12#define NewX509Store(klass) \
13 TypedData_Wrap_Struct((klass), &ossl_x509store_type, 0)
14#define SetX509Store(obj, st) do { \
16 ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
18 RTYPEDDATA_DATA(obj) = (st); \
20#define GetX509Store(obj, st) do { \
21 TypedData_Get_Struct((obj), X509_STORE, &ossl_x509store_type, (st)); \
23 ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
27#define NewX509StCtx(klass) \
28 TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, 0)
29#define SetX509StCtx(obj, ctx) do { \
31 ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
33 RTYPEDDATA_DATA(obj) = (ctx); \
35#define GetX509StCtx(obj, ctx) do { \
36 TypedData_Get_Struct((obj), X509_STORE_CTX, &ossl_x509stctx_type, (ctx)); \
38 ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
45static int stctx_ex_verify_cb_idx, store_ex_verify_cb_idx;
46static VALUE ossl_x509stctx_new(X509_STORE_CTX *);
75 rb_warn(
"StoreContext initialization failure");
84 rb_warn(
"exception in verify_callback is ignored");
89 X509_STORE_CTX_set_error(ctx, X509_V_OK);
93 if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
94 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
109ossl_x509store_mark(
void *
ptr)
111 X509_STORE *store =
ptr;
116ossl_x509store_free(
void *
ptr)
118 X509_STORE_free(
ptr);
122 "OpenSSL/X509/STORE",
124 ossl_x509store_mark, ossl_x509store_free,
146x509store_verify_cb(
int ok, X509_STORE_CTX *ctx)
150 proc = (
VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx);
153 store_ex_verify_cb_idx);
167 if((store = X509_STORE_new()) ==
NULL){
179ossl_x509store_set_vfy_cb(
VALUE self,
VALUE cb)
204#if !defined(HAVE_OPAQUE_OPENSSL)
206 store->ex_data.sk =
NULL;
208 X509_STORE_set_verify_cb(store, x509store_verify_cb);
209 ossl_x509store_set_vfy_cb(
self,
Qnil);
228ossl_x509store_set_flags(
VALUE self,
VALUE flags)
234 X509_STORE_set_flags(store,
f);
258ossl_x509store_set_purpose(
VALUE self,
VALUE purpose)
264 X509_STORE_set_purpose(store, p);
274ossl_x509store_set_trust(
VALUE self,
VALUE trust)
280 X509_STORE_set_trust(store, t);
307ossl_x509store_add_file(
VALUE self,
VALUE file)
317 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
319 if(X509_LOOKUP_load_file(lookup,
path, X509_FILETYPE_PEM) != 1){
322#if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
352 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
354 if(X509_LOOKUP_add_dir(lookup,
path, X509_FILETYPE_PEM) != 1){
373ossl_x509store_set_default_paths(
VALUE self)
378 if (X509_STORE_set_default_paths(store) != 1){
399 if (X509_STORE_add_cert(store, cert) != 1){
420 if (X509_STORE_add_crl(store, crl) != 1){
428static VALUE ossl_x509stctx_get_err_string(
VALUE);
459 rb_iv_set(
self,
"@error", ossl_x509stctx_get_err(ctx));
460 rb_iv_set(
self,
"@error_string", ossl_x509stctx_get_err_string(ctx));
461 rb_iv_set(
self,
"@chain", ossl_x509stctx_get_chain(ctx));
470ossl_x509stctx_mark(
void *
ptr)
472 X509_STORE_CTX *ctx =
ptr;
473 rb_gc_mark((
VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx));
477ossl_x509stctx_free(
void *
ptr)
479 X509_STORE_CTX *ctx =
ptr;
484 X509_STORE_CTX_free(ctx);
488 "OpenSSL/X509/STORE_CTX",
490 ossl_x509stctx_mark, ossl_x509stctx_free,
502 if((ctx = X509_STORE_CTX_new()) ==
NULL){
511ossl_x509stctx_new(X509_STORE_CTX *ctx)
535 VALUE store, cert, chain, t;
548 x509s = ossl_protect_x509_ary2sk(chain, &state);
554 if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
556 sk_X509_pop_free(x509s, X509_free);
560 ossl_x509stctx_set_time(
self, t);
572ossl_x509stctx_verify(
VALUE self)
577 X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx,
578 (
void *)
rb_iv_get(
self,
"@verify_callback"));
580 switch (X509_verify_cert(ctx)) {
596ossl_x509stctx_get_chain(
VALUE self)
608 if((num = sk_X509_num(chain)) < 0){
613 for(
i = 0;
i < num;
i++) {
614 x509 = sk_X509_value(chain,
i);
626ossl_x509stctx_get_err(
VALUE self)
632 return INT2NUM(X509_STORE_CTX_get_error(ctx));
657ossl_x509stctx_get_err_string(
VALUE self)
663 err = X509_STORE_CTX_get_error(ctx);
673ossl_x509stctx_get_err_depth(
VALUE self)
679 return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
687ossl_x509stctx_get_curr_cert(
VALUE self)
701ossl_x509stctx_get_curr_crl(
VALUE self)
707 crl = X509_STORE_CTX_get0_current_crl(ctx);
721ossl_x509stctx_set_flags(
VALUE self,
VALUE flags)
723 X509_STORE_CTX *store;
727 X509_STORE_CTX_set_flags(store,
f);
739ossl_x509stctx_set_purpose(
VALUE self,
VALUE purpose)
741 X509_STORE_CTX *store;
745 X509_STORE_CTX_set_purpose(store, p);
755ossl_x509stctx_set_trust(
VALUE self,
VALUE trust)
757 X509_STORE_CTX *store;
761 X509_STORE_CTX_set_trust(store, t);
775 X509_STORE_CTX *store;
780 X509_STORE_CTX_set_time(store, 0, t);
799 stctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (
void *)
"stctx_ex_verify_cb_idx", 0, 0, 0);
800 if (stctx_ex_verify_cb_idx < 0)
803 if (store_ex_verify_cb_idx < 0)
VALUE rb_define_class_under(VALUE, const char *, VALUE)
Defines a class under the namespace of outer.
VALUE rb_define_module(const char *)
VALUE rb_define_module_under(VALUE, const char *)
void rb_undef_method(VALUE, const char *)
int rb_block_given_p(void)
Determines if the current method is given a block.
VALUE rb_cObject
Object class.
void rb_set_errinfo(VALUE err)
Sets the current exception ($!) to the given value.
VALUE rb_protect(VALUE(*)(VALUE), VALUE, int *)
Protects a function call from potential global escapes from the function.
void rb_warn(const char *fmt,...)
void rb_jump_tag(int tag)
Continues the exception caught by rb_protect() and rb_eval_string_protect().
VALUE rb_Integer(VALUE)
Equivalent to Kernel#Integer in Ruby.
#define X509_STORE_CTX_get0_chain(ctx)
#define X509_STORE_set_ex_data(x, idx, data)
#define X509_STORE_get_ex_data(x, idx)
#define X509_STORE_CTX_get0_cert(x)
#define X509_STORE_CTX_get0_store(x)
#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef)
#define X509_STORE_CTX_get0_untrusted(x)
void ossl_raise(VALUE exc, const char *fmt,...)
void ossl_clear_error(void)
STACK_OF(X509) *ossl_x509_ary2sk(VALUE)
VALUE ossl_x509_new(X509 *)
X509 * DupX509CertPtr(VALUE)
X509 * GetX509CertPtr(VALUE)
X509_CRL * GetX509CRLPtr(VALUE)
VALUE ossl_x509crl_new(X509_CRL *)
#define GetX509StCtx(obj, ctx)
#define NewX509StCtx(klass)
#define SetX509StCtx(obj, ctx)
#define GetX509Store(obj, st)
void Init_ossl_x509store(void)
X509_STORE * GetX509StorePtr(VALUE obj)
#define NewX509Store(klass)
int ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
#define SetX509Store(obj, st)