static VALUE ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) { VALUE store, cert, chain, t; X509_STORE_CTX *ctx; X509_STORE *x509st; X509 *x509 = NULL; STACK_OF(X509) *x509s = NULL; rb_scan_args(argc, argv, "12", &store, &cert, &chain); GetX509StCtx(self, ctx); SafeGetX509Store(store, x509st); if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */ if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain); #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){ sk_X509_pop_free(x509s, X509_free); ossl_raise(eX509StoreError, NULL); } #else X509_STORE_CTX_init(ctx, x509st, x509, x509s); ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags")); ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose")); ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust")); #endif if (!NIL_P(t = rb_iv_get(store, "@time"))) ossl_x509stctx_set_time(self, t); rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); rb_iv_set(self, "@cert", cert); return self; }
static VALUE ossl_sslctx_add_extra_chain_cert_i(VALUE i, VALUE arg) { X509 *x509; SSL_CTX *ctx; Data_Get_Struct(arg, SSL_CTX, ctx); x509 = DupX509CertPtr(i); if(!SSL_CTX_add_extra_chain_cert(ctx, x509)){ ossl_raise(eSSLError, NULL); } return i; }
static int ossl_client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) { VALUE obj; int status, success; obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx); success = rb_protect((VALUE(*)_((VALUE)))ossl_call_client_cert_cb, obj, &status); if (status || !success) return 0; *x509 = DupX509CertPtr(ossl_ssl_get_x509(obj)); *pkey = DupPKeyPtr(ossl_ssl_get_key(obj)); return 1; }
/* * Data Conversion */ STACK_OF(X509) * ossl_x509_ary2sk0(VALUE ary) { STACK_OF(X509) *sk; VALUE val; X509 *x509; int i; Check_Type(ary, T_ARRAY); sk = sk_X509_new_null(); if (!sk) ossl_raise(eOSSLError, NULL); for (i = 0; i < RARRAY_LEN(ary); i++) { val = rb_ary_entry(ary, i); if (!rb_obj_is_kind_of(val, cX509Cert)) { sk_X509_pop_free(sk, X509_free); ossl_raise(eOSSLError, "object not X509 cert in array"); } x509 = DupX509CertPtr(val); /* NEED TO DUP */ sk_X509_push(sk, x509); } return sk; }