rubysl-openssl 2.10 → 2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. checksums.yaml +5 -5
  2. data/ext/rubysl/openssl/deprecation.rb +7 -3
  3. data/ext/rubysl/openssl/extconf.rb +148 -103
  4. data/ext/rubysl/openssl/openssl_missing.c +94 -275
  5. data/ext/rubysl/openssl/openssl_missing.h +167 -98
  6. data/ext/rubysl/openssl/ossl.c +266 -212
  7. data/ext/rubysl/openssl/ossl.h +27 -89
  8. data/ext/rubysl/openssl/ossl_asn1.c +157 -221
  9. data/ext/rubysl/openssl/ossl_asn1.h +11 -3
  10. data/ext/rubysl/openssl/ossl_bio.c +10 -40
  11. data/ext/rubysl/openssl/ossl_bio.h +1 -2
  12. data/ext/rubysl/openssl/ossl_bn.c +144 -100
  13. data/ext/rubysl/openssl/ossl_bn.h +3 -1
  14. data/ext/rubysl/openssl/ossl_cipher.c +270 -195
  15. data/ext/rubysl/openssl/ossl_config.c +7 -1
  16. data/ext/rubysl/openssl/ossl_config.h +0 -1
  17. data/ext/rubysl/openssl/ossl_digest.c +40 -29
  18. data/ext/rubysl/openssl/ossl_engine.c +23 -62
  19. data/ext/rubysl/openssl/ossl_hmac.c +82 -55
  20. data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
  21. data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
  22. data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
  23. data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
  24. data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
  25. data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
  26. data/ext/rubysl/openssl/ossl_pkey.c +151 -99
  27. data/ext/rubysl/openssl/ossl_pkey.h +123 -29
  28. data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
  29. data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
  30. data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
  31. data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
  32. data/ext/rubysl/openssl/ossl_rand.c +25 -21
  33. data/ext/rubysl/openssl/ossl_ssl.c +795 -413
  34. data/ext/rubysl/openssl/ossl_ssl.h +3 -0
  35. data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
  36. data/ext/rubysl/openssl/ossl_version.h +1 -1
  37. data/ext/rubysl/openssl/ossl_x509.c +92 -8
  38. data/ext/rubysl/openssl/ossl_x509.h +14 -5
  39. data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
  40. data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
  41. data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
  42. data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
  43. data/ext/rubysl/openssl/ossl_x509name.c +68 -45
  44. data/ext/rubysl/openssl/ossl_x509req.c +32 -38
  45. data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
  46. data/ext/rubysl/openssl/ossl_x509store.c +309 -104
  47. data/ext/rubysl/openssl/ruby_missing.h +8 -6
  48. data/lib/openssl/buffering.rb +11 -5
  49. data/lib/openssl/cipher.rb +23 -15
  50. data/lib/openssl/digest.rb +7 -10
  51. data/lib/openssl/pkey.rb +15 -8
  52. data/lib/openssl/ssl.rb +81 -105
  53. data/lib/rubysl/openssl.rb +1 -4
  54. data/lib/rubysl/openssl/version.rb +1 -1
  55. metadata +3 -4
@@ -12,6 +12,9 @@
12
12
 
13
13
  #define GetSSL(obj, ssl) do { \
14
14
  TypedData_Get_Struct((obj), SSL, &ossl_ssl_type, (ssl)); \
15
+ if (!(ssl)) { \
16
+ ossl_raise(rb_eRuntimeError, "SSL is not initialized"); \
17
+ } \
15
18
  } while (0)
16
19
 
17
20
  #define GetSSLSession(obj, sess) do { \
@@ -28,12 +28,12 @@ static VALUE ossl_ssl_session_alloc(VALUE klass)
28
28
 
29
29
  /*
30
30
  * call-seq:
31
- * Session.new(SSLSocket | string) => session
31
+ * Session.new(ssl_socket) -> Session
32
+ * Session.new(string) -> Session
32
33
  *
33
- * === Parameters
34
- * +SSLSocket+ is an OpenSSL::SSL::SSLSocket
35
- * +string+ must be a DER or PEM encoded Session.
36
- */
34
+ * Creates a new Session object from an instance of SSLSocket or DER/PEM encoded
35
+ * String.
36
+ */
37
37
  static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
38
38
  {
39
39
  SSL_SESSION *ctx = NULL;
@@ -46,10 +46,10 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
46
46
 
47
47
  GetSSL(arg1, ssl);
48
48
 
49
- if (!ssl || (ctx = SSL_get1_session(ssl)) == NULL)
49
+ if ((ctx = SSL_get1_session(ssl)) == NULL)
50
50
  ossl_raise(eSSLSession, "no session available");
51
51
  } else {
52
- BIO *in = ossl_obj2bio(arg1);
52
+ BIO *in = ossl_obj2bio(&arg1);
53
53
 
54
54
  ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
55
55
 
@@ -73,25 +73,50 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
73
73
  return self;
74
74
  }
75
75
 
76
- #if HAVE_SSL_SESSION_CMP == 0
77
- int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
76
+ static VALUE
77
+ ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
78
+ {
79
+ SSL_SESSION *sess, *sess_other, *sess_new;
80
+
81
+ rb_check_frozen(self);
82
+ sess = RTYPEDDATA_DATA(self); /* XXX */
83
+ SafeGetSSLSession(other, sess_other);
84
+
85
+ sess_new = ASN1_dup((i2d_of_void *)i2d_SSL_SESSION, (d2i_of_void *)d2i_SSL_SESSION,
86
+ (char *)sess_other);
87
+ if (!sess_new)
88
+ ossl_raise(eSSLSession, "ASN1_dup");
89
+
90
+ RTYPEDDATA_DATA(self) = sess_new;
91
+ SSL_SESSION_free(sess);
92
+
93
+ return self;
94
+ }
95
+
96
+ #if !defined(HAVE_SSL_SESSION_CMP)
97
+ int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
78
98
  {
79
- if (a->ssl_version != b->ssl_version ||
80
- a->session_id_length != b->session_id_length)
99
+ unsigned int a_len;
100
+ const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
101
+ unsigned int b_len;
102
+ const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
103
+
104
+ if (SSL_SESSION_get_protocol_version(a) != SSL_SESSION_get_protocol_version(b))
81
105
  return 1;
82
- #if defined(_WIN32)
83
- return memcmp(a->session_id, b->session_id, a->session_id_length);
84
- #else
85
- return CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length);
86
- #endif
106
+ if (a_len != b_len)
107
+ return 1;
108
+
109
+ return CRYPTO_memcmp(a_sid, b_sid, a_len);
87
110
  }
111
+ #define SSL_SESSION_cmp(a, b) ossl_SSL_SESSION_cmp(a, b)
88
112
  #endif
89
113
 
90
114
  /*
91
115
  * call-seq:
92
- * session1 == session2 -> boolean
116
+ * session1 == session2 -> boolean
93
117
  *
94
- */
118
+ * Returns true if the two Session is the same, false if not.
119
+ */
95
120
  static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
96
121
  {
97
122
  SSL_SESSION *ctx1, *ctx2;
@@ -109,51 +134,50 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
109
134
  * call-seq:
110
135
  * session.time -> Time
111
136
  *
112
- * Gets start time of the session.
113
- *
114
- */
115
- static VALUE ossl_ssl_session_get_time(VALUE self)
137
+ * Returns the time at which the session was established.
138
+ */
139
+ static VALUE
140
+ ossl_ssl_session_get_time(VALUE self)
116
141
  {
117
- SSL_SESSION *ctx;
118
- time_t t;
119
-
120
- GetSSLSession(self, ctx);
142
+ SSL_SESSION *ctx;
143
+ long t;
121
144
 
122
- t = SSL_SESSION_get_time(ctx);
145
+ GetSSLSession(self, ctx);
146
+ t = SSL_SESSION_get_time(ctx);
147
+ if (t == 0)
148
+ return Qnil;
123
149
 
124
- if (t == 0)
125
- return Qnil;
126
-
127
- return rb_funcall(rb_cTime, rb_intern("at"), 1, TIMET2NUM(t));
150
+ return rb_funcall(rb_cTime, rb_intern("at"), 1, LONG2NUM(t));
128
151
  }
129
152
 
130
153
  /*
131
154
  * call-seq:
132
- * session.timeout -> integer
155
+ * session.timeout -> Integer
133
156
  *
134
- * Gets how long until the session expires in seconds.
157
+ * Returns the timeout value set for the session, in seconds from the
158
+ * established time.
135
159
  *
136
- */
137
- static VALUE ossl_ssl_session_get_timeout(VALUE self)
160
+ */
161
+ static VALUE
162
+ ossl_ssl_session_get_timeout(VALUE self)
138
163
  {
139
- SSL_SESSION *ctx;
140
- time_t t;
141
-
142
- GetSSLSession(self, ctx);
164
+ SSL_SESSION *ctx;
165
+ long t;
143
166
 
144
- t = SSL_SESSION_get_timeout(ctx);
167
+ GetSSLSession(self, ctx);
168
+ t = SSL_SESSION_get_timeout(ctx);
145
169
 
146
- return TIMET2NUM(t);
170
+ return LONG2NUM(t);
147
171
  }
148
172
 
149
173
  /*
150
174
  * call-seq:
151
- * session.time=(Time) -> Time
152
- * session.time=(integer) -> Time
175
+ * session.time = time
176
+ * session.time = integer
153
177
  *
154
178
  * Sets start time of the session. Time resolution is in seconds.
155
179
  *
156
- */
180
+ */
157
181
  static VALUE ossl_ssl_session_set_time(VALUE self, VALUE time_v)
158
182
  {
159
183
  SSL_SESSION *ctx;
@@ -170,11 +194,10 @@ static VALUE ossl_ssl_session_set_time(VALUE self, VALUE time_v)
170
194
 
171
195
  /*
172
196
  * call-seq:
173
- * session.timeout=(integer) -> integer
197
+ * session.timeout = integer
174
198
  *
175
199
  * Sets how long until the session expires in seconds.
176
- *
177
- */
200
+ */
178
201
  static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
179
202
  {
180
203
  SSL_SESSION *ctx;
@@ -186,10 +209,9 @@ static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
186
209
  return ossl_ssl_session_get_timeout(self);
187
210
  }
188
211
 
189
- #ifdef HAVE_SSL_SESSION_GET_ID
190
212
  /*
191
213
  * call-seq:
192
- * session.id -> aString
214
+ * session.id -> String
193
215
  *
194
216
  * Returns the Session ID.
195
217
  */
@@ -205,14 +227,13 @@ static VALUE ossl_ssl_session_get_id(VALUE self)
205
227
 
206
228
  return rb_str_new((const char *) p, i);
207
229
  }
208
- #endif
209
230
 
210
231
  /*
211
232
  * call-seq:
212
- * session.to_der -> aString
233
+ * session.to_der -> String
213
234
  *
214
235
  * Returns an ASN1 encoded String that contains the Session object.
215
- */
236
+ */
216
237
  static VALUE ossl_ssl_session_to_der(VALUE self)
217
238
  {
218
239
  SSL_SESSION *ctx;
@@ -238,14 +259,11 @@ static VALUE ossl_ssl_session_to_der(VALUE self)
238
259
  * session.to_pem -> String
239
260
  *
240
261
  * Returns a PEM encoded String that contains the Session object.
241
- */
262
+ */
242
263
  static VALUE ossl_ssl_session_to_pem(VALUE self)
243
264
  {
244
265
  SSL_SESSION *ctx;
245
266
  BIO *out;
246
- BUF_MEM *buf;
247
- VALUE str;
248
- int i;
249
267
 
250
268
  GetSSLSession(self, ctx);
251
269
 
@@ -253,16 +271,13 @@ static VALUE ossl_ssl_session_to_pem(VALUE self)
253
271
  ossl_raise(eSSLSession, "BIO_s_mem()");
254
272
  }
255
273
 
256
- if (!(i=PEM_write_bio_SSL_SESSION(out, ctx))) {
274
+ if (!PEM_write_bio_SSL_SESSION(out, ctx)) {
257
275
  BIO_free(out);
258
276
  ossl_raise(eSSLSession, "SSL_SESSION_print()");
259
277
  }
260
278
 
261
- BIO_get_mem_ptr(out, &buf);
262
- str = rb_str_new(buf->data, buf->length);
263
- BIO_free(out);
264
279
 
265
- return str;
280
+ return ossl_membio2str(out);
266
281
  }
267
282
 
268
283
 
@@ -270,14 +285,12 @@ static VALUE ossl_ssl_session_to_pem(VALUE self)
270
285
  * call-seq:
271
286
  * session.to_text -> String
272
287
  *
273
- * Shows everything in the Session object.
274
- */
288
+ * Shows everything in the Session object. This is for diagnostic purposes.
289
+ */
275
290
  static VALUE ossl_ssl_session_to_text(VALUE self)
276
291
  {
277
292
  SSL_SESSION *ctx;
278
293
  BIO *out;
279
- BUF_MEM *buf;
280
- VALUE str;
281
294
 
282
295
  GetSSLSession(self, ctx);
283
296
 
@@ -290,25 +303,23 @@ static VALUE ossl_ssl_session_to_text(VALUE self)
290
303
  ossl_raise(eSSLSession, "SSL_SESSION_print()");
291
304
  }
292
305
 
293
- BIO_get_mem_ptr(out, &buf);
294
- str = rb_str_new(buf->data, buf->length);
295
- BIO_free(out);
296
-
297
- return str;
306
+ return ossl_membio2str(out);
298
307
  }
299
308
 
300
309
 
301
310
  void Init_ossl_ssl_session(void)
302
311
  {
303
312
  #if 0
304
- mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
305
- mSSL = rb_define_module_under(mOSSL, "SSL");
313
+ mOSSL = rb_define_module("OpenSSL");
314
+ mSSL = rb_define_module_under(mOSSL, "SSL");
315
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
306
316
  #endif
307
317
  cSSLSession = rb_define_class_under(mSSL, "Session", rb_cObject);
308
318
  eSSLSession = rb_define_class_under(cSSLSession, "SessionError", eOSSLError);
309
319
 
310
320
  rb_define_alloc_func(cSSLSession, ossl_ssl_session_alloc);
311
321
  rb_define_method(cSSLSession, "initialize", ossl_ssl_session_initialize, 1);
322
+ rb_define_copy_func(cSSLSession, ossl_ssl_session_initialize_copy);
312
323
 
313
324
  rb_define_method(cSSLSession, "==", ossl_ssl_session_eq, 1);
314
325
 
@@ -316,12 +327,7 @@ void Init_ossl_ssl_session(void)
316
327
  rb_define_method(cSSLSession, "time=", ossl_ssl_session_set_time, 1);
317
328
  rb_define_method(cSSLSession, "timeout", ossl_ssl_session_get_timeout, 0);
318
329
  rb_define_method(cSSLSession, "timeout=", ossl_ssl_session_set_timeout, 1);
319
-
320
- #ifdef HAVE_SSL_SESSION_GET_ID
321
330
  rb_define_method(cSSLSession, "id", ossl_ssl_session_get_id, 0);
322
- #else
323
- rb_undef_method(cSSLSession, "id");
324
- #endif
325
331
  rb_define_method(cSSLSession, "to_der", ossl_ssl_session_to_der, 0);
326
332
  rb_define_method(cSSLSession, "to_pem", ossl_ssl_session_to_pem, 0);
327
333
  rb_define_method(cSSLSession, "to_text", ossl_ssl_session_to_text, 0);
@@ -10,6 +10,6 @@
10
10
  #if !defined(_OSSL_VERSION_H_)
11
11
  #define _OSSL_VERSION_H_
12
12
 
13
- #define OSSL_VERSION "1.1.0"
13
+ #define OSSL_VERSION "2.0.9"
14
14
 
15
15
  #endif /* _OSSL_VERSION_H_ */
@@ -11,13 +11,33 @@
11
11
 
12
12
  VALUE mX509;
13
13
 
14
- #define DefX509Const(x) rb_define_const(mX509, #x,INT2FIX(X509_##x))
14
+ #define DefX509Const(x) rb_define_const(mX509, #x, INT2NUM(X509_##x))
15
15
  #define DefX509Default(x,i) \
16
16
  rb_define_const(mX509, "DEFAULT_" #x, rb_str_new2(X509_get_default_##i()))
17
17
 
18
+ ASN1_TIME *
19
+ ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
20
+ {
21
+ time_t sec;
22
+
23
+ #if defined(HAVE_ASN1_TIME_ADJ)
24
+ int off_days;
25
+
26
+ ossl_time_split(time, &sec, &off_days);
27
+ return X509_time_adj_ex(s, off_days, 0, &sec);
28
+ #else
29
+ sec = time_to_time_t(time);
30
+ return X509_time_adj(s, 0, &sec);
31
+ #endif
32
+ }
33
+
18
34
  void
19
35
  Init_ossl_x509(void)
20
36
  {
37
+ #if 0
38
+ mOSSL = rb_define_module("OpenSSL");
39
+ #endif
40
+
21
41
  mX509 = rb_define_module_under(mOSSL, "X509");
22
42
 
23
43
  Init_ossl_x509attr();
@@ -63,22 +83,87 @@ Init_ossl_x509(void)
63
83
  DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
64
84
  DefX509Const(V_ERR_APPLICATION_VERIFICATION);
65
85
 
66
- #if defined(X509_V_FLAG_CRL_CHECK)
86
+ /* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for the
87
+ * certificate chain leaf. */
67
88
  DefX509Const(V_FLAG_CRL_CHECK);
68
- #endif
69
- #if defined(X509_V_FLAG_CRL_CHECK_ALL)
89
+ /* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for all
90
+ * certificates in the certificate chain */
70
91
  DefX509Const(V_FLAG_CRL_CHECK_ALL);
92
+ /* Set by Store#flags= and StoreContext#flags=. Disables critical extension
93
+ * checking. */
94
+ DefX509Const(V_FLAG_IGNORE_CRITICAL);
95
+ /* Set by Store#flags= and StoreContext#flags=. Disables workarounds for
96
+ * broken certificates. */
97
+ DefX509Const(V_FLAG_X509_STRICT);
98
+ /* Set by Store#flags= and StoreContext#flags=. Enables proxy certificate
99
+ * verification. */
100
+ DefX509Const(V_FLAG_ALLOW_PROXY_CERTS);
101
+ /* Set by Store#flags= and StoreContext#flags=. Enables certificate policy
102
+ * constraints checking. */
103
+ DefX509Const(V_FLAG_POLICY_CHECK);
104
+ /* Set by Store#flags= and StoreContext#flags=.
105
+ * Implies V_FLAG_POLICY_CHECK */
106
+ DefX509Const(V_FLAG_EXPLICIT_POLICY);
107
+ /* Set by Store#flags= and StoreContext#flags=.
108
+ * Implies V_FLAG_POLICY_CHECK */
109
+ DefX509Const(V_FLAG_INHIBIT_ANY);
110
+ /* Set by Store#flags= and StoreContext#flags=.
111
+ * Implies V_FLAG_POLICY_CHECK */
112
+ DefX509Const(V_FLAG_INHIBIT_MAP);
113
+ /* Set by Store#flags= and StoreContext#flags=. */
114
+ DefX509Const(V_FLAG_NOTIFY_POLICY);
115
+ #if defined(X509_V_FLAG_EXTENDED_CRL_SUPPORT)
116
+ /* Set by Store#flags= and StoreContext#flags=. Enables some additional
117
+ * features including support for indirect signed CRLs. */
118
+ DefX509Const(V_FLAG_EXTENDED_CRL_SUPPORT);
119
+ #endif
120
+ #if defined(X509_V_FLAG_USE_DELTAS)
121
+ /* Set by Store#flags= and StoreContext#flags=. Uses delta CRLs. If not
122
+ * specified, deltas are ignored. */
123
+ DefX509Const(V_FLAG_USE_DELTAS);
124
+ #endif
125
+ #if defined(X509_V_FLAG_CHECK_SS_SIGNATURE)
126
+ /* Set by Store#flags= and StoreContext#flags=. Enables checking of the
127
+ * signature of the root self-signed CA. */
128
+ DefX509Const(V_FLAG_CHECK_SS_SIGNATURE);
129
+ #endif
130
+ #if defined(X509_V_FLAG_TRUSTED_FIRST)
131
+ /* Set by Store#flags= and StoreContext#flags=. When constructing a
132
+ * certificate chain, search the Store first for the issuer certificate.
133
+ * Enabled by default in OpenSSL >= 1.1.0. */
134
+ DefX509Const(V_FLAG_TRUSTED_FIRST);
135
+ #endif
136
+ #if defined(X509_V_FLAG_NO_ALT_CHAINS)
137
+ /* Set by Store#flags= and StoreContext#flags=. Suppresses searching for
138
+ * a alternative chain. No effect in OpenSSL >= 1.1.0. */
139
+ DefX509Const(V_FLAG_NO_ALT_CHAINS);
140
+ #endif
141
+ #if defined(X509_V_FLAG_NO_CHECK_TIME)
142
+ /* Set by Store#flags= and StoreContext#flags=. Suppresses checking the
143
+ * validity period of certificates and CRLs. No effect when the current
144
+ * time is explicitly set by Store#time= or StoreContext#time=. */
145
+ DefX509Const(V_FLAG_NO_CHECK_TIME);
71
146
  #endif
72
147
 
148
+ /* Set by Store#purpose=. SSL/TLS client. */
73
149
  DefX509Const(PURPOSE_SSL_CLIENT);
150
+ /* Set by Store#purpose=. SSL/TLS server. */
74
151
  DefX509Const(PURPOSE_SSL_SERVER);
152
+ /* Set by Store#purpose=. Netscape SSL server. */
75
153
  DefX509Const(PURPOSE_NS_SSL_SERVER);
154
+ /* Set by Store#purpose=. S/MIME signing. */
76
155
  DefX509Const(PURPOSE_SMIME_SIGN);
156
+ /* Set by Store#purpose=. S/MIME encryption. */
77
157
  DefX509Const(PURPOSE_SMIME_ENCRYPT);
158
+ /* Set by Store#purpose=. CRL signing */
78
159
  DefX509Const(PURPOSE_CRL_SIGN);
160
+ /* Set by Store#purpose=. No checks. */
79
161
  DefX509Const(PURPOSE_ANY);
80
- #if defined(X509_PURPOSE_OCSP_HELPER)
162
+ /* Set by Store#purpose=. OCSP helper. */
81
163
  DefX509Const(PURPOSE_OCSP_HELPER);
164
+ #if defined(X509_PURPOSE_TIMESTAMP_SIGN)
165
+ /* Set by Store#purpose=. Time stamps signer. */
166
+ DefX509Const(PURPOSE_TIMESTAMP_SIGN);
82
167
  #endif
83
168
 
84
169
  DefX509Const(TRUST_COMPAT);
@@ -86,11 +171,10 @@ Init_ossl_x509(void)
86
171
  DefX509Const(TRUST_SSL_SERVER);
87
172
  DefX509Const(TRUST_EMAIL);
88
173
  DefX509Const(TRUST_OBJECT_SIGN);
89
- #if defined(X509_TRUST_OCSP_SIGN)
90
174
  DefX509Const(TRUST_OCSP_SIGN);
91
- #endif
92
- #if defined(X509_TRUST_OCSP_REQUEST)
93
175
  DefX509Const(TRUST_OCSP_REQUEST);
176
+ #if defined(X509_TRUST_TSA)
177
+ DefX509Const(TRUST_TSA);
94
178
  #endif
95
179
 
96
180
  DefX509Default(CERT_AREA, cert_area);