diff options
author | Michal Rokos <m.rokos@sh.cvut.cz> | 2003-07-21 10:33:07 +0000 |
---|---|---|
committer | Michal Rokos <m.rokos@sh.cvut.cz> | 2003-07-21 10:33:07 +0000 |
commit | d33b4b6141c65d7de627ec8238bdad43585cdc6b (patch) | |
tree | 93c19e3ca1bd5ca028906636f17032ca294c5f1a | |
parent | b4646f832b9f92e51ccf36823a9e3254c30e2c7c (diff) | |
download | ruby-openssl-history-d33b4b6141c65d7de627ec8238bdad43585cdc6b.tar.gz |
OpenSSL 0.9.6 compatibility
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | extconf.rb | 81 | ||||
-rw-r--r-- | openssl_missing.c | 126 | ||||
-rw-r--r-- | openssl_missing.h | 64 | ||||
-rw-r--r-- | ossl.c | 4 | ||||
-rw-r--r-- | ossl.h | 10 | ||||
-rw-r--r-- | ossl_bn.c | 6 | ||||
-rw-r--r-- | ossl_cipher.c | 5 | ||||
-rw-r--r-- | ossl_config.c | 10 | ||||
-rw-r--r-- | ossl_ocsp.c | 9 | ||||
-rw-r--r-- | ossl_ssl.c | 4 | ||||
-rw-r--r-- | ossl_x509.c | 6 | ||||
-rw-r--r-- | ossl_x509store.c | 67 |
13 files changed, 354 insertions, 41 deletions
@@ -1,3 +1,6 @@ +Mon, 21 Jul 2003 12:33:14 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * Added OpenSSL 0.9.6 compatibility + Mon, 21 Jul 2003 08:53:55 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> * digest.c: Redo compatibility with original Ruby's digests * pkey.c: Redo #to_der to be more straight going @@ -16,6 +16,17 @@ require "mkmf" +def have_defined(macro, header=nil) + checking_for "#{macro}" do + if macro_defined?(macro, cpp_include(header)) + $defs.push(format("-DHAVE_%s", macro.upcase)) + true + else + false + end + end +end + if RUBY_PLATFORM =~ /mswin32/ CRYPTOLIB="libeay32" SSLLIB="ssleay32" @@ -35,10 +46,6 @@ includes, = dir_config("openssl") includes ||= "/usr/include" message "=== OpenSSL for Ruby configurator ===\n" -message "=== Checking for system dependent stuff... ===\n" -have_header("unistd.h") -have_header("sys/time.h") -message "=== Checking for system dependent stuff done. ===\n" ## @@ -80,32 +87,68 @@ end def have_openssl_097(inc_dir) # FIXME: # checking_for("OpenSSL >= 0.9.7") do - printf "Checking for OpenSSL >= 0.9.7..." + printf "checking for OpenSSL version... " File.open(inc_dir+"/openssl/opensslv.h") {|f| txt = f.read - result = ((txt.grep(/#define SHLIB_VERSION_NUMBER/)[0].split '"')[1] < "0.9.7") - puts result ? "no" : "yes" - !result + puts (txt.grep(/#define SHLIB_VERSION_NUMBER/)[0].split '"')[1] + true } end message "=== Checking for required stuff... ===\n" result = have_header("openssl/crypto.h") -result &= have_library(CRYPTOLIB, "OPENSSL_load_builtin_modules") +result &= have_library(CRYPTOLIB, "OpenSSL_add_all_digests") result &= have_library(SSLLIB, "SSL_library_init") -result &= have_openssl_097(includes) - -have_func("rb_obj_init_copy", "ruby.h") -have_func("HMAC_CTX_copy") -have_func("X509_STORE_set_ex_data") -if result - message "=== Checking for required stuff done. ===\n" - create_makefile("openssl") - message "Done.\n" -else +if !result message "=== Checking for required stuff failed. ===\n" message "Makefile wasn't created. Fix the errors above.\n" + exit 1 end +message "=== Checking for system dependent stuff... ===\n" +have_header("unistd.h") +have_header("sys/time.h") + +message "=== Checking for OpenSSL features... ===\n" +have_openssl_097(includes) +have_defined("PEM_read_bio_DSAPublicKey", "openssl/pem.h") +have_defined("PEM_write_bio_DSAPublicKey", "openssl/pem.h") +have_defined("DSAPrivateKey_dup", "openssl/dsa.h") +have_defined("DSAPublicKey_dup", "openssl/dsa.h") +have_defined("X509_REVOKED_dup", "openssl/x509.h") +have_defined("PKCS7_SIGNER_INFO_dup", "openssl/pkcs7") +have_defined("PKCS7_RECIP_INFO_dup", "openssl/pkcs7") +have_func("HMAC_CTX_copy") +have_func("X509_STORE_get_ex_data") +have_func("X509_STORE_set_ex_data") +have_func("EVP_MD_CTX_create") +have_func("EVP_MD_CTX_cleanup") +have_func("EVP_MD_CTX_destroy") +have_func("PEM_def_callback") +have_defined("EVP_CIPHER_name", "openssl/evp.h") +have_defined("EVP_MD_name", "openssl/evp.h") +have_func("EVP_MD_CTX_init") +have_func("HMAC_CTX_init") +have_func("HMAC_CTX_cleanup") +have_defined("PKCS7_is_detached", "openssl/pkcs7.h") +have_defined("PKCS7_type_is_encrypted", "openssl/pkcs7.h") +have_func("X509_CRL_set_version") +have_func("X509_CRL_set_issuer_name") +have_func("X509_CRL_sort") +have_func("X509_CRL_add0_revoked") +have_struct_member("X509_STORE_CTX", "current_crl", "openssl/x509.h") +have_struct_member("X509_STORE", "flags", "openssl/x509.h") +have_struct_member("X509_STORE", "purpose", "openssl/x509.h") +have_struct_member("X509_STORE", "trust", "openssl/x509.h") +have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h") +have_func("BN_mod_sqr") + +message "=== Checking for Ruby features... ===\n" +have_func("rb_obj_init_copy", "ruby.h") + +message "=== Checking done. ===\n" +create_makefile("openssl") +message "Done.\n" + diff --git a/openssl_missing.c b/openssl_missing.c index c84459d..2ff719e 100644 --- a/openssl_missing.c +++ b/openssl_missing.c @@ -51,3 +51,129 @@ void *X509_STORE_get_ex_data(X509_STORE *str, int idx) return CRYPTO_get_ex_data(&str->ex_data,idx); } #endif /* HAVE_X509_STORE_SET_EX_DATA */ + +#if !defined(HAVE_EVP_MD_CTX_CREATE) +EVP_MD_CTX *EVP_MD_CTX_create(void) +{ + EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + + memset(ctx, '\0', sizeof *ctx); + + return ctx; +} +#endif /* HAVE_EVP_MD_CTX_CREATE */ + +#if !defined(HAVE_EVP_MD_CTX_CLEANUP) +int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +{ +#warning FIXME!!! + memset(ctx, '\0', sizeof *ctx); + + return 1; +} +#endif /* HAVE_EVP_MD_CTX_CLEANUP */ + +#if !defined(HAVE_EVP_MD_CTX_DESTROY) +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_cleanup(ctx); + OPENSSL_free(ctx); +} +#endif /* HAVE_EVP_MD_CTX_DESTROY */ + +#if !defined(HAVE_EVP_MD_CTX_INIT) +void EVP_MD_CTX_init(EVP_MD_CTX *ctx) +{ + memset(ctx,'\0',sizeof *ctx); +} +#endif + +#if !defined(HAVE_HMAC_CTX_INIT) +void HMAC_CTX_init(HMAC_CTX *ctx) +{ + EVP_MD_CTX_init(&ctx->i_ctx); + EVP_MD_CTX_init(&ctx->o_ctx); + EVP_MD_CTX_init(&ctx->md_ctx); +} +#endif + +#if !defined(HAVE_HMAC_CTX_CLEANUP) +void HMAC_CTX_cleanup(HMAC_CTX *ctx) +{ + EVP_MD_CTX_cleanup(&ctx->i_ctx); + EVP_MD_CTX_cleanup(&ctx->o_ctx); + EVP_MD_CTX_cleanup(&ctx->md_ctx); + memset(ctx,0,sizeof *ctx); +} +#endif + +#if !defined(HAVE_X509_CRL_SET_VERSION) +int X509_CRL_set_version(X509_CRL *x, long version) +{ + if (x == NULL) return(0); + if (x->crl->version == NULL) + { + if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL) + return(0); + } + return(ASN1_INTEGER_set(x->crl->version,version)); +} +#endif + +#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME) +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) +{ + if ((x == NULL) || (x->crl == NULL)) return(0); + return(X509_NAME_set(&x->crl->issuer,name)); +} +#endif + +#if !defined(HAVE_X509_CRL_SORT) +int X509_CRL_sort(X509_CRL *c) +{ + int i; + X509_REVOKED *r; + /* sort the data so it will be written in serial + * number order */ + sk_X509_REVOKED_sort(c->crl->revoked); + for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) + { + r=sk_X509_REVOKED_value(c->crl->revoked,i); + r->sequence=i; + } + return 1; +} +#endif + +#if !defined(X509_CRL_ADD0_REVOKED) +static int OSSL_X509_REVOKED_cmp(const X509_REVOKED * const *a, + const X509_REVOKED * const *b) +{ + return(ASN1_STRING_cmp( + (ASN1_STRING *)(*a)->serialNumber, + (ASN1_STRING *)(*b)->serialNumber)); +} + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) +{ + X509_CRL_INFO *inf; + inf = crl->crl; + if(!inf->revoked) + inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp); + if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { + /* ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); */ + return 0; + } + return 1; +} +#endif + +#if !defined(HAVE_BN_MOD_SQR) +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) + { + if (!BN_sqr(r, a, ctx)) return 0; + /* r->neg == 0, thus we don't need BN_nnmod */ + return BN_mod(r, r, m, ctx); + } +#endif + diff --git a/openssl_missing.h b/openssl_missing.h index de7db8e..5872982 100644 --- a/openssl_missing.h +++ b/openssl_missing.h @@ -19,44 +19,76 @@ extern "C" { * These functions are not included in headers of OPENSSL <= 0.9.6b */ -/* to pem.h */ -#if !defined(OPENSSL_NO_DSA) +#if !defined(HAVE_PEM_READ_BIO_DSAPUBLICKEY) # define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ (char *(*)())d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,bp,(char **)x,cb,u) +#endif + +#if !defined(HAVE_PEM_WRITE_BIO_DSAPUBLICKEY) # define PEM_write_bio_DSAPublicKey(bp,x) \ PEM_ASN1_write_bio((int (*)())i2d_DSAPublicKey,\ PEM_STRING_DSA_PUBLIC,\ bp,(char *)x, NULL, NULL, 0, NULL, NULL) -#endif /* NO_DSA */ +#endif -/* to x509.h */ -#if !defined(OPENSSL_NO_DSA) +#if !defined(HAVE_DSAPRIVATEKEY_DUP) # define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPrivateKey, \ (char *(*)())d2i_DSAPrivateKey,(char *)dsa) +#endif + +#if !defined(HAVE_DSAPUBLICKEY_DUP) # define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPublicKey, \ (char *(*)())d2i_DSAPublicKey,(char *)dsa) -#endif /* NO_DSA */ +#endif +#if !defined(HAVE_X509_REVOKED_DUP) # define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((int (*)())i2d_X509_REVOKED, \ (char *(*)())d2i_X509_REVOKED, (char *)rev) +#endif -/* to pkcs7.h */ -#define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((int (*)())i2d_PKCS7_SIGNER_INFO, \ +#if !defined(HAVE_PKCS7_SIGNER_INFO_DUP) +# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((int (*)())i2d_PKCS7_SIGNER_INFO, \ (char *(*)())d2i_PKCS7_SIGNER_INFO, (char *)si) -#define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((int (*)())i2d_PKCS7_RECIP_INFO, \ +#endif + +#if !defined(HAVE_PKCS7_RECIP_INFO_DUP) +# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((int (*)())i2d_PKCS7_RECIP_INFO, \ (char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri) +#endif -#if !defined(OPENSSL_NO_HMAC) -#if !defined(HAVE_HMAC_CTX_COPY) int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); -#endif /* HAVE_HMAC_CTX_COPY */ -#endif /* NO_HMAC */ - -#if !defined(HAVE_X509_STORE_SET_EX_DATA) -int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); void *X509_STORE_get_ex_data(X509_STORE *str, int idx); +int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); +EVP_MD_CTX *EVP_MD_CTX_create(void); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); + +#if !defined(HAVE_EVP_CIPHER_NAME) +# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) #endif +#if !defined(HAVE_EVP_MD_NAME) +# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e)) +#endif + +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +void HMAC_CTX_init(HMAC_CTX *ctx); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +#if !defined(HAVE_PKCS7_IS_DETACHED) +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) +#endif + +#if !defined(HAVE_PKCS7_TYPE_IS_ENCRYPTED) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +#endif + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_sort(X509_CRL *c); +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + #if defined(__cplusplus) } #endif @@ -292,6 +292,7 @@ OSSL_SK2ARY(x509crl, X509_CRL) /* * our default PEM callback */ +#if defined(HAVE_PEM_DEF_CALLBACK) static VALUE ossl_pem_passwd_cb0(VALUE flag) { @@ -312,7 +313,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd) if (pwd || !rb_block_given_p()) return PEM_def_callback(buf, max_len, flag, pwd); - while(1){ + while (1) { /* * when the flag is nonzero, this passphrase * will be used to perform encryption; otherwise it will @@ -335,6 +336,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd) } return len; } +#endif /* * Verify callback @@ -24,9 +24,11 @@ extern "C" { #include <version.h> #include <openssl/opensslv.h> +/* #if (OPENSSL_VERSION_NUMBER < 0x00907000L) # error ! This version of OSSL needs OpenSSL >= 0.9.7 for its run! #endif + */ #if defined(NT) || defined(_WIN32) # define OpenFile WINAPI_OpenFile @@ -38,7 +40,9 @@ extern "C" { #include <openssl/ssl.h> #include <openssl/hmac.h> #include <openssl/rand.h> -#include <openssl/ocsp.h> +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) +# include <openssl/ocsp.h> +#endif #if defined(NT) || defined(_WIN32) # undef OpenFile #endif @@ -115,7 +119,11 @@ STACK_OF(X509) *ossl_protect_x509_ary2sk(VALUE,int*); /* * our default PEM callback */ +#if defined(HAVE_PEM_DEF_CALLBACK) int ossl_pem_passwd_cb(char *, int, int, void *); +#else +# define ossl_pem_passwd_cb NULL +#endif /* * ERRor messages @@ -372,8 +372,10 @@ ossl_bn_div(VALUE self, VALUE other) WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) BIGNUM_3c(mod_add); BIGNUM_3c(mod_sub); +#endif BIGNUM_3c(mod_mul); BIGNUM_3c(mod_exp); @@ -647,10 +649,12 @@ Init_ossl_bn() rb_define_method(cBN, "%", ossl_bn_mod, 1); /* nnmod */ +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) rb_define_method(cBN, "mod_add", ossl_bn_mod_add, 2); rb_define_method(cBN, "mod_sub", ossl_bn_mod_sub, 2); - rb_define_method(cBN, "mod_mul", ossl_bn_mod_mul, 2); +#endif rb_define_method(cBN, "mod_sqr", ossl_bn_mod_sqr, 1); + rb_define_method(cBN, "mod_mul", ossl_bn_mod_mul, 2); rb_define_method(cBN, "**", ossl_bn_exp, 1); rb_define_method(cBN, "mod_exp", ossl_bn_mod_exp, 2); rb_define_method(cBN, "gcd", ossl_bn_gcd, 1); diff --git a/ossl_cipher.c b/ossl_cipher.c index eef7c90..a00e823 100644 --- a/ossl_cipher.c +++ b/ossl_cipher.c @@ -310,13 +310,16 @@ ossl_cipher_set_iv(VALUE self, VALUE iv) static VALUE ossl_cipher_set_padding(VALUE self, VALUE padding) { +#if defined(HAVE_ST_FLAGS) EVP_CIPHER_CTX *ctx; GetCipher(self, ctx); if (EVP_CIPHER_CTX_set_padding(ctx, NUM2INT(padding)) != 1) ossl_raise(eCipherError, NULL); - +#else + rb_notimplement(); +#endif return padding; } diff --git a/ossl_config.c b/ossl_config.c index 5109d3d..08bfb8e 100644 --- a/ossl_config.c +++ b/ossl_config.c @@ -45,15 +45,23 @@ ossl_config_s_load(int argc, VALUE *argv, VALUE klass) char *filename; VALUE path, obj; - if (rb_scan_args(argc, argv, "01", &path) == 1) { + if (rb_scan_args(argc, argv, +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) + "01" +#else + "10" +#endif + , &path) == 1) { SafeStringValue(path); filename = RSTRING(path)->ptr; } +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) else { if (!(filename = CONF_get1_default_config_file())) { ossl_raise(eConfigError, NULL); } } +#endif /* * FIXME * Does't work for Windows? diff --git a/ossl_ocsp.c b/ossl_ocsp.c index 8e0bd4f..6dfb488 100644 --- a/ossl_ocsp.c +++ b/ossl_ocsp.c @@ -11,6 +11,8 @@ */ #include "ossl.h" +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) + #define WrapOCSPReq(klass, obj, req) do { \ if(!req) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \ obj = Data_Wrap_Struct(klass, 0, OCSP_REQUEST_free, req); \ @@ -754,3 +756,10 @@ Init_ossl_ocsp() DefOCSPVConst(RESPID_NAME); DefOCSPVConst(RESPID_KEY); } + +#else /* OPENSSL_VERSION_NUMBER < 0x0090700L */ +void +Init_ossl_ocsp() +{ +} +#endif @@ -656,13 +656,17 @@ Init_ossl_ssl() * ossl_ssl_def_const(OP_DONT_INSERT_EMPTY_FRAGMENTS); */ ossl_ssl_def_const(OP_ALL); +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) ossl_ssl_def_const(OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); +#endif #ifdef SSL_OP_SINGLE_ECDH_USE ossl_ssl_def_const(OP_SINGLE_ECDH_USE); #endif ossl_ssl_def_const(OP_SINGLE_DH_USE); ossl_ssl_def_const(OP_EPHEMERAL_RSA); +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) ossl_ssl_def_const(OP_CIPHER_SERVER_PREFERENCE); +#endif ossl_ssl_def_const(OP_TLS_ROLLBACK_BUG); ossl_ssl_def_const(OP_NO_SSLv2); ossl_ssl_def_const(OP_NO_SSLv3); diff --git a/ossl_x509.c b/ossl_x509.c index 5de2b6b..0363086 100644 --- a/ossl_x509.c +++ b/ossl_x509.c @@ -62,8 +62,10 @@ Init_ossl_x509() DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN); DefX509Const(V_ERR_APPLICATION_VERIFICATION); +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) DefX509Const(V_FLAG_CRL_CHECK); DefX509Const(V_FLAG_CRL_CHECK_ALL); +#endif DefX509Const(PURPOSE_SSL_CLIENT); DefX509Const(PURPOSE_SSL_SERVER); @@ -72,13 +74,17 @@ Init_ossl_x509() DefX509Const(PURPOSE_SMIME_ENCRYPT); DefX509Const(PURPOSE_CRL_SIGN); DefX509Const(PURPOSE_ANY); +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) DefX509Const(PURPOSE_OCSP_HELPER); +#endif DefX509Const(TRUST_COMPAT); DefX509Const(TRUST_SSL_CLIENT); DefX509Const(TRUST_SSL_SERVER); DefX509Const(TRUST_EMAIL); DefX509Const(TRUST_OBJECT_SIGN); +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) DefX509Const(TRUST_OCSP_SIGN); DefX509Const(TRUST_OCSP_REQUEST); +#endif } diff --git a/ossl_x509store.c b/ossl_x509store.c index 45d365f..230db50 100644 --- a/ossl_x509store.c +++ b/ossl_x509store.c @@ -128,6 +128,12 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) X509_STORE_set_verify_cb_func(store, ossl_verify_cb); ossl_x509store_set_vfy_cb(self, Qnil); +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) + rb_iv_set(self, "@flags", INT2NUM(0)); + rb_iv_set(self, "@purpose", INT2NUM(0)); + rb_iv_set(self, "@trust", INT2NUM(0)); +#endif + /* last verification status */ rb_iv_set(self, "@error", Qnil); rb_iv_set(self, "@error_string", Qnil); @@ -139,10 +145,14 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_x509store_set_flags(VALUE self, VALUE flags) { +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; GetX509Store(self, store); X509_STORE_set_flags(store, NUM2LONG(flags)); +#else + rb_iv_set(self, "@flags", flags); +#endif return flags; } @@ -150,10 +160,14 @@ ossl_x509store_set_flags(VALUE self, VALUE flags) static VALUE ossl_x509store_set_purpose(VALUE self, VALUE purpose) { +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; - + GetX509Store(self, store); X509_STORE_set_purpose(store, NUM2LONG(purpose)); +#else + rb_iv_set(self, "@purpose", purpose); +#endif return purpose; } @@ -161,10 +175,14 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose) static VALUE ossl_x509store_set_trust(VALUE self, VALUE trust) { +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; GetX509Store(self, store); X509_STORE_set_trust(store, NUM2LONG(trust)); +#else + rb_iv_set(self, "@trust", trust); +#endif return trust; } @@ -327,10 +345,17 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) SafeGetX509Store(store, x509st); if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */ if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain); +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){ sk_X509_pop_free(x509s, X509_free); ossl_raise(eX509StoreError, NULL); } +#else + X509_STORE_CTX_init(ctx, x509st, x509, x509s); + X509_STORE_CTX_set_flags(ctx, NUM2INT(rb_iv_get(store, "@flags"))); + X509_STORE_CTX_set_purpose(ctx, NUM2INT(rb_iv_get(store, "@purpose"))); + X509_STORE_CTX_set_trust(ctx, NUM2INT(rb_iv_get(store, "@trust"))); +#endif rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); rb_iv_set(self, "@cert", cert); @@ -433,12 +458,16 @@ ossl_x509stctx_get_curr_cert(VALUE self) static VALUE ossl_x509stctx_get_curr_crl(VALUE self) { +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE_CTX *ctx; GetX509StCtx(self, ctx); if(!ctx->current_crl) return Qnil; return ossl_x509crl_new(ctx->current_crl); +#else + return Qnil; +#endif } static VALUE @@ -452,6 +481,39 @@ ossl_x509stctx_cleanup(VALUE self) return self; } +static VALUE +ossl_x509stctx_set_flags(VALUE self, VALUE flags) +{ + X509_STORE_CTX *store; + + GetX509StCtx(self, store); + X509_STORE_CTX_set_flags(store, NUM2LONG(flags)); + + return flags; +} + +static VALUE +ossl_x509stctx_set_purpose(VALUE self, VALUE purpose) +{ + X509_STORE_CTX *store; + + GetX509StCtx(self, store); + X509_STORE_CTX_set_purpose(store, NUM2LONG(purpose)); + + return purpose; +} + +static VALUE +ossl_x509stctx_set_trust(VALUE self, VALUE trust) +{ + X509_STORE_CTX *store; + + GetX509StCtx(self, store); + X509_STORE_CTX_set_trust(store, NUM2LONG(trust)); + + return trust; +} + /* * INIT */ @@ -492,5 +554,8 @@ Init_ossl_x509store() rb_define_method(x509stctx,"current_cert",ossl_x509stctx_get_curr_cert, 0); rb_define_method(x509stctx,"current_crl", ossl_x509stctx_get_curr_crl, 0); rb_define_method(x509stctx,"cleanup", ossl_x509stctx_cleanup, 0); + rb_define_method(x509stctx,"flags=", ossl_x509stctx_set_flags, 1); + rb_define_method(x509stctx,"purpose=", ossl_x509stctx_set_purpose, 1); + rb_define_method(x509stctx,"trust=", ossl_x509stctx_set_trust, 1); } |