+ int p = NUM2INT(purpose);
174
+
176
175
  GetX509Store(self, store);
177
176
  X509_STORE_set_purpose(store, p);
178
177
  #else
@@ -187,7 +186,7 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
187
186
  {
188
187
  #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
189
188
  X509_STORE *store;
190
- long t = NUM2LONG(trust);
189
+ int t = NUM2INT(trust);
191
190
 
192
191
  GetX509Store(self, store);
193
192
  X509_STORE_set_trust(store, t);
@@ -198,14 +197,23 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
198
197
  return trust;
199
198
  }
200
199
 
201
- static VALUE
200
+ static VALUE
202
201
  ossl_x509store_set_time(VALUE self, VALUE time)
203
202
  {
204
203
  rb_iv_set(self, "@time", time);
205
204
  return time;
206
205
  }
207
206
 
208
- static VALUE
207
+ /*
208
+ * call-seq:
209
+ * store.add_file(file) -> store
210
+ *
211
+ *
212
+ * Adds the certificates in +file+ to the certificate store. The +file+ can
213
+ * contain multiple PEM-encoded certificates.
214
+ */
215
+
216
+ static VALUE
209
217
  ossl_x509store_add_file(VALUE self, VALUE file)
210
218
  {
211
219
  X509_STORE *store;
@@ -213,7 +221,7 @@ ossl_x509store_add_file(VALUE self, VALUE file)
213
221
  char *path = NULL;
214
222
 
215
223
  if(file != Qnil){
216
- Check_SafeStr(file);
224
+ SafeStringValue(file);
217
225
  path = RSTRING_PTR(file);
218
226
  }
219
227
  GetX509Store(self, store);
@@ -226,7 +234,7 @@ ossl_x509store_add_file(VALUE self, VALUE file)
226
234
  return self;
227
235
  }
228
236
 
229
- static VALUE
237
+ static VALUE
230
238
  ossl_x509store_add_path(VALUE self, VALUE dir)
231
239
  {
232
240
  X509_STORE *store;
@@ -234,7 +242,7 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
234
242
  char *path = NULL;
235
243
 
236
244
  if(dir != Qnil){
237
- Check_SafeStr(dir);
245
+ SafeStringValue(dir);
238
246
  path = RSTRING_PTR(dir);
239
247
  }
240
248
  GetX509Store(self, store);
@@ -247,6 +255,16 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
247
255
  return self;
248
256
  }
249
257
 
258
+ /*
259
+ * call-seq:
260
+ * store.set_default_path
261
+ *
262
+ * Adds the default certificates to the certificate store. These certificates
263
+ * are loaded from the default configuration directory which can usually be
264
+ * determined by:
265
+ *
266
+ * File.dirname OpenSSL::Config::DEFAULT_CONFIG_FILE
267
+ */
250
268
  static VALUE
251
269
  ossl_x509store_set_default_paths(VALUE self)
252
270
  {
@@ -260,6 +278,13 @@ ossl_x509store_set_default_paths(VALUE self)
260
278
  return Qnil;
261
279
  }
262
280
 
281
+ /*
282
+ * call-seq:
283
+ * store.add_cert(cert)
284
+ *
285
+ * Adds the OpenSSL::X509::Certificate +cert+ to the certificate store.
286
+ */
287
+
263
288
  static VALUE
264
289
  ossl_x509store_add_cert(VALUE self, VALUE arg)
265
290
  {
@@ -294,7 +319,7 @@ static VALUE ossl_x509stctx_get_err(VALUE);
294
319
  static VALUE ossl_x509stctx_get_err_string(VALUE);
295
320
  static VALUE ossl_x509stctx_get_chain(VALUE);
296
321
 
297
- static VALUE
322
+ static VALUE
298
323
  ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
299
324
  {
300
325
  VALUE cert, chain;
@@ -351,7 +376,7 @@ ossl_x509stctx_free(X509_STORE_CTX *ctx)
351
376
  X509_STORE_CTX_free(ctx);
352
377
  }
353
378
 
354
- static VALUE
379
+ static VALUE
355
380
  ossl_x509stctx_alloc(VALUE klass)
356
381
  {
357
382
  X509_STORE_CTX *ctx;
@@ -443,7 +468,7 @@ ossl_x509stctx_get_chain(VALUE self)
443
468
  return ary;
444
469
  }
445
470
 
446
- static VALUE
471
+ static VALUE
447
472
  ossl_x509stctx_get_err(VALUE self)
448
473
  {
449
474
  X509_STORE_CTX *ctx;
@@ -464,7 +489,7 @@ ossl_x509stctx_set_error(VALUE self, VALUE err)
464
489
  return err;
465
490
  }
466
491
 
467
- static VALUE
492
+ static VALUE
468
493
  ossl_x509stctx_get_err_string(VALUE self)
469
494
  {
470
495
  X509_STORE_CTX *ctx;
@@ -476,7 +501,7 @@ ossl_x509stctx_get_err_string(VALUE self)
476
501
  return rb_str_new2(X509_verify_cert_error_string(err));
477
502
  }
478
503
 
479
- static VALUE
504
+ static VALUE
480
505
  ossl_x509stctx_get_err_depth(VALUE self)
481
506
  {
482
507
  X509_STORE_CTX *ctx;
@@ -486,7 +511,7 @@ ossl_x509stctx_get_err_depth(VALUE self)
486
511
  return INT2FIX(X509_STORE_CTX_get_error_depth(ctx));
487
512
  }
488
513
 
489
- static VALUE
514
+ static VALUE
490
515
  ossl_x509stctx_get_curr_cert(VALUE self)
491
516
  {
492
517
  X509_STORE_CTX *ctx;
@@ -511,17 +536,6 @@ ossl_x509stctx_get_curr_crl(VALUE self)
511
536
  #endif
512
537
  }
513
538
 
514
- static VALUE
515
- ossl_x509stctx_cleanup(VALUE self)
516
- {
517
- X509_STORE_CTX *ctx;
518
-
519
- GetX509StCtx(self, ctx);
520
- X509_STORE_CTX_cleanup(ctx);
521
-
522
- return self;
523
- }
524
-
525
539
  static VALUE
526
540
  ossl_x509stctx_set_flags(VALUE self, VALUE flags)
527
541
  {
@@ -538,7 +552,7 @@ static VALUE
538
552
  ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
539
553
  {
540
554
  X509_STORE_CTX *store;
541
- long p = NUM2LONG(purpose);
555
+ int p = NUM2INT(purpose);
542
556
 
543
557
  GetX509StCtx(self, store);
544
558
  X509_STORE_CTX_set_purpose(store, p);
@@ -550,7 +564,7 @@ static VALUE
550
564
  ossl_x509stctx_set_trust(VALUE self, VALUE trust)
551
565
  {
552
566
  X509_STORE_CTX *store;
553
- long t = NUM2LONG(trust);
567
+ int t = NUM2INT(trust);
554
568
 
555
569
  GetX509StCtx(self, store);
556
570
  X509_STORE_CTX_set_trust(store, t);
@@ -578,13 +592,52 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
578
592
  /*
579
593
  * INIT
580
594
  */
581
- void
595
+ void
582
596
  Init_ossl_x509store()
583
597
  {
584
598
  VALUE x509stctx;
585
599
 
600
+ #if 0
601
+ mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
602
+ mX509 = rb_define_module_under(mOSSL, "X509");
603
+ #endif
604
+
586
605
  eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError);
587
606
 
607
+ /* Document-class: OpenSSL::X509::Store
608
+ *
609
+ * The X509 certificate store holds trusted CA certificates used to verify
610
+ * peer certificates.
611
+ *
612
+ * The easiest way to create a useful certificate store is:
613
+ *
614
+ * cert_store = OpenSSL::X509::Store.new
615
+ * cert_store.set_default_paths
616
+ *
617
+ * This will use your system's built-in certificates.
618
+ *
619
+ * If your system does not have a default set of certificates you can
620
+ * obtain a set from Mozilla here: http://curl.haxx.se/docs/caextract.html
621
+ * (Note that this set does not have an HTTPS download option so you may
622
+ * wish to use the firefox-db2pem.sh script to extract the certificates
623
+ * from a local install to avoid man-in-the-middle attacks.)
624
+ *
625
+ * After downloading or generating a cacert.pem from the above link you
626
+ * can create a certificate store from the pem file like this:
627
+ *
628
+ * cert_store = OpenSSL::X509::Store.new
629
+ * cert_store.add_file 'cacert.pem'
630
+ *
631
+ * The certificate store can be used with an SSLSocket like this:
632
+ *
633
+ * ssl_context = OpenSSL::SSL::SSLContext.new
634
+ * ssl_context.cert_store = cert_store
635
+ *
636
+ * tcp_socket = TCPSocket.open 'example.com', 443
637
+ *
638
+ * ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
639
+ */
640
+
588
641
  cX509Store = rb_define_class_under(mX509, "Store", rb_cObject);
589
642
  rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse);
590
643
  rb_attr(cX509Store, rb_intern("error"), 1, 0, Qfalse);
@@ -616,7 +669,6 @@ Init_ossl_x509store()
616
669
  rb_define_method(x509stctx,"error_depth", ossl_x509stctx_get_err_depth, 0);
617
670
  rb_define_method(x509stctx,"current_cert",ossl_x509stctx_get_curr_cert, 0);
618
671
  rb_define_method(x509stctx,"current_crl", ossl_x509stctx_get_curr_crl, 0);
619
- rb_define_method(x509stctx,"cleanup", ossl_x509stctx_cleanup, 0);
620
672
  rb_define_method(x509stctx,"flags=", ossl_x509stctx_set_flags, 1);
621
673
  rb_define_method(x509stctx,"purpose=", ossl_x509stctx_set_purpose, 1);
622
674
  rb_define_method(x509stctx,"trust=", ossl_x509stctx_set_trust, 1);