2003-07-23 12:12:24 -04:00
|
|
|
/*
|
|
|
|
* 'OpenSSL for Ruby' project
|
|
|
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
|
|
|
* All rights reserved.
|
|
|
|
*/
|
|
|
|
/*
|
2015-04-19 23:55:09 -04:00
|
|
|
* This program is licensed under the same licence as Ruby.
|
2003-07-23 12:12:24 -04:00
|
|
|
* (See the file 'LICENCE'.)
|
|
|
|
*/
|
|
|
|
#include "ossl.h"
|
|
|
|
|
2015-05-29 01:55:02 -04:00
|
|
|
#define NewX509Store(klass) \
|
|
|
|
TypedData_Wrap_Struct((klass), &ossl_x509store_type, 0)
|
|
|
|
#define SetX509Store(obj, st) do { \
|
2011-03-19 23:43:40 -04:00
|
|
|
if (!(st)) { \
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
|
|
|
|
} \
|
2015-05-29 01:55:02 -04:00
|
|
|
RTYPEDDATA_DATA(obj) = (st); \
|
2003-07-23 12:12:24 -04:00
|
|
|
} while (0)
|
|
|
|
#define GetX509Store(obj, st) do { \
|
2014-12-12 19:06:48 -05:00
|
|
|
TypedData_Get_Struct((obj), X509_STORE, &ossl_x509store_type, (st)); \
|
2011-03-19 23:43:40 -04:00
|
|
|
if (!(st)) { \
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
|
|
|
|
} \
|
|
|
|
} while (0)
|
|
|
|
#define SafeGetX509Store(obj, st) do { \
|
2011-03-19 23:43:40 -04:00
|
|
|
OSSL_Check_Kind((obj), cX509Store); \
|
|
|
|
GetX509Store((obj), (st)); \
|
2003-07-23 12:12:24 -04:00
|
|
|
} while (0)
|
|
|
|
|
2015-05-29 01:55:02 -04:00
|
|
|
#define NewX509StCtx(klass) \
|
|
|
|
TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, 0)
|
|
|
|
#define SetX509StCtx(obj, ctx) do { \
|
2011-03-19 23:43:40 -04:00
|
|
|
if (!(ctx)) { \
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
|
|
|
|
} \
|
2015-05-29 01:55:02 -04:00
|
|
|
RTYPEDDATA_DATA(obj) = (ctx); \
|
2003-07-23 12:12:24 -04:00
|
|
|
} while (0)
|
|
|
|
#define GetX509StCtx(obj, ctx) do { \
|
2014-12-12 19:06:54 -05:00
|
|
|
TypedData_Get_Struct((obj), X509_STORE_CTX, &ossl_x509stctx_type, (ctx)); \
|
2011-03-19 23:43:40 -04:00
|
|
|
if (!(ctx)) { \
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
|
|
|
|
} \
|
|
|
|
} while (0)
|
|
|
|
#define SafeGetX509StCtx(obj, storep) do { \
|
2011-03-19 23:43:40 -04:00
|
|
|
OSSL_Check_Kind((obj), cX509StoreContext); \
|
|
|
|
GetX509Store((obj), (ctx)); \
|
2003-07-23 12:12:24 -04:00
|
|
|
} while (0)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Classes
|
|
|
|
*/
|
|
|
|
VALUE cX509Store;
|
|
|
|
VALUE cX509StoreContext;
|
|
|
|
VALUE eX509StoreError;
|
|
|
|
|
2014-12-12 19:06:48 -05:00
|
|
|
static void
|
|
|
|
ossl_x509store_free(void *ptr)
|
|
|
|
{
|
|
|
|
X509_STORE_free(ptr);
|
|
|
|
}
|
|
|
|
|
|
|
|
static const rb_data_type_t ossl_x509store_type = {
|
|
|
|
"OpenSSL/X509/STORE",
|
|
|
|
{
|
|
|
|
0, ossl_x509store_free,
|
|
|
|
},
|
|
|
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
|
|
|
};
|
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
/*
|
|
|
|
* Public functions
|
|
|
|
*/
|
2010-04-22 04:04:13 -04:00
|
|
|
VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509store_new(X509_STORE *store)
|
|
|
|
{
|
|
|
|
VALUE obj;
|
|
|
|
|
2015-05-29 01:55:02 -04:00
|
|
|
obj = NewX509Store(cX509Store);
|
|
|
|
SetX509Store(obj, store);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return obj;
|
|
|
|
}
|
|
|
|
|
|
|
|
X509_STORE *
|
|
|
|
GetX509StorePtr(VALUE obj)
|
|
|
|
{
|
|
|
|
X509_STORE *store;
|
|
|
|
|
|
|
|
SafeGetX509Store(obj, store);
|
|
|
|
|
|
|
|
return store;
|
|
|
|
}
|
|
|
|
|
|
|
|
X509_STORE *
|
|
|
|
DupX509StorePtr(VALUE obj)
|
2010-04-22 04:04:13 -04:00
|
|
|
{
|
2003-07-23 12:12:24 -04:00
|
|
|
X509_STORE *store;
|
|
|
|
|
|
|
|
SafeGetX509Store(obj, store);
|
|
|
|
CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
|
2010-04-22 04:04:13 -04:00
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
return store;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Private functions
|
|
|
|
*/
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509store_alloc(VALUE klass)
|
|
|
|
{
|
|
|
|
X509_STORE *store;
|
|
|
|
VALUE obj;
|
|
|
|
|
2015-05-29 01:55:02 -04:00
|
|
|
obj = NewX509Store(klass);
|
2003-07-23 12:12:24 -04:00
|
|
|
if((store = X509_STORE_new()) == NULL){
|
|
|
|
ossl_raise(eX509StoreError, NULL);
|
|
|
|
}
|
2015-05-29 01:55:02 -04:00
|
|
|
SetX509Store(obj, store);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return obj;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* General callback for OpenSSL verify
|
|
|
|
*/
|
|
|
|
static VALUE
|
|
|
|
ossl_x509store_set_vfy_cb(VALUE self, VALUE cb)
|
|
|
|
{
|
|
|
|
X509_STORE *store;
|
|
|
|
|
|
|
|
GetX509Store(self, store);
|
|
|
|
X509_STORE_set_ex_data(store, ossl_verify_cb_idx, (void*)cb);
|
|
|
|
rb_iv_set(self, "@verify_callback", cb);
|
|
|
|
|
|
|
|
return cb;
|
|
|
|
}
|
|
|
|
|
2007-04-05 15:03:28 -04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* call-seq:
|
|
|
|
* X509::Store.new => store
|
|
|
|
*
|
|
|
|
*/
|
2003-07-23 12:12:24 -04:00
|
|
|
static VALUE
|
|
|
|
ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
|
{
|
|
|
|
X509_STORE *store;
|
|
|
|
|
2007-04-05 15:03:28 -04:00
|
|
|
/* BUG: This method takes any number of arguments but appears to ignore them. */
|
2003-07-23 12:12:24 -04:00
|
|
|
GetX509Store(self, store);
|
2010-03-26 10:01:24 -04:00
|
|
|
store->ex_data.sk = NULL;
|
2003-07-23 12:12:24 -04:00
|
|
|
X509_STORE_set_verify_cb_func(store, ossl_verify_cb);
|
|
|
|
ossl_x509store_set_vfy_cb(self, Qnil);
|
|
|
|
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
|
2013-03-05 11:31:19 -05:00
|
|
|
rb_iv_set(self, "@flags", INT2FIX(0));
|
|
|
|
rb_iv_set(self, "@purpose", INT2FIX(0));
|
|
|
|
rb_iv_set(self, "@trust", INT2FIX(0));
|
2003-07-23 12:12:24 -04:00
|
|
|
#endif
|
|
|
|
|
|
|
|
/* last verification status */
|
|
|
|
rb_iv_set(self, "@error", Qnil);
|
|
|
|
rb_iv_set(self, "@error_string", Qnil);
|
|
|
|
rb_iv_set(self, "@chain", Qnil);
|
2005-08-22 16:47:55 -04:00
|
|
|
rb_iv_set(self, "@time", Qnil);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return self;
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509store_set_flags(VALUE self, VALUE flags)
|
|
|
|
{
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
|
|
|
X509_STORE *store;
|
2004-12-15 01:35:55 -05:00
|
|
|
long f = NUM2LONG(flags);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
GetX509Store(self, store);
|
2004-12-15 01:35:55 -05:00
|
|
|
X509_STORE_set_flags(store, f);
|
2003-07-23 12:12:24 -04:00
|
|
|
#else
|
|
|
|
rb_iv_set(self, "@flags", flags);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509store_set_purpose(VALUE self, VALUE purpose)
|
|
|
|
{
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
|
|
|
X509_STORE *store;
|
2011-03-24 00:49:18 -04:00
|
|
|
int p = NUM2INT(purpose);
|
2010-04-22 04:04:13 -04:00
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
GetX509Store(self, store);
|
2004-12-15 01:35:55 -05:00
|
|
|
X509_STORE_set_purpose(store, p);
|
2003-07-23 12:12:24 -04:00
|
|
|
#else
|
|
|
|
rb_iv_set(self, "@purpose", purpose);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return purpose;
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509store_set_trust(VALUE self, VALUE trust)
|
|
|
|
{
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
|
|
|
X509_STORE *store;
|
2011-03-24 00:49:18 -04:00
|
|
|
int t = NUM2INT(trust);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
GetX509Store(self, store);
|
2004-12-15 01:35:55 -05:00
|
|
|
X509_STORE_set_trust(store, t);
|
2003-07-23 12:12:24 -04:00
|
|
|
#else
|
|
|
|
rb_iv_set(self, "@trust", trust);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return trust;
|
|
|
|
}
|
|
|
|
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2004-10-15 05:16:19 -04:00
|
|
|
ossl_x509store_set_time(VALUE self, VALUE time)
|
|
|
|
{
|
|
|
|
rb_iv_set(self, "@time", time);
|
|
|
|
return time;
|
|
|
|
}
|
|
|
|
|
2012-10-02 15:36:26 -04:00
|
|
|
/*
|
|
|
|
* call-seq:
|
|
|
|
* store.add_file(file) -> store
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* Adds the certificates in +file+ to the certificate store. The +file+ can
|
|
|
|
* contain multiple PEM-encoded certificates.
|
|
|
|
*/
|
|
|
|
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509store_add_file(VALUE self, VALUE file)
|
|
|
|
{
|
|
|
|
X509_STORE *store;
|
|
|
|
X509_LOOKUP *lookup;
|
|
|
|
char *path = NULL;
|
|
|
|
|
|
|
|
if(file != Qnil){
|
2009-08-14 07:03:22 -04:00
|
|
|
SafeStringValue(file);
|
2006-08-31 06:30:33 -04:00
|
|
|
path = RSTRING_PTR(file);
|
2003-07-23 12:12:24 -04:00
|
|
|
}
|
|
|
|
GetX509Store(self, store);
|
|
|
|
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
|
|
|
|
if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
|
|
|
|
if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
|
|
|
|
ossl_raise(eX509StoreError, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
return self;
|
|
|
|
}
|
|
|
|
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509store_add_path(VALUE self, VALUE dir)
|
|
|
|
{
|
|
|
|
X509_STORE *store;
|
|
|
|
X509_LOOKUP *lookup;
|
|
|
|
char *path = NULL;
|
|
|
|
|
|
|
|
if(dir != Qnil){
|
2009-08-14 07:03:22 -04:00
|
|
|
SafeStringValue(dir);
|
2006-08-31 06:30:33 -04:00
|
|
|
path = RSTRING_PTR(dir);
|
2003-07-23 12:12:24 -04:00
|
|
|
}
|
|
|
|
GetX509Store(self, store);
|
|
|
|
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
|
|
|
|
if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
|
|
|
|
if(X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1){
|
|
|
|
ossl_raise(eX509StoreError, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
return self;
|
|
|
|
}
|
|
|
|
|
2012-10-02 15:36:26 -04:00
|
|
|
/*
|
|
|
|
* call-seq:
|
2013-04-15 22:24:09 -04:00
|
|
|
* store.set_default_paths
|
2012-10-02 15:36:26 -04:00
|
|
|
*
|
|
|
|
* Adds the default certificates to the certificate store. These certificates
|
|
|
|
* are loaded from the default configuration directory which can usually be
|
|
|
|
* determined by:
|
|
|
|
*
|
|
|
|
* File.dirname OpenSSL::Config::DEFAULT_CONFIG_FILE
|
|
|
|
*/
|
2005-02-11 03:42:57 -05:00
|
|
|
static VALUE
|
|
|
|
ossl_x509store_set_default_paths(VALUE self)
|
|
|
|
{
|
|
|
|
X509_STORE *store;
|
|
|
|
|
|
|
|
GetX509Store(self, store);
|
2005-08-22 16:47:55 -04:00
|
|
|
if (X509_STORE_set_default_paths(store) != 1){
|
|
|
|
ossl_raise(eX509StoreError, NULL);
|
|
|
|
}
|
2005-02-11 03:42:57 -05:00
|
|
|
|
|
|
|
return Qnil;
|
|
|
|
}
|
|
|
|
|
2012-10-02 15:36:26 -04:00
|
|
|
/*
|
|
|
|
* call-seq:
|
|
|
|
* store.add_cert(cert)
|
|
|
|
*
|
|
|
|
* Adds the OpenSSL::X509::Certificate +cert+ to the certificate store.
|
|
|
|
*/
|
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
static VALUE
|
|
|
|
ossl_x509store_add_cert(VALUE self, VALUE arg)
|
|
|
|
{
|
|
|
|
X509_STORE *store;
|
|
|
|
X509 *cert;
|
|
|
|
|
|
|
|
cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
|
|
|
|
GetX509Store(self, store);
|
2005-08-22 16:47:55 -04:00
|
|
|
if (X509_STORE_add_cert(store, cert) != 1){
|
|
|
|
ossl_raise(eX509StoreError, NULL);
|
|
|
|
}
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return self;
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509store_add_crl(VALUE self, VALUE arg)
|
|
|
|
{
|
|
|
|
X509_STORE *store;
|
|
|
|
X509_CRL *crl;
|
|
|
|
|
|
|
|
crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
|
|
|
|
GetX509Store(self, store);
|
2005-08-22 16:47:55 -04:00
|
|
|
if (X509_STORE_add_crl(store, crl) != 1){
|
|
|
|
ossl_raise(eX509StoreError, NULL);
|
|
|
|
}
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return self;
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE ossl_x509stctx_get_err(VALUE);
|
|
|
|
static VALUE ossl_x509stctx_get_err_string(VALUE);
|
|
|
|
static VALUE ossl_x509stctx_get_chain(VALUE);
|
|
|
|
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
|
|
|
|
{
|
|
|
|
VALUE cert, chain;
|
|
|
|
VALUE ctx, proc, result;
|
|
|
|
|
|
|
|
rb_scan_args(argc, argv, "11", &cert, &chain);
|
|
|
|
ctx = rb_funcall(cX509StoreContext, rb_intern("new"), 3, self, cert, chain);
|
|
|
|
proc = rb_block_given_p() ? rb_block_proc() :
|
|
|
|
rb_iv_get(self, "@verify_callback");
|
|
|
|
rb_iv_set(ctx, "@verify_callback", proc);
|
|
|
|
result = rb_funcall(ctx, rb_intern("verify"), 0);
|
|
|
|
|
|
|
|
rb_iv_set(self, "@error", ossl_x509stctx_get_err(ctx));
|
|
|
|
rb_iv_set(self, "@error_string", ossl_x509stctx_get_err_string(ctx));
|
|
|
|
rb_iv_set(self, "@chain", ossl_x509stctx_get_chain(ctx));
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Public Functions
|
|
|
|
*/
|
2014-12-12 19:06:54 -05:00
|
|
|
static void ossl_x509stctx_free(void*);
|
|
|
|
|
|
|
|
|
|
|
|
static const rb_data_type_t ossl_x509stctx_type = {
|
|
|
|
"OpenSSL/X509/STORE_CTX",
|
|
|
|
{
|
|
|
|
0, ossl_x509stctx_free,
|
|
|
|
},
|
|
|
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
|
|
|
};
|
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
VALUE
|
|
|
|
ossl_x509stctx_new(X509_STORE_CTX *ctx)
|
|
|
|
{
|
|
|
|
VALUE obj;
|
|
|
|
|
2015-05-29 01:55:02 -04:00
|
|
|
obj = NewX509StCtx(cX509StoreContext);
|
|
|
|
SetX509StCtx(obj, ctx);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return obj;
|
|
|
|
}
|
|
|
|
|
|
|
|
VALUE
|
|
|
|
ossl_x509stctx_clear_ptr(VALUE obj)
|
|
|
|
{
|
|
|
|
OSSL_Check_Kind(obj, cX509StoreContext);
|
|
|
|
RDATA(obj)->data = NULL;
|
|
|
|
|
|
|
|
return obj;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Private functions
|
|
|
|
*/
|
|
|
|
static void
|
2014-12-12 19:06:54 -05:00
|
|
|
ossl_x509stctx_free(void *ptr)
|
2003-07-23 12:12:24 -04:00
|
|
|
{
|
2014-12-12 19:06:54 -05:00
|
|
|
X509_STORE_CTX *ctx = ptr;
|
2003-07-23 12:12:24 -04:00
|
|
|
if(ctx->untrusted)
|
|
|
|
sk_X509_pop_free(ctx->untrusted, X509_free);
|
|
|
|
if(ctx->cert)
|
|
|
|
X509_free(ctx->cert);
|
|
|
|
X509_STORE_CTX_free(ctx);
|
|
|
|
}
|
|
|
|
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509stctx_alloc(VALUE klass)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
VALUE obj;
|
|
|
|
|
2015-05-29 01:55:02 -04:00
|
|
|
obj = NewX509StCtx(klass);
|
2003-07-23 12:12:24 -04:00
|
|
|
if((ctx = X509_STORE_CTX_new()) == NULL){
|
|
|
|
ossl_raise(eX509StoreError, NULL);
|
|
|
|
}
|
2015-05-29 01:55:02 -04:00
|
|
|
SetX509StCtx(obj, ctx);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return obj;
|
|
|
|
}
|
|
|
|
|
2004-10-15 05:16:19 -04:00
|
|
|
static VALUE ossl_x509stctx_set_flags(VALUE, VALUE);
|
|
|
|
static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE);
|
|
|
|
static VALUE ossl_x509stctx_set_trust(VALUE, VALUE);
|
|
|
|
static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
|
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
static VALUE
|
|
|
|
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
|
{
|
2005-05-27 16:20:29 -04:00
|
|
|
VALUE store, cert, chain, t;
|
2003-07-23 12:12:24 -04:00
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
X509_STORE *x509st;
|
|
|
|
X509 *x509 = NULL;
|
|
|
|
STACK_OF(X509) *x509s = NULL;
|
|
|
|
|
|
|
|
rb_scan_args(argc, argv, "12", &store, &cert, &chain);
|
2004-12-15 01:35:55 -05:00
|
|
|
GetX509StCtx(self, ctx);
|
2003-07-23 12:12:24 -04:00
|
|
|
SafeGetX509Store(store, x509st);
|
|
|
|
if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
|
|
|
|
if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
|
|
|
if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
|
|
|
|
sk_X509_pop_free(x509s, X509_free);
|
|
|
|
ossl_raise(eX509StoreError, NULL);
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
X509_STORE_CTX_init(ctx, x509st, x509, x509s);
|
2004-10-15 05:16:19 -04:00
|
|
|
ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags"));
|
|
|
|
ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose"));
|
|
|
|
ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust"));
|
2003-07-23 12:12:24 -04:00
|
|
|
#endif
|
2005-05-27 16:20:29 -04:00
|
|
|
if (!NIL_P(t = rb_iv_get(store, "@time")))
|
|
|
|
ossl_x509stctx_set_time(self, t);
|
2003-07-23 12:12:24 -04:00
|
|
|
rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
|
|
|
|
rb_iv_set(self, "@cert", cert);
|
|
|
|
|
|
|
|
return self;
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509stctx_verify(VALUE self)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
int result;
|
|
|
|
|
|
|
|
GetX509StCtx(self, ctx);
|
|
|
|
X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx,
|
|
|
|
(void*)rb_iv_get(self, "@verify_callback"));
|
|
|
|
result = X509_verify_cert(ctx);
|
|
|
|
|
|
|
|
return result ? Qtrue : Qfalse;
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509stctx_get_chain(VALUE self)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
STACK_OF(X509) *chain;
|
|
|
|
X509 *x509;
|
|
|
|
int i, num;
|
|
|
|
VALUE ary;
|
|
|
|
|
|
|
|
GetX509StCtx(self, ctx);
|
|
|
|
if((chain = X509_STORE_CTX_get_chain(ctx)) == NULL){
|
|
|
|
return Qnil;
|
|
|
|
}
|
|
|
|
if((num = sk_X509_num(chain)) < 0){
|
|
|
|
OSSL_Debug("certs in chain < 0???");
|
|
|
|
return rb_ary_new();
|
|
|
|
}
|
|
|
|
ary = rb_ary_new2(num);
|
|
|
|
for(i = 0; i < num; i++) {
|
|
|
|
x509 = sk_X509_value(chain, i);
|
|
|
|
rb_ary_push(ary, ossl_x509_new(x509));
|
|
|
|
}
|
|
|
|
|
|
|
|
return ary;
|
|
|
|
}
|
|
|
|
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509stctx_get_err(VALUE self)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
|
|
|
|
GetX509StCtx(self, ctx);
|
|
|
|
|
|
|
|
return INT2FIX(X509_STORE_CTX_get_error(ctx));
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509stctx_set_error(VALUE self, VALUE err)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
|
|
|
|
GetX509StCtx(self, ctx);
|
2008-05-29 13:41:56 -04:00
|
|
|
X509_STORE_CTX_set_error(ctx, NUM2INT(err));
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509stctx_get_err_string(VALUE self)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
long err;
|
|
|
|
|
|
|
|
GetX509StCtx(self, ctx);
|
|
|
|
err = X509_STORE_CTX_get_error(ctx);
|
|
|
|
|
|
|
|
return rb_str_new2(X509_verify_cert_error_string(err));
|
|
|
|
}
|
|
|
|
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509stctx_get_err_depth(VALUE self)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
|
|
|
|
GetX509StCtx(self, ctx);
|
|
|
|
|
|
|
|
return INT2FIX(X509_STORE_CTX_get_error_depth(ctx));
|
|
|
|
}
|
|
|
|
|
2010-04-22 04:04:13 -04:00
|
|
|
static VALUE
|
2003-07-23 12:12:24 -04:00
|
|
|
ossl_x509stctx_get_curr_cert(VALUE self)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
|
|
|
|
GetX509StCtx(self, ctx);
|
|
|
|
|
|
|
|
return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509stctx_get_curr_crl(VALUE self)
|
|
|
|
{
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
|
|
|
X509_STORE_CTX *ctx;
|
|
|
|
|
|
|
|
GetX509StCtx(self, ctx);
|
|
|
|
if(!ctx->current_crl) return Qnil;
|
|
|
|
|
|
|
|
return ossl_x509crl_new(ctx->current_crl);
|
|
|
|
#else
|
|
|
|
return Qnil;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *store;
|
2004-12-15 01:35:55 -05:00
|
|
|
long f = NUM2LONG(flags);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
GetX509StCtx(self, store);
|
2004-12-15 01:35:55 -05:00
|
|
|
X509_STORE_CTX_set_flags(store, f);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *store;
|
2011-03-24 00:49:18 -04:00
|
|
|
int p = NUM2INT(purpose);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
GetX509StCtx(self, store);
|
2004-12-15 01:35:55 -05:00
|
|
|
X509_STORE_CTX_set_purpose(store, p);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return purpose;
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *store;
|
2011-03-24 00:49:18 -04:00
|
|
|
int t = NUM2INT(trust);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
GetX509StCtx(self, store);
|
2004-12-15 01:35:55 -05:00
|
|
|
X509_STORE_CTX_set_trust(store, t);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
return trust;
|
|
|
|
}
|
|
|
|
|
2007-04-05 15:03:28 -04:00
|
|
|
/*
|
|
|
|
* call-seq:
|
|
|
|
* storectx.time = time => time
|
|
|
|
*/
|
2004-10-15 05:16:19 -04:00
|
|
|
static VALUE
|
|
|
|
ossl_x509stctx_set_time(VALUE self, VALUE time)
|
|
|
|
{
|
|
|
|
X509_STORE_CTX *store;
|
2005-05-27 16:20:29 -04:00
|
|
|
long t;
|
2004-10-15 05:16:19 -04:00
|
|
|
|
2005-05-27 16:20:29 -04:00
|
|
|
t = NUM2LONG(rb_Integer(time));
|
|
|
|
GetX509StCtx(self, store);
|
|
|
|
X509_STORE_CTX_set_time(store, 0, t);
|
2004-10-15 05:16:19 -04:00
|
|
|
|
|
|
|
return time;
|
|
|
|
}
|
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
/*
|
|
|
|
* INIT
|
|
|
|
*/
|
2010-04-22 04:04:13 -04:00
|
|
|
void
|
2014-09-30 01:25:32 -04:00
|
|
|
Init_ossl_x509store(void)
|
2003-07-23 12:12:24 -04:00
|
|
|
{
|
|
|
|
VALUE x509stctx;
|
|
|
|
|
2012-02-02 17:54:10 -05:00
|
|
|
#if 0
|
|
|
|
mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
|
|
|
|
mX509 = rb_define_module_under(mOSSL, "X509");
|
|
|
|
#endif
|
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError);
|
|
|
|
|
2012-02-02 17:54:10 -05:00
|
|
|
/* Document-class: OpenSSL::X509::Store
|
|
|
|
*
|
|
|
|
* The X509 certificate store holds trusted CA certificates used to verify
|
|
|
|
* peer certificates.
|
|
|
|
*
|
|
|
|
* The easiest way to create a useful certificate store is:
|
|
|
|
*
|
|
|
|
* cert_store = OpenSSL::X509::Store.new
|
|
|
|
* cert_store.set_default_paths
|
|
|
|
*
|
|
|
|
* This will use your system's built-in certificates.
|
|
|
|
*
|
|
|
|
* If your system does not have a default set of certificates you can
|
|
|
|
* obtain a set from Mozilla here: http://curl.haxx.se/docs/caextract.html
|
|
|
|
* (Note that this set does not have an HTTPS download option so you may
|
|
|
|
* wish to use the firefox-db2pem.sh script to extract the certificates
|
|
|
|
* from a local install to avoid man-in-the-middle attacks.)
|
|
|
|
*
|
|
|
|
* After downloading or generating a cacert.pem from the above link you
|
|
|
|
* can create a certificate store from the pem file like this:
|
|
|
|
*
|
|
|
|
* cert_store = OpenSSL::X509::Store.new
|
|
|
|
* cert_store.add_file 'cacert.pem'
|
|
|
|
*
|
|
|
|
* The certificate store can be used with an SSLSocket like this:
|
|
|
|
*
|
|
|
|
* ssl_context = OpenSSL::SSL::SSLContext.new
|
|
|
|
* ssl_context.cert_store = cert_store
|
|
|
|
*
|
|
|
|
* tcp_socket = TCPSocket.open 'example.com', 443
|
|
|
|
*
|
|
|
|
* ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
|
|
|
|
*/
|
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
cX509Store = rb_define_class_under(mX509, "Store", rb_cObject);
|
|
|
|
rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse);
|
|
|
|
rb_attr(cX509Store, rb_intern("error"), 1, 0, Qfalse);
|
|
|
|
rb_attr(cX509Store, rb_intern("error_string"), 1, 0, Qfalse);
|
|
|
|
rb_attr(cX509Store, rb_intern("chain"), 1, 0, Qfalse);
|
|
|
|
rb_define_alloc_func(cX509Store, ossl_x509store_alloc);
|
|
|
|
rb_define_method(cX509Store, "initialize", ossl_x509store_initialize, -1);
|
|
|
|
rb_define_method(cX509Store, "verify_callback=", ossl_x509store_set_vfy_cb, 1);
|
|
|
|
rb_define_method(cX509Store, "flags=", ossl_x509store_set_flags, 1);
|
|
|
|
rb_define_method(cX509Store, "purpose=", ossl_x509store_set_purpose, 1);
|
|
|
|
rb_define_method(cX509Store, "trust=", ossl_x509store_set_trust, 1);
|
2004-10-15 05:16:19 -04:00
|
|
|
rb_define_method(cX509Store, "time=", ossl_x509store_set_time, 1);
|
2003-07-23 12:12:24 -04:00
|
|
|
rb_define_method(cX509Store, "add_path", ossl_x509store_add_path, 1);
|
|
|
|
rb_define_method(cX509Store, "add_file", ossl_x509store_add_file, 1);
|
2005-02-11 03:42:57 -05:00
|
|
|
rb_define_method(cX509Store, "set_default_paths", ossl_x509store_set_default_paths, 0);
|
2003-07-23 12:12:24 -04:00
|
|
|
rb_define_method(cX509Store, "add_cert", ossl_x509store_add_cert, 1);
|
|
|
|
rb_define_method(cX509Store, "add_crl", ossl_x509store_add_crl, 1);
|
|
|
|
rb_define_method(cX509Store, "verify", ossl_x509store_verify, -1);
|
|
|
|
|
|
|
|
cX509StoreContext = rb_define_class_under(mX509,"StoreContext",rb_cObject);
|
|
|
|
x509stctx = cX509StoreContext;
|
|
|
|
rb_define_alloc_func(cX509StoreContext, ossl_x509stctx_alloc);
|
|
|
|
rb_define_method(x509stctx,"initialize", ossl_x509stctx_initialize, -1);
|
|
|
|
rb_define_method(x509stctx,"verify", ossl_x509stctx_verify, 0);
|
|
|
|
rb_define_method(x509stctx,"chain", ossl_x509stctx_get_chain,0);
|
|
|
|
rb_define_method(x509stctx,"error", ossl_x509stctx_get_err, 0);
|
|
|
|
rb_define_method(x509stctx,"error=", ossl_x509stctx_set_error, 1);
|
|
|
|
rb_define_method(x509stctx,"error_string",ossl_x509stctx_get_err_string,0);
|
|
|
|
rb_define_method(x509stctx,"error_depth", ossl_x509stctx_get_err_depth, 0);
|
|
|
|
rb_define_method(x509stctx,"current_cert",ossl_x509stctx_get_curr_cert, 0);
|
|
|
|
rb_define_method(x509stctx,"current_crl", ossl_x509stctx_get_curr_crl, 0);
|
|
|
|
rb_define_method(x509stctx,"flags=", ossl_x509stctx_set_flags, 1);
|
|
|
|
rb_define_method(x509stctx,"purpose=", ossl_x509stctx_set_purpose, 1);
|
|
|
|
rb_define_method(x509stctx,"trust=", ossl_x509stctx_set_trust, 1);
|
2004-10-15 05:16:19 -04:00
|
|
|
rb_define_method(x509stctx,"time=", ossl_x509stctx_set_time, 1);
|
2003-07-23 12:12:24 -04:00
|
|
|
|
|
|
|
}
|