From b692681c849d6cd9d54b8ce63bc567e6c8e3e21a Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 26 Aug 2016 04:43:16 +0900 Subject: ocsp: set properly OCSP_NOCERTS flag in OCSP::Request#sign The variable names 'flg' and 'flags' are mixed up and it doesn't set OCSP_NOCERTS flag correctly when the 'certs' argument is not given. [Bug #12704] [ruby-core:77061] --- ext/openssl/ossl_ocsp.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'ext/openssl/ossl_ocsp.c') diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index fc6ba503..de0ee047 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -373,14 +373,16 @@ ossl_ocspreq_get_certid(VALUE self) * * Signs this OCSP request using +cert+, +key+ and optional +digest+. If * +digest+ is not specified, SHA-1 is used. +certs+ is an optional Array of - * additional certificates that will be included in the request. If +certs+ is - * not specified, flag OpenSSL::OCSP::NOCERTS is set. Pass an empty array to - * include only the signer certificate. + * additional certificates which are included in the request in addition to + * the signer certificate. Note that if +certs+ is nil or not given, flag + * OpenSSL::OCSP::NOCERTS is enabled. Pass an empty array to include only the + * signer certificate. * - * +flags+ can include: - * OpenSSL::OCSP::NOCERTS:: don't include certificates + * +flags+ can be a bitwise OR of the following constants: + * + * OpenSSL::OCSP::NOCERTS:: + * Don't include any certificates in the request. +certs+ will be ignored. */ - static VALUE ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self) { @@ -404,7 +406,7 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self) else md = GetDigestPtr(digest); if (NIL_P(certs)) - flags |= OCSP_NOCERTS; + flg |= OCSP_NOCERTS; else x509s = ossl_x509_ary2sk(certs); -- cgit v1.2.3