rubysl-openssl 2.10 → 2.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/ext/rubysl/openssl/deprecation.rb +7 -3
- data/ext/rubysl/openssl/extconf.rb +148 -103
- data/ext/rubysl/openssl/openssl_missing.c +94 -275
- data/ext/rubysl/openssl/openssl_missing.h +167 -98
- data/ext/rubysl/openssl/ossl.c +266 -212
- data/ext/rubysl/openssl/ossl.h +27 -89
- data/ext/rubysl/openssl/ossl_asn1.c +157 -221
- data/ext/rubysl/openssl/ossl_asn1.h +11 -3
- data/ext/rubysl/openssl/ossl_bio.c +10 -40
- data/ext/rubysl/openssl/ossl_bio.h +1 -2
- data/ext/rubysl/openssl/ossl_bn.c +144 -100
- data/ext/rubysl/openssl/ossl_bn.h +3 -1
- data/ext/rubysl/openssl/ossl_cipher.c +270 -195
- data/ext/rubysl/openssl/ossl_config.c +7 -1
- data/ext/rubysl/openssl/ossl_config.h +0 -1
- data/ext/rubysl/openssl/ossl_digest.c +40 -29
- data/ext/rubysl/openssl/ossl_engine.c +23 -62
- data/ext/rubysl/openssl/ossl_hmac.c +82 -55
- data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
- data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
- data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
- data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
- data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
- data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
- data/ext/rubysl/openssl/ossl_pkey.c +151 -99
- data/ext/rubysl/openssl/ossl_pkey.h +123 -29
- data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
- data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
- data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
- data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
- data/ext/rubysl/openssl/ossl_rand.c +25 -21
- data/ext/rubysl/openssl/ossl_ssl.c +795 -413
- data/ext/rubysl/openssl/ossl_ssl.h +3 -0
- data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
- data/ext/rubysl/openssl/ossl_version.h +1 -1
- data/ext/rubysl/openssl/ossl_x509.c +92 -8
- data/ext/rubysl/openssl/ossl_x509.h +14 -5
- data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
- data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
- data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
- data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
- data/ext/rubysl/openssl/ossl_x509name.c +68 -45
- data/ext/rubysl/openssl/ossl_x509req.c +32 -38
- data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
- data/ext/rubysl/openssl/ossl_x509store.c +309 -104
- data/ext/rubysl/openssl/ruby_missing.h +8 -6
- data/lib/openssl/buffering.rb +11 -5
- data/lib/openssl/cipher.rb +23 -15
- data/lib/openssl/digest.rb +7 -10
- data/lib/openssl/pkey.rb +15 -8
- data/lib/openssl/ssl.rb +81 -105
- data/lib/rubysl/openssl.rb +1 -4
- data/lib/rubysl/openssl/version.rb +1 -1
- metadata +3 -4
@@ -28,12 +28,12 @@ static VALUE ossl_ssl_session_alloc(VALUE klass)
|
|
28
28
|
|
29
29
|
/*
|
30
30
|
* call-seq:
|
31
|
-
*
|
31
|
+
* Session.new(ssl_socket) -> Session
|
32
|
+
* Session.new(string) -> Session
|
32
33
|
*
|
33
|
-
*
|
34
|
-
*
|
35
|
-
|
36
|
-
*/
|
34
|
+
* Creates a new Session object from an instance of SSLSocket or DER/PEM encoded
|
35
|
+
* String.
|
36
|
+
*/
|
37
37
|
static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
|
38
38
|
{
|
39
39
|
SSL_SESSION *ctx = NULL;
|
@@ -46,10 +46,10 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
|
|
46
46
|
|
47
47
|
GetSSL(arg1, ssl);
|
48
48
|
|
49
|
-
if (
|
49
|
+
if ((ctx = SSL_get1_session(ssl)) == NULL)
|
50
50
|
ossl_raise(eSSLSession, "no session available");
|
51
51
|
} else {
|
52
|
-
BIO *in = ossl_obj2bio(arg1);
|
52
|
+
BIO *in = ossl_obj2bio(&arg1);
|
53
53
|
|
54
54
|
ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
|
55
55
|
|
@@ -73,25 +73,50 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
|
|
73
73
|
return self;
|
74
74
|
}
|
75
75
|
|
76
|
-
|
77
|
-
|
76
|
+
static VALUE
|
77
|
+
ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
|
78
|
+
{
|
79
|
+
SSL_SESSION *sess, *sess_other, *sess_new;
|
80
|
+
|
81
|
+
rb_check_frozen(self);
|
82
|
+
sess = RTYPEDDATA_DATA(self); /* XXX */
|
83
|
+
SafeGetSSLSession(other, sess_other);
|
84
|
+
|
85
|
+
sess_new = ASN1_dup((i2d_of_void *)i2d_SSL_SESSION, (d2i_of_void *)d2i_SSL_SESSION,
|
86
|
+
(char *)sess_other);
|
87
|
+
if (!sess_new)
|
88
|
+
ossl_raise(eSSLSession, "ASN1_dup");
|
89
|
+
|
90
|
+
RTYPEDDATA_DATA(self) = sess_new;
|
91
|
+
SSL_SESSION_free(sess);
|
92
|
+
|
93
|
+
return self;
|
94
|
+
}
|
95
|
+
|
96
|
+
#if !defined(HAVE_SSL_SESSION_CMP)
|
97
|
+
int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
|
78
98
|
{
|
79
|
-
|
80
|
-
|
99
|
+
unsigned int a_len;
|
100
|
+
const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
|
101
|
+
unsigned int b_len;
|
102
|
+
const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
|
103
|
+
|
104
|
+
if (SSL_SESSION_get_protocol_version(a) != SSL_SESSION_get_protocol_version(b))
|
81
105
|
return 1;
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
return CRYPTO_memcmp(
|
86
|
-
#endif
|
106
|
+
if (a_len != b_len)
|
107
|
+
return 1;
|
108
|
+
|
109
|
+
return CRYPTO_memcmp(a_sid, b_sid, a_len);
|
87
110
|
}
|
111
|
+
#define SSL_SESSION_cmp(a, b) ossl_SSL_SESSION_cmp(a, b)
|
88
112
|
#endif
|
89
113
|
|
90
114
|
/*
|
91
115
|
* call-seq:
|
92
|
-
*
|
116
|
+
* session1 == session2 -> boolean
|
93
117
|
*
|
94
|
-
|
118
|
+
* Returns true if the two Session is the same, false if not.
|
119
|
+
*/
|
95
120
|
static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
|
96
121
|
{
|
97
122
|
SSL_SESSION *ctx1, *ctx2;
|
@@ -109,51 +134,50 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
|
|
109
134
|
* call-seq:
|
110
135
|
* session.time -> Time
|
111
136
|
*
|
112
|
-
*
|
113
|
-
|
114
|
-
|
115
|
-
|
137
|
+
* Returns the time at which the session was established.
|
138
|
+
*/
|
139
|
+
static VALUE
|
140
|
+
ossl_ssl_session_get_time(VALUE self)
|
116
141
|
{
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
GetSSLSession(self, ctx);
|
142
|
+
SSL_SESSION *ctx;
|
143
|
+
long t;
|
121
144
|
|
122
|
-
|
145
|
+
GetSSLSession(self, ctx);
|
146
|
+
t = SSL_SESSION_get_time(ctx);
|
147
|
+
if (t == 0)
|
148
|
+
return Qnil;
|
123
149
|
|
124
|
-
|
125
|
-
return Qnil;
|
126
|
-
|
127
|
-
return rb_funcall(rb_cTime, rb_intern("at"), 1, TIMET2NUM(t));
|
150
|
+
return rb_funcall(rb_cTime, rb_intern("at"), 1, LONG2NUM(t));
|
128
151
|
}
|
129
152
|
|
130
153
|
/*
|
131
154
|
* call-seq:
|
132
|
-
* session.timeout ->
|
155
|
+
* session.timeout -> Integer
|
133
156
|
*
|
134
|
-
*
|
157
|
+
* Returns the timeout value set for the session, in seconds from the
|
158
|
+
* established time.
|
135
159
|
*
|
136
|
-
*/
|
137
|
-
static VALUE
|
160
|
+
*/
|
161
|
+
static VALUE
|
162
|
+
ossl_ssl_session_get_timeout(VALUE self)
|
138
163
|
{
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
GetSSLSession(self, ctx);
|
164
|
+
SSL_SESSION *ctx;
|
165
|
+
long t;
|
143
166
|
|
144
|
-
|
167
|
+
GetSSLSession(self, ctx);
|
168
|
+
t = SSL_SESSION_get_timeout(ctx);
|
145
169
|
|
146
|
-
|
170
|
+
return LONG2NUM(t);
|
147
171
|
}
|
148
172
|
|
149
173
|
/*
|
150
174
|
* call-seq:
|
151
|
-
* session.time=
|
152
|
-
* session.time=
|
175
|
+
* session.time = time
|
176
|
+
* session.time = integer
|
153
177
|
*
|
154
178
|
* Sets start time of the session. Time resolution is in seconds.
|
155
179
|
*
|
156
|
-
*/
|
180
|
+
*/
|
157
181
|
static VALUE ossl_ssl_session_set_time(VALUE self, VALUE time_v)
|
158
182
|
{
|
159
183
|
SSL_SESSION *ctx;
|
@@ -170,11 +194,10 @@ static VALUE ossl_ssl_session_set_time(VALUE self, VALUE time_v)
|
|
170
194
|
|
171
195
|
/*
|
172
196
|
* call-seq:
|
173
|
-
* session.timeout=
|
197
|
+
* session.timeout = integer
|
174
198
|
*
|
175
199
|
* Sets how long until the session expires in seconds.
|
176
|
-
|
177
|
-
*/
|
200
|
+
*/
|
178
201
|
static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
|
179
202
|
{
|
180
203
|
SSL_SESSION *ctx;
|
@@ -186,10 +209,9 @@ static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
|
|
186
209
|
return ossl_ssl_session_get_timeout(self);
|
187
210
|
}
|
188
211
|
|
189
|
-
#ifdef HAVE_SSL_SESSION_GET_ID
|
190
212
|
/*
|
191
213
|
* call-seq:
|
192
|
-
* session.id ->
|
214
|
+
* session.id -> String
|
193
215
|
*
|
194
216
|
* Returns the Session ID.
|
195
217
|
*/
|
@@ -205,14 +227,13 @@ static VALUE ossl_ssl_session_get_id(VALUE self)
|
|
205
227
|
|
206
228
|
return rb_str_new((const char *) p, i);
|
207
229
|
}
|
208
|
-
#endif
|
209
230
|
|
210
231
|
/*
|
211
232
|
* call-seq:
|
212
|
-
* session.to_der ->
|
233
|
+
* session.to_der -> String
|
213
234
|
*
|
214
235
|
* Returns an ASN1 encoded String that contains the Session object.
|
215
|
-
*/
|
236
|
+
*/
|
216
237
|
static VALUE ossl_ssl_session_to_der(VALUE self)
|
217
238
|
{
|
218
239
|
SSL_SESSION *ctx;
|
@@ -238,14 +259,11 @@ static VALUE ossl_ssl_session_to_der(VALUE self)
|
|
238
259
|
* session.to_pem -> String
|
239
260
|
*
|
240
261
|
* Returns a PEM encoded String that contains the Session object.
|
241
|
-
*/
|
262
|
+
*/
|
242
263
|
static VALUE ossl_ssl_session_to_pem(VALUE self)
|
243
264
|
{
|
244
265
|
SSL_SESSION *ctx;
|
245
266
|
BIO *out;
|
246
|
-
BUF_MEM *buf;
|
247
|
-
VALUE str;
|
248
|
-
int i;
|
249
267
|
|
250
268
|
GetSSLSession(self, ctx);
|
251
269
|
|
@@ -253,16 +271,13 @@ static VALUE ossl_ssl_session_to_pem(VALUE self)
|
|
253
271
|
ossl_raise(eSSLSession, "BIO_s_mem()");
|
254
272
|
}
|
255
273
|
|
256
|
-
if (!
|
274
|
+
if (!PEM_write_bio_SSL_SESSION(out, ctx)) {
|
257
275
|
BIO_free(out);
|
258
276
|
ossl_raise(eSSLSession, "SSL_SESSION_print()");
|
259
277
|
}
|
260
278
|
|
261
|
-
BIO_get_mem_ptr(out, &buf);
|
262
|
-
str = rb_str_new(buf->data, buf->length);
|
263
|
-
BIO_free(out);
|
264
279
|
|
265
|
-
return
|
280
|
+
return ossl_membio2str(out);
|
266
281
|
}
|
267
282
|
|
268
283
|
|
@@ -270,14 +285,12 @@ static VALUE ossl_ssl_session_to_pem(VALUE self)
|
|
270
285
|
* call-seq:
|
271
286
|
* session.to_text -> String
|
272
287
|
*
|
273
|
-
* Shows everything in the Session object.
|
274
|
-
*/
|
288
|
+
* Shows everything in the Session object. This is for diagnostic purposes.
|
289
|
+
*/
|
275
290
|
static VALUE ossl_ssl_session_to_text(VALUE self)
|
276
291
|
{
|
277
292
|
SSL_SESSION *ctx;
|
278
293
|
BIO *out;
|
279
|
-
BUF_MEM *buf;
|
280
|
-
VALUE str;
|
281
294
|
|
282
295
|
GetSSLSession(self, ctx);
|
283
296
|
|
@@ -290,25 +303,23 @@ static VALUE ossl_ssl_session_to_text(VALUE self)
|
|
290
303
|
ossl_raise(eSSLSession, "SSL_SESSION_print()");
|
291
304
|
}
|
292
305
|
|
293
|
-
|
294
|
-
str = rb_str_new(buf->data, buf->length);
|
295
|
-
BIO_free(out);
|
296
|
-
|
297
|
-
return str;
|
306
|
+
return ossl_membio2str(out);
|
298
307
|
}
|
299
308
|
|
300
309
|
|
301
310
|
void Init_ossl_ssl_session(void)
|
302
311
|
{
|
303
312
|
#if 0
|
304
|
-
|
305
|
-
|
313
|
+
mOSSL = rb_define_module("OpenSSL");
|
314
|
+
mSSL = rb_define_module_under(mOSSL, "SSL");
|
315
|
+
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
306
316
|
#endif
|
307
317
|
cSSLSession = rb_define_class_under(mSSL, "Session", rb_cObject);
|
308
318
|
eSSLSession = rb_define_class_under(cSSLSession, "SessionError", eOSSLError);
|
309
319
|
|
310
320
|
rb_define_alloc_func(cSSLSession, ossl_ssl_session_alloc);
|
311
321
|
rb_define_method(cSSLSession, "initialize", ossl_ssl_session_initialize, 1);
|
322
|
+
rb_define_copy_func(cSSLSession, ossl_ssl_session_initialize_copy);
|
312
323
|
|
313
324
|
rb_define_method(cSSLSession, "==", ossl_ssl_session_eq, 1);
|
314
325
|
|
@@ -316,12 +327,7 @@ void Init_ossl_ssl_session(void)
|
|
316
327
|
rb_define_method(cSSLSession, "time=", ossl_ssl_session_set_time, 1);
|
317
328
|
rb_define_method(cSSLSession, "timeout", ossl_ssl_session_get_timeout, 0);
|
318
329
|
rb_define_method(cSSLSession, "timeout=", ossl_ssl_session_set_timeout, 1);
|
319
|
-
|
320
|
-
#ifdef HAVE_SSL_SESSION_GET_ID
|
321
330
|
rb_define_method(cSSLSession, "id", ossl_ssl_session_get_id, 0);
|
322
|
-
#else
|
323
|
-
rb_undef_method(cSSLSession, "id");
|
324
|
-
#endif
|
325
331
|
rb_define_method(cSSLSession, "to_der", ossl_ssl_session_to_der, 0);
|
326
332
|
rb_define_method(cSSLSession, "to_pem", ossl_ssl_session_to_pem, 0);
|
327
333
|
rb_define_method(cSSLSession, "to_text", ossl_ssl_session_to_text, 0);
|
@@ -11,13 +11,33 @@
|
|
11
11
|
|
12
12
|
VALUE mX509;
|
13
13
|
|
14
|
-
#define DefX509Const(x) rb_define_const(mX509, #x,
|
14
|
+
#define DefX509Const(x) rb_define_const(mX509, #x, INT2NUM(X509_##x))
|
15
15
|
#define DefX509Default(x,i) \
|
16
16
|
rb_define_const(mX509, "DEFAULT_" #x, rb_str_new2(X509_get_default_##i()))
|
17
17
|
|
18
|
+
ASN1_TIME *
|
19
|
+
ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
|
20
|
+
{
|
21
|
+
time_t sec;
|
22
|
+
|
23
|
+
#if defined(HAVE_ASN1_TIME_ADJ)
|
24
|
+
int off_days;
|
25
|
+
|
26
|
+
ossl_time_split(time, &sec, &off_days);
|
27
|
+
return X509_time_adj_ex(s, off_days, 0, &sec);
|
28
|
+
#else
|
29
|
+
sec = time_to_time_t(time);
|
30
|
+
return X509_time_adj(s, 0, &sec);
|
31
|
+
#endif
|
32
|
+
}
|
33
|
+
|
18
34
|
void
|
19
35
|
Init_ossl_x509(void)
|
20
36
|
{
|
37
|
+
#if 0
|
38
|
+
mOSSL = rb_define_module("OpenSSL");
|
39
|
+
#endif
|
40
|
+
|
21
41
|
mX509 = rb_define_module_under(mOSSL, "X509");
|
22
42
|
|
23
43
|
Init_ossl_x509attr();
|
@@ -63,22 +83,87 @@ Init_ossl_x509(void)
|
|
63
83
|
DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
|
64
84
|
DefX509Const(V_ERR_APPLICATION_VERIFICATION);
|
65
85
|
|
66
|
-
#
|
86
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for the
|
87
|
+
* certificate chain leaf. */
|
67
88
|
DefX509Const(V_FLAG_CRL_CHECK);
|
68
|
-
#
|
69
|
-
|
89
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for all
|
90
|
+
* certificates in the certificate chain */
|
70
91
|
DefX509Const(V_FLAG_CRL_CHECK_ALL);
|
92
|
+
/* Set by Store#flags= and StoreContext#flags=. Disables critical extension
|
93
|
+
* checking. */
|
94
|
+
DefX509Const(V_FLAG_IGNORE_CRITICAL);
|
95
|
+
/* Set by Store#flags= and StoreContext#flags=. Disables workarounds for
|
96
|
+
* broken certificates. */
|
97
|
+
DefX509Const(V_FLAG_X509_STRICT);
|
98
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables proxy certificate
|
99
|
+
* verification. */
|
100
|
+
DefX509Const(V_FLAG_ALLOW_PROXY_CERTS);
|
101
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables certificate policy
|
102
|
+
* constraints checking. */
|
103
|
+
DefX509Const(V_FLAG_POLICY_CHECK);
|
104
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
105
|
+
* Implies V_FLAG_POLICY_CHECK */
|
106
|
+
DefX509Const(V_FLAG_EXPLICIT_POLICY);
|
107
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
108
|
+
* Implies V_FLAG_POLICY_CHECK */
|
109
|
+
DefX509Const(V_FLAG_INHIBIT_ANY);
|
110
|
+
/* Set by Store#flags= and StoreContext#flags=.
|
111
|
+
* Implies V_FLAG_POLICY_CHECK */
|
112
|
+
DefX509Const(V_FLAG_INHIBIT_MAP);
|
113
|
+
/* Set by Store#flags= and StoreContext#flags=. */
|
114
|
+
DefX509Const(V_FLAG_NOTIFY_POLICY);
|
115
|
+
#if defined(X509_V_FLAG_EXTENDED_CRL_SUPPORT)
|
116
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables some additional
|
117
|
+
* features including support for indirect signed CRLs. */
|
118
|
+
DefX509Const(V_FLAG_EXTENDED_CRL_SUPPORT);
|
119
|
+
#endif
|
120
|
+
#if defined(X509_V_FLAG_USE_DELTAS)
|
121
|
+
/* Set by Store#flags= and StoreContext#flags=. Uses delta CRLs. If not
|
122
|
+
* specified, deltas are ignored. */
|
123
|
+
DefX509Const(V_FLAG_USE_DELTAS);
|
124
|
+
#endif
|
125
|
+
#if defined(X509_V_FLAG_CHECK_SS_SIGNATURE)
|
126
|
+
/* Set by Store#flags= and StoreContext#flags=. Enables checking of the
|
127
|
+
* signature of the root self-signed CA. */
|
128
|
+
DefX509Const(V_FLAG_CHECK_SS_SIGNATURE);
|
129
|
+
#endif
|
130
|
+
#if defined(X509_V_FLAG_TRUSTED_FIRST)
|
131
|
+
/* Set by Store#flags= and StoreContext#flags=. When constructing a
|
132
|
+
* certificate chain, search the Store first for the issuer certificate.
|
133
|
+
* Enabled by default in OpenSSL >= 1.1.0. */
|
134
|
+
DefX509Const(V_FLAG_TRUSTED_FIRST);
|
135
|
+
#endif
|
136
|
+
#if defined(X509_V_FLAG_NO_ALT_CHAINS)
|
137
|
+
/* Set by Store#flags= and StoreContext#flags=. Suppresses searching for
|
138
|
+
* a alternative chain. No effect in OpenSSL >= 1.1.0. */
|
139
|
+
DefX509Const(V_FLAG_NO_ALT_CHAINS);
|
140
|
+
#endif
|
141
|
+
#if defined(X509_V_FLAG_NO_CHECK_TIME)
|
142
|
+
/* Set by Store#flags= and StoreContext#flags=. Suppresses checking the
|
143
|
+
* validity period of certificates and CRLs. No effect when the current
|
144
|
+
* time is explicitly set by Store#time= or StoreContext#time=. */
|
145
|
+
DefX509Const(V_FLAG_NO_CHECK_TIME);
|
71
146
|
#endif
|
72
147
|
|
148
|
+
/* Set by Store#purpose=. SSL/TLS client. */
|
73
149
|
DefX509Const(PURPOSE_SSL_CLIENT);
|
150
|
+
/* Set by Store#purpose=. SSL/TLS server. */
|
74
151
|
DefX509Const(PURPOSE_SSL_SERVER);
|
152
|
+
/* Set by Store#purpose=. Netscape SSL server. */
|
75
153
|
DefX509Const(PURPOSE_NS_SSL_SERVER);
|
154
|
+
/* Set by Store#purpose=. S/MIME signing. */
|
76
155
|
DefX509Const(PURPOSE_SMIME_SIGN);
|
156
|
+
/* Set by Store#purpose=. S/MIME encryption. */
|
77
157
|
DefX509Const(PURPOSE_SMIME_ENCRYPT);
|
158
|
+
/* Set by Store#purpose=. CRL signing */
|
78
159
|
DefX509Const(PURPOSE_CRL_SIGN);
|
160
|
+
/* Set by Store#purpose=. No checks. */
|
79
161
|
DefX509Const(PURPOSE_ANY);
|
80
|
-
#
|
162
|
+
/* Set by Store#purpose=. OCSP helper. */
|
81
163
|
DefX509Const(PURPOSE_OCSP_HELPER);
|
164
|
+
#if defined(X509_PURPOSE_TIMESTAMP_SIGN)
|
165
|
+
/* Set by Store#purpose=. Time stamps signer. */
|
166
|
+
DefX509Const(PURPOSE_TIMESTAMP_SIGN);
|
82
167
|
#endif
|
83
168
|
|
84
169
|
DefX509Const(TRUST_COMPAT);
|
@@ -86,11 +171,10 @@ Init_ossl_x509(void)
|
|
86
171
|
DefX509Const(TRUST_SSL_SERVER);
|
87
172
|
DefX509Const(TRUST_EMAIL);
|
88
173
|
DefX509Const(TRUST_OBJECT_SIGN);
|
89
|
-
#if defined(X509_TRUST_OCSP_SIGN)
|
90
174
|
DefX509Const(TRUST_OCSP_SIGN);
|
91
|
-
#endif
|
92
|
-
#if defined(X509_TRUST_OCSP_REQUEST)
|
93
175
|
DefX509Const(TRUST_OCSP_REQUEST);
|
176
|
+
#if defined(X509_TRUST_TSA)
|
177
|
+
DefX509Const(TRUST_TSA);
|
94
178
|
#endif
|
95
179
|
|
96
180
|
DefX509Default(CERT_AREA, cert_area);
|