* ossl_ocsp.c: OCSP::Respopnse#basic returns nil if no OCSP_BASICRESP given.

* ossl_x509name.c: X509::Name#eql?: should check type of other. * ossl_x509crl.[ch]: add ossl_x509crl_new(); * ossl_x509store.c: - add X509::StoreContext#current_crl - del X509::StoreContext#add_crl_file (use #add_file instead.) * lib/net/https.rb: fix attrs. * examples/ossl_x509store.rb: revised.
author: GOTOU Yuuzou <gotoyuzo@notwork.org> 2003-07-03 03:43:03 +0000
committer: GOTOU Yuuzou <gotoyuzo@notwork.org> 2003-07-03 03:43:03 +0000
commit: b5c76b82b15d785afdbee77660dafd83f25404f1 (patch)
tree: a692bfeba5ab5466433fffcfa315e9e4b993ed49
parent: 9828c2d011d05f5fb6745710e27aecf1de81cd23 (diff)
download: ruby-openssl-history-b5c76b82b15d785afdbee77660dafd83f25404f1.tar.gz
8 files changed, 72 insertions, 46 deletions
diff --git a/ChangeLog b/ChangeLog
index f54e316..72f8330 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+Thu, 03 Jul 2003 12:04:33 +0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org>
+	* ossl_ocsp.c: OCSP::Respopnse#basic returns nil if no OCSP_BASICRESP given.
+	* ossl_x509name.c: X509::Name#eql?: should check type of other.
+	* ossl_x509crl.[ch]: add ossl_x509crl_new();
+	* ossl_x509store.c:
+	  - add X509::StoreContext#current_crl
+	  - del X509::StoreContext#add_crl_file (use #add_file instead.)
+	* lib/net/https.rb: fix attrs.
+	* examples/ossl_x509store.rb: revised.
+
 Thu, 03 Jul 2003 02:52:47 +0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org>
 	* ossl_ssl.c: added ossl_sslctx_free() as a workaround.
 
diff --git a/examples/ossl_x509store.rb b/examples/ossl_x509store.rb
index cad5121..a569298 100755
--- a/examples/ossl_x509store.rb
+++ b/examples/ossl_x509store.rb
@@ -5,18 +5,22 @@ include OpenSSL
 
 verify_cb = lambda{|ok, ctx|
   curr_cert = ctx.current_cert
+  curr_crl = ctx.current_crl
   puts
   puts "  ====begin Verify===="
   puts "  checking #{curr_cert.subject.to_s}, #{curr_cert.serial}"
   puts "  ok = #{ok}: depth = #{ctx.error_depth}"
-  puts "  error = #{ctx.error}: \"#{ctx.error_string}\""
-  puts "  chain = #{ctx.chain.collect{|cert| cert.subject }.inspect}"
+  unless ok
+    puts "  error = #{ctx.error}: \"#{ctx.error_string}\""
+    puts "  chain = #{ctx.chain.collect{|cert| cert.subject }.inspect}"
+    puts "  crl = #{curr_crl.issuer}" if curr_crl
+  end
   puts "  ==== end Verify===="
   #raise "SOME ERROR!" # Cert will be rejected
   #false # Cert will be rejected
   #true  # Cert is OK
   ok    # just throw 'ok' through
-  true
+  ok
 }
 
 def verify_with_store(store, certs, callback)
@@ -24,14 +28,14 @@ def verify_with_store(store, certs, callback)
     print "serial = #{cert.serial}: "
 
     # verify
-    #print store.verify(cert) ? "Yes " : "No "
+    #print store.verify(cert) ? "OK " : "NG "
     #if store.error != X509::V_OK
     #  puts store.error_string.inspect
     #end
 
     # verify with block
     result = store.verify(cert, &callback)
-    print result ? "Yes " : "No "
+    print result ? "OK " : "NG "
     if store.error != X509::V_OK
       puts store.error_string.inspect
     end
@@ -39,7 +43,7 @@ def verify_with_store(store, certs, callback)
     # verify by StoreContext
     #ctx = X509::StoreContext.new(store)
     #ctx.cert = cert
-    #print ctx.verify ? "Yes " : "No "
+    #print ctx.verify ? "OK " : "NG "
     #if ctx.error != X509::V_OK
     #  puts ctx.error_string.inspect
     #end
@@ -62,24 +66,28 @@ certs.each{|cert|
   puts cert.verify(ca.public_key) ? "Yes" : "No"
 }
 
-crl = X509::CRL.new(File.read("./#{ca.serial}crl.pem"))
-puts "CA = \"#{ca.issuer}\", CRL = \"#{crl.issuer}\""
-print "Is CRL signed by CA?... "
-puts crl.verify(ca.public_key) ? "Yes" : "No"
-puts "In CRL there are serials:"
-crl.revoked.each {|revoked|
-  puts "> #{revoked.serial} - revoked at #{revoked.time}"
-}
-
 puts "========== Create Cert Store and Verify Certs =========="
 store = X509::Store.new
 store.purpose = X509::PURPOSE_SSL_CLIENT
 store.verify_callback = verify_cb if $VERBOSE
 store.add_cert(ca)
+#store.add_path("./cert")
+#store.add_file("./0cert.pem")
 verify_with_store(store, certs, verify_cb)
 
+puts "========== Load CRL =========="
+crl = X509::CRL.new(File.read("./0crl.pem"))
+print "Is CRL signed by CA?... "
+puts crl.verify(ca.public_key) ? "Yes" : "No"
+puts "In CRL there are serials:"
+crl.revoked.each {|revoked|
+  puts "> #{revoked.serial} - revoked at #{revoked.time}"
+}
+
 puts "========== Add CRL to the Store and Verify Certs =========="
 # CRL does NOT have affect on validity in current OpenSSL <= 0.9.6c !!!
 store.add_crl(crl)
+#store.add_path("./crl")
+#store.add_file("./0crl.pem")
 store.flags = X509::V_FLAG_CRL_CHECK|X509::V_FLAG_CRL_CHECK_ALL
 verify_with_store(store, certs, verify_cb)
diff --git a/lib/net/https.rb b/lib/net/https.rb
index 01a8bbc..0f5cb13 100644
--- a/lib/net/https.rb
+++ b/lib/net/https.rb
@@ -103,16 +103,6 @@ require 'net/http'
 
 module Net
   class HTTP
-    def self.socket_type
-      SSLIO
-    end
-
-    attr_accessor :use_ssl
-    attr_writer :key, :cert, :key_file, :cert_file
-    attr_writer :ca_file, :ca_path, :timeout
-    attr_writer :verify_mode, :verify_callback, :verify_depth
-    attr_reader :peer_cert
-
     class Conn < HTTPRequest
       REQUEST_HAS_BODY=false
       RESPONSE_HAS_BODY=false
@@ -143,6 +133,17 @@ module Net
       end
     end
 
+    def self.socket_type
+      SSLIO
+    end
+
+    attr_accessor :use_ssl
+    attr_writer :key, :cert
+    attr_writer :ca_file, :ca_path
+    attr_writer :verify_mode, :verify_callback, :verify_depth
+    attr_writer :cert_store, :timeout
+    attr_reader :peer_cert
+
     alias :default_initialize :initialize
 
     def initialize(*args)
diff --git a/ossl_ocsp.c b/ossl_ocsp.c
index 548a353..941acbe 100644
--- a/ossl_ocsp.c
+++ b/ossl_ocsp.c
@@ -355,7 +355,7 @@ ossl_ocspres_get_basic(VALUE self)
 
     GetOCSPRes(self, res);
     if(!(bs = OCSP_response_get1_basic(res)))
-	ossl_raise(eOCSPError, NULL);
+	return Qnil;
     WrapOCSPBasicRes(cOCSPBasicRes, ret, bs);
 
     return ret;
diff --git a/ossl_x509.h b/ossl_x509.h
index f53dfa6..f3fcd6a 100644
--- a/ossl_x509.h
+++ b/ossl_x509.h
@@ -46,6 +46,7 @@ void Init_ossl_x509cert(void);
 extern VALUE cX509CRL;
 extern VALUE eX509CRLError;
 
+VALUE ossl_x509crl_new(X509_CRL *);
 X509_CRL *GetX509CRLPtr(VALUE);
 X509_CRL *DupX509CRLPtr(VALUE);
 void Init_ossl_x509crl(void);
diff --git a/ossl_x509crl.c b/ossl_x509crl.c
index 96a61ec..1678786 100644
--- a/ossl_x509crl.c
+++ b/ossl_x509crl.c
@@ -57,6 +57,19 @@ DupX509CRLPtr(VALUE obj)
     return crl;
 }
 
+VALUE
+ossl_x509crl_new(X509_CRL *crl)
+{
+    X509_CRL *tmp;
+    VALUE obj;
+
+    tmp = crl ? X509_CRL_dup(crl) : X509_CRL_new();
+    if(!tmp) ossl_raise(eX509CertError, "");
+    WrapX509CRL(cX509CRL, obj, tmp);
+        
+    return obj;
+}
+
 /*
  * PRIVATE
  */
diff --git a/ossl_x509name.c b/ossl_x509name.c
index c329039..deb68b5 100644
--- a/ossl_x509name.c
+++ b/ossl_x509name.c
@@ -212,6 +212,7 @@ ossl_x509name_eql(VALUE self, VALUE other)
 {
     int result;
 
+    if(TYPE(other) != cX509Name) return Qfalse;
     result = ossl_x509name_cmp0(self, other);
 
     return (result == 0) ? Qtrue : Qfalse;
diff --git a/ossl_x509store.c b/ossl_x509store.c
index 6a6a1af..50b861d 100644
--- a/ossl_x509store.c
+++ b/ossl_x509store.c
@@ -212,25 +212,6 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
 }
 
 static VALUE
-ossl_x509store_add_crl_file(VALUE self, VALUE file)
-{
-    X509_STORE *store;
-    X509_LOOKUP *lookup;
-
-    Check_SafeStr(file);
-    GetX509Store(self, store);
-    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
-    if(lookup == NULL){
-        ossl_raise(eX509StoreError, "");
-    }
-    if(X509_load_crl_file(lookup, RSTRING(file)->ptr,X509_FILETYPE_PEM) != 1){
-        ossl_raise(eX509StoreError, "");
-    }
-
-    return self;
-}
-
-static VALUE
 ossl_x509store_add_cert(VALUE self, VALUE arg)
 {
     X509_STORE *store;
@@ -449,6 +430,17 @@ ossl_x509stctx_get_curr_cert(VALUE self)
 }
 
 static VALUE
+ossl_x509stctx_get_curr_crl(VALUE self)
+{
+    X509_STORE_CTX *ctx;
+
+    GetX509StCtx(self, ctx);
+    if(!ctx->current_crl) return Qnil;
+
+    return ossl_x509crl_new(ctx->current_crl);
+}
+
+static VALUE
 ossl_x509stctx_cleanup(VALUE self)
 {
     X509_STORE_CTX *ctx;
@@ -485,7 +477,6 @@ Init_ossl_x509store()
     rb_define_method(cX509Store, "trust=",       ossl_x509store_set_trust, 1);
     rb_define_method(cX509Store, "add_path",     ossl_x509store_add_path, 1);
     rb_define_method(cX509Store, "add_file",     ossl_x509store_add_file, 1);
-    rb_define_method(cX509Store, "add_crl_file", ossl_x509store_add_crl_file,1);
     rb_define_method(cX509Store, "add_cert",     ossl_x509store_add_cert, 1);
     rb_define_method(cX509Store, "add_crl",      ossl_x509store_add_crl, 1);
     rb_define_method(cX509Store, "verify",       ossl_x509store_verify, 1);
@@ -502,6 +493,7 @@ Init_ossl_x509store()
     rb_define_method(x509stctx,"error_string",ossl_x509stctx_get_err_string,0);
     rb_define_method(x509stctx,"error_depth", ossl_x509stctx_get_err_depth, 0);
     rb_define_method(x509stctx,"current_cert",ossl_x509stctx_get_curr_cert, 0);
+    rb_define_method(x509stctx,"current_crl", ossl_x509stctx_get_curr_crl, 0);
     rb_define_method(x509stctx,"cleanup",     ossl_x509stctx_cleanup, 0);
 
 }
author	GOTOU Yuuzou <gotoyuzo@notwork.org>	2003-07-03 03:43:03 +0000
committer	GOTOU Yuuzou <gotoyuzo@notwork.org>	2003-07-03 03:43:03 +0000
commit	b5c76b82b15d785afdbee77660dafd83f25404f1 (patch)
tree	a692bfeba5ab5466433fffcfa315e9e4b993ed49
parent	9828c2d011d05f5fb6745710e27aecf1de81cd23 (diff)
download	ruby-openssl-history-b5c76b82b15d785afdbee77660dafd83f25404f1.tar.gz