diff options
-rw-r--r-- | ext/openssl/ossl_ocsp.c | 20 | ||||
-rw-r--r-- | test/test_ocsp.rb | 15 |
2 files changed, 35 insertions, 0 deletions
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index e34eee0c..28cc2791 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -404,6 +404,9 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self) * Verifies this request using the given _certificates_ and _store_. * _certificates_ is an array of OpenSSL::X509::Certificate, _store_ is an * OpenSSL::X509::Store. + * + * Note that +false+ is returned if the request does not have a signature. + * Use #signed? to check whether the request is signed or not. */ static VALUE @@ -453,6 +456,22 @@ ossl_ocspreq_to_der(VALUE self) } /* + * call-seq: + * request.signed? -> true or false + * + * Returns +true+ if the request is signed, +false+ otherwise. Note that the + * validity of the signature is *not* checked. Use #verify to verify that. + */ +static VALUE +ossl_ocspreq_signed_p(VALUE self) +{ + OCSP_REQUEST *req; + + GetOCSPReq(self, req); + return OCSP_request_is_signed(req) ? Qtrue : Qfalse; +} + +/* * OCSP::Response */ @@ -1809,6 +1828,7 @@ Init_ossl_ocsp(void) rb_define_method(cOCSPReq, "check_nonce", ossl_ocspreq_check_nonce, 1); rb_define_method(cOCSPReq, "add_certid", ossl_ocspreq_add_certid, 1); rb_define_method(cOCSPReq, "certid", ossl_ocspreq_get_certid, 0); + rb_define_method(cOCSPReq, "signed?", ossl_ocspreq_signed_p, 0); rb_define_method(cOCSPReq, "sign", ossl_ocspreq_sign, -1); rb_define_method(cOCSPReq, "verify", ossl_ocspreq_verify, -1); rb_define_method(cOCSPReq, "to_der", ossl_ocspreq_to_der, 0); diff --git a/test/test_ocsp.rb b/test/test_ocsp.rb index 6677d751..25e052ae 100644 --- a/test/test_ocsp.rb +++ b/test/test_ocsp.rb @@ -128,6 +128,21 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase # fixed by OpenSSL 1.0.1j, 1.0.2 and LibreSSL 2.4.2 pend "RT2560: ocsp_req_find_signer" end + + # not signed + req = OpenSSL::OCSP::Request.new.add_certid(cid) + assert_equal false, req.verify([], store) + end + + def test_request_is_signed + cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert) + req = OpenSSL::OCSP::Request.new + req.add_certid(cid) + assert_equal false, req.signed? + assert_equal false, OpenSSL::OCSP::Request.new(req.to_der).signed? + req.sign(@cert, @cert_key, []) + assert_equal true, req.signed? + assert_equal true, OpenSSL::OCSP::Request.new(req.to_der).signed? end def test_request_nonce |