diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-26 04:43:16 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-26 15:09:01 +0900 |
commit | b692681c849d6cd9d54b8ce63bc567e6c8e3e21a (patch) | |
tree | 59d98c6cb66a8a35067e95225290ea7abcc92404 /ext/openssl/ossl_ocsp.c | |
parent | 2b173358043400928b772988e72db9d6b2bd85dc (diff) | |
download | ruby-openssl-b692681c849d6cd9d54b8ce63bc567e6c8e3e21a.tar.gz |
ocsp: set properly OCSP_NOCERTS flag in OCSP::Request#sign
The variable names 'flg' and 'flags' are mixed up and it doesn't set
OCSP_NOCERTS flag correctly when the 'certs' argument is not given.
[Bug #12704] [ruby-core:77061]
Diffstat (limited to 'ext/openssl/ossl_ocsp.c')
-rw-r--r-- | ext/openssl/ossl_ocsp.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index fc6ba503..de0ee047 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -373,14 +373,16 @@ ossl_ocspreq_get_certid(VALUE self) * * Signs this OCSP request using +cert+, +key+ and optional +digest+. If * +digest+ is not specified, SHA-1 is used. +certs+ is an optional Array of - * additional certificates that will be included in the request. If +certs+ is - * not specified, flag OpenSSL::OCSP::NOCERTS is set. Pass an empty array to - * include only the signer certificate. + * additional certificates which are included in the request in addition to + * the signer certificate. Note that if +certs+ is nil or not given, flag + * OpenSSL::OCSP::NOCERTS is enabled. Pass an empty array to include only the + * signer certificate. * - * +flags+ can include: - * OpenSSL::OCSP::NOCERTS:: don't include certificates + * +flags+ can be a bitwise OR of the following constants: + * + * OpenSSL::OCSP::NOCERTS:: + * Don't include any certificates in the request. +certs+ will be ignored. */ - static VALUE ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self) { @@ -404,7 +406,7 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self) else md = GetDigestPtr(digest); if (NIL_P(certs)) - flags |= OCSP_NOCERTS; + flg |= OCSP_NOCERTS; else x509s = ossl_x509_ary2sk(certs); |