diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-18 01:23:59 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-21 00:46:34 +0900 |
commit | 4a8fd28dfeb5c938f7137c2a10ddd978e6aecfbb (patch) | |
tree | e1b99853a095426af390131662444b0417c28d6f | |
parent | cba79c3e6a918196a9ac5166c33782503471ec7b (diff) | |
download | ruby-4a8fd28dfeb5c938f7137c2a10ddd978e6aecfbb.tar.gz |
X509_STORE{_CTX,} is made opaque
-rw-r--r-- | ext/openssl/extconf.rb | 15 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.c | 22 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.h | 48 | ||||
-rw-r--r-- | ext/openssl/ossl.c | 6 | ||||
-rw-r--r-- | ext/openssl/ossl_x509store.c | 20 |
5 files changed, 72 insertions, 39 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 5f597b13c3..76cf20541a 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -133,6 +133,8 @@ have_func("EVP_PKEY_base_id") have_func("HMAC_CTX_copy") have_func("PKCS5_PBKDF2_HMAC") have_func("X509_NAME_hash_old") +have_func("X509_STORE_CTX_get0_current_crl") +have_func("X509_STORE_set_verify_cb") have_func_or_macro("SSL_set_tlsext_host_name", 'openssl/ssl.h') # added in 1.0.1 @@ -141,6 +143,7 @@ have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTH # added in 1.0.2 have_func("EC_curve_nist2nid") +have_func("X509_STORE_CTX_get0_store") have_func("SSL_CTX_set_alpn_select_cb") have_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h") have_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h") # removed in 1.1.0 @@ -162,6 +165,14 @@ have_func("X509_REQ_get0_signature") have_func("X509_get0_tbs_sigalg") have_func("X509_REVOKED_get0_serialNumber") have_func("X509_REVOKED_get0_revocationDate") +have_func("X509_STORE_CTX_get0_untrusted") +have_func("X509_STORE_CTX_get0_cert") +have_func("X509_STORE_CTX_get0_chain") + +# doesn't exist on any version of OpenSSL +have_func("X509_STORE_get_ex_data") +have_func("X509_STORE_set_ex_data") + have_func("TLS_method") # renamed from SSLv23_method have_func("SSL_CTX_get_ciphers") have_func("SSL_CTX_get_security_level") @@ -178,10 +189,6 @@ have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPEN # LibreSSL support have_func("RAND_egd") # removed -# doesn't exist on any version of OpenSSL -have_func("X509_STORE_get_ex_data") -have_func("X509_STORE_set_ex_data") - Logging::message "=== Checking done. ===\n" create_header diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index e8c6e87627..05d596f3d2 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -264,6 +264,17 @@ X509_CRL_sort(X509_CRL *c) } #endif +#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER) +int +X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) +{ + ASN1_INTEGER *in = x->serialNumber; + if (in != serial) + return ASN1_STRING_copy(in, serial); + return 1; +} +#endif + /*** added in 0.9.8 ***/ #if !defined(HAVE_BN_IS_PRIME_EX) int BN_is_prime_ex(const BIGNUM *bn, int checks, BN_CTX *ctx, void *cb) @@ -511,14 +522,3 @@ X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req *palg = req->sig_alg; } #endif - -#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER) -int -X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) -{ - ASN1_INTEGER *in = x->serialNumber; - if (in != serial) - return ASN1_STRING_copy(in, serial); - return 1; -} -#endif diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 3528571c80..ce85c8fd09 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -186,14 +186,8 @@ int X509_CRL_set_version(X509_CRL *x, long version); int X509_CRL_sort(X509_CRL *c); #endif -#if !defined(HAVE_X509_STORE_GET_EX_DATA) -# define X509_STORE_get_ex_data(str, idx) \ - CRYPTO_get_ex_data(&(str)->ex_data, idx) -#endif - -#if !defined(HAVE_X509_STORE_SET_EX_DATA) -# define X509_STORE_set_ex_data(str, idx, data) \ - CRYPTO_set_ex_data(&(str)->ex_data, idx, data) +#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER) +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); #endif #if !defined(HAVE_X509V3_SET_NCONF) @@ -269,6 +263,14 @@ void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); #if !defined(HAVE_X509_NAME_HASH_OLD) #endif +#if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL) +# define X509_STORE_CTX_get0_current_crl(x) ((x)->current_crl) +#endif + +#if !defined(HAVE_X509_STORE_SET_VERIFY_CB) +# define X509_STORE_set_verify_cb(x, cb) X509_STORE_set_verify_cb_func((x), (cb)) +#endif + #if !defined(HAVE_SSL_SET_TLSEXT_HOST_NAME) #endif @@ -281,6 +283,10 @@ void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); int EC_curve_nist2nid(const char *str); #endif +#if !defined(HAVE_X509_STORE_CTX_GET0_STORE) +# define X509_STORE_CTX_get0_store(x) ((x)->ctx) +#endif + #if !defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB) #endif @@ -356,12 +362,30 @@ void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ # define X509_REVOKED_get0_serialNumber(x) ((x)->serialNumber) #endif -#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER) -int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +#if !defined(HAVE_X509_REVOKED_GET0_REVOCATIONDATE) +# define X509_REVOKED_get0_revocationDate(x) ((x)->revocationDate) #endif -#if !defined(HAVE_X509_REVOKED_GET0_REVOCATIONDATE) -# define X509_REVOKED_get0_revocationDate(x) (x->revocationDate) +#if !defined(HAVE_X509_STORE_CTX_GET0_UNTRUSTED) +# define X509_STORE_CTX_get0_untrusted(x) ((x)->untrusted) +#endif + +#if !defined(HAVE_X509_STORE_CTX_GET0_CERT) +# define X509_STORE_CTX_get0_cert(x) ((x)->cert) +#endif + +#if !defined(HAVE_X509_STORE_CTX_GET0_CHAIN) +# define X509_STORE_CTX_get0_chain(ctx) X509_STORE_CTX_get_chain(ctx) +#endif + +#if !defined(HAVE_X509_STORE_GET_EX_DATA) +# define X509_STORE_get_ex_data(str, idx) \ + CRYPTO_get_ex_data(&(str)->ex_data, idx) +#endif + +#if !defined(HAVE_X509_STORE_SET_EX_DATA) +# define X509_STORE_set_ex_data(str, idx, data) \ + CRYPTO_set_ex_data(&(str)->ex_data, idx, data) #endif #if !defined(HAVE_TLS_METHOD) diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 8c15112dcf..63ac8f4fbd 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -214,9 +214,9 @@ ossl_verify_cb(int ok, X509_STORE_CTX *ctx) int state = 0; proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_verify_cb_idx); - if ((void*)proc == 0) - proc = (VALUE)X509_STORE_get_ex_data(ctx->ctx, ossl_verify_cb_idx); - if ((void*)proc == 0) + if (!proc) + proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_verify_cb_idx); + if (!proc) return ok; if (!NIL_P(proc)) { ret = Qfalse; diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 900bd81b04..a62e79c184 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -149,8 +149,8 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) /* BUG: This method takes any number of arguments but appears to ignore them. */ GetX509Store(self, store); - store->ex_data.sk = NULL; - X509_STORE_set_verify_cb_func(store, ossl_verify_cb); + /* TODO: what's this?: store->ex_data.sk = NULL; */ + X509_STORE_set_verify_cb(store, ossl_verify_cb); ossl_x509store_set_vfy_cb(self, Qnil); #if (OPENSSL_VERSION_NUMBER < 0x00907000L) @@ -400,10 +400,10 @@ static void ossl_x509stctx_free(void *ptr) { X509_STORE_CTX *ctx = ptr; - if(ctx->untrusted) - sk_X509_pop_free(ctx->untrusted, X509_free); - if(ctx->cert) - X509_free(ctx->cert); + if (X509_STORE_CTX_get0_untrusted(ctx)) + sk_X509_pop_free(X509_STORE_CTX_get0_untrusted(ctx), X509_free); + if (X509_STORE_CTX_get0_cert(ctx)) + X509_free(X509_STORE_CTX_get0_cert(ctx)); X509_STORE_CTX_free(ctx); } @@ -484,7 +484,7 @@ ossl_x509stctx_get_chain(VALUE self) VALUE ary; GetX509StCtx(self, ctx); - if((chain = X509_STORE_CTX_get_chain(ctx)) == NULL){ + if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){ return Qnil; } if((num = sk_X509_num(chain)) < 0){ @@ -558,11 +558,13 @@ ossl_x509stctx_get_curr_crl(VALUE self) { #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE_CTX *ctx; + X509_CRL *crl; GetX509StCtx(self, ctx); - if(!ctx->current_crl) return Qnil; + crl = X509_STORE_CTX_get0_current_crl(ctx); + if(!crl) return Qnil; - return ossl_x509crl_new(ctx->current_crl); + return ossl_x509crl_new(crl); #else return Qnil; #endif |