/* * Sets X509_EXTENSIONs */ static VALUE ossl_x509crl_set_extensions(VALUE self, VALUE ary) { X509_CRL *crl; X509_EXTENSION *ext; int i; Check_Type(ary, T_ARRAY); /* All ary members should be X509 Extensions */ for (i=0; i<RARRAY_LEN(ary); i++) { OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext); } GetX509CRL(self, crl); sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free); crl->crl->extensions = NULL; for (i=0; i<RARRAY_LEN(ary); i++) { ext = DupX509ExtPtr(RARRAY_PTR(ary)[i]); if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */ X509_EXTENSION_free(ext); ossl_raise(eX509CRLError, NULL); } X509_EXTENSION_free(ext); } return ary; }
static VALUE ossl_x509crl_set_revoked(VALUE self, VALUE ary) { X509_CRL *crl; X509_REVOKED *rev; int i; Check_Type(ary, T_ARRAY); /* All ary members should be X509 Revoked */ for (i=0; i<RARRAY_LEN(ary); i++) { OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Rev); } GetX509CRL(self, crl); sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free); crl->crl->revoked = NULL; for (i=0; i<RARRAY_LEN(ary); i++) { rev = DupX509RevokedPtr(RARRAY_PTR(ary)[i]); if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */ ossl_raise(eX509CRLError, NULL); } } X509_CRL_sort(crl); return ary; }
static VALUE ossl_x509crl_set_revoked(VALUE self, VALUE ary) { X509_CRL *crl; X509_REVOKED *rev; STACK_OF(X509_REVOKED) *sk; long i; Check_Type(ary, T_ARRAY); /* All ary members should be X509 Revoked */ for (i=0; i<RARRAY_LEN(ary); i++) { OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev); } GetX509CRL(self, crl); if ((sk = X509_CRL_get_REVOKED(crl))) { while ((rev = sk_X509_REVOKED_pop(sk))) X509_REVOKED_free(rev); } for (i=0; i<RARRAY_LEN(ary); i++) { rev = DupX509RevokedPtr(RARRAY_AREF(ary, i)); if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */ X509_REVOKED_free(rev); ossl_raise(eX509CRLError, "X509_CRL_add0_revoked"); } } X509_CRL_sort(crl); return ary; }
/* * GetConfigPtr is a public C-level function for getting OpenSSL CONF struct * from an OpenSSL::Config(eConfig) instance. We decided to implement * OpenSSL::Config in Ruby level but we need to pass native CONF struct for * some OpenSSL features such as X509V3_EXT_*. */ CONF * GetConfigPtr(VALUE obj) { CONF *conf; VALUE str; BIO *bio; long eline = -1; OSSL_Check_Kind(obj, cConfig); str = rb_funcall(obj, rb_intern("to_s"), 0); bio = ossl_obj2bio(str); conf = NCONF_new(NULL); if(!conf) { BIO_free(bio); ossl_raise(eConfigError, NULL); } if(!NCONF_load_bio(conf, bio, &eline)) { BIO_free(bio); NCONF_free(conf); if (eline <= 0) ossl_raise(eConfigError, "wrong config format"); else ossl_raise(eConfigError, "error in line %d", eline); ossl_raise(eConfigError, NULL); } BIO_free(bio); return conf; }
VALUE ossl_x509stctx_clear_ptr(VALUE obj) { OSSL_Check_Kind(obj, cX509StoreContext); RDATA(obj)->data = NULL; return obj; }
CONF * DupConfigPtr(VALUE obj) { VALUE str; OSSL_Check_Kind(obj, cConfig); str = rb_funcall(obj, rb_intern("to_s"), 0); return parse_config(str, NULL); }
/* * call-seq: * SSLSocket.new(io) => aSSLSocket * SSLSocket.new(io, ctx) => aSSLSocket * * === Parameters * * +io+ is a real ruby IO object. Not an IO like object that responds to read/write. * * +ctx+ is an OpenSSLSSL::SSLContext. * * The OpenSSL::Buffering module provides additional IO methods. * * This method will freeze the SSLContext if one is provided; * however, session management is still allowed in the frozen SSLContext. */ static VALUE ossl_ssl_initialize(int argc, VALUE *argv, VALUE self) { VALUE io, ctx; if (rb_scan_args(argc, argv, "11", &io, &ctx) == 1) { ctx = rb_funcall(cSSLContext, rb_intern("new"), 0); } OSSL_Check_Kind(ctx, cSSLContext); Check_Type(io, T_FILE); ossl_ssl_set_io(self, io); ossl_ssl_set_ctx(self, ctx); ossl_ssl_set_sync_close(self, Qfalse); ossl_sslctx_setup(ctx); rb_call_super(0, 0); return self; }
/* * Sets X509_EXTENSIONs */ static VALUE ossl_x509crl_set_extensions(VALUE self, VALUE ary) { X509_CRL *crl; X509_EXTENSION *ext; long i; Check_Type(ary, T_ARRAY); /* All ary members should be X509 Extensions */ for (i=0; i<RARRAY_LEN(ary); i++) { OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509CRL(self, crl); while ((ext = X509_CRL_delete_ext(crl, 0))) X509_EXTENSION_free(ext); for (i=0; i<RARRAY_LEN(ary); i++) { ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */ if (!X509_CRL_add_ext(crl, ext, -1)) { ossl_raise(eX509CRLError, NULL); } } return ary; }
static VALUE ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, VALUE reason, VALUE revtime, VALUE thisupd, VALUE nextupd, VALUE ext) { OCSP_BASICRESP *bs; OCSP_SINGLERESP *single; OCSP_CERTID *id; int st, rsn; ASN1_TIME *ths, *nxt, *rev; int error, i, rstatus = 0; VALUE tmp; st = NUM2INT(status); rsn = NIL_P(status) ? 0 : NUM2INT(reason); if(!NIL_P(ext)) { /* All ary's members should be X509Extension */ Check_Type(ext, T_ARRAY); for (i = 0; i < RARRAY_LEN(ext); i++) OSSL_Check_Kind(RARRAY_AT(ext, i), cX509Ext); } error = 0; ths = nxt = rev = NULL; if(!NIL_P(revtime)) { tmp = rb_protect(rb_Integer, revtime, &rstatus); if(rstatus) goto err; rev = X509_gmtime_adj(NULL, NUM2INT(tmp)); } tmp = rb_protect(rb_Integer, thisupd, &rstatus); if(rstatus) goto err; ths = X509_gmtime_adj(NULL, NUM2INT(tmp)); tmp = rb_protect(rb_Integer, nextupd, &rstatus); if(rstatus) goto err; nxt = X509_gmtime_adj(NULL, NUM2INT(tmp)); GetOCSPBasicRes(self, bs); SafeGetOCSPCertId(cid, id); if(!(single = OCSP_basic_add1_status(bs, id, st, rsn, rev, ths, nxt))) { error = 1; goto err; } if(!NIL_P(ext)) { X509_EXTENSION *x509ext; sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free); single->singleExtensions = NULL; for(i = 0; i < RARRAY_LEN(ext); i++) { x509ext = DupX509ExtPtr(RARRAY_AT(ext, i)); if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)) { X509_EXTENSION_free(x509ext); error = 1; goto err; } X509_EXTENSION_free(x509ext); } } err: ASN1_TIME_free(ths); ASN1_TIME_free(nxt); ASN1_TIME_free(rev); if(error) ossl_raise(eOCSPError, NULL); if(rstatus) rb_jump_tag(rstatus); return self; }