diff options
| author | Michal Rokos <m.rokos@sh.cvut.cz> | 2002-07-10 16:00:34 +0000 |
|---|---|---|
| committer | Michal Rokos <m.rokos@sh.cvut.cz> | 2002-07-10 16:00:34 +0000 |
| commit | 75962ac3538927cae38412ddc95e254276adaabc (patch) | |
| tree | c3ce83a252ce1b8b885f9651419656c1544abaf0 /examples | |
| parent | 22a76c4b995c9bc5df10fc6f3493ddf4e8263365 (diff) | |
| download | ruby-openssl-history-75962ac3538927cae38412ddc95e254276adaabc.tar.gz | |
Fix lookup CRLs during #verify when CRL is added
Diffstat (limited to 'examples')
| -rwxr-xr-x | examples/ossl_x509store.rb | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/examples/ossl_x509store.rb b/examples/ossl_x509store.rb index 359433d..bc3a03d 100755 --- a/examples/ossl_x509store.rb +++ b/examples/ossl_x509store.rb @@ -16,15 +16,24 @@ verify_cb = Proc.new {|ok, x509_store| ok # just throw 'ok' through } -p ca = Certificate.new(File.open("./cacert.pem").read) -puts "CA = #{ca.subject.to_s}, serial = #{ca.serial}" +ca = Certificate.new(File.read("./cacert.pem")) +puts "CA = #{ca.subject}, serial = #{ca.serial}" cakey = ca.public_key -p cert = Certificate.new(File.open("./01cert.pem").read) -puts "Cert = #{cert.subject.to_s}, serial = #{cert.serial}" +cert = Certificate.new(File.read("./01cert.pem")) +puts "Cert = #{cert.subject}, serial = #{cert.serial}" key = cert.public_key +print "Is Cert signed by CA?..." +if cert.verify cakey + puts "Yes - OK!" +else + puts "NO - Let's stop." + exit +end + +crl = CRL.new(File.read("./01crl.pem")) +puts "CA = \"#{ca.issuer}\", CRL = \"#{crl.issuer}\"" -p crl = CRL.new(File.open("./01crl.pem").read) print "Is CRL signed by CA?..." if crl.verify cakey puts "Yes - OK!" @@ -42,7 +51,7 @@ p store = Store.new ## # Uncomment to see what is checked... -store.verify_callback = verify_cb +# store.verify_callback = verify_cb store.add_trusted ca @@ -56,16 +65,21 @@ else puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")" end +puts "Trusted certs:" +store.chain.each_with_index {|cert, i| + puts "> #{i} --- #{cert.subject.to_s}" +} + puts "Let's add CRL..." - store.add_crl crl #CRL does NOT have affect on validity in current OpenSSL <= 0.9.6c !!! +store.add_crl crl # CRL does NOT have affect on validity in current OpenSSL <= 0.9.6c !!! puts "====================" -puts "Is CERT still OK?..." +puts "Is CERT OK?..." if store.verify cert puts "Yes - HEY, this is bug! OpenSSL <= 0.9.6c doesn't care about CRL in Store :-((((" puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")" else - puts "No - now it works!" + puts "No - That's right!" puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")" end |