ts: Timestamp support (3/3)

This commit applies the third patches (tsr3.tar.gz) from https://bugs.ruby-lang.org/issues/4183
author: Martin Bosslet <Martin.Bosslet@gmail.com> 2018-06-21 09:51:01 -0600
committer: Ben Toews <mastahyeti@gmail.com> 2018-06-21 09:51:01 -0600
commit: 11e6641fca955de185f560594ca6b03bda02251e (patch)
tree: 1ac5580986b213de7229e265ade2b04d7e965b1e
parent: 6cedad891e451d9ec80c09a8511dd6f20d21b34f (diff)
download: ruby-openssl-11e6641fca955de185f560594ca6b03bda02251e.tar.gz
2 files changed, 27 insertions, 5 deletions
diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c
index e7f380e0..fbb4ee1d 100755
--- a/ext/openssl/ossl_ts.c
+++ b/ext/openssl/ossl_ts.c
@@ -941,7 +941,7 @@ static void int_ossl_init_roots(VALUE roots, X509_STORE * store)
     STACK_OF(X509_INFO) *inf;
     X509_INFO *itmp;
     BIO *in;
-    int i, count = 0;
+    int i;
 
     if (roots == Qnil) {
         ossl_raise(rb_eTypeError, "roots must not be nil.");
@@ -968,7 +968,6 @@ static void int_ossl_init_roots(VALUE roots, X509_STORE * store)
             itmp = sk_X509_INFO_value(inf, i);
             if (itmp->x509) {
                 X509_STORE_add_cert(store, itmp->x509);
-                count++;
             }
             /* ignore CRLs deliberately */
         }
@@ -1053,8 +1052,9 @@ ossl_ts_verify(int argc, VALUE *argv, VALUE self)
     }
 
     if (!(ctx->store = X509_STORE_new())) {
+	TS_VERIFY_CTX_free(ctx);
         ossl_raise(eTimestampError, NULL);
-        goto end;
+        return Qnil;
     }
 
     int_ossl_init_roots(roots, ctx->store);
diff --git a/test/test_ts.rb b/test/test_ts.rb
index 43e6db27..b369308e 100755
--- a/test/test_ts.rb
+++ b/test/test_ts.rb
@@ -382,7 +382,7 @@ GaL27FRs4fRWf9OmxPhUVgIyGzLGXrueemvQUDHObA==
         ts.verify(req, File.open('root_ca', 'rb'), INTERMEDIATE_CERT)
       ensure
         if File.exists?('root_ca')
-            FileUtils.rm('root_ca')
+            File.delete('root_ca')
         end
       end
     end
@@ -527,10 +527,32 @@ GaL27FRs4fRWf9OmxPhUVgIyGzLGXrueemvQUDHObA==
       fac.default_policy_id = '1.2.3.4.5'
       fac.additional_certs = [ TS_CERT_EE, INTERMEDIATE_CERT ]
       ts = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
-      assert_nil(ts.pkcs7.certificates)
+      assert_nil(ts.pkcs7.certificates) #since cert_requested? == false
       ts.verify(req, CA_CERT, TS_CERT_EE, INTERMEDIATE_CERT)
     end
 
+    def test_reusable
+      #test if req and faq are reusable, i.e. the internal
+      #CTX_free methods don't mess up e.g. the certificates
+      req = OpenSSL::Timestamp::Request.new
+      req.algorithm = "SHA1"
+      digest = OpenSSL::Digest::SHA1.new.digest("test")
+      req.message_imprint = digest
+      req.policy_id = "1.2.3.4.5"
+      req.nonce = 42
+
+      fac = OpenSSL::Timestamp::Factory.new
+      fac.gen_time = Time.now
+      fac.serial_number = 1
+      fac.additional_certs = [ INTERMEDIATE_CERT ]
+      ts1 = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+      ts1.verify(req, CA_CERT)
+      ts2 = fac.create_timestamp(EE_KEY, TS_CERT_EE, req)
+      ts2.verify(req, CA_CERT)
+      refute_nil(ts1.tsa_certificate)
+      refute_nil(ts2.tsa_certificate)
+    end
+
     private
 
     def assert_cert expected, actual
author	Martin Bosslet <Martin.Bosslet@gmail.com>	2018-06-21 09:51:01 -0600
committer	Ben Toews <mastahyeti@gmail.com>	2018-06-21 09:51:01 -0600
commit	11e6641fca955de185f560594ca6b03bda02251e (patch)
tree	1ac5580986b213de7229e265ade2b04d7e965b1e
parent	6cedad891e451d9ec80c09a8511dd6f20d21b34f (diff)
download	ruby-openssl-11e6641fca955de185f560594ca6b03bda02251e.tar.gz