diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-10-10 19:45:39 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-06-19 15:50:54 +0900 |
commit | af8a14df6994a4d22dff89b2ec1882867c0a7f19 (patch) | |
tree | 376b0307d1040d50066a61662bbb07af3bc14f9b /ext/openssl/ossl_ocsp.c | |
parent | 576eff66bece4c3e49d4041a3746c2a520627946 (diff) | |
download | ruby-openssl-af8a14df6994a4d22dff89b2ec1882867c0a7f19.tar.gz |
ocsp: add OpenSSL::OCSP::Request#signed?topic/ocsp-request-is-signed
Add a method to check whether the OpenSSL::OCSP::Request is signed or
not. Currently there is no way to distinguish them except inspecting
DER encoding or parsing verification error message.
Diffstat (limited to 'ext/openssl/ossl_ocsp.c')
-rw-r--r-- | ext/openssl/ossl_ocsp.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index e34eee0c..28cc2791 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -404,6 +404,9 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self) * Verifies this request using the given _certificates_ and _store_. * _certificates_ is an array of OpenSSL::X509::Certificate, _store_ is an * OpenSSL::X509::Store. + * + * Note that +false+ is returned if the request does not have a signature. + * Use #signed? to check whether the request is signed or not. */ static VALUE @@ -453,6 +456,22 @@ ossl_ocspreq_to_der(VALUE self) } /* + * call-seq: + * request.signed? -> true or false + * + * Returns +true+ if the request is signed, +false+ otherwise. Note that the + * validity of the signature is *not* checked. Use #verify to verify that. + */ +static VALUE +ossl_ocspreq_signed_p(VALUE self) +{ + OCSP_REQUEST *req; + + GetOCSPReq(self, req); + return OCSP_request_is_signed(req) ? Qtrue : Qfalse; +} + +/* * OCSP::Response */ @@ -1809,6 +1828,7 @@ Init_ossl_ocsp(void) rb_define_method(cOCSPReq, "check_nonce", ossl_ocspreq_check_nonce, 1); rb_define_method(cOCSPReq, "add_certid", ossl_ocspreq_add_certid, 1); rb_define_method(cOCSPReq, "certid", ossl_ocspreq_get_certid, 0); + rb_define_method(cOCSPReq, "signed?", ossl_ocspreq_signed_p, 0); rb_define_method(cOCSPReq, "sign", ossl_ocspreq_sign, -1); rb_define_method(cOCSPReq, "verify", ossl_ocspreq_verify, -1); rb_define_method(cOCSPReq, "to_der", ossl_ocspreq_to_der, 0); |