diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-07-28 22:15:26 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-07-28 22:15:26 +0900 |
commit | bf120798efa43c9db6c68e75037fc0a0c4735703 (patch) | |
tree | d14e13da8bfae8bf7ae0249565c28175ad775abc /ext/openssl/ossl.c | |
parent | 1c244fa916f274b715594492a85fcfa57c987c2e (diff) | |
parent | 028e495734e9e6aa5dba1a2e130b08f66cf31a21 (diff) | |
download | ruby-openssl-bf120798efa43c9db6c68e75037fc0a0c4735703.tar.gz |
Merge branch 'topic/ssl-verify-hostname'
* topic/ssl-verify-hostname:
ssl: add verify_hostname option to SSLContext
test/test_ssl: avoid SSLContext#set_params where not required
Refactor common verify callback code
Diffstat (limited to 'ext/openssl/ossl.c')
-rw-r--r-- | ext/openssl/ossl.c | 70 |
1 files changed, 35 insertions, 35 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 94cc1405..9ecffe55 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -242,54 +242,54 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_) int ossl_store_ctx_ex_verify_cb_idx; int ossl_store_ex_verify_cb_idx; -VALUE +struct ossl_verify_cb_args { + VALUE proc; + VALUE preverify_ok; + VALUE store_ctx; +}; + +static VALUE ossl_call_verify_cb_proc(struct ossl_verify_cb_args *args) { return rb_funcall(args->proc, rb_intern("call"), 2, - args->preverify_ok, args->store_ctx); + args->preverify_ok, args->store_ctx); } int -ossl_verify_cb(int ok, X509_STORE_CTX *ctx) +ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx) { - VALUE proc, rctx, ret; + VALUE rctx, ret; struct ossl_verify_cb_args args; - int state = 0; + int state; - proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx); - if (!proc) - proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx); - if (!proc) + if (NIL_P(proc)) return ok; - if (!NIL_P(proc)) { - ret = Qfalse; - rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, - (VALUE)ctx, &state); + + ret = Qfalse; + rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state); + if (state) { + rb_set_errinfo(Qnil); + rb_warn("StoreContext initialization failure"); + } + else { + args.proc = proc; + args.preverify_ok = ok ? Qtrue : Qfalse; + args.store_ctx = rctx; + ret = rb_protect((VALUE(*)(VALUE))ossl_call_verify_cb_proc, (VALUE)&args, &state); if (state) { rb_set_errinfo(Qnil); - rb_warn("StoreContext initialization failure"); - } - else { - args.proc = proc; - args.preverify_ok = ok ? Qtrue : Qfalse; - args.store_ctx = rctx; - ret = rb_protect((VALUE(*)(VALUE))ossl_call_verify_cb_proc, (VALUE)&args, &state); - if (state) { - rb_set_errinfo(Qnil); - rb_warn("exception in verify_callback is ignored"); - } - ossl_x509stctx_clear_ptr(rctx); - } - if (ret == Qtrue) { - X509_STORE_CTX_set_error(ctx, X509_V_OK); - ok = 1; - } - else{ - if (X509_STORE_CTX_get_error(ctx) == X509_V_OK) { - X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); - } - ok = 0; + rb_warn("exception in verify_callback is ignored"); } + ossl_x509stctx_clear_ptr(rctx); + } + if (ret == Qtrue) { + X509_STORE_CTX_set_error(ctx, X509_V_OK); + ok = 1; + } + else { + if (X509_STORE_CTX_get_error(ctx) == X509_V_OK) + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); + ok = 0; } return ok; |