aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-04-20 02:58:18 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-04-27 23:07:41 +0900
commite88c51c08ee67f4220a72a52756d0a1ee2ecf3ad (patch)
treeec467fb37b34905dc4e0e7b7daabaa560bf27ee4
parent1cf43c17514c79b28571d649387c17e4e3dd2810 (diff)
downloadruby-e88c51c08ee67f4220a72a52756d0a1ee2ecf3ad.tar.gz
ext/openssl: fix (mainly) opaque related compilation of ossl_x509*.c
Fix following files: - ossl_x509attr.c - ossl_x509cert.c - ossl_x509store.c - ossl_x509name.c - ossl_x509req.c - ossl_x509crl.c - ossl_x509revoked.c - ossl_x509ext.c
-rw-r--r--ext/openssl/extconf.rb11
-rw-r--r--ext/openssl/openssl_missing.c22
-rw-r--r--ext/openssl/openssl_missing.h40
-rw-r--r--ext/openssl/ossl_x509attr.c74
-rw-r--r--ext/openssl/ossl_x509cert.c10
-rw-r--r--ext/openssl/ossl_x509crl.c22
-rw-r--r--ext/openssl/ossl_x509ext.c4
-rw-r--r--ext/openssl/ossl_x509name.c9
-rw-r--r--ext/openssl/ossl_x509req.c8
-rw-r--r--ext/openssl/ossl_x509revoked.c14
-rw-r--r--ext/openssl/ossl_x509store.c22
11 files changed, 173 insertions, 63 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index fa89bbc..0da59a5 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -84,6 +84,8 @@ have_func("EVP_CIPHER_CTX_copy")
have_func("HMAC_CTX_copy")
have_func("PKCS5_PBKDF2_HMAC")
have_func("X509_NAME_hash_old")
+have_func("X509_STORE_CTX_get0_current_crl")
+have_func("X509_STORE_set_verify_cb")
have_func("SSL_set_tlsext_host_name", ["openssl/ssl.h"])
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
@@ -109,6 +111,14 @@ have_func("HMAC_CTX_reset")
have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarations")
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
+have_func("X509_CRL_get0_signature")
+have_func("X509_REQ_get0_signature")
+have_func("X509_REVOKED_get0_serialNumber")
+have_func("X509_REVOKED_get0_revocationDate")
+have_func("X509_get0_tbs_sigalg")
+have_func("X509_STORE_CTX_get0_untrusted")
+have_func("X509_STORE_CTX_get0_cert")
+have_func("X509_STORE_CTX_get0_chain")
have_func("OCSP_SINGLERESP_get0_id")
have_func("X509_up_ref")
have_func("X509_CRL_up_ref")
@@ -116,7 +126,6 @@ have_func("X509_STORE_up_ref")
have_func("SSL_SESSION_up_ref")
have_func("EVP_PKEY_up_ref")
-have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
Logging::message "=== Checking done. ===\n"
create_header
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index 5c60852..3afba5c 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -143,3 +143,25 @@ void *X509_STORE_get_ex_data(X509_STORE *str, int idx)
return CRYPTO_get_ex_data(&str->ex_data, idx);
}
#endif
+
+#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
+void
+X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl)
+{
+ if (psig != NULL)
+ *psig = crl->signature;
+ if (palg != NULL)
+ *palg = crl->sig_alg;
+}
+#endif
+
+#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
+void
+X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req)
+{
+ if (psig != NULL)
+ *psig = req->signature;
+ if (palg != NULL)
+ *palg = req->sig_alg;
+}
+#endif
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index eab3ca6..6f6fe24 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -37,6 +37,14 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
#endif
+#if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL)
+# define X509_STORE_CTX_get0_current_crl(x) ((x)->current_crl)
+#endif
+
+#if !defined(HAVE_X509_STORE_SET_VERIFY_CB)
+# define X509_STORE_set_verify_cb X509_STORE_set_verify_cb_func
+#endif
+
/*** added in 1.0.1 ***/
/*** added in 1.0.2 ***/
#if !defined(HAVE_CRYPTO_MEMCMP)
@@ -81,6 +89,38 @@ void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
#endif
+#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl);
+#endif
+
+#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
+void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req);
+#endif
+
+#if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER)
+# define X509_REVOKED_get0_serialNumber(x) ((x)->serialNumber)
+#endif
+
+#if !defined(HAVE_X509_REVOKED_GET0_REVOCATIONDATE)
+# define X509_REVOKED_get0_revocationDate(x) ((x)->revocationDate)
+#endif
+
+#if !defined(HAVE_X509_GET0_TBS_SIGALG)
+# define X509_get0_tbs_sigalg(x) ((x)->cert_info->signature)
+#endif
+
+#if !defined(HAVE_X509_STORE_CTX_GET0_UNTRUSTED)
+# define X509_STORE_CTX_get0_untrusted(x) ((x)->untrusted)
+#endif
+
+#if !defined(HAVE_X509_STORE_CTX_GET0_CERT)
+# define X509_STORE_CTX_get0_cert(x) ((x)->cert)
+#endif
+
+#if !defined(HAVE_X509_STORE_CTX_GET0_CHAIN)
+# define X509_STORE_CTX_get0_chain(ctx) X509_STORE_CTX_get_chain(ctx)
+#endif
+
#if !defined(HAVE_OCSP_SINGLERESP_GET0_ID)
# define OCSP_SINGLERESP_get0_id(s) ((s)->certId)
#endif
diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c
index d0f41c6..0c0425c 100644
--- a/ext/openssl/ossl_x509attr.c
+++ b/ext/openssl/ossl_x509attr.c
@@ -178,14 +178,6 @@ ossl_x509attr_get_oid(VALUE self)
return ret;
}
-#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE)
-# define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single)
-# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
-#else
-# define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set)
-# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
-#endif
-
/*
* call-seq:
* attr.value = asn1 => asn1
@@ -203,12 +195,24 @@ ossl_x509attr_set_value(VALUE self, VALUE value)
ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value.");
}
GetX509Attr(self, attr);
- if(attr->value.set){
- if(OSSL_X509ATTR_IS_SINGLE(attr)) ASN1_TYPE_free(attr->value.single);
- else sk_ASN1_TYPE_free(attr->value.set);
+ if (X509_ATTRIBUTE_count(attr)) {
+ /* populated, reset first */
+ ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
+ X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_new();
+ if (!new_attr) {
+ ASN1_TYPE_free(a1type);
+ ossl_raise(eX509AttrError, NULL);
+ }
+ SetX509Attr(self, new_attr);
+ X509_ATTRIBUTE_set1_object(new_attr, obj);
+ X509_ATTRIBUTE_free(attr);
+ attr = new_attr;
+ }
+ if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type), a1type->value.ptr, -1)) {
+ ASN1_TYPE_free(a1type);
+ ossl_raise(eX509AttrError, NULL);
}
- OSSL_X509ATTR_SET_SINGLE(attr);
- attr->value.single = a1type;
+ ASN1_TYPE_free(a1type);
return value;
}
@@ -221,32 +225,48 @@ static VALUE
ossl_x509attr_get_value(VALUE self)
{
X509_ATTRIBUTE *attr;
- VALUE str, asn1;
+ VALUE str;
long length;
unsigned char *p;
+ int count;
GetX509Attr(self, attr);
- if(attr->value.ptr == NULL) return Qnil;
- if(OSSL_X509ATTR_IS_SINGLE(attr)){
- length = i2d_ASN1_TYPE(attr->value.single, NULL);
+ count = X509_ATTRIBUTE_count(attr);
+ if (!count) return Qnil;
+ if (count == 1) {
+ ASN1_TYPE *a1type = X509_ATTRIBUTE_get0_type(attr, 0);
+ length = i2d_ASN1_TYPE(a1type, NULL);
str = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(str);
- i2d_ASN1_TYPE(attr->value.single, &p);
- ossl_str_adjust(str, p);
+ i2d_ASN1_TYPE(a1type, &p);
}
- else{
+ else {
+#if defined(i2d_ASN1_SET_OF_ASN1_TYPE)
length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
- (unsigned char **) NULL, i2d_ASN1_TYPE,
- V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
+ (unsigned char **)NULL, i2d_ASN1_TYPE,
+ V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
str = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(str);
- i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
- i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
- ossl_str_adjust(str, p);
+ i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
+ &p, i2d_ASN1_TYPE,
+ V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
+#else
+ STACK_OF(ASN1_TYPE) *sk = sk_ASN1_TYPE_new_null();
+ int i;
+
+ if (!sk) ossl_raise(eX509AttrError, "sk_new() failed");
+ for (i = 0; i < count; i++)
+ sk_ASN1_TYPE_push(sk, X509_ATTRIBUTE_get0_type(attr, i));
+ length = i2d_ASN1_SET_ANY(sk, NULL);
+ str = rb_str_new(0, length);
+ p = (unsigned char *)RSTRING_PTR(str);
+ i2d_ASN1_SET_ANY(sk, &p);
+ sk_ASN1_TYPE_free(sk);
+#endif
}
- asn1 = rb_funcall(mASN1, rb_intern("decode"), 1, str);
+ ossl_str_adjust(str, p);
- return asn1;
+ return rb_funcall(mASN1, rb_intern("decode"), 1, str);
}
/*
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index db8ba02..4b2f744 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -349,9 +349,7 @@ ossl_x509_set_serial(VALUE self, VALUE num)
X509 *x509;
GetX509(self, x509);
-
- x509->cert_info->serialNumber =
- num_to_asn1integer(num, X509_get_serialNumber(x509));
+ X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509)));
return num;
}
@@ -371,7 +369,7 @@ ossl_x509_get_signature_algorithm(VALUE self)
out = BIO_new(BIO_s_mem());
if (!out) ossl_raise(eX509CertError, NULL);
- if (!i2a_ASN1_OBJECT(out, x509->cert_info->signature->algorithm)) {
+ if (!i2a_ASN1_OBJECT(out, X509_get0_tbs_sigalg(x509)->algorithm)) {
BIO_free(out);
ossl_raise(eX509CertError, NULL);
}
@@ -671,8 +669,8 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509(self, x509);
- sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free);
- x509->cert_info->extensions = NULL;
+ while ((ext = X509_delete_ext(x509, 0)))
+ X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index 3aa695a..50d70db 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -180,6 +180,7 @@ static VALUE
ossl_x509crl_get_signature_algorithm(VALUE self)
{
X509_CRL *crl;
+ X509_ALGOR *alg;
BIO *out;
BUF_MEM *buf;
VALUE str;
@@ -188,7 +189,8 @@ ossl_x509crl_get_signature_algorithm(VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eX509CRLError, NULL);
}
- if (!i2a_ASN1_OBJECT(out, crl->sig_alg->algorithm)) {
+ X509_CRL_get0_signature(NULL, &alg, crl);
+ if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
BIO_free(out);
ossl_raise(eX509CRLError, NULL);
}
@@ -239,7 +241,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
sec = time_to_time_t(time);
GetX509CRL(self, crl);
- if (!X509_time_adj(crl->crl->lastUpdate, 0, &sec)) {
+ if (!X509_time_adj(X509_CRL_get_lastUpdate(crl), 0, &sec)) {
ossl_raise(eX509CRLError, NULL);
}
@@ -260,14 +262,18 @@ static VALUE
ossl_x509crl_set_next_update(VALUE self, VALUE time)
{
X509_CRL *crl;
+ ASN1_TIME *tm;
time_t sec;
sec = time_to_time_t(time);
GetX509CRL(self, crl);
/* This must be some thinko in OpenSSL */
- if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))){
+ tm = X509_time_adj(X509_CRL_get_nextUpdate(crl), 0, &sec);
+ if (!X509_CRL_set_nextUpdate(crl, tm)) {
+ ASN1_TIME_free(tm);
ossl_raise(eX509CRLError, NULL);
}
+ ASN1_TIME_free(tm);
return time;
}
@@ -302,6 +308,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
{
X509_CRL *crl;
X509_REVOKED *rev;
+ STACK_OF(X509_REVOKED) *rev_stack;
long i;
Check_Type(ary, T_ARRAY);
@@ -310,8 +317,9 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
}
GetX509CRL(self, crl);
- sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free);
- crl->crl->revoked = NULL;
+ rev_stack = X509_CRL_get_REVOKED(crl);
+ while ((rev = sk_X509_REVOKED_delete(rev_stack, 0)))
+ X509_REVOKED_free(rev);
for (i=0; i<RARRAY_LEN(ary); i++) {
rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
@@ -484,8 +492,8 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509CRL(self, crl);
- sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free);
- crl->crl->extensions = NULL;
+ while ((ext = X509_CRL_delete_ext(crl, 0)))
+ X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */
diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c
index b17cbf9..15e0c1f 100644
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@@ -354,7 +354,7 @@ ossl_x509ext_set_value(VALUE self, VALUE data)
OPENSSL_free(s);
ossl_raise(eX509ExtError, NULL);
}
- if(!M_ASN1_OCTET_STRING_set(asn1s, s, RSTRING_LENINT(data))){
+ if(!ASN1_OCTET_STRING_set(asn1s, (unsigned char *)s, RSTRING_LENINT(data))){
OPENSSL_free(s);
ASN1_OCTET_STRING_free(asn1s);
ossl_raise(eX509ExtError, NULL);
@@ -411,7 +411,7 @@ ossl_x509ext_get_value(VALUE obj)
if (!(out = BIO_new(BIO_s_mem())))
ossl_raise(eX509ExtError, NULL);
if (!X509V3_EXT_print(out, ext, 0, 0))
- M_ASN1_OCTET_STRING_print(out, ext->value);
+ ASN1_STRING_print(out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
ret = ossl_membio2str(out);
return ret;
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index a0e28e2..ff307c0 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -282,6 +282,7 @@ ossl_x509name_to_a(VALUE self)
char long_name[512];
const char *short_name;
VALUE ary, vname, ret;
+ ASN1_STRING *value;
GetX509Name(self, name);
entries = X509_NAME_entry_count(name);
@@ -294,7 +295,8 @@ ossl_x509name_to_a(VALUE self)
if (!(entry = X509_NAME_get_entry(name, i))) {
ossl_raise(eX509NameError, NULL);
}
- if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) {
+ if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name),
+ X509_NAME_ENTRY_get_object(entry))) {
ossl_raise(eX509NameError, NULL);
}
nid = OBJ_ln2nid(long_name);
@@ -304,10 +306,11 @@ ossl_x509name_to_a(VALUE self)
short_name = OBJ_nid2sn(nid);
vname = rb_str_new2(short_name); /*do not free*/
}
+ value = X509_NAME_ENTRY_get_data(entry);
ary = rb_ary_new3(3,
vname,
- rb_str_new((const char *)entry->value->data, entry->value->length),
- INT2FIX(entry->value->type));
+ rb_str_new((const char *)value->data, value->length),
+ INT2FIX(value->type));
rb_ary_push(ret, ary);
}
return ret;
diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c
index e5ce088..0fe856e 100644
--- a/ext/openssl/ossl_x509req.c
+++ b/ext/openssl/ossl_x509req.c
@@ -302,6 +302,7 @@ static VALUE
ossl_x509req_get_signature_algorithm(VALUE self)
{
X509_REQ *req;
+ X509_ALGOR *alg;
BIO *out;
BUF_MEM *buf;
VALUE str;
@@ -311,7 +312,8 @@ ossl_x509req_get_signature_algorithm(VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eX509ReqError, NULL);
}
- if (!i2a_ASN1_OBJECT(out, req->sig_alg->algorithm)) {
+ X509_REQ_get0_signature(NULL, &alg, req);
+ if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
BIO_free(out);
ossl_raise(eX509ReqError, NULL);
}
@@ -426,8 +428,8 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
}
GetX509Req(self, req);
- sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
- req->req_info->attributes = NULL;
+ while ((attr = X509_REQ_delete_attr(req, 0)))
+ X509_ATTRIBUTE_free(attr);
for (i=0;i<RARRAY_LEN(ary); i++) {
item = RARRAY_AREF(ary, i);
attr = DupX509AttrPtr(item);
diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c
index 46250e1..6c1834e 100644
--- a/ext/openssl/ossl_x509revoked.c
+++ b/ext/openssl/ossl_x509revoked.c
@@ -116,16 +116,18 @@ ossl_x509revoked_get_serial(VALUE self)
GetX509Rev(self, rev);
- return asn1integer_to_num(rev->serialNumber);
+ return asn1integer_to_num(X509_REVOKED_get0_serialNumber(rev));
}
static VALUE
ossl_x509revoked_set_serial(VALUE self, VALUE num)
{
X509_REVOKED *rev;
+ ASN1_INTEGER *ai;
GetX509Rev(self, rev);
- rev->serialNumber = num_to_asn1integer(num, rev->serialNumber);
+ ai = X509_REVOKED_get0_serialNumber(rev);
+ X509_REVOKED_set_serialNumber(rev, num_to_asn1integer(num, ai));
return num;
}
@@ -137,7 +139,7 @@ ossl_x509revoked_get_time(VALUE self)
GetX509Rev(self, rev);
- return asn1time_to_time(rev->revocationDate);
+ return asn1time_to_time(X509_REVOKED_get0_revocationDate(rev));
}
static VALUE
@@ -148,7 +150,7 @@ ossl_x509revoked_set_time(VALUE self, VALUE time)
sec = time_to_time_t(time);
GetX509Rev(self, rev);
- if (!X509_time_adj(rev->revocationDate, 0, &sec)) {
+ if (!X509_time_adj(X509_REVOKED_get0_revocationDate(rev), 0, &sec)) {
ossl_raise(eX509RevError, NULL);
}
@@ -196,8 +198,8 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509Rev(self, rev);
- sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free);
- rev->extensions = NULL;
+ while ((ext = X509_REVOKED_delete_ext(rev, 0)))
+ X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
item = RARRAY_AREF(ary, i);
ext = DupX509ExtPtr(item);
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index c62f2e3..18279ee 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -149,8 +149,11 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
/* BUG: This method takes any number of arguments but appears to ignore them. */
GetX509Store(self, store);
+#if !defined(HAVE_OPAQUE_OPENSSL)
+ /* TODO: what's this? */
store->ex_data.sk = NULL;
- X509_STORE_set_verify_cb_func(store, ossl_verify_cb);
+#endif
+ X509_STORE_set_verify_cb(store, ossl_verify_cb);
ossl_x509store_set_vfy_cb(self, Qnil);
/* last verification status */
@@ -382,10 +385,10 @@ static void
ossl_x509stctx_free(void *ptr)
{
X509_STORE_CTX *ctx = ptr;
- if(ctx->untrusted)
- sk_X509_pop_free(ctx->untrusted, X509_free);
- if(ctx->cert)
- X509_free(ctx->cert);
+ if (X509_STORE_CTX_get0_untrusted(ctx))
+ sk_X509_pop_free(X509_STORE_CTX_get0_untrusted(ctx), X509_free);
+ if (X509_STORE_CTX_get0_cert(ctx))
+ X509_free(X509_STORE_CTX_get0_cert(ctx));
X509_STORE_CTX_free(ctx);
}
@@ -459,7 +462,7 @@ ossl_x509stctx_get_chain(VALUE self)
VALUE ary;
GetX509StCtx(self, ctx);
- if((chain = X509_STORE_CTX_get_chain(ctx)) == NULL){
+ if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){
return Qnil;
}
if((num = sk_X509_num(chain)) < 0){
@@ -532,11 +535,14 @@ static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
X509_STORE_CTX *ctx;
+ X509_CRL *crl;
GetX509StCtx(self, ctx);
- if(!ctx->current_crl) return Qnil;
+ crl = X509_STORE_CTX_get0_current_crl(ctx);
+ if (!crl)
+ return Qnil;
- return ossl_x509crl_new(ctx->current_crl);
+ return ossl_x509crl_new(crl);
}
static VALUE