rubysl-openssl 2.10 → 2.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/ext/rubysl/openssl/deprecation.rb +7 -3
- data/ext/rubysl/openssl/extconf.rb +148 -103
- data/ext/rubysl/openssl/openssl_missing.c +94 -275
- data/ext/rubysl/openssl/openssl_missing.h +167 -98
- data/ext/rubysl/openssl/ossl.c +266 -212
- data/ext/rubysl/openssl/ossl.h +27 -89
- data/ext/rubysl/openssl/ossl_asn1.c +157 -221
- data/ext/rubysl/openssl/ossl_asn1.h +11 -3
- data/ext/rubysl/openssl/ossl_bio.c +10 -40
- data/ext/rubysl/openssl/ossl_bio.h +1 -2
- data/ext/rubysl/openssl/ossl_bn.c +144 -100
- data/ext/rubysl/openssl/ossl_bn.h +3 -1
- data/ext/rubysl/openssl/ossl_cipher.c +270 -195
- data/ext/rubysl/openssl/ossl_config.c +7 -1
- data/ext/rubysl/openssl/ossl_config.h +0 -1
- data/ext/rubysl/openssl/ossl_digest.c +40 -29
- data/ext/rubysl/openssl/ossl_engine.c +23 -62
- data/ext/rubysl/openssl/ossl_hmac.c +82 -55
- data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
- data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
- data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
- data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
- data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
- data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
- data/ext/rubysl/openssl/ossl_pkey.c +151 -99
- data/ext/rubysl/openssl/ossl_pkey.h +123 -29
- data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
- data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
- data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
- data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
- data/ext/rubysl/openssl/ossl_rand.c +25 -21
- data/ext/rubysl/openssl/ossl_ssl.c +795 -413
- data/ext/rubysl/openssl/ossl_ssl.h +3 -0
- data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
- data/ext/rubysl/openssl/ossl_version.h +1 -1
- data/ext/rubysl/openssl/ossl_x509.c +92 -8
- data/ext/rubysl/openssl/ossl_x509.h +14 -5
- data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
- data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
- data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
- data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
- data/ext/rubysl/openssl/ossl_x509name.c +68 -45
- data/ext/rubysl/openssl/ossl_x509req.c +32 -38
- data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
- data/ext/rubysl/openssl/ossl_x509store.c +309 -104
- data/ext/rubysl/openssl/ruby_missing.h +8 -6
- data/lib/openssl/buffering.rb +11 -5
- data/lib/openssl/cipher.rb +23 -15
- data/lib/openssl/digest.rb +7 -10
- data/lib/openssl/pkey.rb +15 -8
- data/lib/openssl/ssl.rb +81 -105
- data/lib/rubysl/openssl.rb +1 -4
- data/lib/rubysl/openssl/version.rb +1 -1
- metadata +3 -4
@@ -28,12 +28,12 @@ static VALUE ossl_ssl_session_alloc(VALUE klass)
|
|
28
28
|
|
29
29
|
/*
|
30
30
|
* call-seq:
|
31
|
-
*
|
31
|
+
* Session.new(ssl_socket) -> Session
|
32
|
+
* Session.new(string) -> Session
|
32
33
|
*
|
33
|
-
*
|
34
|
-
*
|
35
|
-
|
36
|
-
*/
|
34
|
+
* Creates a new Session object from an instance of SSLSocket or DER/PEM encoded
|
35
|
+
* String.
|
36
|
+
*/
|
37
37
|
static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
|
38
38
|
{
|
39
39
|
SSL_SESSION *ctx = NULL;
|
@@ -46,10 +46,10 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
|
|
46
46
|
|
47
47
|
GetSSL(arg1, ssl);
|
48
48
|
|
49
|
-
if (
|
49
|
+
if ((ctx = SSL_get1_session(ssl)) == NULL)
|
50
50
|
ossl_raise(eSSLSession, "no session available");
|
51
51
|
} else {
|
52
|
-
BIO *in = ossl_obj2bio(arg1);
|
52
|
+
BIO *in = ossl_obj2bio(&arg1);
|
53
53
|
|
54
54
|
ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
|
55
55
|
|
@@ -73,25 +73,50 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
|
|
73
73
|
return self;
|
74
74
|
}
|
75
75
|
|
76
|
-
|
77
|
-
|
76
|
+
static VALUE
|
77
|
+
ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
|
78
|
+
{
|
79
|
+
SSL_SESSION *sess, *sess_other, *sess_new;
|
80
|
+
|
81
|
+
rb_check_frozen(self);
|
82
|
+
sess = RTYPEDDATA_DATA(self); /* XXX */
|
83
|
+
SafeGetSSLSession(other, sess_other);
|
84
|
+
|
85
|
+
sess_new = ASN1_dup((i2d_of_void *)i2d_SSL_SESSION, (d2i_of_void *)d2i_SSL_SESSION,
|
86
|
+
(char *)sess_other);
|
87
|
+
if (!sess_new)
|
88
|
+
ossl_raise(eSSLSession, "ASN1_dup");
|
89
|
+
|
90
|
+
RTYPEDDATA_DATA(self) = sess_new;
|
91
|
+
SSL_SESSION_free(sess);
|
92
|
+
|
93
|
+
return self;
|
94
|
+
}
|
95
|
+
|
96
|
+
#if !defined(HAVE_SSL_SESSION_CMP)
|
97
|
+
int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
|
78
98
|
{
|
79
|
-
|
80
|
-
|
99
|
+
unsigned int a_len;
|
100
|
+
const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
|
101
|
+
unsigned int b_len;
|
102
|
+
const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
|
103
|
+
|
104
|
+
if (SSL_SESSION_get_protocol_version(a) != SSL_SESSION_get_protocol_version(b))
|
81
105
|
return 1;
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
return CRYPTO_memcmp(
|
86
|
-
#endif
|
106
|
+
if (a_len != b_len)
|
107
|
+
return 1;
|
108
|
+
|
109
|
+
return CRYPTO_memcmp(a_sid, b_sid, a_len);
|
87
110
|
}
|
111
|
+
#define SSL_SESSION_cmp(a, b) ossl_SSL_SESSION_cmp(a, b)
|
88
112
|
#endif
|
89
113
|
|
90
114
|
/*
|
91
115
|
* call-seq:
|
92
|
-
*
|
116
|
+
* session1 == session2 -> boolean
|
93
117
|
*
|
94
|
-
|
118
|
+
* Returns true if the two Session is the same, false if not.
|
119
|
+
*/
|
95
120
|
static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
|
96
121
|
{
|
97
122
|
SSL_SESSION *ctx1, *ctx2;
|
@@ -109,51 +134,50 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
|
|
109
134
|
* call-seq:
|
110
135
|
* session.time -> Time
|
111
136
|
*
|
112
|
-
*
|
113
|
-
|
114
|
-
|
115
|
-
|
137
|
+
* Returns the time at which the session was established.
|
138
|
+
*/
|
139
|
+
static VALUE
|
140
|
+
ossl_ssl_session_get_time(VALUE self)
|
116
141
|
{
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
GetSSLSession(self, ctx);
|
142
|
+
SSL_SESSION *ctx;
|
143
|
+
long t;
|
121
144
|
|
122
|
-
|
145
|
+
GetSSLSession(self, ctx);
|
146
|
+
t = SSL_SESSION_get_time(ctx);
|
147
|
+
if (t == 0)
|
148
|
+
return Qnil;
|
123
149
|
|
124
|
-
|
125
|
-
return Qnil;
|
126
|
-
|
127
|
-
return rb_funcall(rb_cTime, rb_intern("at"), 1, TIMET2NUM(t));
|
150
|
+
return rb_funcall(rb_cTime, rb_intern("at"), 1, LONG2NUM(t));
|
128
151
|
}
|
129
152
|
|
130
153
|
/*
|
131
154
|
* call-seq:
|
132
|
-
* session.timeout ->
|
155
|
+
* session.timeout -> Integer
|
133
156
|
*
|
134
|
-
*
|
157
|
+
* Returns the timeout value set for the session, in seconds from the
|
158
|
+
* established time.
|
135
159
|
*
|
136
|
-
*/
|
137
|
-
static VALUE
|
160
|
+
*/
|
161
|
+
static VALUE
|
162
|
+
ossl_ssl_session_get_timeout(VALUE self)
|
138
163
|
{
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
GetSSLSession(self, ctx);
|
164
|
+
SSL_SESSION *ctx;
|
165
|
+
long t;
|
143
166
|
|
144
|
-
|
167
|
+
GetSSLSession(self, ctx);
|
168
|
+
t = SSL_SESSION_get_timeout(ctx);
|
145
169
|
|
146
|
-
|
170
|
+
return LONG2NUM(t);
|
147
171
|
}
|
148
172
|
|
149
173
|
/*
|
150
174
|
* call-seq:
|
151
|
-
* session.time=
|
152
|
-
* session.time=
|
175
|
+
* session.time = time
|
176
|
+
* session.time = integer
|
153
177
|
*
|
154
178
|
* Sets start time of the session. Time resolution is in seconds.
|
155
179
|
*
|
156
|
-
*/
|
180
|
+
*/
|
157
181
|
static VALUE ossl_ssl_session_set_time(VALUE self, VALUE time_v)
|
158
182
|
{
|
159
183
|
SSL_SESSION *ctx;
|
@@ -170,11 +194,10 @@ static VALUE ossl_ssl_session_set_time(VALUE self, VALUE time_v)
|
|
170
194
|
|
171
195
|
/*
|
172
196
|
* call-seq:
|
173
|
-
* session.timeout=
|
197
|
+
* session.timeout = integer
|
174
198
|
*
|
175
199
|
* Sets how long until the session expires in seconds.
|
176
|
-
|
177
|
-
*/
|
200
|
+
*/
|
178
201
|
static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
|
179
202
|
{
|
180
203
|
SSL_SESSION *ctx;
|
@@ -186,10 +209,9 @@ static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
|
|
186
209
|
return ossl_ssl_session_get_timeout(self);
|
187
210
|
}
|
188
211
|
|
189
|
-
#ifdef HAVE_SSL_SESSION_GET_ID
|
190
212
|
/*
|
191
213
|
* call-seq:
|
192
|
-
* session.id ->
|
214
|
+
* session.id -> String
|
193
215
|
*
|
194
216
|
* Returns the Session ID.
|
195
217
|
*/
|
@@ -205,14 +227,13 @@ static VALUE ossl_ssl_session_get_id(VALUE self)
|
|
205
227
|
|
206
228
|
return rb_str_new((const char *) p, i);
|
207
229
|
}
|
208
|
-
#endif
|
209
230
|
|
210
231
|
/*
|
211
232
|
* call-seq:
|
212
|
-
* session.to_der ->
|
233
|
+
* session.to_der -> String
|
213
234
|
*
|
214
235
|
* Returns an ASN1 encoded String that contains the Session object.
|
215
|
-
*/
|
236
|
+
*/
|
216
237
|
static VALUE ossl_ssl_session_to_der(VALUE self)
|
217
238
|
{
|
218
239
|
SSL_SESSION *ctx;
|
@@ -238,14 +259,11 @@ static VALUE ossl_ssl_session_to_der(VALUE self)
|
|
238
259
|
* session.to_pem -> String
|
239
260
|
*
|
240
261
|
* Returns a PEM encoded String that contains the Session object.
|
241
|
-
*/
|
262
|
+
*/
|
242
263
|
static VALUE ossl_ssl_session_to_pem(VALUE self)
|
243
264
|
{
|
244
265
|
SSL_SESSION *ctx;
|
245
266
|
BIO *out;
|
246
|
-
BUF_MEM *buf;
|
247
|
-
VALUE str;
|
248
|
-
int i;
|
249
267
|
|
250
268
|
GetSSLSession(self, ctx);
|
251
269
|
|
@@ -253,16 +271,13 @@ static VALUE ossl_ssl_session_to_pem(VALUE self)
|
|
253
271
|
ossl_raise(eSSLSession, "BIO_s_mem()");
|
254
272
|
}
|
255
273
|
|
256
|
-
if (!
|
274
|
+
if (!PEM_write_bio_SSL_SESSION(out, ctx)) {
|
257
275
|
BIO_free(out);
|
258
276
|
ossl_raise(eSSLSession, "SSL_SESSION_print()");
|
259
277
|
}
|
260
278
|
|
261
|
-
BIO_get_mem_ptr(out, &buf);
|
262
|
-
str = rb_str_new(buf->data, buf->length);
|
263
|
-
BIO_free(out);
|
264
279
|
|
265
|
-
return
|
280
|
+
return ossl_membio2str(out);
|
266
281
|
}
|
267
282
|
|
268
283
|
|
@@ -270,14 +285,12 @@ static VALUE ossl_ssl_session_to_pem(VALUE self)
|
|
270
285
|
* call-seq:
|
271
286
|
* session.to_text -> String
|
272
287
|
*
|
273
|
-
* Shows everything in the Session object.
|
274
|
-
*/
|
288
|
+
* Shows everything in the Session object. This is for diagnostic purposes.
|
289
|
+
*/
|
275
290
|
static VALUE ossl_ssl_session_to_text(VALUE self)
|
276
291
|
{
|
277
292
|
SSL_SESSION *ctx;
|
278
293
|
BIO *out;
|
279
|
-
BUF_MEM *buf;
|
280
|
-
VALUE str;
|
281
294
|
|
282
295
|
GetSSLSession(self, ctx);
|
283
296
|
|
@@ -290,25 +303,23 @@ static VALUE ossl_ssl_session_to_text(VALUE self)
|
|
290
303
|
ossl_raise(eSSLSession, "SSL_SESSION_print()");
|
291
304
|
}
|
292
305
|
|
293
|
-
|
294
|
-
str = rb_str_new(buf->data, buf->length);
|
295
|
-
BIO_free(out);
|
296
|
-
|
297
|
-
return str;
|
306
|
+
return ossl_membio2str(out);
|
298
307
|
}
|
299
308
|
|
300
309
|
|
301
310
|
void Init_ossl_ssl_session(void)
|
302
311
|
{
|
303
312
|
#if 0
|
304
|
-
|
305
|
-
|
313
|
+
mOSSL = rb_define_module("OpenSSL");
|
314
|
+
mSSL = rb_define_module_under(mOSSL, "SSL");
|
315
|
+
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
306
316
|
#endif
|
307
317
|
cSSLSession = rb_define_class_under(mSSL, "Session", rb_cObject);
|
308
318
|
eSSLSession = rb_define_class_under(cSSLSession, "SessionError", eOSSLError);
|
309
319
|
|
310
320
|
rb_define_alloc_func(cSSLSession, ossl_ssl_session_alloc);
|
311
321
|
rb_define_method(cSSLSession, "initialize", ossl_ssl_session_initialize, 1);
|
322
|
+
rb_define_copy_func(cSSLSession, ossl_ssl_session_initialize_copy);
|
312
323
|
|
313
324
|
rb_define_method(cSSLSession, "==", ossl_ssl_session_eq, 1);
|
314
325
|
|
@@ -316,12 +327,7 @@ void Init_ossl_ssl_session(void)
|
|
316
327
|
rb_define_method(cSSLSession, "time=", ossl_ssl_session_set_time, 1);
|
317
328
|
rb_define_method(cSSLSession, "timeout", ossl_ssl_session_get_timeout, 0);
|
318
329
|
rb_define_method(cSSLSession, "timeout=", ossl_ssl_session_set_timeout, 1);
|
319
|
-
|
320
|
-
#ifdef HAVE_SSL_SESSION_GET_ID
|
321
330
|
rb_define_method(cSSLSession, "id", ossl_ssl_session_get_id, 0);
|
322
|
-
#else
|
323
|
-
rb_undef_method(cSSLSession, "id");
|
324
|
-
#endif
|
325
331
|
rb_define_method(cSSLSession, "to_der", ossl_ssl_session_to_der, 0);
|
326
332
|
rb_define_method(cSSLSession, "to_pem", ossl_ssl_session_to_pem, 0);
|
327
333
|
rb_define_method(cSSLSession, "to_text", ossl_ssl_session_to_text, 0);
|
@@ -11,13 +11,33 @@
|
|
11
11
|
|
12
12
|
VALUE mX509;
|
13
13
|
|
14
|
-
#define DefX509Const(x) rb_define_const(mX509, #x,
|
14
|
+
#define DefX509Const(x) rb_define_const(mX509, #x, INT2NUM(X509_##x))
|
15
15
|
#define DefX509Default(x,i) \
|
16
16
|
rb_define_const(mX509, "DEFAULT_" #x, rb_str_new2(X509_get_default_##i()))
|
17
17
|
|
18
|
+
ASN1_TIME *
|
19
|
+
ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
|
20
|
+
{
|
21
|
+
time_t sec;
|
22
|
+
|
23
|
+
#if defined(HAVE_ASN1_TIME_ADJ)
|
24
|
+
int off_days;
|
25
|
+
|
26
|
+
ossl_time_split(time, &sec, &off_days);
|
27
|
+
return X509_time_adj_ex(s, off_days, 0, &sec);
|
28
|
+
#else
|
29
|
+
sec = time_to_time_t(time);
|
30
|
+
return X509_time_adj(s, 0, &sec);
|
31
|
+
#endif
|
32
|
+
}
|
33
|
+
|
18
34
|
void
|
19
35
|
Init_ossl_x509(void)
|
20
36
|
{
|
37
|
+
#if 0
|
38
|
+
mOSSL = rb_define_module("OpenSSL");
|
39
|
+
#endif
|
40
|
+
|
21
41
|
mX509 = rb_define_module_under(mOSSL, "X509");
|
22
42
|
|
23
43
|
Init_ossl_x509attr();
|
@@ -63,22 +83,87 @@ Init_ossl_x509(void)
|
|
63
83
|
DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
|
64
84
|
DefX509Const(V_ERR_APPLICATION_VERIFICATION);
|
65
85
|
|
66
|
-
#
|
86
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for the
|
87
|
+
* certificate chain leaf. */
|
67
88
|
DefX509Const(V_FLAG_CRL_CHECK);
|
68
|
-
#
|
69
|
-
|
89
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for all
|
90
|
+
* certificates in the certificate chain */
|
70
91
|
DefX509Const(V_FLAG_CRL_CHECK_ALL);
|
92
|
+
/* Set by Store#flags= and StoreContext#flags=. Disables critical extension
|
93
|
+
* checking. */
|
94
|
+
DefX509Const(V_FLAG_IGNORE_CRITICAL);
|
95
|
+
/* Set by Store#flags= and StoreContext#flags=. Disables workarounds for
|
96
|
+
* broken certificates. */
|
97
|
+
DefX509Const(V_FLAG_X509_STRICT);
|
98
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables proxy certificate
|
99
|
+
* verification. */
|
100
|
+
DefX509Const(V_FLAG_ALLOW_PROXY_CERTS);
|
101
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables certificate policy
|
102
|
+
* constraints checking. */
|
103
|
+
DefX509Const(V_FLAG_POLICY_CHECK);
|
104
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
105
|
+
* Implies V_FLAG_POLICY_CHECK */
|
106
|
+
DefX509Const(V_FLAG_EXPLICIT_POLICY);
|
107
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
108
|
+
* Implies V_FLAG_POLICY_CHECK */
|
109
|
+
DefX509Const(V_FLAG_INHIBIT_ANY);
|
110
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
111
|
+
* Implies V_FLAG_POLICY_CHECK */
|
112
|
+
DefX509Const(V_FLAG_INHIBIT_MAP);
|
113
|
+
/* Set by Store#flags= and StoreContext#flags=. */
|
114
|
+
DefX509Const(V_FLAG_NOTIFY_POLICY);
|
115
|
+
#if defined(X509_V_FLAG_EXTENDED_CRL_SUPPORT)
|
116
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables some additional
|
117
|
+
* features including support for indirect signed CRLs. */
|
118
|
+
DefX509Const(V_FLAG_EXTENDED_CRL_SUPPORT);
|
119
|
+
#endif
|
120
|
+
#if defined(X509_V_FLAG_USE_DELTAS)
|
121
|
+
/* Set by Store#flags= and StoreContext#flags=. Uses delta CRLs. If not
|
122
|
+
* specified, deltas are ignored. */
|
123
|
+
DefX509Const(V_FLAG_USE_DELTAS);
|
124
|
+
#endif
|
125
|
+
#if defined(X509_V_FLAG_CHECK_SS_SIGNATURE)
|
126
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables checking of the
|
127
|
+
* signature of the root self-signed CA. */
|
128
|
+
DefX509Const(V_FLAG_CHECK_SS_SIGNATURE);
|
129
|
+
#endif
|
130
|
+
#if defined(X509_V_FLAG_TRUSTED_FIRST)
|
131
|
+
/* Set by Store#flags= and StoreContext#flags=. When constructing a
|
132
|
+
* certificate chain, search the Store first for the issuer certificate.
|
133
|
+
* Enabled by default in OpenSSL >= 1.1.0. */
|
134
|
+
DefX509Const(V_FLAG_TRUSTED_FIRST);
|
135
|
+
#endif
|
136
|
+
#if defined(X509_V_FLAG_NO_ALT_CHAINS)
|
137
|
+
/* Set by Store#flags= and StoreContext#flags=. Suppresses searching for
|
138
|
+
* a alternative chain. No effect in OpenSSL >= 1.1.0. */
|
139
|
+
DefX509Const(V_FLAG_NO_ALT_CHAINS);
|
140
|
+
#endif
|
141
|
+
#if defined(X509_V_FLAG_NO_CHECK_TIME)
|
142
|
+
/* Set by Store#flags= and StoreContext#flags=. Suppresses checking the
|
143
|
+
* validity period of certificates and CRLs. No effect when the current
|
144
|
+
* time is explicitly set by Store#time= or StoreContext#time=. */
|
145
|
+
DefX509Const(V_FLAG_NO_CHECK_TIME);
|
71
146
|
#endif
|
72
147
|
|
148
|
+
/* Set by Store#purpose=. SSL/TLS client. */
|
73
149
|
DefX509Const(PURPOSE_SSL_CLIENT);
|
150
|
+
/* Set by Store#purpose=. SSL/TLS server. */
|
74
151
|
DefX509Const(PURPOSE_SSL_SERVER);
|
152
|
+
/* Set by Store#purpose=. Netscape SSL server. */
|
75
153
|
DefX509Const(PURPOSE_NS_SSL_SERVER);
|
154
|
+
/* Set by Store#purpose=. S/MIME signing. */
|
76
155
|
DefX509Const(PURPOSE_SMIME_SIGN);
|
156
|
+
/* Set by Store#purpose=. S/MIME encryption. */
|
77
157
|
DefX509Const(PURPOSE_SMIME_ENCRYPT);
|
158
|
+
/* Set by Store#purpose=. CRL signing */
|
78
159
|
DefX509Const(PURPOSE_CRL_SIGN);
|
160
|
+
/* Set by Store#purpose=. No checks. */
|
79
161
|
DefX509Const(PURPOSE_ANY);
|
80
|
-
#
|
162
|
+
/* Set by Store#purpose=. OCSP helper. */
|
81
163
|
DefX509Const(PURPOSE_OCSP_HELPER);
|
164
|
+
#if defined(X509_PURPOSE_TIMESTAMP_SIGN)
|
165
|
+
/* Set by Store#purpose=. Time stamps signer. */
|
166
|
+
DefX509Const(PURPOSE_TIMESTAMP_SIGN);
|
82
167
|
#endif
|
83
168
|
|
84
169
|
DefX509Const(TRUST_COMPAT);
|
@@ -86,11 +171,10 @@ Init_ossl_x509(void)
|
|
86
171
|
DefX509Const(TRUST_SSL_SERVER);
|
87
172
|
DefX509Const(TRUST_EMAIL);
|
88
173
|
DefX509Const(TRUST_OBJECT_SIGN);
|
89
|
-
#if defined(X509_TRUST_OCSP_SIGN)
|
90
174
|
DefX509Const(TRUST_OCSP_SIGN);
|
91
|
-
#endif
|
92
|
-
#if defined(X509_TRUST_OCSP_REQUEST)
|
93
175
|
DefX509Const(TRUST_OCSP_REQUEST);
|
176
|
+
#if defined(X509_TRUST_TSA)
|
177
|
+
DefX509Const(TRUST_TSA);
|
94
178
|
#endif
|
95
179
|
|
96
180
|
DefX509Default(CERT_AREA, cert_area);
|