1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* ext/openssl/extconf.rb: check for X509V3_EXT_nconf_nid.

* ext/openssl/ossl_x509ext.c (MakeX509ExtFactory): should use
  OPENSSL_malloc to allocate X509V3_CTX.

* ext/openssl/ossl_x509ext.c (ossl_x509extfactory_create_ext): use
  X509V3_EXT_nconf_nid to avoid SEGV (and to build extensions which
  values are placed in separate section).

* test/openssl/test_x509ext.rb: new file.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
gotoyuzo 2005-11-22 22:29:13 +00:00
parent 462c97ebd7
commit 67673f6b47
4 changed files with 108 additions and 4 deletions

View file

@ -1,3 +1,16 @@
Wed Nov 23 07:26:44 2005 GOTOU Yuuzou <gotoyuzo@notwork.org>
* ext/openssl/extconf.rb: check for X509V3_EXT_nconf_nid.
* ext/openssl/ossl_x509ext.c (MakeX509ExtFactory): should use
OPENSSL_malloc to allocate X509V3_CTX.
* ext/openssl/ossl_x509ext.c (ossl_x509extfactory_create_ext): use
X509V3_EXT_nconf_nid to avoid SEGV (and to build extensions which
values are placed in separate section).
* test/openssl/test_x509ext.rb: new file.
Wed Nov 23 01:22:57 2005 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (test_identical): test if two files are identical.

View file

@ -84,6 +84,7 @@ have_func("HMAC_CTX_copy")
have_func("HMAC_CTX_init")
have_func("PEM_def_callback")
have_func("X509V3_set_nconf")
have_func("X509V3_EXT_nconf_nid")
have_func("X509_CRL_add0_revoked")
have_func("X509_CRL_set_issuer_name")
have_func("X509_CRL_set_version")

View file

@ -26,9 +26,12 @@
OSSL_Check_Kind(obj, cX509Ext); \
GetX509Ext(obj, ext); \
} while (0)
#define MakeX509ExtFactory(klass, obj, ctx) \
obj = Data_Make_Struct(klass, X509V3_CTX, 0, ossl_x509extfactory_free, ctx)
#define MakeX509ExtFactory(klass, obj, ctx) do { \
if (!(ctx = OPENSSL_malloc(sizeof(X509V3_CTX)))) \
ossl_raise(rb_eRuntimeError, "CTX wasn't allocated!"); \
X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, 0); \
obj = Data_Wrap_Struct(klass, 0, ossl_x509extfactory_free, ctx); \
} while (0)
#define GetX509ExtFactory(obj, ctx) do { \
Data_Get_Struct(obj, X509V3_CTX, ctx); \
if (!ctx) { \
@ -214,6 +217,12 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
X509_EXTENSION *ext;
VALUE oid, value, critical, valstr, obj;
int nid;
#ifdef HAVE_X509V3_EXT_NCONF_NID
VALUE rconf;
CONF *conf;
#else
static LHASH *empty_lhash;
#endif
rb_scan_args(argc, argv, "21", &oid, &value, &critical);
StringValue(oid);
@ -226,7 +235,14 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
rb_str_append(valstr, value);
GetX509ExtFactory(self, ctx);
ext = X509V3_EXT_conf_nid(NULL, ctx, nid, RSTRING(valstr)->ptr);
#ifdef HAVE_X509V3_EXT_NCONF_NID
rconf = rb_iv_get(self, "@config");
conf = NIL_P(rconf) ? NULL : GetConfigPtr(rconf);
ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING(valstr)->ptr);
#else
if (!empty_lhash) empty_lhash = lh_new(NULL, NULL);
ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING(valstr)->ptr);
#endif
if (!ext){
ossl_raise(eX509ExtError, "%s = %s",
RSTRING(oid)->ptr, RSTRING(value)->ptr);

View file

@ -0,0 +1,74 @@
begin
require "openssl"
require File.join(File.dirname(__FILE__), "utils.rb")
rescue LoadError
end
require "test/unit"
if defined?(OpenSSL)
class OpenSSL::TestX509Extension < Test::Unit::TestCase
def setup
@basic_constraints_value = OpenSSL::ASN1::Sequence([
OpenSSL::ASN1::Boolean(true), # CA
OpenSSL::ASN1::Integer(2) # pathlen
])
@basic_constraints = OpenSSL::ASN1::Sequence([
OpenSSL::ASN1::ObjectId("basicConstraints"),
OpenSSL::ASN1::Boolean(true),
OpenSSL::ASN1::OctetString(@basic_constraints_value.to_der),
])
end
def teardown
end
def test_new
ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
assert_equal("basicConstraints", ext.oid)
assert_equal(true, ext.critical?)
assert_equal("CA:TRUE, pathlen:2", ext.value)
ext = OpenSSL::X509::Extension.new("2.5.29.19",
@basic_constraints_value.to_der, true)
assert_equal(@basic_constraints.to_der, ext.to_der)
end
def test_create_by_factory
ef = OpenSSL::X509::ExtensionFactory.new
bc = ef.create_extension("basicConstraints", "critical, CA:TRUE, pathlen:2")
assert_equal(@basic_constraints.to_der, bc.to_der)
bc = ef.create_extension("basicConstraints", "CA:TRUE, pathlen:2", true)
assert_equal(@basic_constraints.to_der, bc.to_der)
begin
ef.config = OpenSSL::Config.parse(<<-_end_of_cnf_)
[crlDistPts]
URI.1 = http://www.example.com/crl
URI.2 = ldap://ldap.example.com/cn=ca?certificateRevocationList;binary
_end_of_cnf_
rescue NotImplementedError
return
end
cdp = ef.create_extension("crlDistributionPoints", "@crlDistPts")
assert_equal(false, cdp.critical?)
assert_equal("crlDistributionPoints", cdp.oid)
assert_match(%{URI:http://www\.example\.com/crl}, cdp.value)
assert_match(
%r{URI:ldap://ldap\.example\.com/cn=ca\?certificateRevocationList;binary},
cdp.value)
cdp = ef.create_extension("crlDistributionPoints", "critical, @crlDistPts")
assert_equal(true, cdp.critical?)
assert_equal("crlDistributionPoints", cdp.oid)
assert_match(%{URI:http://www.example.com/crl}, cdp.value)
assert_match(
%r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary},
cdp.value)
end
end
end