RubyGems - rubysl-openssl - Versions diffs - 2.10 → 2.11 - Mend

rubysl-openssl 2.10 → 2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

checksums.yaml +5 -5
data/ext/rubysl/openssl/deprecation.rb +7 -3
data/ext/rubysl/openssl/extconf.rb +148 -103
data/ext/rubysl/openssl/openssl_missing.c +94 -275
data/ext/rubysl/openssl/openssl_missing.h +167 -98
data/ext/rubysl/openssl/ossl.c +266 -212
data/ext/rubysl/openssl/ossl.h +27 -89
data/ext/rubysl/openssl/ossl_asn1.c +157 -221
data/ext/rubysl/openssl/ossl_asn1.h +11 -3
data/ext/rubysl/openssl/ossl_bio.c +10 -40
data/ext/rubysl/openssl/ossl_bio.h +1 -2
data/ext/rubysl/openssl/ossl_bn.c +144 -100
data/ext/rubysl/openssl/ossl_bn.h +3 -1
data/ext/rubysl/openssl/ossl_cipher.c +270 -195
data/ext/rubysl/openssl/ossl_config.c +7 -1
data/ext/rubysl/openssl/ossl_config.h +0 -1
data/ext/rubysl/openssl/ossl_digest.c +40 -29
data/ext/rubysl/openssl/ossl_engine.c +23 -62
data/ext/rubysl/openssl/ossl_hmac.c +82 -55
data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
data/ext/rubysl/openssl/ossl_pkey.c +151 -99
data/ext/rubysl/openssl/ossl_pkey.h +123 -29
data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
data/ext/rubysl/openssl/ossl_rand.c +25 -21
data/ext/rubysl/openssl/ossl_ssl.c +795 -413
data/ext/rubysl/openssl/ossl_ssl.h +3 -0
data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
data/ext/rubysl/openssl/ossl_version.h +1 -1
data/ext/rubysl/openssl/ossl_x509.c +92 -8
data/ext/rubysl/openssl/ossl_x509.h +14 -5
data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
data/ext/rubysl/openssl/ossl_x509name.c +68 -45
data/ext/rubysl/openssl/ossl_x509req.c +32 -38
data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
data/ext/rubysl/openssl/ossl_x509store.c +309 -104
data/ext/rubysl/openssl/ruby_missing.h +8 -6
data/lib/openssl/buffering.rb +11 -5
data/lib/openssl/cipher.rb +23 -15
data/lib/openssl/digest.rb +7 -10
data/lib/openssl/pkey.rb +15 -8
data/lib/openssl/ssl.rb +81 -105
data/lib/rubysl/openssl.rb +1 -4
data/lib/rubysl/openssl/version.rb +1 -1
metadata +3 -4

data/ext/rubysl/openssl/ossl_x509ext.c CHANGED Viewed

@@ -95,19 +95,6 @@ GetX509ExtPtr(VALUE obj)
     return ext;
 }
-X509_EXTENSION *
-DupX509ExtPtr(VALUE obj)
-{
-    X509_EXTENSION *ext, *new;
-    SafeGetX509Ext(obj, ext);
-    if (!(new = X509_EXTENSION_dup(ext))) {
-	ossl_raise(eX509ExtError, NULL);
-    }
-    return new;
-}
 /*
  * Private
  */
@@ -211,12 +198,11 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
 }
 /*
- * Array to X509_EXTENSION
- * Structure:
- * ["ln", "value", bool_critical] or
- * ["sn", "value", bool_critical] or
- * ["ln", "critical,value"] or the same for sn
- * ["ln", "value"] => not critical
+ * call-seq:
+ *   ef.create_ext(ln_or_sn, "value", critical = false) -> X509::Extension
+ *   ef.create_ext(ln_or_sn, "critical,value")          -> X509::Extension
+ *
+ * Creates a new X509::Extension with passed values. See also x509v3_config(5).
  */
 static VALUE
 ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
@@ -225,39 +211,32 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
     X509_EXTENSION *ext;
     VALUE oid, value, critical, valstr, obj;
     int nid;
-#ifdef HAVE_X509V3_EXT_NCONF_NID
     VALUE rconf;
     CONF *conf;
-#else
-    static LHASH *empty_lhash;
-#endif
     rb_scan_args(argc, argv, "21", &oid, &value, &critical);
-    StringValue(oid);
+    StringValueCStr(oid);
     StringValue(value);
     if(NIL_P(critical)) critical = Qfalse;
     nid = OBJ_ln2nid(RSTRING_PTR(oid));
     if(!nid) nid = OBJ_sn2nid(RSTRING_PTR(oid));
-    if(!nid) ossl_raise(eX509ExtError, "unknown OID `%s'", RSTRING_PTR(oid));
+    if(!nid) ossl_raise(eX509ExtError, "unknown OID `%"PRIsVALUE"'", oid);
     valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
     rb_str_append(valstr, value);
+    StringValueCStr(valstr);
     GetX509ExtFactory(self, ctx);
     obj = NewX509Ext(cX509Ext);
-#ifdef HAVE_X509V3_EXT_NCONF_NID
     rconf = rb_iv_get(self, "@config");
     conf = NIL_P(rconf) ? NULL : DupConfigPtr(rconf);
     X509V3_set_nconf(ctx, conf);
     ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));
     X509V3_set_ctx_nodb(ctx);
     NCONF_free(conf);
-#else
-    if (!empty_lhash) empty_lhash = lh_new(NULL, NULL);
-    ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr));
-#endif
     if (!ext){
-	ossl_raise(eX509ExtError, "%s = %s",
-		   RSTRING_PTR(oid), RSTRING_PTR(value));
+	ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
     }
     SetX509Ext(obj, ext);
@@ -319,6 +298,25 @@ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
+static VALUE
+ossl_x509ext_initialize_copy(VALUE self, VALUE other)
+{
+    X509_EXTENSION *ext, *ext_other, *ext_new;
+    rb_check_frozen(self);
+    GetX509Ext(self, ext);
+    SafeGetX509Ext(other, ext_other);
+    ext_new = X509_EXTENSION_dup(ext_other);
+    if (!ext_new)
+	ossl_raise(eX509ExtError, "X509_EXTENSION_dup");
+    SetX509Ext(self, ext_new);
+    X509_EXTENSION_free(ext);
+    return self;
+}
 static VALUE
 ossl_x509ext_set_oid(VALUE self, VALUE oid)
 {
@@ -402,7 +400,7 @@ ossl_x509ext_get_value(VALUE obj)
     if (!(out = BIO_new(BIO_s_mem())))
 	ossl_raise(eX509ExtError, NULL);
     if (!X509V3_EXT_print(out, ext, 0, 0))
-	M_ASN1_OCTET_STRING_print(out, ext->value);
+	ASN1_STRING_print(out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
     ret = ossl_membio2str(out);
     return ret;
@@ -443,6 +441,13 @@ ossl_x509ext_to_der(VALUE obj)
 void
 Init_ossl_x509ext(void)
 {
+#undef rb_intern
+#if 0
+    mOSSL = rb_define_module("OpenSSL");
+    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
+    mX509 = rb_define_module_under(mOSSL, "X509");
+#endif
     eX509ExtError = rb_define_class_under(mX509, "ExtensionError", eOSSLError);
     cX509ExtFactory = rb_define_class_under(mX509, "ExtensionFactory", rb_cObject);
@@ -465,6 +470,7 @@ Init_ossl_x509ext(void)
     cX509Ext = rb_define_class_under(mX509, "Extension", rb_cObject);
     rb_define_alloc_func(cX509Ext, ossl_x509ext_alloc);
     rb_define_method(cX509Ext, "initialize", ossl_x509ext_initialize, -1);
+    rb_define_copy_func(cX509Ext, ossl_x509ext_initialize_copy);
     rb_define_method(cX509Ext, "oid=", ossl_x509ext_set_oid, 1);
     rb_define_method(cX509Ext, "value=", ossl_x509ext_set_value, 1);
     rb_define_method(cX509Ext, "critical=", ossl_x509ext_set_critical, 1);

data/ext/rubysl/openssl/ossl_x509name.c CHANGED Viewed

@@ -181,6 +181,25 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
+static VALUE
+ossl_x509name_initialize_copy(VALUE self, VALUE other)
+{
+    X509_NAME *name, *name_other, *name_new;
+    rb_check_frozen(self);
+    GetX509Name(self, name);
+    SafeGetX509Name(other, name_other);
+    name_new = X509_NAME_dup(name_other);
+    if (!name_new)
+	ossl_raise(eX509NameError, "X509_NAME_dup");
+    SetX509Name(self, name_new);
+    X509_NAME_free(name);
+    return self;
+}
 /*
  * call-seq:
  *    name.add_entry(oid, value [, type]) => self
@@ -220,14 +239,31 @@ ossl_x509name_to_s_old(VALUE self)
 {
     X509_NAME *name;
     char *buf;
-    VALUE str;
     GetX509Name(self, name);
     buf = X509_NAME_oneline(name, NULL, 0);
-    str = rb_str_new2(buf);
-    OPENSSL_free(buf);
+    if (!buf)
+	ossl_raise(eX509NameError, "X509_NAME_oneline");
+    return ossl_buf2str(buf, rb_long2int(strlen(buf)));
+}
-    return str;
+static VALUE
+x509name_print(VALUE self, unsigned long iflag)
+{
+    X509_NAME *name;
+    BIO *out;
+    int ret;
+    GetX509Name(self, name);
+    out = BIO_new(BIO_s_mem());
+    if (!out)
+	ossl_raise(eX509NameError, NULL);
+    ret = X509_NAME_print_ex(out, name, 0, iflag);
+    if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
+	BIO_free(out);
+	ossl_raise(eX509NameError, "X509_NAME_print_ex");
+    }
+    return ossl_membio2str(out);
 }
 /*
@@ -245,25 +281,12 @@ ossl_x509name_to_s_old(VALUE self)
 static VALUE
 ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
 {
-    X509_NAME *name;
-    VALUE flag, str;
-    BIO *out;
-    unsigned long iflag;
-    rb_scan_args(argc, argv, "01", &flag);
-    if (NIL_P(flag))
+    rb_check_arity(argc, 0, 1);
+    /* name.to_s(nil) was allowed */
+    if (!argc || NIL_P(argv[0]))
 	return ossl_x509name_to_s_old(self);
-    else iflag = NUM2ULONG(flag);
-    if (!(out = BIO_new(BIO_s_mem())))
-	ossl_raise(eX509NameError, NULL);
-    GetX509Name(self, name);
-    if (!X509_NAME_print_ex(out, name, 0, iflag)){
-	BIO_free(out);
-	ossl_raise(eX509NameError, NULL);
-    }
-    str = ossl_membio2str(out);
-    return str;
+    else
+	return x509name_print(self, NUM2ULONG(argv[0]));
 }
 /*
@@ -282,6 +305,7 @@ ossl_x509name_to_a(VALUE self)
     char long_name[512];
     const char *short_name;
     VALUE ary, vname, ret;
+    ASN1_STRING *value;
     GetX509Name(self, name);
     entries = X509_NAME_entry_count(name);
@@ -294,7 +318,8 @@ ossl_x509name_to_a(VALUE self)
 	if (!(entry = X509_NAME_get_entry(name, i))) {
 	    ossl_raise(eX509NameError, NULL);
 	}
-	if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) {
+	if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name),
+			     X509_NAME_ENTRY_get_object(entry))) {
 	    ossl_raise(eX509NameError, NULL);
 	}
 	nid = OBJ_ln2nid(long_name);
@@ -304,10 +329,8 @@ ossl_x509name_to_a(VALUE self)
 	    short_name = OBJ_nid2sn(nid);
 	    vname = rb_str_new2(short_name); /*do not free*/
 	}
-	ary = rb_ary_new3(3,
-			  vname,
-        		  rb_str_new((const char *)entry->value->data, entry->value->length),
-        		  INT2FIX(entry->value->type));
+	value = X509_NAME_ENTRY_get_data(entry);
+	ary = rb_ary_new3(3, vname, asn1str_to_str(value), INT2NUM(value->type));
 	rb_ary_push(ret, ary);
     }
     return ret;
@@ -339,7 +362,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
     result = ossl_x509name_cmp0(self, other);
     if (result < 0) return INT2FIX(-1);
-    if (result > 1) return INT2FIX(1);
+    if (result > 0) return INT2FIX(1);
     return INT2FIX(0);
 }
@@ -353,12 +376,10 @@ ossl_x509name_cmp(VALUE self, VALUE other)
 static VALUE
 ossl_x509name_eql(VALUE self, VALUE other)
 {
-    int result;
+    if (!rb_obj_is_kind_of(other, cX509Name))
+	return Qfalse;
-    if(CLASS_OF(other) != cX509Name) return Qfalse;
-    result = ossl_x509name_cmp0(self, other);
-    return (result == 0) ? Qtrue : Qfalse;
+    return ossl_x509name_cmp0(self, other) == 0 ? Qtrue : Qfalse;
 }
 /*
@@ -445,8 +466,15 @@ ossl_x509name_to_der(VALUE self)
 void
 Init_ossl_x509name(void)
 {
+#undef rb_intern
     VALUE utf8str, ptrstr, ia5str, hash;
+#if 0
+    mOSSL = rb_define_module("OpenSSL");
+    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
+    mX509 = rb_define_module_under(mOSSL, "X509");
+#endif
     id_aref = rb_intern("[]");
     eX509NameError = rb_define_class_under(mX509, "NameError", eOSSLError);
     cX509Name = rb_define_class_under(mX509, "Name", rb_cObject);
@@ -455,6 +483,7 @@ Init_ossl_x509name(void)
     rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
     rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
+    rb_define_copy_func(cX509Name, ossl_x509name_initialize_copy);
     rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
     rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
     rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
@@ -471,8 +500,7 @@ Init_ossl_x509name(void)
     ptrstr = INT2NUM(V_ASN1_PRINTABLESTRING);
     ia5str = INT2NUM(V_ASN1_IA5STRING);
-    /* Document-const: DEFAULT_OBJECT_TYPE
-     *
+    /*
      * The default object type for name entries.
      */
     rb_define_const(cX509Name, "DEFAULT_OBJECT_TYPE", utf8str);
@@ -486,14 +514,12 @@ Init_ossl_x509name(void)
     rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
     rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
-    /* Document-const: OBJECT_TYPE_TEMPLATE
-     *
+    /*
      * The default object type template for name entries.
      */
     rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
-    /* Document-const: COMPAT
-     *
+    /*
      * A flag for #to_s.
      *
      * Breaks the name returned into multiple lines if longer than 80
@@ -501,24 +527,21 @@ Init_ossl_x509name(void)
      */
     rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT));
-    /* Document-const: RFC2253
-     *
+    /*
      * A flag for #to_s.
      *
      * Returns an RFC2253 format name.
      */
     rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253));
-    /* Document-const: ONELINE
-     *
+    /*
      * A flag for #to_s.
      *
      * Returns a more readable format than RFC2253.
      */
     rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE));
-    /* Document-const: MULTILINE
-     *
+    /*
      * A flag for #to_s.
      *
      * Returns a multiline format.

data/ext/rubysl/openssl/ossl_x509req.c CHANGED Viewed

@@ -123,7 +123,7 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self)
 	return self;
     }
     arg = ossl_to_der_if_possible(arg);
-    in = ossl_obj2bio(arg);
+    in = ossl_obj2bio(&arg);
     req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL);
     DATA_PTR(self) = x;
     if (!req) {
@@ -160,8 +160,6 @@ ossl_x509req_to_pem(VALUE self)
 {
     X509_REQ *req;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
     GetX509Req(self, req);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -171,11 +169,8 @@ ossl_x509req_to_pem(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
-    return str;
+    return ossl_membio2str(out);
 }
 static VALUE
@@ -203,8 +198,6 @@ ossl_x509req_to_text(VALUE self)
 {
     X509_REQ *req;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
     GetX509Req(self, req);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -214,11 +207,8 @@ ossl_x509req_to_text(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
-    return str;
+    return ossl_membio2str(out);
 }
 #if 0
@@ -250,7 +240,7 @@ ossl_x509req_get_version(VALUE self)
     GetX509Req(self, req);
     version = X509_REQ_get_version(req);
-    return LONG2FIX(version);
+    return LONG2NUM(version);
 }
 static VALUE
@@ -259,12 +249,12 @@ ossl_x509req_set_version(VALUE self, VALUE version)
     X509_REQ *req;
     long ver;
-    if ((ver = FIX2LONG(version)) < 0) {
+    if ((ver = NUM2LONG(version)) < 0) {
 	ossl_raise(eX509ReqError, "version must be >= 0!");
     }
     GetX509Req(self, req);
     if (!X509_REQ_set_version(req, ver)) {
-	ossl_raise(eX509ReqError, NULL);
+	ossl_raise(eX509ReqError, "X509_REQ_set_version");
     }
     return version;
@@ -302,23 +292,21 @@ static VALUE
 ossl_x509req_get_signature_algorithm(VALUE self)
 {
     X509_REQ *req;
+    const X509_ALGOR *alg;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
     GetX509Req(self, req);
     if (!(out = BIO_new(BIO_s_mem()))) {
 	ossl_raise(eX509ReqError, NULL);
     }
-    if (!i2a_ASN1_OBJECT(out, req->sig_alg->algorithm)) {
+    X509_REQ_get0_signature(req, NULL, &alg);
+    if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
-    return str;
+    return ossl_membio2str(out);
 }
 static VALUE
@@ -342,11 +330,10 @@ ossl_x509req_set_public_key(VALUE self, VALUE key)
     EVP_PKEY *pkey;
     GetX509Req(self, req);
-    pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
-    if (!X509_REQ_set_pubkey(req, pkey)) {
-	ossl_raise(eX509ReqError, NULL);
-    }
+    pkey = GetPKeyPtr(key);
+    ossl_pkey_check_public_key(pkey);
+    if (!X509_REQ_set_pubkey(req, pkey))
+	ossl_raise(eX509ReqError, "X509_REQ_set_pubkey");
     return key;
 }
@@ -375,18 +362,19 @@ ossl_x509req_verify(VALUE self, VALUE key)
 {
     X509_REQ *req;
     EVP_PKEY *pkey;
-    int i;
     GetX509Req(self, req);
-    pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
-    if ((i = X509_REQ_verify(req, pkey)) < 0) {
-	ossl_raise(eX509ReqError, NULL);
-    }
-    if (i > 0) {
+    pkey = GetPKeyPtr(key);
+    ossl_pkey_check_public_key(pkey);
+    switch (X509_REQ_verify(req, pkey)) {
+      case 1:
 	return Qtrue;
+      case 0:
+	ossl_clear_error();
+	return Qfalse;
+      default:
+	ossl_raise(eX509ReqError, NULL);
     }
-    return Qfalse;
 }
 static VALUE
@@ -426,8 +414,8 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
     }
     GetX509Req(self, req);
-    sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
-    req->req_info->attributes = NULL;
+    while ((attr = X509_REQ_delete_attr(req, 0)))
+	X509_ATTRIBUTE_free(attr);
     for (i=0;i<RARRAY_LEN(ary); i++) {
 	item = RARRAY_AREF(ary, i);
 	attr = GetX509AttrPtr(item);
@@ -457,6 +445,12 @@ ossl_x509req_add_attribute(VALUE self, VALUE attr)
 void
 Init_ossl_x509req(void)
 {
+#if 0
+    mOSSL = rb_define_module("OpenSSL");
+    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
+    mX509 = rb_define_module_under(mOSSL, "X509");
+#endif
     eX509ReqError = rb_define_class_under(mX509, "RequestError", eOSSLError);
     cX509Req = rb_define_class_under(mX509, "Request", rb_cObject);