diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-05 16:22:59 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-05 18:43:52 +0900 |
commit | 139607100b53c42bbde83e5047587930ad8bb63b (patch) | |
tree | 409b7b0ccdb8f7a171f1a79347061a0e005eec48 | |
parent | c2eece37e5670b197790eb89f83d02ef33b50ef2 (diff) | |
download | ruby-139607100b53c42bbde83e5047587930ad8bb63b.tar.gz |
ext/openssl: OCSP_SINGLERESP and OCSP_CERTID are also made opaque
-rw-r--r-- | ext/openssl/extconf.rb | 1 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.h | 4 | ||||
-rw-r--r-- | ext/openssl/ossl_ocsp.c | 10 |
3 files changed, 11 insertions, 4 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 83b1381b5d..a8fb2a7875 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -111,6 +111,7 @@ have_func("HMAC_CTX_reset") OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") +have_func("OCSP_SINGLERESP_get0_id") OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h") have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h") diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 1ada5c37ca..2242eee05a 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -80,4 +80,8 @@ int HMAC_CTX_reset(HMAC_CTX *ctx); CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) #endif +#if !defined(HAVE_OCSP_SINGLERESP_GET0_ID) +# define OCSP_SINGLERESP_get0_id(s) ((s)->certId) +#endif + #endif /* _OSSL_OPENSSL_MISSING_H_ */ diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index 9f44bc202b..ae15d93bfa 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -708,8 +708,8 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, if(!NIL_P(ext)){ X509_EXTENSION *x509ext; - sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free); - single->singleExtensions = NULL; + while ((x509ext = OCSP_SINGLERESP_delete_ext(single, 0))) + X509_EXTENSION_free(x509ext); for(i = 0; i < RARRAY_LEN(ext); i++){ x509ext = DupX509ExtPtr(RARRAY_AREF(ext, i)); if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){ @@ -764,7 +764,7 @@ ossl_ocspbres_get_status(VALUE self) status = OCSP_single_get0_status(single, &reason, &revtime, &thisupd, &nextupd); if(status < 0) continue; - if(!(cid = OCSP_CERTID_dup(single->certId))) + if(!(cid = OCSP_CERTID_dup(OCSP_SINGLERESP_get0_id(single)))) ossl_raise(eOCSPError, NULL); ary = rb_ary_new(); rb_ary_push(ary, ossl_ocspcertid_new(cid)); @@ -963,10 +963,12 @@ static VALUE ossl_ocspcid_get_serial(VALUE self) { OCSP_CERTID *id; + ASN1_INTEGER *serial; GetOCSPCertId(self, id); + OCSP_id_get0_info(NULL, NULL, NULL, &serial, id); - return asn1integer_to_num(id->serialNumber); + return asn1integer_to_num(serial); } void |