aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-04-27 15:13:12 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-04-27 23:07:42 +0900
commit28668bc5743897e403ecd688fad25ceebd8b5f3f (patch)
treea407c01779583039dde0996928b4a9923ece0a26
parentd5936ea2f7c4192d4f6ae9e1dda14b0276504811 (diff)
downloadruby-28668bc5743897e403ecd688fad25ceebd8b5f3f.tar.gz
ext/openssl: fix ex_data handling for X509_STORE
X509_STORE_get_ex_new_index() is required in addition to X509_STORE_CTX_get_ex_new_index() because they are independent.
-rw-r--r--ext/openssl/extconf.rb1
-rw-r--r--ext/openssl/openssl_missing.c14
-rw-r--r--ext/openssl/openssl_missing.h11
-rw-r--r--ext/openssl/ossl.c11
-rw-r--r--ext/openssl/ossl.h3
-rw-r--r--ext/openssl/ossl_ssl.c2
-rw-r--r--ext/openssl/ossl_x509store.c4
7 files changed, 18 insertions, 28 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index c225ef3..60e3553 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -122,7 +122,6 @@ have_func("HMAC_CTX_free")
have_func("HMAC_CTX_reset")
have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarations") # deprecated
have_func("X509_STORE_get_ex_data")
-have_func("X509_STORE_set_ex_data")
have_func("X509_CRL_get0_signature")
have_func("X509_REQ_get0_signature")
have_func("X509_REVOKED_get0_serialNumber")
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index b62d58d..f213888 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -166,20 +166,6 @@ HMAC_CTX_reset(HMAC_CTX *ctx)
}
#endif
-#if !defined(HAVE_X509_STORE_SET_EX_DATA)
-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data)
-{
- return CRYPTO_set_ex_data(&str->ex_data, idx, data);
-}
-#endif
-
-#if !defined(HAVE_X509_STORE_GET_EX_DATA)
-void *X509_STORE_get_ex_data(X509_STORE *str, int idx)
-{
- return CRYPTO_get_ex_data(&str->ex_data, idx);
-}
-#endif
-
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
void
X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl)
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index a23f7d8..7d73618 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -108,11 +108,12 @@ int HMAC_CTX_reset(HMAC_CTX *ctx);
#endif
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
-void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
-#endif
-
-#if !defined(HAVE_X509_STORE_SET_EX_DATA)
-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
+# define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
+# define X509_STORE_get_ex_data(x, idx) \
+ CRYPTO_get_ex_data(&(x)->ex_data, idx)
+# define X509_STORE_set_ex_data(x, idx, data) \
+ CRYPTO_set_ex_data(&(x)->ex_data, idx, data)
#endif
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index c158215..4a7bbad 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -198,7 +198,8 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd)
/*
* Verify callback
*/
-int ossl_verify_cb_idx;
+int ossl_store_ctx_ex_verify_cb_idx;
+int ossl_store_ex_verify_cb_idx;
VALUE
ossl_call_verify_cb_proc(struct ossl_verify_cb_args *args)
@@ -214,9 +215,9 @@ ossl_verify_cb(int ok, X509_STORE_CTX *ctx)
struct ossl_verify_cb_args args;
int state = 0;
- proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_verify_cb_idx);
+ proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx);
if (!proc)
- proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_verify_cb_idx);
+ proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx);
if (!proc)
return ok;
if (!NIL_P(proc)) {
@@ -1128,8 +1129,10 @@ Init_openssl(void)
/*
* Verify callback Proc index for ext-data
*/
- if ((ossl_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_verify_cb_idx", 0, 0, 0)) < 0)
+ if ((ossl_store_ctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_store_ctx_ex_verify_cb_idx", 0, 0, 0)) < 0)
ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index");
+ if ((ossl_store_ex_verify_cb_idx = X509_STORE_get_ex_new_index(0, (void *)"ossl_store_ex_verify_cb_idx", 0, 0, 0)) < 0)
+ ossl_raise(eOSSLError, "X509_STORE_get_ex_new_index");
/*
* Init debug core
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
index b40b214..8c5802a 100644
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@@ -148,7 +148,8 @@ VALUE ossl_exc_new(VALUE, const char *, ...);
/*
* Verify callback
*/
-extern int ossl_verify_cb_idx;
+extern int ossl_store_ctx_ex_verify_cb_idx;
+extern int ossl_store_ex_verify_cb_idx;
struct ossl_verify_cb_args {
VALUE proc;
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index cfde8d7..f50a3e3 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -317,7 +317,7 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_vcb_idx);
- X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx, (void*)cb);
+ X509_STORE_CTX_set_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx, (void*)cb);
return ossl_verify_cb(preverify_ok, ctx);
}
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index 18279ee..47eca6e 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -130,7 +130,7 @@ ossl_x509store_set_vfy_cb(VALUE self, VALUE cb)
X509_STORE *store;
GetX509Store(self, store);
- X509_STORE_set_ex_data(store, ossl_verify_cb_idx, (void*)cb);
+ X509_STORE_set_ex_data(store, ossl_store_ex_verify_cb_idx, (void*)cb);
rb_iv_set(self, "@verify_callback", cb);
return cb;
@@ -445,7 +445,7 @@ ossl_x509stctx_verify(VALUE self)
int result;
GetX509StCtx(self, ctx);
- X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx,
+ X509_STORE_CTX_set_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx,
(void*)rb_iv_get(self, "@verify_callback"));
result = X509_verify_cert(ctx);