ossl_ssl.c

5 files changed, 63 insertions, 57 deletions

diff --git a/examples/0cert.pem b/examples/0cert.pem
index 352ac93..305659d 100644
--- a/examples/0cert.pem
+++ b/examples/0cert.pem
@@ -1,22 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIIDjzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQUFADAtMQ8wDQYDVQQDEwZSdWJ5
-Q0ExCzAJBgNVBAYTAkNaMQ0wCwYDVQQKEwRSdWJ5MB4XDTAyMDYxMTAwMjIyMVoX
-DTA0MDYxMDAwMjIyMVowLTEPMA0GA1UEAxMGUnVieUNBMQswCQYDVQQGEwJDWjEN
-MAsGA1UEChMEUnVieTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKci
-NrSlcXfcNCFqeQK6qwFFCXLif35Zq52tJu0zTG5Jh3aSfLjDxgCsK+/b4AEjVdGy
-a/c/Xn+P8zeiXaw7xUBRffk0SCkM15J0+lJtB+LwImLD7mFvwfwMd0lEgm+Aa8ua
-BfChQ82bp1oJimqVx2n1zPuf2l6TZ4gvtgFnARViBMUUNCvMW/2CWjzEAMHmfC9A
-c4DbySNbWiRswS6QmaIurC0oWsVinXkBycPURuyN3nBZ5QdWxC5gMnpFf+tv5wPF
-rM0i7n7Rw9z0cmveY+bjB2V+2+InkLt9Xv8TUNwVnJHLV/3ADAy9uo6okl8z+lkF
-zbaDai9ZB+phbUIcwj0CAwEAAaOBuTCBtjAPBgNVHRMECDAGAQH/AgEAMC0GCWCG
+MIIDjzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJDWjEN
+MAsGA1UEChMEUnVieTEPMA0GA1UEAxMGUnVieUNBMB4XDTAzMDYwODE0NTIwMVoX
+DTA1MDYwNzE0NTIwMVowLTELMAkGA1UEBhMCQ1oxDTALBgNVBAoTBFJ1YnkxDzAN
+BgNVBAMTBlJ1YnlDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEL
+Pm6OyboMUzz+r6CzgmFFsnEWnkp7pQvewNdxnVR4iRqdIBT5QfoY1IpYvmJ7hIZp
+321cggPj1fBqTiysmkZSgPUkVWvnRdN9DKagP9Lkoe+E2deuhOVurmueDT4s5+y5
+ZLJcJojX2nICxEJB5r0DhgT5t7oHl0nMKStr5AFbZYqEkuU7XAhIC+W20bj5kthH
+xdPJ1SdZL4kvNpBIAnrvlo9ojrAn34GqUJMWwsqjI66pVULz3fT35vNWejqgFsmy
+70aD/Uz3G2eNL8kyG17MMhrViyQy/ZJibTYXwVoxZnDCIEaC5gjgz2D78SB9rksx
+rq5TN/XKQCZlJ8H9v3cCAwEAAaOBuTCBtjAPBgNVHRMECDAGAQH/AgEAMC0GCWCG
 SAGG+EIBDQQgFh5HZW5lcmF0ZWQgYnkgT3BlblNTTCBmb3IgUnVieS4wHQYDVR0O
-BBYEFLHxJLK7zX2SsKmeVuu5HjqO4ZRVMFUGA1UdIwROMEyAFLHxJLK7zX2SsKme
-Vuu5HjqO4ZRVoTGkLzAtMQ8wDQYDVQQDEwZSdWJ5Q0ExCzAJBgNVBAYTAkNaMQ0w
-CwYDVQQKEwRSdWJ5ggEAMA0GCSqGSIb3DQEBBQUAA4IBAQB3Q6imSTND0vr3cZne
-ehgdzT8T0O7TrwA3MKN+HhLL+utgQw7x58OdJamnNPi/8m0vOkHEr13Cb+Rco3yl
-TEJgEJehXic1/SxxNq/2H2VC7/5EWv1McukrCNIU6pq/T/mbF79wwc0WiPf2zB7S
-Okwnv2Dfg0vaOdWEGwS1qKyWK8Pz49pzLGtmOlrYxN2pDeWeCbOejCjLHrm884pR
-xAvNvv2m3Mil9dMVTtnw41nZj/olTh23cgACZqNYgCZ2YHO8WY3ysYORsBb4viRK
-gZtma+CWP8FEHWA0QaSzljMM/6ME7sYiHALUP1+36UIhaEUfkJmsUqtmyNeHGnZf
-BW7A
+BBYEFIs6lVzOhhiM8EGU1mp7BqpWRZD/MFUGA1UdIwROMEyAFIs6lVzOhhiM8EGU
+1mp7BqpWRZD/oTGkLzAtMQswCQYDVQQGEwJDWjENMAsGA1UEChMEUnVieTEPMA0G
+A1UEAxMGUnVieUNBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQANXkq38cgQnirqeTmZ
+eNqWELevBL/62aMCNmoVtGTX1Uk76opGF2QyTxjk8h3pzpzYLPdIOTK/wwxCB9iW
+v+9LAey/mjvJNZMv+GcS5qFuRHx1eprtLYxePpeosx0zqbsiK774uiySKxCjRCqr
+TncxcnaM22lQ8N7ubgdoV1CT2dO4lMU7UZf0BSX04Av+wa8NQT+ckXX6mxSHRBxJ
+7zIxqw3FNay5QArH2UzfI6pSSmxgPMtdLqVB6iSO2g6AU130spUmUP0VDBRhUZJt
+Cj+KqdK6iUHICzRj+/3H8MlqiLmHTyJyvihoUXqmEC/6mS1lsKACDccq2VApPA4x
+LfcZ
 -----END CERTIFICATE-----
diff --git a/examples/0key.pem b/examples/0key.pem
index a6ef891..f41c001 100644
--- a/examples/0key.pem
+++ b/examples/0key.pem
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,87454D4F89D679DC
+DEK-Info: DES-EDE3-CBC,3C95B3325D7EAE8A
 
-HWZxOMvENKCdQx1P6UiEfHRwynLUEyJSo1aCRv5Viqya1EFsAEqnzkLEYogR1yei
-GFjRb4m9xUlzPYbwhdf/XauUgCSQBxAN8dIOVQUwwqzeNBtSY/iMZDM/OYowzlvT
-cniCHFK4Mj013d5PpdMQtdUViIIxrenAqbwnTmsc0eItySENnsqBRqunHFCB5V04
-eqrkc+X458thV3faMbIfOcbprDiqvzonUV0Na7T/y0iPFwj/UDUa+iZat/oQnno5
-umoJOqHoeAXh1RdnEh6A9gqmmYZs7W/KiLoOGhx0Pq9NmkHgqAeHzduIqUnqe1Rj
-0xlKj2QzGoZRAE34vwlBWK4HeXl12I6B+VBOohqJTHnearspncPnkdZnntRtIMoL
-5pIEqQoKUAmNSF/GaoAj6gyH37OSgIzU5VaGQ/J2Rx7Y/A9bjW7FHQnJRWdkOcRz
-2LO+CpAzmfZ7ecPe2woUcjQ9iltweVRl53PM+M6wFbeVcahtOD3gDiIWuYS8Kc1J
-zYxI3y2FjfsM9tcO6Ru0Hgp285sXudZcRdtB2CWDN/7khZyFlD8z6pgacyJ5ZtnI
-qSQc28luPvna2fGgGJkOvfSbOCzisik85Az9qcdUtEV56i+i6I1euKoBJ+WNulos
-yzGl82+6CDGG8IRmVAv8R/Ao2e2stPEYf8XBGb1qW6xnR87P07RAyvsfkiiaYhEK
-oSajMTW88F8dvLxsxIncbS+eiodV7XBgyYeEK32q3uyMVgFWWTxMjZ7FPh8Hjl9v
-9Rcb4Pd2mD7+89uk+VB+erKgyw/NfD/88Es5VBz9/ZRhEAYpIHjBmNb7pak1ZrDn
-GNrwHX1sudH+h+CnI3jnSd5oLuIgol9aZ8OPwo68p0c2Q4MYMWMF1OnWTt82SM8N
-FHPsod1jgeMuGOoH2/pmLFaxtPT6qGkXvDzeUOsHGaB8MQxEasI5lq2gL05GoyBC
-+wjneaK2rbcqKRBGco4it+VoigOlRT7XwNVxFdPKAjM9uJ0AoTBpd8ol1+/DHOIA
-sOQWDQqjXwgGiwzgL5PyFy7+CM30g+cNPaeKsiF9UCa44f4ZPgLvfZIdDnhks399
-s7nbyhfZKoQMnFuhOT7U5VK/fV6EBymXzNwQje3uHYa2JI+Vk8E6V5JpiRdbOByf
-ilnSsMn9EHWFgeqPmQMHZPACd7RcpfxQAEY8ShwKvMABhd1NKNNToZieB2i4nQfT
-xJw0j2qZCQhpA+biXxmd18XIc/bGlwOMQf4DCemKs31UyUQF9PS87me3Kih8KGKd
-HKygp3fea11LbhBzQROf1QNCzOegPKcMUAjA+YAZKt4ziPs1KwBKKEhJmTrlHx8T
-rfaAFneuoW1gP2sxIMF8BMH6TF6Vr034tMKtYLTHhjRTHkqCKsn4clghQ8NOTQBM
-7ZE8O3J67J99pwhRfs6dKmjsupl99E6Rmf4hNsCXx/evqQPkWvJQ3fs23TxvErOw
-haNUPiw0k80vEOQUPTUT1Oxekb3gi3LGYeZ/wCG9ishjjWw4JrtwpG9PgNMhkeT9
-ZwR5RccP8MmZvIDzOA/lxYb5E/qxS/ooE5dtJe3D8/VvFxka87tRmg==
+8gEoeYSDS8jxT7JF4KGDb5V8NrlMXdjdA+oWRL3aSOuRu7bBC41gcCDnc2LPR1Ju
+VkIpkuQ4ju0/qPXAbjQsgP1BrpwWb6e7knF3rLlWCBBo7dVVKiLi4fFC8Ni4jx3C
+L17xBdgQ45y30QoEaGc3LRzwtOU7UebmM94mUndsDDzPyT4fPm8OhMDb9H6skMEk
+GeHWo/31xOWWpOc+HRAjxX/5rmp71Eg6LBmduQekSe2roe1NlRGoHMfa33NpfW+7
+4StZclwG313Q62G2W1kQy79V/SExEL7ITQ1nTO0GITMGvpZ2ecX8jGxalVnBaEKw
+kS5NBODQyO5Bra7TGS/P+ua2SshRbQ2XZwfC7NrrTHUIXCt60zhsaNtqv1hw+v+A
+RnLqvH1LyWX7ZfvnUIUllifMewzWnHJTppNhQSSn9j/VeuopTVIfKuVbj5QbTbPx
+k/JiI4crolfS8uUxRNtYkur+ZlKZsKxE2rvMiAGqf6+seE+RRnl67o502GALSzAd
+JO6txFIgqME/0Ru7QhdD7xzRh/7Dk8oFoIkTXwcrlN7/WW3gc3jiKubmUhtkc0Ih
+mQZYr6v5eLp+2/6hqLiun6HBL5nykM1PIbrSZq3cAHuCtrxpfPPAgkGy6W2/hzU3
+WHhUCcfproUo0DqyMEYhLowSpgBcr3Cn6x2WuPuKSELSqrz3MqQyrsB4qQOQ0g7j
+jdtYE+iMRVmoK1rDoCNlt2HBRA5uNHim+cmvQ0FJYbWy4zDD4oAx+YQNciAIOb5A
+UnsWI+A5Lh4rkjmLLW97G0crzSDKCbBr28PKJdgsJ+ODF7XJ03ATEhA3OlZ+DLzt
+7tticj3THHmsGsDJ5JYaw0gm6Fl4yuThe1kzJLOfUwHxWD9yY/UXE9yCuDpap8yg
+SUvdr8rr8jERajUfnwUT+rV+sB9U33yTVMDfuKRt3R0awc4IR1aGnh8Wib4aLBIk
+IXa9Z4+Q/IlZXjLtUKYy4BSCSuMBKf3iPitWdCLB6/SPKD5sh9HogeQa/e36x+Az
+98PpO2AAMDv9eYmyMfY4eheHDbSPCP3Whf9H6pXT6ZjxRrsbP6ep3LOr9cxIl1Hp
+I84sP5sul+MtcXY4YevVcEuEawJtoXVhf3/w+XGRA7trGvjVXYZTt4omYq4BVbSj
+p+apdcOXuxSosd4Q5F+2qSjXDbgNYNL9pTiSRFJqjkSXDoJWt1/czInMsTetzTx/
+Bwvjs3ssYlfnOYAAPaFwENBq17i8taNTUUHLJqTvLit+HAX7KgU/0h17u/7vdoI0
+xSFZ7QWNu2p1COY/ubskxceK/cMHTRIef9I8httU6pMMDVJYimaHI+EERp6EPf6p
+L0uGgIywgZZvr2mRW7XTQfJ38jXDYXnXOXMjENUy0RLUDi1c7bATc4xjenL4W1DU
+LXAH63rVyNJrsE50txvsv8qZL5Xc+XYk+YSKXtnwyDLd08JPbbVqMBUnZferjhIc
+qcuH1ptmmVp155CUKlYgK2BnVIEmuI0S6DBI2DgFoLijDD8s4j8JXbQPW9eMVfPv
+PwxDLinjTA85FdFbKmYcrIlkYNSNLCHDzNyhb7RyEbzXrkwtGnpAsw==
 -----END RSA PRIVATE KEY-----
diff --git a/examples/gen_cert.rb b/examples/gen_cert.rb
index 1ec9e34..d6f53a0 100755
--- a/examples/gen_cert.rb
+++ b/examples/gen_cert.rb
@@ -5,18 +5,25 @@ include OpenSSL
 include X509
 include PKey
 
-p ca = Certificate.new(File.open("./0cert.pem").read)
-p ca_key = RSA.new(File.open("./0key.pem").read)
+usage = "#{$0} cn ca_cert_file ca_key_file serial"
+
+cn = ARGV.shift or raise usage
+ca_cert_file = ARGV.shift or raise usage
+ca_key_file = ARGV.shift or raise usage
+serial = ARGV.shift or raise usage
+
+p ca = Certificate.new(File.open(ca_cert_file).read)
+p ca_key = RSA.new(File.open(ca_key_file).read)
 
 p key = RSA.new(1024)
 p new = Certificate.new
-name = [['C', 'CZ'],['O','Ruby'],['CN','RA Officer']]
+name = [['C', 'CZ'],['O','Ruby'],['CN',cn]]
 p new.subject = Name.new(name)
 p new.issuer = ca.subject
 p new.not_before = Time.now
 p new.not_after = Time.now + (365*24*60*60)
 p new.public_key = key
-p new.serial = 1
+p new.serial = serial.to_i
 p new.version = 2
 ef = ExtensionFactory.new
 ef.subject_certificate = new
diff --git a/ossl_pkcs7.c b/ossl_pkcs7.c
index 27d5d0a..1e644a7 100644
--- a/ossl_pkcs7.c
+++ b/ossl_pkcs7.c
@@ -213,19 +213,18 @@ ossl_pkcs7_set_cipher(VALUE self, VALUE cipher)
 }
 
 static VALUE
-ossl_pkcs7_add_signer(VALUE self, VALUE signer, VALUE key)
+ossl_pkcs7_add_signer(VALUE self, VALUE signer)
 {
     PKCS7 *pkcs7;
     PKCS7_SIGNER_INFO *p7si;
-    EVP_PKEY *pkey;
 	
     GetPKCS7(self, pkcs7);
     OSSL_Check_Kind(signer, cPKCS7SignerInfo);
-    pkey = DupPrivPKeyPtr(key);
-    /* DUP needed to make PKCS7_add_signer GCsafe */
+
     p7si = ossl_pkcs7si_get_PKCS7_SIGNER_INFO(signer);
-    p7si->pkey = pkey;
-    
+
+    /* NO DUP needed: PKCS7_SIGNER_INFO_set increments the
+       reference-count of the underlying pkey. */
     if (!PKCS7_add_signer(pkcs7, p7si)) {
 	PKCS7_SIGNER_INFO_free(p7si);
 	ossl_raise(ePKCS7Error, "Could not add signer.");
@@ -563,7 +562,7 @@ Init_ossl_pkcs7()
     rb_define_method(cPKCS7, "initialize", ossl_pkcs7_initialize, 1);
     rb_define_copy_func(cPKCS7, ossl_pkcs7_copy);
 	
-    rb_define_method(cPKCS7, "add_signer", ossl_pkcs7_add_signer, 2);
+    rb_define_method(cPKCS7, "add_signer", ossl_pkcs7_add_signer, 1);
     rb_define_method(cPKCS7, "signers", ossl_pkcs7_get_signer, 0);
     rb_define_method(cPKCS7, "cipher=", ossl_pkcs7_set_cipher, 1);
     rb_define_method(cPKCS7, "add_recipient", ossl_pkcs7_add_recipient, 1);
diff --git a/ossl_ssl.c b/ossl_ssl.c
index ff7f16b..a3e12dc 100644
--- a/ossl_ssl.c
+++ b/ossl_ssl.c
@@ -216,7 +216,7 @@ ossl_sslctx_setup(VALUE self)
 
     val = ossl_sslctx_get_passwd_cb(self);
     if(!NIL_P(val)){
-        SSL_CTX_set_default_passwd_cb_userbata(ctx, val);
+        SSL_CTX_set_default_passwd_cb_userdata(ctx, val);
         SSL_CTX_set_default_passwd_cb(ctx, ossl_ssl_passwd_cb);
     }