12#define NewX509Store(klass) \
13 TypedData_Wrap_Struct((klass), &ossl_x509store_type, 0)
14#define SetX509Store(obj, st) do { \
16 ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
18 RTYPEDDATA_DATA(obj) = (st); \
20#define GetX509Store(obj, st) do { \
21 TypedData_Get_Struct((obj), X509_STORE, &ossl_x509store_type, (st)); \
23 ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
27#define NewX509StCtx(klass) \
28 TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, 0)
29#define SetX509StCtx(obj, ctx) do { \
31 ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
33 RTYPEDDATA_DATA(obj) = (ctx); \
35#define GetX509StCtx(obj, ctx) do { \
36 TypedData_Get_Struct((obj), X509_STORE_CTX, &ossl_x509stctx_type, (ctx)); \
38 ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
45static int stctx_ex_verify_cb_idx, store_ex_verify_cb_idx;
46static VALUE ossl_x509stctx_new(X509_STORE_CTX *);
75 rb_warn(
"StoreContext initialization failure");
84 rb_warn(
"exception in verify_callback is ignored");
89 X509_STORE_CTX_set_error(ctx, X509_V_OK);
93 if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
94 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
109ossl_x509store_mark(
void *
ptr)
111 X509_STORE *store =
ptr;
116ossl_x509store_free(
void *
ptr)
118 X509_STORE_free(
ptr);
122 "OpenSSL/X509/STORE",
124 ossl_x509store_mark, ossl_x509store_free,
146x509store_verify_cb(
int ok, X509_STORE_CTX *ctx)
150 proc = (
VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx);
153 store_ex_verify_cb_idx);
161ossl_x509store_alloc(
VALUE klass)
167 if((store = X509_STORE_new()) ==
NULL){
179ossl_x509store_set_vfy_cb(
VALUE self,
VALUE cb)
204#if !defined(HAVE_OPAQUE_OPENSSL)
206 store->ex_data.sk =
NULL;
208 X509_STORE_set_verify_cb(store, x509store_verify_cb);
209 ossl_x509store_set_vfy_cb(self,
Qnil);
228ossl_x509store_set_flags(
VALUE self,
VALUE flags)
234 X509_STORE_set_flags(store,
f);
258ossl_x509store_set_purpose(
VALUE self,
VALUE purpose)
264 X509_STORE_set_purpose(store, p);
274ossl_x509store_set_trust(
VALUE self,
VALUE trust)
280 X509_STORE_set_trust(store,
t);
292ossl_x509store_set_time(
VALUE self,
VALUE time)
317 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
319 if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
322#if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
352 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
354 if(X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1){
373ossl_x509store_set_default_paths(
VALUE self)
378 if (X509_STORE_set_default_paths(store) != 1){
399 if (X509_STORE_add_cert(store, cert) != 1){
420 if (X509_STORE_add_crl(store, crl) != 1){
428static VALUE ossl_x509stctx_get_err_string(
VALUE);
459 rb_iv_set(self,
"@error", ossl_x509stctx_get_err(ctx));
460 rb_iv_set(self,
"@error_string", ossl_x509stctx_get_err_string(ctx));
461 rb_iv_set(self,
"@chain", ossl_x509stctx_get_chain(ctx));
470ossl_x509stctx_mark(
void *
ptr)
472 X509_STORE_CTX *ctx =
ptr;
473 rb_gc_mark((
VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx));
477ossl_x509stctx_free(
void *
ptr)
479 X509_STORE_CTX *ctx =
ptr;
484 X509_STORE_CTX_free(ctx);
488 "OpenSSL/X509/STORE_CTX",
490 ossl_x509stctx_mark, ossl_x509stctx_free,
496ossl_x509stctx_alloc(
VALUE klass)
502 if((ctx = X509_STORE_CTX_new()) ==
NULL){
511ossl_x509stctx_new(X509_STORE_CTX *ctx)
535 VALUE store, cert, chain,
t;
548 x509s = ossl_protect_x509_ary2sk(chain, &
state);
554 if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
556 sk_X509_pop_free(x509s, X509_free);
560 ossl_x509stctx_set_time(self,
t);
572ossl_x509stctx_verify(
VALUE self)
577 X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx,
578 (
void *)
rb_iv_get(self,
"@verify_callback"));
580 switch (X509_verify_cert(ctx)) {
596ossl_x509stctx_get_chain(
VALUE self)
608 if((
num = sk_X509_num(chain)) < 0){
613 for(i = 0; i <
num; i++) {
614 x509 = sk_X509_value(chain, i);
626ossl_x509stctx_get_err(
VALUE self)
632 return INT2NUM(X509_STORE_CTX_get_error(ctx));
657ossl_x509stctx_get_err_string(
VALUE self)
663 err = X509_STORE_CTX_get_error(ctx);
673ossl_x509stctx_get_err_depth(
VALUE self)
679 return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
687ossl_x509stctx_get_curr_cert(
VALUE self)
701ossl_x509stctx_get_curr_crl(
VALUE self)
707 crl = X509_STORE_CTX_get0_current_crl(ctx);
721ossl_x509stctx_set_flags(
VALUE self,
VALUE flags)
723 X509_STORE_CTX *store;
727 X509_STORE_CTX_set_flags(store,
f);
739ossl_x509stctx_set_purpose(
VALUE self,
VALUE purpose)
741 X509_STORE_CTX *store;
745 X509_STORE_CTX_set_purpose(store, p);
755ossl_x509stctx_set_trust(
VALUE self,
VALUE trust)
757 X509_STORE_CTX *store;
761 X509_STORE_CTX_set_trust(store,
t);
773ossl_x509stctx_set_time(
VALUE self,
VALUE time)
775 X509_STORE_CTX *store;
780 X509_STORE_CTX_set_time(store, 0,
t);
799 stctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (
void *)
"stctx_ex_verify_cb_idx", 0, 0, 0);
800 if (stctx_ex_verify_cb_idx < 0)
803 if (store_ex_verify_cb_idx < 0)
VALUE rb_ary_push(VALUE ary, VALUE item)
#define rb_define_method(klass, mid, func, arity)
Defines klass#mid.
void rb_gc_mark(VALUE ptr)
VALUE rb_define_class_under(VALUE outer, const char *name, VALUE super)
Defines a class under the namespace of outer.
VALUE rb_define_module(const char *name)
VALUE rb_define_module_under(VALUE outer, const char *name)
void rb_undef_method(VALUE klass, const char *name)
int rb_scan_args(int argc, const VALUE *argv, const char *fmt,...)
int rb_block_given_p(void)
Determines if the current method is given a block.
void rb_set_errinfo(VALUE err)
Sets the current exception ($!) to the given value.
VALUE rb_protect(VALUE(*proc)(VALUE), VALUE data, int *pstate)
Protects a function call from potential global escapes from the function.
void rb_warn(const char *fmt,...)
void rb_jump_tag(int tag)
Continues the exception caught by rb_protect() and rb_eval_string_protect().
VALUE rb_cObject
Object class.
VALUE rb_Integer(VALUE)
Equivalent to Kernel#Integer in Ruby.
VALUE rb_funcall(VALUE, ID, int,...)
Calls a method.
VALUE rb_block_proc(void)
void rb_attr(VALUE, ID, int, int, int)
void rb_define_alloc_func(VALUE, rb_alloc_func_t)
ID rb_intern(const char *)
VALUE rb_iv_set(VALUE, const char *, VALUE)
VALUE rb_iv_get(VALUE, const char *)
#define X509_STORE_CTX_get0_chain(ctx)
#define X509_STORE_set_ex_data(x, idx, data)
#define X509_STORE_get_ex_data(x, idx)
#define X509_STORE_CTX_get0_cert(x)
#define X509_STORE_CTX_get0_store(x)
#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef)
#define X509_STORE_CTX_get0_untrusted(x)
void ossl_raise(VALUE exc, const char *fmt,...)
void ossl_clear_error(void)
STACK_OF(X509) *ossl_x509_ary2sk(VALUE)
VALUE ossl_x509_new(X509 *)
X509 * DupX509CertPtr(VALUE)
X509 * GetX509CertPtr(VALUE)
X509_CRL * GetX509CRLPtr(VALUE)
VALUE ossl_x509crl_new(X509_CRL *)
#define GetX509StCtx(obj, ctx)
#define NewX509StCtx(klass)
#define SetX509StCtx(obj, ctx)
#define GetX509Store(obj, st)
void Init_ossl_x509store(void)
X509_STORE * GetX509StorePtr(VALUE obj)
#define NewX509Store(klass)
int ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
#define SetX509Store(obj, st)
#define StringValueCStr(v)
#define RTYPEDDATA_DATA(v)
@ RUBY_TYPED_FREE_IMMEDIATELY