diff options
author | GOTOU Yuuzou <gotoyuzo@notwork.org> | 2003-07-03 03:43:03 +0000 |
---|---|---|
committer | GOTOU Yuuzou <gotoyuzo@notwork.org> | 2003-07-03 03:43:03 +0000 |
commit | b5c76b82b15d785afdbee77660dafd83f25404f1 (patch) | |
tree | a692bfeba5ab5466433fffcfa315e9e4b993ed49 | |
parent | 9828c2d011d05f5fb6745710e27aecf1de81cd23 (diff) | |
download | ruby-openssl-history-b5c76b82b15d785afdbee77660dafd83f25404f1.tar.gz |
* ossl_ocsp.c: OCSP::Respopnse#basic returns nil if no OCSP_BASICRESP given.
* ossl_x509name.c: X509::Name#eql?: should check type of other.
* ossl_x509crl.[ch]: add ossl_x509crl_new();
* ossl_x509store.c:
- add X509::StoreContext#current_crl
- del X509::StoreContext#add_crl_file (use #add_file instead.)
* lib/net/https.rb: fix attrs.
* examples/ossl_x509store.rb: revised.
-rw-r--r-- | ChangeLog | 10 | ||||
-rwxr-xr-x | examples/ossl_x509store.rb | 38 | ||||
-rw-r--r-- | lib/net/https.rb | 21 | ||||
-rw-r--r-- | ossl_ocsp.c | 2 | ||||
-rw-r--r-- | ossl_x509.h | 1 | ||||
-rw-r--r-- | ossl_x509crl.c | 13 | ||||
-rw-r--r-- | ossl_x509name.c | 1 | ||||
-rw-r--r-- | ossl_x509store.c | 32 |
8 files changed, 72 insertions, 46 deletions
@@ -1,3 +1,13 @@ +Thu, 03 Jul 2003 12:04:33 +0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org> + * ossl_ocsp.c: OCSP::Respopnse#basic returns nil if no OCSP_BASICRESP given. + * ossl_x509name.c: X509::Name#eql?: should check type of other. + * ossl_x509crl.[ch]: add ossl_x509crl_new(); + * ossl_x509store.c: + - add X509::StoreContext#current_crl + - del X509::StoreContext#add_crl_file (use #add_file instead.) + * lib/net/https.rb: fix attrs. + * examples/ossl_x509store.rb: revised. + Thu, 03 Jul 2003 02:52:47 +0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org> * ossl_ssl.c: added ossl_sslctx_free() as a workaround. diff --git a/examples/ossl_x509store.rb b/examples/ossl_x509store.rb index cad5121..a569298 100755 --- a/examples/ossl_x509store.rb +++ b/examples/ossl_x509store.rb @@ -5,18 +5,22 @@ include OpenSSL verify_cb = lambda{|ok, ctx| curr_cert = ctx.current_cert + curr_crl = ctx.current_crl puts puts " ====begin Verify====" puts " checking #{curr_cert.subject.to_s}, #{curr_cert.serial}" puts " ok = #{ok}: depth = #{ctx.error_depth}" - puts " error = #{ctx.error}: \"#{ctx.error_string}\"" - puts " chain = #{ctx.chain.collect{|cert| cert.subject }.inspect}" + unless ok + puts " error = #{ctx.error}: \"#{ctx.error_string}\"" + puts " chain = #{ctx.chain.collect{|cert| cert.subject }.inspect}" + puts " crl = #{curr_crl.issuer}" if curr_crl + end puts " ==== end Verify====" #raise "SOME ERROR!" # Cert will be rejected #false # Cert will be rejected #true # Cert is OK ok # just throw 'ok' through - true + ok } def verify_with_store(store, certs, callback) @@ -24,14 +28,14 @@ def verify_with_store(store, certs, callback) print "serial = #{cert.serial}: " # verify - #print store.verify(cert) ? "Yes " : "No " + #print store.verify(cert) ? "OK " : "NG " #if store.error != X509::V_OK # puts store.error_string.inspect #end # verify with block result = store.verify(cert, &callback) - print result ? "Yes " : "No " + print result ? "OK " : "NG " if store.error != X509::V_OK puts store.error_string.inspect end @@ -39,7 +43,7 @@ def verify_with_store(store, certs, callback) # verify by StoreContext #ctx = X509::StoreContext.new(store) #ctx.cert = cert - #print ctx.verify ? "Yes " : "No " + #print ctx.verify ? "OK " : "NG " #if ctx.error != X509::V_OK # puts ctx.error_string.inspect #end @@ -62,24 +66,28 @@ certs.each{|cert| puts cert.verify(ca.public_key) ? "Yes" : "No" } -crl = X509::CRL.new(File.read("./#{ca.serial}crl.pem")) -puts "CA = \"#{ca.issuer}\", CRL = \"#{crl.issuer}\"" -print "Is CRL signed by CA?... " -puts crl.verify(ca.public_key) ? "Yes" : "No" -puts "In CRL there are serials:" -crl.revoked.each {|revoked| - puts "> #{revoked.serial} - revoked at #{revoked.time}" -} - puts "========== Create Cert Store and Verify Certs ==========" store = X509::Store.new store.purpose = X509::PURPOSE_SSL_CLIENT store.verify_callback = verify_cb if $VERBOSE store.add_cert(ca) +#store.add_path("./cert") +#store.add_file("./0cert.pem") verify_with_store(store, certs, verify_cb) +puts "========== Load CRL ==========" +crl = X509::CRL.new(File.read("./0crl.pem")) +print "Is CRL signed by CA?... " +puts crl.verify(ca.public_key) ? "Yes" : "No" +puts "In CRL there are serials:" +crl.revoked.each {|revoked| + puts "> #{revoked.serial} - revoked at #{revoked.time}" +} + puts "========== Add CRL to the Store and Verify Certs ==========" # CRL does NOT have affect on validity in current OpenSSL <= 0.9.6c !!! store.add_crl(crl) +#store.add_path("./crl") +#store.add_file("./0crl.pem") store.flags = X509::V_FLAG_CRL_CHECK|X509::V_FLAG_CRL_CHECK_ALL verify_with_store(store, certs, verify_cb) diff --git a/lib/net/https.rb b/lib/net/https.rb index 01a8bbc..0f5cb13 100644 --- a/lib/net/https.rb +++ b/lib/net/https.rb @@ -103,16 +103,6 @@ require 'net/http' module Net class HTTP - def self.socket_type - SSLIO - end - - attr_accessor :use_ssl - attr_writer :key, :cert, :key_file, :cert_file - attr_writer :ca_file, :ca_path, :timeout - attr_writer :verify_mode, :verify_callback, :verify_depth - attr_reader :peer_cert - class Conn < HTTPRequest REQUEST_HAS_BODY=false RESPONSE_HAS_BODY=false @@ -143,6 +133,17 @@ module Net end end + def self.socket_type + SSLIO + end + + attr_accessor :use_ssl + attr_writer :key, :cert + attr_writer :ca_file, :ca_path + attr_writer :verify_mode, :verify_callback, :verify_depth + attr_writer :cert_store, :timeout + attr_reader :peer_cert + alias :default_initialize :initialize def initialize(*args) diff --git a/ossl_ocsp.c b/ossl_ocsp.c index 548a353..941acbe 100644 --- a/ossl_ocsp.c +++ b/ossl_ocsp.c @@ -355,7 +355,7 @@ ossl_ocspres_get_basic(VALUE self) GetOCSPRes(self, res); if(!(bs = OCSP_response_get1_basic(res))) - ossl_raise(eOCSPError, NULL); + return Qnil; WrapOCSPBasicRes(cOCSPBasicRes, ret, bs); return ret; diff --git a/ossl_x509.h b/ossl_x509.h index f53dfa6..f3fcd6a 100644 --- a/ossl_x509.h +++ b/ossl_x509.h @@ -46,6 +46,7 @@ void Init_ossl_x509cert(void); extern VALUE cX509CRL; extern VALUE eX509CRLError; +VALUE ossl_x509crl_new(X509_CRL *); X509_CRL *GetX509CRLPtr(VALUE); X509_CRL *DupX509CRLPtr(VALUE); void Init_ossl_x509crl(void); diff --git a/ossl_x509crl.c b/ossl_x509crl.c index 96a61ec..1678786 100644 --- a/ossl_x509crl.c +++ b/ossl_x509crl.c @@ -57,6 +57,19 @@ DupX509CRLPtr(VALUE obj) return crl; } +VALUE +ossl_x509crl_new(X509_CRL *crl) +{ + X509_CRL *tmp; + VALUE obj; + + tmp = crl ? X509_CRL_dup(crl) : X509_CRL_new(); + if(!tmp) ossl_raise(eX509CertError, ""); + WrapX509CRL(cX509CRL, obj, tmp); + + return obj; +} + /* * PRIVATE */ diff --git a/ossl_x509name.c b/ossl_x509name.c index c329039..deb68b5 100644 --- a/ossl_x509name.c +++ b/ossl_x509name.c @@ -212,6 +212,7 @@ ossl_x509name_eql(VALUE self, VALUE other) { int result; + if(TYPE(other) != cX509Name) return Qfalse; result = ossl_x509name_cmp0(self, other); return (result == 0) ? Qtrue : Qfalse; diff --git a/ossl_x509store.c b/ossl_x509store.c index 6a6a1af..50b861d 100644 --- a/ossl_x509store.c +++ b/ossl_x509store.c @@ -212,25 +212,6 @@ ossl_x509store_add_path(VALUE self, VALUE dir) } static VALUE -ossl_x509store_add_crl_file(VALUE self, VALUE file) -{ - X509_STORE *store; - X509_LOOKUP *lookup; - - Check_SafeStr(file); - GetX509Store(self, store); - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if(lookup == NULL){ - ossl_raise(eX509StoreError, ""); - } - if(X509_load_crl_file(lookup, RSTRING(file)->ptr,X509_FILETYPE_PEM) != 1){ - ossl_raise(eX509StoreError, ""); - } - - return self; -} - -static VALUE ossl_x509store_add_cert(VALUE self, VALUE arg) { X509_STORE *store; @@ -449,6 +430,17 @@ ossl_x509stctx_get_curr_cert(VALUE self) } static VALUE +ossl_x509stctx_get_curr_crl(VALUE self) +{ + X509_STORE_CTX *ctx; + + GetX509StCtx(self, ctx); + if(!ctx->current_crl) return Qnil; + + return ossl_x509crl_new(ctx->current_crl); +} + +static VALUE ossl_x509stctx_cleanup(VALUE self) { X509_STORE_CTX *ctx; @@ -485,7 +477,6 @@ Init_ossl_x509store() rb_define_method(cX509Store, "trust=", ossl_x509store_set_trust, 1); rb_define_method(cX509Store, "add_path", ossl_x509store_add_path, 1); rb_define_method(cX509Store, "add_file", ossl_x509store_add_file, 1); - rb_define_method(cX509Store, "add_crl_file", ossl_x509store_add_crl_file,1); rb_define_method(cX509Store, "add_cert", ossl_x509store_add_cert, 1); rb_define_method(cX509Store, "add_crl", ossl_x509store_add_crl, 1); rb_define_method(cX509Store, "verify", ossl_x509store_verify, 1); @@ -502,6 +493,7 @@ Init_ossl_x509store() rb_define_method(x509stctx,"error_string",ossl_x509stctx_get_err_string,0); rb_define_method(x509stctx,"error_depth", ossl_x509stctx_get_err_depth, 0); rb_define_method(x509stctx,"current_cert",ossl_x509stctx_get_curr_cert, 0); + rb_define_method(x509stctx,"current_crl", ossl_x509stctx_get_curr_crl, 0); rb_define_method(x509stctx,"cleanup", ossl_x509stctx_cleanup, 0); } |