diff options
author | GOTOU Yuuzou <gotoyuzo@notwork.org> | 2003-06-29 19:59:40 +0000 |
---|---|---|
committer | GOTOU Yuuzou <gotoyuzo@notwork.org> | 2003-06-29 19:59:40 +0000 |
commit | 72c5e53fd93ce0b14f50707c9544f0f39e4ff714 (patch) | |
tree | d76d24772b5b83a01d7c5f558aafd827368b4b6c | |
parent | ada3e90cdd1d7c0da4e82f80dd25f6ab92d1b04c (diff) | |
download | ruby-openssl-history-72c5e53fd93ce0b14f50707c9544f0f39e4ff714.tar.gz |
*** empty log message ***
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | ossl_ssl.c | 33 |
2 files changed, 26 insertions, 11 deletions
@@ -1,3 +1,7 @@ +Mon, 30 Jun 2003 04:32:40 +0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org> + * ossl_ssl.c: @ca_cert is renamed to @client_ca; + and an Array can be specified to this. + Mon, 30 Jun 2003 01:24:27 +0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org> * examples/ssl/wget.rb: follows current SSLSocket. * examples/ssl/example.rb: callback should print isser and subject instead of PEM. @@ -29,7 +29,7 @@ VALUE cSSLSocket; */ #define ossl_sslctx_set_cert(o,v) rb_iv_set((o),"@cert",(v)) #define ossl_sslctx_set_key(o,v) rb_iv_set((o),"@key",(v)) -#define ossl_sslctx_set_ca_cert(o,v) rb_iv_set((o),"@ca_cert",(v)) +#define ossl_sslctx_set_client_ca(o,v) rb_iv_set((o),"@client_ca",(v)) #define ossl_sslctx_set_ca_file(o,v) rb_iv_set((o),"@ca_file",(v)) #define ossl_sslctx_set_ca_path(o,v) rb_iv_set((o),"@ca_path",(v)) #define ossl_sslctx_set_timeout(o,v) rb_iv_set((o),"@timeout",(v)) @@ -41,7 +41,7 @@ VALUE cSSLSocket; #define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert") #define ossl_sslctx_get_key(o) rb_iv_get((o),"@key") -#define ossl_sslctx_get_ca_cert(o) rb_iv_get((o),"@ca_cert") +#define ossl_sslctx_get_client_ca(o) rb_iv_get((o),"@client_ca") #define ossl_sslctx_get_ca_file(o) rb_iv_get((o),"@ca_file") #define ossl_sslctx_get_ca_path(o) rb_iv_get((o),"@ca_path") #define ossl_sslctx_get_timeout(o) rb_iv_get((o),"@timeout") @@ -52,7 +52,7 @@ VALUE cSSLSocket; #define ossl_sslctx_get_cert_store(o) rb_iv_get((o),"@cert_store") static char *ossl_sslctx_attrs[] = { - "cert", "key", "ca_cert", "ca_file", "ca_path", + "cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "verify_callback", "options", "cert_store", }; @@ -143,11 +143,11 @@ static VALUE ossl_sslctx_setup(VALUE self) { SSL_CTX *ctx; - X509 *cert = NULL, *ca_cert = NULL; + X509 *cert = NULL, *client_ca = NULL; X509_STORE *store; EVP_PKEY *key = NULL; char *ca_path = NULL, *ca_file = NULL; - int verify_mode; + int i, verify_mode; VALUE val; if(OBJ_FROZEN(self)) return Qnil; @@ -178,13 +178,24 @@ ossl_sslctx_setup(VALUE self) } } - val = ossl_sslctx_get_ca_cert(self); - ca_cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED. */ - if (ca_cert){ - if (!SSL_CTX_add_client_CA(ctx, ca_cert)){ - /* Copies X509_NAME => FREE it. */ - ossl_raise(eSSLError, "SSL_CTX_add_client_CA"); + val = ossl_sslctx_get_client_ca(self); + if(!NIL_P(val)){ + if(TYPE(val) == T_ARRAY){ + for(i = 0; i < RARRAY(val)->len; i++){ + client_ca = GetX509CertPtr(RARRAY(val)->ptr[i]); + if (!SSL_CTX_add_client_CA(ctx, client_ca)){ + /* Copies X509_NAME => FREE it. */ + ossl_raise(eSSLError, "SSL_CTX_add_client_CA"); + } + } } + else{ + client_ca = GetX509CertPtr(val); /* NO DUP NEEDED. */ + if (!SSL_CTX_add_client_CA(ctx, client_ca)){ + /* Copies X509_NAME => FREE it. */ + ossl_raise(eSSLError, "SSL_CTX_add_client_CA"); + } + } } val = ossl_sslctx_get_ca_file(self); |