Merge branch 'topic/ssl-verify-hostname'

* topic/ssl-verify-hostname: ssl: add verify_hostname option to SSLContext test/test_ssl: avoid SSLContext#set_params where not required Refactor common verify callback code
author: Kazuki Yamaguchi <k@rhe.jp> 2016-07-28 22:15:26 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2016-07-28 22:15:26 +0900
commit: bf120798efa43c9db6c68e75037fc0a0c4735703 (patch)
tree: d14e13da8bfae8bf7ae0249565c28175ad775abc /ext/openssl/ossl.c
parent: 1c244fa916f274b715594492a85fcfa57c987c2e (diff)
parent: 028e495734e9e6aa5dba1a2e130b08f66cf31a21 (diff)
download: ruby-openssl-bf120798efa43c9db6c68e75037fc0a0c4735703.tar.gz
1 files changed, 35 insertions, 35 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 94cc1405..9ecffe55 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -242,54 +242,54 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
 int ossl_store_ctx_ex_verify_cb_idx;
 int ossl_store_ex_verify_cb_idx;
 
-VALUE
+struct ossl_verify_cb_args {
+    VALUE proc;
+    VALUE preverify_ok;
+    VALUE store_ctx;
+};
+
+static VALUE
 ossl_call_verify_cb_proc(struct ossl_verify_cb_args *args)
 {
     return rb_funcall(args->proc, rb_intern("call"), 2,
-                      args->preverify_ok, args->store_ctx);
+		      args->preverify_ok, args->store_ctx);
 }
 
 int
-ossl_verify_cb(int ok, X509_STORE_CTX *ctx)
+ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
 {
-    VALUE proc, rctx, ret;
+    VALUE rctx, ret;
     struct ossl_verify_cb_args args;
-    int state = 0;
+    int state;
 
-    proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx);
-    if (!proc)
-	proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx);
-    if (!proc)
+    if (NIL_P(proc))
 	return ok;
-    if (!NIL_P(proc)) {
-	ret = Qfalse;
-	rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new,
-			  (VALUE)ctx, &state);
+
+    ret = Qfalse;
+    rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state);
+    if (state) {
+	rb_set_errinfo(Qnil);
+	rb_warn("StoreContext initialization failure");
+    }
+    else {
+	args.proc = proc;
+	args.preverify_ok = ok ? Qtrue : Qfalse;
+	args.store_ctx = rctx;
+	ret = rb_protect((VALUE(*)(VALUE))ossl_call_verify_cb_proc, (VALUE)&args, &state);
 	if (state) {
 	    rb_set_errinfo(Qnil);
-	    rb_warn("StoreContext initialization failure");
-	}
-	else {
-	    args.proc = proc;
-	    args.preverify_ok = ok ? Qtrue : Qfalse;
-	    args.store_ctx = rctx;
-	    ret = rb_protect((VALUE(*)(VALUE))ossl_call_verify_cb_proc, (VALUE)&args, &state);
-	    if (state) {
-		rb_set_errinfo(Qnil);
-		rb_warn("exception in verify_callback is ignored");
-	    }
-	    ossl_x509stctx_clear_ptr(rctx);
-	}
-	if (ret == Qtrue) {
-	    X509_STORE_CTX_set_error(ctx, X509_V_OK);
-	    ok = 1;
-	}
-	else{
-	    if (X509_STORE_CTX_get_error(ctx) == X509_V_OK) {
-		X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
-	    }
-	    ok = 0;
+	    rb_warn("exception in verify_callback is ignored");
 	}
+	ossl_x509stctx_clear_ptr(rctx);
+    }
+    if (ret == Qtrue) {
+	X509_STORE_CTX_set_error(ctx, X509_V_OK);
+	ok = 1;
+    }
+    else {
+	if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
+	    X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
+	ok = 0;
     }
 
     return ok;
author	Kazuki Yamaguchi <k@rhe.jp>	2016-07-28 22:15:26 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2016-07-28 22:15:26 +0900
commit	bf120798efa43c9db6c68e75037fc0a0c4735703 (patch)
tree	d14e13da8bfae8bf7ae0249565c28175ad775abc /ext/openssl/ossl.c
parent	1c244fa916f274b715594492a85fcfa57c987c2e (diff)
parent	028e495734e9e6aa5dba1a2e130b08f66cf31a21 (diff)
download	ruby-openssl-bf120798efa43c9db6c68e75037fc0a0c4735703.tar.gz