* ext/openssl/lib/openssl/buffering.rb (Buffering#initialize):

add new method to inherit @sync from @io.sync.

* ext/openssl/lib/net/protocols.rb (SSLIO#ssl_connect): no need to
  set sync flag explicitly.

* ext/openssl/ossl_ssl.c (ossl_sslctx_initialize): call super.

* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): set extra chain
  certificates in @extra_chain_cert.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4859 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,16 @@
+Thu Oct 30 02:25:48 2003  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* ext/openssl/lib/openssl/buffering.rb (Buffering#initialize):
+	  add new method to inherit @sync from @io.sync.
+
+	* ext/openssl/lib/net/protocols.rb (SSLIO#ssl_connect): no need to
+	  set sync flag explicitly.
+
+	* ext/openssl/ossl_ssl.c (ossl_sslctx_initialize): call super.
+
+	* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): set extra chain
+	  certificates in @extra_chain_cert.
+
 Wed Oct 29 22:02:04 2003  NAKAMURA, Hiroshi  <nahi@ruby-lang.org>
 
 	* test/drb/drbtest.rb: use rbconfig.rb to make the path of ruby

ext/openssl/lib/net/protocols.rb

@@ -45,7 +45,6 @@ module Net
         @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
       @socket = OpenSSL::SSL::SSLSocket.new(@socket, @ssl_context)
-      @socket.sync = true
       @socket.sync_close = true
       @socket.connect
     end

ext/openssl/lib/openssl/buffering.rb

@@ -19,6 +19,10 @@ module Buffering
   attr_accessor :sync
   BLOCK_SIZE = 1024*16
 
+  def initialize(*args)
+    @sync = @io.sync
+  end
+
   #
   # for reading.
   #

ext/openssl/lib/openssl/ssl.rb

@@ -71,7 +71,6 @@ module OpenSSL
         sock = @svr.accept
         begin
           ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
-          ssl.sync = true
           ssl.sync_close = true
           ssl.accept if @start_immediately
           ssl

ext/openssl/ossl_ssl.c

@@ -44,6 +44,7 @@ VALUE cSSLSocket;
 #define ossl_sslctx_set_verify_cb(o,v)   rb_iv_set((o),"@verify_callback",(v))
 #define ossl_sslctx_set_options(o,v)     rb_iv_set((o),"@options",(v))
 #define ossl_sslctx_set_cert_store(o,v)  rb_iv_set((o),"@cert_store",(v))
+#define ossl_sslctx_set_extra_cert(o,v)  rb_iv_set((o),"@extra_chain_cert",(v))
 
 #define ossl_sslctx_get_cert(o)          rb_iv_get((o),"@cert")
 #define ossl_sslctx_get_key(o)           rb_iv_get((o),"@key")
@@ -56,11 +57,12 @@ VALUE cSSLSocket;
 #define ossl_sslctx_get_verify_cb(o)     rb_iv_get((o),"@verify_callback")
 #define ossl_sslctx_get_options(o)       rb_iv_get((o),"@options")
 #define ossl_sslctx_get_cert_store(o)    rb_iv_get((o),"@cert_store")
+#define ossl_sslctx_get_extra_cert(o)    rb_iv_get((o),"@extra_chain_cert")
 
 static char *ossl_sslctx_attrs[] = {
     "cert", "key", "client_ca", "ca_file", "ca_path",
     "timeout", "verify_mode", "verify_depth",
-    "verify_callback", "options", "cert_store",
+    "verify_callback", "options", "cert_store", "extra_chain_cert"
 };
 
 struct {
@@ -159,6 +161,21 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
     return ossl_verify_cb(preverify_ok, ctx);
 }
 
+static VALUE
+ossl_sslctx_add_extra_chain_cert_i(VALUE i, VALUE arg)
+{
+    X509 *x509;
+    SSL_CTX *ctx;
+
+    Data_Get_Struct(arg, SSL_CTX, ctx);
+    x509 = DupX509CertPtr(i);
+    if(!SSL_CTX_add_extra_chain_cert(ctx, x509)){
+	ossl_raise(eSSLError, NULL);
+    }
+
+    return i;
+}
+
 static VALUE
 ossl_sslctx_setup(VALUE self)
 {
@@ -186,6 +203,11 @@ ossl_sslctx_setup(VALUE self)
         SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1);
     }
 
+    val = ossl_sslctx_get_extra_cert(self);
+    if(!NIL_P(val)){
+	rb_iterate(rb_each, val, ossl_sslctx_add_extra_chain_cert_i, self);
+    }
+
     /* private key may be bundled in certificate file. */
     val = ossl_sslctx_get_cert(self);
     cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */
@@ -379,6 +401,7 @@ ossl_ssl_initialize(int argc, VALUE *argv, VALUE self)
     ossl_ssl_set_ctx(self, ctx);
     ossl_ssl_set_sync_close(self, Qfalse);
     ossl_sslctx_setup(ctx);
+    rb_call_super(0, 0);
 
     return self;
 }