OpenSSL 0.9.6 compatibility

author: Michal Rokos <m.rokos@sh.cvut.cz> 2003-07-21 10:33:07 +0000
committer: Michal Rokos <m.rokos@sh.cvut.cz> 2003-07-21 10:33:07 +0000
commit: d33b4b6141c65d7de627ec8238bdad43585cdc6b (patch)
tree: 93c19e3ca1bd5ca028906636f17032ca294c5f1a
parent: b4646f832b9f92e51ccf36823a9e3254c30e2c7c (diff)
download: ruby-openssl-history-d33b4b6141c65d7de627ec8238bdad43585cdc6b.tar.gz
13 files changed, 354 insertions, 41 deletions
diff --git a/ChangeLog b/ChangeLog
index b258bd3..41f350a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+Mon, 21 Jul 2003 12:33:14 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz>
+	* Added OpenSSL 0.9.6 compatibility
+
 Mon, 21 Jul 2003 08:53:55 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz>
 	* digest.c: Redo compatibility with original Ruby's digests
 	* pkey.c: Redo #to_der to be more straight going
diff --git a/extconf.rb b/extconf.rb
index 585a9c0..1343539 100644
--- a/extconf.rb
+++ b/extconf.rb
@@ -16,6 +16,17 @@
 
 require "mkmf"
 
+def have_defined(macro, header=nil)
+  checking_for "#{macro}" do
+    if macro_defined?(macro, cpp_include(header))
+      $defs.push(format("-DHAVE_%s", macro.upcase))
+      true
+    else
+      false
+    end
+  end
+end
+
 if RUBY_PLATFORM =~ /mswin32/
   CRYPTOLIB="libeay32"
   SSLLIB="ssleay32"
@@ -35,10 +46,6 @@ includes, = dir_config("openssl")
 includes ||= "/usr/include"
 
 message "=== OpenSSL for Ruby configurator ===\n"
-message "=== Checking for system dependent stuff... ===\n"
-have_header("unistd.h")
-have_header("sys/time.h")
-message "=== Checking for system dependent stuff done. ===\n"
 
 
 ##
@@ -80,32 +87,68 @@ end
 def have_openssl_097(inc_dir)
 # FIXME:
 #  checking_for("OpenSSL >= 0.9.7") do
-  printf "Checking for OpenSSL >= 0.9.7..."
+  printf "checking for OpenSSL version... "
   File.open(inc_dir+"/openssl/opensslv.h") {|f|
     txt = f.read
-    result = ((txt.grep(/#define SHLIB_VERSION_NUMBER/)[0].split '"')[1] < "0.9.7")
-    puts result ? "no" : "yes"
-    !result
+    puts (txt.grep(/#define SHLIB_VERSION_NUMBER/)[0].split '"')[1]
+    true
   }
 end
 
 message "=== Checking for required stuff... ===\n"
 
 result = have_header("openssl/crypto.h")
-result &= have_library(CRYPTOLIB, "OPENSSL_load_builtin_modules")
+result &= have_library(CRYPTOLIB, "OpenSSL_add_all_digests")
 result &= have_library(SSLLIB, "SSL_library_init")
-result &= have_openssl_097(includes)
-
-have_func("rb_obj_init_copy", "ruby.h")
-have_func("HMAC_CTX_copy")
-have_func("X509_STORE_set_ex_data")
 
-if result
-  message "=== Checking for required stuff done. ===\n"
-  create_makefile("openssl")
-  message "Done.\n"
-else
+if !result
   message "=== Checking for required stuff failed. ===\n"
   message "Makefile wasn't created. Fix the errors above.\n"
+  exit 1
 end
 
+message "=== Checking for system dependent stuff... ===\n"
+have_header("unistd.h")
+have_header("sys/time.h")
+
+message "=== Checking for OpenSSL features... ===\n"
+have_openssl_097(includes)
+have_defined("PEM_read_bio_DSAPublicKey", "openssl/pem.h")
+have_defined("PEM_write_bio_DSAPublicKey", "openssl/pem.h")
+have_defined("DSAPrivateKey_dup", "openssl/dsa.h")
+have_defined("DSAPublicKey_dup", "openssl/dsa.h")
+have_defined("X509_REVOKED_dup", "openssl/x509.h")
+have_defined("PKCS7_SIGNER_INFO_dup", "openssl/pkcs7")
+have_defined("PKCS7_RECIP_INFO_dup", "openssl/pkcs7")
+have_func("HMAC_CTX_copy")
+have_func("X509_STORE_get_ex_data")
+have_func("X509_STORE_set_ex_data")
+have_func("EVP_MD_CTX_create")
+have_func("EVP_MD_CTX_cleanup")
+have_func("EVP_MD_CTX_destroy")
+have_func("PEM_def_callback")
+have_defined("EVP_CIPHER_name", "openssl/evp.h")
+have_defined("EVP_MD_name", "openssl/evp.h")
+have_func("EVP_MD_CTX_init")
+have_func("HMAC_CTX_init")
+have_func("HMAC_CTX_cleanup")
+have_defined("PKCS7_is_detached", "openssl/pkcs7.h")
+have_defined("PKCS7_type_is_encrypted", "openssl/pkcs7.h")
+have_func("X509_CRL_set_version")
+have_func("X509_CRL_set_issuer_name")
+have_func("X509_CRL_sort")
+have_func("X509_CRL_add0_revoked")
+have_struct_member("X509_STORE_CTX", "current_crl", "openssl/x509.h")
+have_struct_member("X509_STORE", "flags", "openssl/x509.h")
+have_struct_member("X509_STORE", "purpose", "openssl/x509.h")
+have_struct_member("X509_STORE", "trust", "openssl/x509.h")
+have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
+have_func("BN_mod_sqr")
+
+message "=== Checking for Ruby features... ===\n"
+have_func("rb_obj_init_copy", "ruby.h")
+
+message "=== Checking done. ===\n"
+create_makefile("openssl")
+message "Done.\n"
+
diff --git a/openssl_missing.c b/openssl_missing.c
index c84459d..2ff719e 100644
--- a/openssl_missing.c
+++ b/openssl_missing.c
@@ -51,3 +51,129 @@ void *X509_STORE_get_ex_data(X509_STORE *str, int idx)
     return CRYPTO_get_ex_data(&str->ex_data,idx);
 }
 #endif /* HAVE_X509_STORE_SET_EX_DATA */
+
+#if !defined(HAVE_EVP_MD_CTX_CREATE)
+EVP_MD_CTX *EVP_MD_CTX_create(void)
+{
+    EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+
+    memset(ctx, '\0', sizeof *ctx);
+
+    return ctx;
+}
+#endif /* HAVE_EVP_MD_CTX_CREATE */
+
+#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+{
+#warning FIXME!!!
+    memset(ctx, '\0', sizeof *ctx);
+
+    return 1;
+}
+#endif /* HAVE_EVP_MD_CTX_CLEANUP */
+
+#if !defined(HAVE_EVP_MD_CTX_DESTROY)
+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+{
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+#endif /* HAVE_EVP_MD_CTX_DESTROY */
+
+#if !defined(HAVE_EVP_MD_CTX_INIT)
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+{
+    memset(ctx,'\0',sizeof *ctx);
+}
+#endif
+
+#if !defined(HAVE_HMAC_CTX_INIT)
+void HMAC_CTX_init(HMAC_CTX *ctx)
+{
+    EVP_MD_CTX_init(&ctx->i_ctx);
+    EVP_MD_CTX_init(&ctx->o_ctx);
+    EVP_MD_CTX_init(&ctx->md_ctx);
+}
+#endif
+
+#if !defined(HAVE_HMAC_CTX_CLEANUP)
+void HMAC_CTX_cleanup(HMAC_CTX *ctx)
+{
+    EVP_MD_CTX_cleanup(&ctx->i_ctx);
+    EVP_MD_CTX_cleanup(&ctx->o_ctx);
+    EVP_MD_CTX_cleanup(&ctx->md_ctx);
+    memset(ctx,0,sizeof *ctx);
+}
+#endif
+
+#if !defined(HAVE_X509_CRL_SET_VERSION)
+int X509_CRL_set_version(X509_CRL *x, long version)
+{
+    if (x == NULL) return(0);
+    if (x->crl->version == NULL)
+	{
+	if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
+	    return(0);
+	}
+    return(ASN1_INTEGER_set(x->crl->version,version));
+}
+#endif
+
+#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+{
+    if ((x == NULL) || (x->crl == NULL)) return(0);
+    return(X509_NAME_set(&x->crl->issuer,name));
+}
+#endif
+
+#if !defined(HAVE_X509_CRL_SORT)
+int X509_CRL_sort(X509_CRL *c)
+{
+    int i;
+    X509_REVOKED *r;
+    /* sort the data so it will be written in serial
+     * number order */
+    sk_X509_REVOKED_sort(c->crl->revoked);
+    for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
+	{
+	r=sk_X509_REVOKED_value(c->crl->revoked,i);
+	r->sequence=i;
+	}
+    return 1;
+}
+#endif
+
+#if !defined(X509_CRL_ADD0_REVOKED)
+static int OSSL_X509_REVOKED_cmp(const X509_REVOKED * const *a,
+	const X509_REVOKED * const *b)
+{
+    return(ASN1_STRING_cmp(
+		(ASN1_STRING *)(*a)->serialNumber,
+		(ASN1_STRING *)(*b)->serialNumber));
+}
+		    
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+    X509_CRL_INFO *inf;
+    inf = crl->crl;
+    if(!inf->revoked)
+	inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp);
+    if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+	/* ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); */
+	return 0;
+    }
+    return 1;
+}
+#endif
+
+#if !defined(HAVE_BN_MOD_SQR)
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+    {
+    if (!BN_sqr(r, a, ctx)) return 0;
+    /* r->neg == 0,  thus we don't need BN_nnmod */
+    return BN_mod(r, r, m, ctx);
+    }
+#endif
+
diff --git a/openssl_missing.h b/openssl_missing.h
index de7db8e..5872982 100644
--- a/openssl_missing.h
+++ b/openssl_missing.h
@@ -19,44 +19,76 @@ extern "C" {
  * These functions are not included in headers of OPENSSL <= 0.9.6b
  */
 
-/* to pem.h */
-#if !defined(OPENSSL_NO_DSA)
+#if !defined(HAVE_PEM_READ_BIO_DSAPUBLICKEY)
 # define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
         (char *(*)())d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,bp,(char **)x,cb,u)
+#endif
+
+#if !defined(HAVE_PEM_WRITE_BIO_DSAPUBLICKEY)
 # define PEM_write_bio_DSAPublicKey(bp,x) \
 	PEM_ASN1_write_bio((int (*)())i2d_DSAPublicKey,\
 		PEM_STRING_DSA_PUBLIC,\
 		bp,(char *)x, NULL, NULL, 0, NULL, NULL)
-#endif /* NO_DSA */
+#endif
 
-/* to x509.h */
-#if !defined(OPENSSL_NO_DSA)
+#if !defined(HAVE_DSAPRIVATEKEY_DUP)
 # define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPrivateKey, \
 	(char *(*)())d2i_DSAPrivateKey,(char *)dsa)
+#endif
+
+#if !defined(HAVE_DSAPUBLICKEY_DUP)
 # define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPublicKey, \
 	(char *(*)())d2i_DSAPublicKey,(char *)dsa)
-#endif /* NO_DSA */
+#endif
 
+#if !defined(HAVE_X509_REVOKED_DUP)
 # define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((int (*)())i2d_X509_REVOKED, \
 	(char *(*)())d2i_X509_REVOKED, (char *)rev)
+#endif
 
-/* to pkcs7.h */
-#define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((int (*)())i2d_PKCS7_SIGNER_INFO, \
+#if !defined(HAVE_PKCS7_SIGNER_INFO_DUP)
+#  define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((int (*)())i2d_PKCS7_SIGNER_INFO, \
 	(char *(*)())d2i_PKCS7_SIGNER_INFO, (char *)si)
-#define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((int (*)())i2d_PKCS7_RECIP_INFO, \
+#endif
+
+#if !defined(HAVE_PKCS7_RECIP_INFO_DUP)
+#  define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((int (*)())i2d_PKCS7_RECIP_INFO, \
 	(char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri)
+#endif
 
-#if !defined(OPENSSL_NO_HMAC)
-#if !defined(HAVE_HMAC_CTX_COPY)
 int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
-#endif /* HAVE_HMAC_CTX_COPY */
-#endif /* NO_HMAC */
-
-#if !defined(HAVE_X509_STORE_SET_EX_DATA)
-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
 void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
+int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
+EVP_MD_CTX *EVP_MD_CTX_create(void);
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+
+#if !defined(HAVE_EVP_CIPHER_NAME)
+#  define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
 #endif
 
+#if !defined(HAVE_EVP_MD_NAME)
+#  define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
+#endif
+
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+void HMAC_CTX_init(HMAC_CTX *ctx);
+void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+
+#if !defined(HAVE_PKCS7_IS_DETACHED)
+#  define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+#endif
+
+#if !defined(HAVE_PKCS7_TYPE_IS_ENCRYPTED)
+#  define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+#endif
+
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_sort(X509_CRL *c);
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
 #if defined(__cplusplus)
 }
 #endif
diff --git a/ossl.c b/ossl.c
index 3f50b60..4bad326 100644
--- a/ossl.c
+++ b/ossl.c
@@ -292,6 +292,7 @@ OSSL_SK2ARY(x509crl, X509_CRL)
 /*
  * our default PEM callback
  */
+#if defined(HAVE_PEM_DEF_CALLBACK)
 static VALUE
 ossl_pem_passwd_cb0(VALUE flag)
 {	
@@ -312,7 +313,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd)
     if (pwd || !rb_block_given_p())
 	return PEM_def_callback(buf, max_len, flag, pwd);
 
-    while(1){
+    while (1) {
 	/*
 	 * when the flag is nonzero, this passphrase
 	 * will be used to perform encryption; otherwise it will
@@ -335,6 +336,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd)
     }
     return len;
 }
+#endif
 
 /*
  * Verify callback
diff --git a/ossl.h b/ossl.h
index 8545682..456ff91 100644
--- a/ossl.h
+++ b/ossl.h
@@ -24,9 +24,11 @@ extern "C" {
 #include <version.h>
 #include <openssl/opensslv.h>
 
+/*
 #if (OPENSSL_VERSION_NUMBER < 0x00907000L)
 #  error ! This version of OSSL needs OpenSSL >= 0.9.7 for its run!
 #endif
+ */
 
 #if defined(NT) || defined(_WIN32)
 #  define OpenFile WINAPI_OpenFile
@@ -38,7 +40,9 @@ extern "C" {
 #include <openssl/ssl.h>
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
-#include <openssl/ocsp.h>
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#  include <openssl/ocsp.h>
+#endif
 #if defined(NT) || defined(_WIN32)
 #  undef OpenFile
 #endif
@@ -115,7 +119,11 @@ STACK_OF(X509) *ossl_protect_x509_ary2sk(VALUE,int*);
 /*
  * our default PEM callback
  */
+#if defined(HAVE_PEM_DEF_CALLBACK)
 int ossl_pem_passwd_cb(char *, int, int, void *);
+#else
+#  define ossl_pem_passwd_cb NULL
+#endif
 
 /*
  * ERRor messages
diff --git a/ossl_bn.c b/ossl_bn.c
index 92b43bd..8566cf1 100644
--- a/ossl_bn.c
+++ b/ossl_bn.c
@@ -372,8 +372,10 @@ ossl_bn_div(VALUE self, VALUE other)
 	WrapBN(CLASS_OF(self), obj, result);			\
 	return obj;						\
     }
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
 BIGNUM_3c(mod_add);
 BIGNUM_3c(mod_sub);
+#endif
 BIGNUM_3c(mod_mul);
 BIGNUM_3c(mod_exp);
 
@@ -647,10 +649,12 @@ Init_ossl_bn()
     rb_define_method(cBN, "%", ossl_bn_mod, 1);
     /* nnmod */
 
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     rb_define_method(cBN, "mod_add", ossl_bn_mod_add, 2);
     rb_define_method(cBN, "mod_sub", ossl_bn_mod_sub, 2);
-    rb_define_method(cBN, "mod_mul", ossl_bn_mod_mul, 2);
+#endif
     rb_define_method(cBN, "mod_sqr", ossl_bn_mod_sqr, 1);
+    rb_define_method(cBN, "mod_mul", ossl_bn_mod_mul, 2);
     rb_define_method(cBN, "**", ossl_bn_exp, 1);
     rb_define_method(cBN, "mod_exp", ossl_bn_mod_exp, 2);
     rb_define_method(cBN, "gcd", ossl_bn_gcd, 1);
diff --git a/ossl_cipher.c b/ossl_cipher.c
index eef7c90..a00e823 100644
--- a/ossl_cipher.c
+++ b/ossl_cipher.c
@@ -310,13 +310,16 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
 static VALUE
 ossl_cipher_set_padding(VALUE self, VALUE padding)
 {
+#if defined(HAVE_ST_FLAGS)
     EVP_CIPHER_CTX *ctx;
 
     GetCipher(self, ctx);
 
     if (EVP_CIPHER_CTX_set_padding(ctx, NUM2INT(padding)) != 1)
 		ossl_raise(eCipherError, NULL);
-
+#else
+    rb_notimplement();
+#endif
     return padding;
 }
 
diff --git a/ossl_config.c b/ossl_config.c
index 5109d3d..08bfb8e 100644
--- a/ossl_config.c
+++ b/ossl_config.c
@@ -45,15 +45,23 @@ ossl_config_s_load(int argc, VALUE *argv, VALUE klass)
     char *filename;
     VALUE path, obj;
 
-    if (rb_scan_args(argc, argv, "01", &path) == 1) {
+    if (rb_scan_args(argc, argv, 
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+		"01"
+#else
+		"10"
+#endif
+		, &path) == 1) {
 	SafeStringValue(path);
 	filename = RSTRING(path)->ptr;
     }
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     else {
 	if (!(filename = CONF_get1_default_config_file())) {
 	    ossl_raise(eConfigError, NULL);
 	}
     }
+#endif
 /*
  * FIXME
  * Does't work for Windows?
diff --git a/ossl_ocsp.c b/ossl_ocsp.c
index 8e0bd4f..6dfb488 100644
--- a/ossl_ocsp.c
+++ b/ossl_ocsp.c
@@ -11,6 +11,8 @@
  */
 #include "ossl.h"
 
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+
 #define WrapOCSPReq(klass, obj, req) do { \
     if(!req) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \
     obj = Data_Wrap_Struct(klass, 0, OCSP_REQUEST_free, req); \
@@ -754,3 +756,10 @@ Init_ossl_ocsp()
     DefOCSPVConst(RESPID_NAME);
     DefOCSPVConst(RESPID_KEY);
 }
+
+#else /* OPENSSL_VERSION_NUMBER < 0x0090700L */
+void
+Init_ossl_ocsp()
+{
+}
+#endif
diff --git a/ossl_ssl.c b/ossl_ssl.c
index f864c79..74b0750 100644
--- a/ossl_ssl.c
+++ b/ossl_ssl.c
@@ -656,13 +656,17 @@ Init_ossl_ssl()
      * ossl_ssl_def_const(OP_DONT_INSERT_EMPTY_FRAGMENTS);
      */
     ossl_ssl_def_const(OP_ALL);
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     ossl_ssl_def_const(OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
 #ifdef SSL_OP_SINGLE_ECDH_USE
     ossl_ssl_def_const(OP_SINGLE_ECDH_USE);
 #endif
     ossl_ssl_def_const(OP_SINGLE_DH_USE);
     ossl_ssl_def_const(OP_EPHEMERAL_RSA);
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     ossl_ssl_def_const(OP_CIPHER_SERVER_PREFERENCE);
+#endif
     ossl_ssl_def_const(OP_TLS_ROLLBACK_BUG);
     ossl_ssl_def_const(OP_NO_SSLv2);
     ossl_ssl_def_const(OP_NO_SSLv3);
diff --git a/ossl_x509.c b/ossl_x509.c
index 5de2b6b..0363086 100644
--- a/ossl_x509.c
+++ b/ossl_x509.c
@@ -62,8 +62,10 @@ Init_ossl_x509()
     DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
     DefX509Const(V_ERR_APPLICATION_VERIFICATION);
 
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     DefX509Const(V_FLAG_CRL_CHECK);
     DefX509Const(V_FLAG_CRL_CHECK_ALL);
+#endif
 
     DefX509Const(PURPOSE_SSL_CLIENT);
     DefX509Const(PURPOSE_SSL_SERVER);
@@ -72,13 +74,17 @@ Init_ossl_x509()
     DefX509Const(PURPOSE_SMIME_ENCRYPT);
     DefX509Const(PURPOSE_CRL_SIGN);
     DefX509Const(PURPOSE_ANY);
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     DefX509Const(PURPOSE_OCSP_HELPER);
+#endif
 
     DefX509Const(TRUST_COMPAT);
     DefX509Const(TRUST_SSL_CLIENT);
     DefX509Const(TRUST_SSL_SERVER);
     DefX509Const(TRUST_EMAIL);
     DefX509Const(TRUST_OBJECT_SIGN);
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     DefX509Const(TRUST_OCSP_SIGN);
     DefX509Const(TRUST_OCSP_REQUEST);
+#endif
 }
diff --git a/ossl_x509store.c b/ossl_x509store.c
index 45d365f..230db50 100644
--- a/ossl_x509store.c
+++ b/ossl_x509store.c
@@ -128,6 +128,12 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
     X509_STORE_set_verify_cb_func(store, ossl_verify_cb);
     ossl_x509store_set_vfy_cb(self, Qnil);
 
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+    rb_iv_set(self, "@flags", INT2NUM(0));
+    rb_iv_set(self, "@purpose", INT2NUM(0));
+    rb_iv_set(self, "@trust", INT2NUM(0));
+#endif
+
     /* last verification status */
     rb_iv_set(self, "@error", Qnil);
     rb_iv_set(self, "@error_string", Qnil);
@@ -139,10 +145,14 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
 static VALUE
 ossl_x509store_set_flags(VALUE self, VALUE flags)
 {
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     X509_STORE *store;
 
     GetX509Store(self, store);
     X509_STORE_set_flags(store, NUM2LONG(flags));
+#else
+    rb_iv_set(self, "@flags", flags);
+#endif
 
     return flags;
 }
@@ -150,10 +160,14 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
 static VALUE
 ossl_x509store_set_purpose(VALUE self, VALUE purpose)
 {
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     X509_STORE *store;
-
+    
     GetX509Store(self, store);
     X509_STORE_set_purpose(store, NUM2LONG(purpose));
+#else
+    rb_iv_set(self, "@purpose", purpose);
+#endif
 
     return purpose;
 }
@@ -161,10 +175,14 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
 static VALUE
 ossl_x509store_set_trust(VALUE self, VALUE trust)
 {
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     X509_STORE *store;
 
     GetX509Store(self, store);
     X509_STORE_set_trust(store, NUM2LONG(trust));
+#else
+    rb_iv_set(self, "@trust", trust);
+#endif
 
     return trust;
 }
@@ -327,10 +345,17 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
     SafeGetX509Store(store, x509st);
     if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
     if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
         sk_X509_pop_free(x509s, X509_free);
         ossl_raise(eX509StoreError, NULL);
     }
+#else
+    X509_STORE_CTX_init(ctx, x509st, x509, x509s);
+    X509_STORE_CTX_set_flags(ctx, NUM2INT(rb_iv_get(store, "@flags")));
+    X509_STORE_CTX_set_purpose(ctx, NUM2INT(rb_iv_get(store, "@purpose")));
+    X509_STORE_CTX_set_trust(ctx, NUM2INT(rb_iv_get(store, "@trust")));
+#endif
     rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
     rb_iv_set(self, "@cert", cert);
 
@@ -433,12 +458,16 @@ ossl_x509stctx_get_curr_cert(VALUE self)
 static VALUE
 ossl_x509stctx_get_curr_crl(VALUE self)
 {
+#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     X509_STORE_CTX *ctx;
 
     GetX509StCtx(self, ctx);
     if(!ctx->current_crl) return Qnil;
 
     return ossl_x509crl_new(ctx->current_crl);
+#else
+    return Qnil;
+#endif
 }
 
 static VALUE
@@ -452,6 +481,39 @@ ossl_x509stctx_cleanup(VALUE self)
     return self;
 }
 
+static VALUE
+ossl_x509stctx_set_flags(VALUE self, VALUE flags)
+{
+    X509_STORE_CTX *store;
+
+    GetX509StCtx(self, store);
+    X509_STORE_CTX_set_flags(store, NUM2LONG(flags));
+
+    return flags;
+}
+
+static VALUE
+ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
+{
+    X509_STORE_CTX *store;
+
+    GetX509StCtx(self, store);
+    X509_STORE_CTX_set_purpose(store, NUM2LONG(purpose));
+
+    return purpose;
+}
+
+static VALUE
+ossl_x509stctx_set_trust(VALUE self, VALUE trust)
+{
+    X509_STORE_CTX *store;
+
+    GetX509StCtx(self, store);
+    X509_STORE_CTX_set_trust(store, NUM2LONG(trust));
+
+    return trust;
+}
+
 /*
  * INIT
  */
@@ -492,5 +554,8 @@ Init_ossl_x509store()
     rb_define_method(x509stctx,"current_cert",ossl_x509stctx_get_curr_cert, 0);
     rb_define_method(x509stctx,"current_crl", ossl_x509stctx_get_curr_crl, 0);
     rb_define_method(x509stctx,"cleanup",     ossl_x509stctx_cleanup, 0);
+    rb_define_method(x509stctx,"flags=",      ossl_x509stctx_set_flags, 1);
+    rb_define_method(x509stctx,"purpose=",    ossl_x509stctx_set_purpose, 1);
+    rb_define_method(x509stctx,"trust=",      ossl_x509stctx_set_trust, 1);
 
 }
author	Michal Rokos <m.rokos@sh.cvut.cz>	2003-07-21 10:33:07 +0000
committer	Michal Rokos <m.rokos@sh.cvut.cz>	2003-07-21 10:33:07 +0000
commit	d33b4b6141c65d7de627ec8238bdad43585cdc6b (patch)
tree	93c19e3ca1bd5ca028906636f17032ca294c5f1a
parent	b4646f832b9f92e51ccf36823a9e3254c30e2c7c (diff)
download	ruby-openssl-history-d33b4b6141c65d7de627ec8238bdad43585cdc6b.tar.gz