diff options
author | Martin Bosslet <Martin.Bosslet@gmail.com> | 2018-06-21 09:51:01 -0600 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-10-01 11:25:06 +1300 |
commit | f201e3282ec0f93cb6e199dfbed4e80c0f57714b (patch) | |
tree | 41c4fe6fedde422476843a5d62186153dd376dc6 | |
parent | c7e404520b52255772d60706ce77373c928db4a8 (diff) | |
download | ruby-openssl-f201e3282ec0f93cb6e199dfbed4e80c0f57714b.tar.gz |
ts: Timestamp support (3/3)
This commit applies the third patches (tsr3.tar.gz) from https://bugs.ruby-lang.org/issues/4183
-rwxr-xr-x | ext/openssl/ossl_ts.c | 6 | ||||
-rwxr-xr-x | test/test_ts.rb | 26 |
2 files changed, 27 insertions, 5 deletions
diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c index e7f380e0..fbb4ee1d 100755 --- a/ext/openssl/ossl_ts.c +++ b/ext/openssl/ossl_ts.c @@ -941,7 +941,7 @@ static void int_ossl_init_roots(VALUE roots, X509_STORE * store) STACK_OF(X509_INFO) *inf; X509_INFO *itmp; BIO *in; - int i, count = 0; + int i; if (roots == Qnil) { ossl_raise(rb_eTypeError, "roots must not be nil."); @@ -968,7 +968,6 @@ static void int_ossl_init_roots(VALUE roots, X509_STORE * store) itmp = sk_X509_INFO_value(inf, i); if (itmp->x509) { X509_STORE_add_cert(store, itmp->x509); - count++; } /* ignore CRLs deliberately */ } @@ -1053,8 +1052,9 @@ ossl_ts_verify(int argc, VALUE *argv, VALUE self) } if (!(ctx->store = X509_STORE_new())) { + TS_VERIFY_CTX_free(ctx); ossl_raise(eTimestampError, NULL); - goto end; + return Qnil; } int_ossl_init_roots(roots, ctx->store); diff --git a/test/test_ts.rb b/test/test_ts.rb index 43e6db27..b369308e 100755 --- a/test/test_ts.rb +++ b/test/test_ts.rb @@ -382,7 +382,7 @@ GaL27FRs4fRWf9OmxPhUVgIyGzLGXrueemvQUDHObA== ts.verify(req, File.open('root_ca', 'rb'), INTERMEDIATE_CERT) ensure if File.exists?('root_ca') - FileUtils.rm('root_ca') + File.delete('root_ca') end end end @@ -527,10 +527,32 @@ GaL27FRs4fRWf9OmxPhUVgIyGzLGXrueemvQUDHObA== fac.default_policy_id = '1.2.3.4.5' fac.additional_certs = [ TS_CERT_EE, INTERMEDIATE_CERT ] ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) - assert_nil(ts.pkcs7.certificates) + assert_nil(ts.pkcs7.certificates) #since cert_requested? == false ts.verify(req, CA_CERT, TS_CERT_EE, INTERMEDIATE_CERT) end + def test_reusable + #test if req and faq are reusable, i.e. the internal + #CTX_free methods don't mess up e.g. the certificates + req = OpenSSL::Timestamp::Request.new + req.algorithm = "SHA1" + digest = OpenSSL::Digest::SHA1.new.digest("test") + req.message_imprint = digest + req.policy_id = "1.2.3.4.5" + req.nonce = 42 + + fac = OpenSSL::Timestamp::Factory.new + fac.gen_time = Time.now + fac.serial_number = 1 + fac.additional_certs = [ INTERMEDIATE_CERT ] + ts1 = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + ts1.verify(req, CA_CERT) + ts2 = fac.create_timestamp(EE_KEY, TS_CERT_EE, req) + ts2.verify(req, CA_CERT) + refute_nil(ts1.tsa_certificate) + refute_nil(ts2.tsa_certificate) + end + private def assert_cert expected, actual |