12 #define NewX509Store(klass) \
13 TypedData_Wrap_Struct((klass), &ossl_x509store_type, 0)
14 #define SetX509Store(obj, st) do { \
16 ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
18 RTYPEDDATA_DATA(obj) = (st); \
20 #define GetX509Store(obj, st) do { \
21 TypedData_Get_Struct((obj), X509_STORE, &ossl_x509store_type, (st)); \
23 ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
27 #define NewX509StCtx(klass) \
28 TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, 0)
29 #define SetX509StCtx(obj, ctx) do { \
31 ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
33 RTYPEDDATA_DATA(obj) = (ctx); \
35 #define GetX509StCtx(obj, ctx) do { \
36 TypedData_Get_Struct((obj), X509_STORE_CTX, &ossl_x509stctx_type, (ctx)); \
38 ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
45 static int stctx_ex_verify_cb_idx, store_ex_verify_cb_idx;
46 static VALUE ossl_x509stctx_new(X509_STORE_CTX *);
75 rb_warn(
"StoreContext initialization failure");
84 rb_warn(
"exception in verify_callback is ignored");
89 X509_STORE_CTX_set_error(ctx, X509_V_OK);
93 if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
94 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
109 ossl_x509store_free(
void *
ptr)
111 X509_STORE_free(
ptr);
115 "OpenSSL/X509/STORE",
117 0, ossl_x509store_free,
139 x509store_verify_cb(
int ok, X509_STORE_CTX *ctx)
143 proc = (
VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx);
146 store_ex_verify_cb_idx);
160 if((store = X509_STORE_new()) ==
NULL){
172 ossl_x509store_set_vfy_cb(
VALUE self,
VALUE cb)
197 #if !defined(HAVE_OPAQUE_OPENSSL)
199 store->ex_data.sk =
NULL;
201 X509_STORE_set_verify_cb(store, x509store_verify_cb);
202 ossl_x509store_set_vfy_cb(
self,
Qnil);
221 ossl_x509store_set_flags(
VALUE self,
VALUE flags)
227 X509_STORE_set_flags(store,
f);
251 ossl_x509store_set_purpose(
VALUE self,
VALUE purpose)
257 X509_STORE_set_purpose(store, p);
267 ossl_x509store_set_trust(
VALUE self,
VALUE trust)
273 X509_STORE_set_trust(store, t);
300 ossl_x509store_add_file(
VALUE self,
VALUE file)
310 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
312 if(X509_LOOKUP_load_file(lookup,
path, X509_FILETYPE_PEM) != 1){
315 #if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
335 ossl_x509store_add_path(
VALUE self,
VALUE dir)
345 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
347 if(X509_LOOKUP_add_dir(lookup,
path, X509_FILETYPE_PEM) != 1){
366 ossl_x509store_set_default_paths(
VALUE self)
371 if (X509_STORE_set_default_paths(store) != 1){
392 if (X509_STORE_add_cert(store, cert) != 1){
413 if (X509_STORE_add_crl(store, crl) != 1){
421 static VALUE ossl_x509stctx_get_err_string(
VALUE);
452 rb_iv_set(
self,
"@error", ossl_x509stctx_get_err(ctx));
453 rb_iv_set(
self,
"@error_string", ossl_x509stctx_get_err_string(ctx));
454 rb_iv_set(
self,
"@chain", ossl_x509stctx_get_chain(ctx));
462 static void ossl_x509stctx_free(
void*);
466 "OpenSSL/X509/STORE_CTX",
468 0, ossl_x509stctx_free,
477 ossl_x509stctx_free(
void *
ptr)
479 X509_STORE_CTX *ctx =
ptr;
484 X509_STORE_CTX_free(ctx);
494 if((ctx = X509_STORE_CTX_new()) ==
NULL){
503 ossl_x509stctx_new(X509_STORE_CTX *ctx)
525 VALUE store, cert, chain, t;
535 if(!
NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
536 if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
537 sk_X509_pop_free(x509s, X509_free);
541 ossl_x509stctx_set_time(
self, t);
553 ossl_x509stctx_verify(
VALUE self)
558 X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx,
559 (
void *)
rb_iv_get(
self,
"@verify_callback"));
561 switch (X509_verify_cert(ctx)) {
577 ossl_x509stctx_get_chain(
VALUE self)
589 if((num = sk_X509_num(chain)) < 0){
594 for(
i = 0;
i < num;
i++) {
595 x509 = sk_X509_value(chain,
i);
607 ossl_x509stctx_get_err(
VALUE self)
613 return INT2NUM(X509_STORE_CTX_get_error(ctx));
638 ossl_x509stctx_get_err_string(
VALUE self)
644 err = X509_STORE_CTX_get_error(ctx);
654 ossl_x509stctx_get_err_depth(
VALUE self)
660 return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
668 ossl_x509stctx_get_curr_cert(
VALUE self)
682 ossl_x509stctx_get_curr_crl(
VALUE self)
688 crl = X509_STORE_CTX_get0_current_crl(ctx);
702 ossl_x509stctx_set_flags(
VALUE self,
VALUE flags)
704 X509_STORE_CTX *store;
708 X509_STORE_CTX_set_flags(store,
f);
720 ossl_x509stctx_set_purpose(
VALUE self,
VALUE purpose)
722 X509_STORE_CTX *store;
726 X509_STORE_CTX_set_purpose(store, p);
736 ossl_x509stctx_set_trust(
VALUE self,
VALUE trust)
738 X509_STORE_CTX *store;
742 X509_STORE_CTX_set_trust(store, t);
756 X509_STORE_CTX *store;
761 X509_STORE_CTX_set_time(store, 0, t);
780 stctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (
void *)
"stctx_ex_verify_cb_idx", 0, 0, 0);
781 if (stctx_ex_verify_cb_idx < 0)
784 if (store_ex_verify_cb_idx < 0)