diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-13 20:05:45 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-14 20:00:58 +0900 |
commit | c925580d7bfad69680e4258518a9b1823e76651c (patch) | |
tree | 514c01877274c7bfd37c717f9c5c7949bcd90aa3 | |
parent | 6e79869646f9bb7f2dee1cf102f726afe8e77b9d (diff) | |
download | ruby-c925580d7bfad69680e4258518a9b1823e76651c.tar.gz |
ext/openssl: X509* are made opaque
Replace direct struct access with getter functions.
squash! ext/openssl: X509* are made opaque
-rw-r--r-- | ext/openssl/extconf.rb | 13 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.c | 22 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.h | 49 | ||||
-rw-r--r-- | ext/openssl/ossl.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509attr.c | 91 | ||||
-rw-r--r-- | ext/openssl/ossl_x509cert.c | 10 | ||||
-rw-r--r-- | ext/openssl/ossl_x509crl.c | 22 | ||||
-rw-r--r-- | ext/openssl/ossl_x509name.c | 9 | ||||
-rw-r--r-- | ext/openssl/ossl_x509req.c | 8 | ||||
-rw-r--r-- | ext/openssl/ossl_x509revoked.c | 14 | ||||
-rw-r--r-- | ext/openssl/ossl_x509store.c | 22 |
11 files changed, 184 insertions, 78 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 0add8f9318..3ab3879c13 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -94,6 +94,9 @@ have_func("EVP_CIPHER_CTX_copy") have_func("HMAC_CTX_copy") have_func("PKCS5_PBKDF2_HMAC") have_func("X509_NAME_hash_old") +have_func("X509_STORE_CTX_get0_current_crl") +have_func("X509_STORE_set_verify_cb") +have_func("i2d_ASN1_SET_ANY") OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h") have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h") @@ -104,6 +107,7 @@ have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTH # added in 1.0.2 have_func("CRYPTO_memcmp") have_func("X509_REVOKED_dup") +have_func("X509_STORE_CTX_get0_store") have_func("SSL_is_server") have_func("SSL_CTX_set_alpn_select_cb") OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h") @@ -122,6 +126,14 @@ have_func("HMAC_CTX_reset") OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") +have_func("X509_CRL_get0_signature") +have_func("X509_REQ_get0_signature") +have_func("X509_REVOKED_get0_serialNumber") +have_func("X509_REVOKED_get0_revocationDate") +have_func("X509_get0_tbs_sigalg") +have_func("X509_STORE_CTX_get0_untrusted") +have_func("X509_STORE_CTX_get0_cert") +have_func("X509_STORE_CTX_get0_chain") have_func("OCSP_SINGLERESP_get0_id") have_func("X509_up_ref") have_func("X509_CRL_up_ref") @@ -130,7 +142,6 @@ have_func("SSL_SESSION_up_ref") have_func("EVP_PKEY_up_ref") OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h") -have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h") Logging::message "=== Checking done. ===\n" create_header diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index 735ec8cfd5..131f74d75f 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -130,3 +130,25 @@ HMAC_CTX_reset(HMAC_CTX *ctx) return 0; } #endif + +#if !defined(HAVE_X509_CRL_GET0_SIGNATURE) +void +X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl) +{ + if (psig != NULL) + *psig = crl->signature; + if (palg != NULL) + *palg = crl->sig_alg; +} +#endif + +#if !defined(HAVE_X509_REQ_GET0_SIGNATURE) +void +X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req) +{ + if (psig != NULL) + *psig = req->signature; + if (palg != NULL) + *palg = req->sig_alg; +} +#endif diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index f72e832d05..af01e17ef1 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -33,6 +33,19 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); #endif +#if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL) +# define X509_STORE_CTX_get0_current_crl(x) ((x)->current_crl) +#endif + +#if !defined(HAVE_X509_STORE_SET_VERIFY_CB) +# define X509_STORE_set_verify_cb X509_STORE_set_verify_cb_func +#endif + +#if !defined(HAVE_I2D_ASN1_SET_ANY) +# define i2d_ASN1_SET_ANY(sk, x) i2d_ASN1_SET_OF_ASN1_TYPE((sk), (x), \ + i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0) +#endif + /* added in 1.0.2 */ #if !defined(HAVE_CRYPTO_MEMCMP) int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len); @@ -43,6 +56,10 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * vol (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev)) #endif +#if !defined(HAVE_X509_STORE_CTX_GET0_STORE) +# define X509_STORE_CTX_get0_store(x) ((x)->ctx) +#endif + #if !defined(HAVE_SSL_IS_SERVER) # define SSL_is_server(s) ((s)->server) #endif @@ -92,6 +109,38 @@ int HMAC_CTX_reset(HMAC_CTX *ctx); CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) #endif +#if !defined(HAVE_X509_CRL_GET0_SIGNATURE) +void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl); +#endif + +#if !defined(HAVE_X509_REQ_GET0_SIGNATURE) +void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req); +#endif + +#if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER) +# define X509_REVOKED_get0_serialNumber(x) ((x)->serialNumber) +#endif + +#if !defined(HAVE_X509_REVOKED_GET0_REVOCATIONDATE) +# define X509_REVOKED_get0_revocationDate(x) ((x)->revocationDate) +#endif + +#if !defined(HAVE_X509_GET0_TBS_SIGALG) +# define X509_get0_tbs_sigalg(x) ((x)->cert_info->signature) +#endif + +#if !defined(HAVE_X509_STORE_CTX_GET0_UNTRUSTED) +# define X509_STORE_CTX_get0_untrusted(x) ((x)->untrusted) +#endif + +#if !defined(HAVE_X509_STORE_CTX_GET0_CERT) +# define X509_STORE_CTX_get0_cert(x) ((x)->cert) +#endif + +#if !defined(HAVE_X509_STORE_CTX_GET0_CHAIN) +# define X509_STORE_CTX_get0_chain(ctx) X509_STORE_CTX_get_chain(ctx) +#endif + #if !defined(HAVE_OCSP_SINGLERESP_GET0_ID) # define OCSP_SINGLERESP_get0_id(s) ((s)->certId) #endif diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index a115878db3..4a7bbad491 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -217,7 +217,7 @@ ossl_verify_cb(int ok, X509_STORE_CTX *ctx) proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx); if (!proc) - proc = (VALUE)X509_STORE_get_ex_data(ctx->ctx, ossl_store_ex_verify_cb_idx); + proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx); if (!proc) return ok; if (!NIL_P(proc)) { diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c index be5f2dcf88..86908d2613 100644 --- a/ext/openssl/ossl_x509attr.c +++ b/ext/openssl/ossl_x509attr.c @@ -178,14 +178,6 @@ ossl_x509attr_get_oid(VALUE self) return ret; } -#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE) -# define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single) -# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1) -#else -# define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set) -# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0) -#endif - /* * call-seq: * attr.value = asn1 => asn1 @@ -194,22 +186,38 @@ static VALUE ossl_x509attr_set_value(VALUE self, VALUE value) { X509_ATTRIBUTE *attr; - ASN1_TYPE *a1type; + VALUE asn1_value; + int i, asn1_tag; OSSL_Check_Kind(value, cASN1Data); - if(!(a1type = ossl_asn1_get_asn1type(value))) - ossl_raise(eASN1Error, "could not get ASN1_TYPE"); - if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){ - ASN1_TYPE_free(a1type); - ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value."); - } + asn1_value = rb_attr_get(value, rb_intern("@value")); + asn1_tag = NUM2INT(rb_attr_get(value, rb_intern("@tag"))); + if (asn1_tag != V_ASN1_SET) + ossl_raise(eASN1Error, "argument must be a SET"); + if (!rb_obj_is_kind_of(asn1_value, rb_cArray)) + ossl_raise(eASN1Error, "ASN1::Set has non-array value (bug)"); + GetX509Attr(self, attr); - if(attr->value.set){ - if(OSSL_X509ATTR_IS_SINGLE(attr)) ASN1_TYPE_free(attr->value.single); - else sk_ASN1_TYPE_free(attr->value.set); + if (X509_ATTRIBUTE_count(attr)) { + /* populated, reset first */ + ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr); + X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_new(); + if (!new_attr) + ossl_raise(eX509AttrError, NULL); + SetX509Attr(self, new_attr); + X509_ATTRIBUTE_set1_object(new_attr, obj); + X509_ATTRIBUTE_free(attr); + attr = new_attr; + } + + for (i = 0; i < RARRAY_LEN(asn1_value); i++) { + int ret; + ASN1_TYPE *a1type = ossl_asn1_get_asn1type(RARRAY_AREF(asn1_value, i)); + ret = X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type), a1type->value.ptr, -1); + ASN1_TYPE_free(a1type); + if (!ret) + ossl_raise(eX509AttrError, NULL); } - OSSL_X509ATTR_SET_SINGLE(attr); - attr->value.single = a1type; return value; } @@ -222,32 +230,29 @@ static VALUE ossl_x509attr_get_value(VALUE self) { X509_ATTRIBUTE *attr; - VALUE str, asn1; - long length; + VALUE str; unsigned char *p; + STACK_OF(ASN1_TYPE) *sk; + int i, count; + + /* there is no X509_ATTRIBUTE_get0_set() function.. */ + sk = sk_ASN1_TYPE_new_null(); + if (!sk) + ossl_raise(eX509AttrError, "sk_new() failed"); GetX509Attr(self, attr); - if(attr->value.ptr == NULL) return Qnil; - if(OSSL_X509ATTR_IS_SINGLE(attr)){ - length = i2d_ASN1_TYPE(attr->value.single, NULL); - str = rb_str_new(0, length); - p = (unsigned char *)RSTRING_PTR(str); - i2d_ASN1_TYPE(attr->value.single, &p); - ossl_str_adjust(str, p); - } - else{ - length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, - (unsigned char **) NULL, i2d_ASN1_TYPE, - V_ASN1_SET, V_ASN1_UNIVERSAL, 0); - str = rb_str_new(0, length); - p = (unsigned char *)RSTRING_PTR(str); - i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p, - i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0); - ossl_str_adjust(str, p); - } - asn1 = rb_funcall(mASN1, rb_intern("decode"), 1, str); + count = X509_ATTRIBUTE_count(attr); + for (i = 0; i < count; i++) + sk_ASN1_TYPE_push(sk, X509_ATTRIBUTE_get0_type(attr, i)); + + str = rb_str_new(0, i2d_ASN1_SET_ANY(sk, NULL)); + p = (unsigned char *)RSTRING_PTR(str); + i2d_ASN1_SET_ANY(sk, &p); + ossl_str_adjust(str, p); + + sk_ASN1_TYPE_free(sk); - return asn1; + return rb_funcall(mASN1, rb_intern("decode"), 1, str); } /* @@ -269,7 +274,7 @@ ossl_x509attr_to_der(VALUE self) p = (unsigned char *)RSTRING_PTR(str); if(i2d_X509_ATTRIBUTE(attr, &p) <= 0) ossl_raise(eX509AttrError, NULL); - rb_str_set_len(str, p - (unsigned char*)RSTRING_PTR(str)); + ossl_str_adjust(str, p); return str; } diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index db8ba02375..4b2f744b9d 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -349,9 +349,7 @@ ossl_x509_set_serial(VALUE self, VALUE num) X509 *x509; GetX509(self, x509); - - x509->cert_info->serialNumber = - num_to_asn1integer(num, X509_get_serialNumber(x509)); + X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509))); return num; } @@ -371,7 +369,7 @@ ossl_x509_get_signature_algorithm(VALUE self) out = BIO_new(BIO_s_mem()); if (!out) ossl_raise(eX509CertError, NULL); - if (!i2a_ASN1_OBJECT(out, x509->cert_info->signature->algorithm)) { + if (!i2a_ASN1_OBJECT(out, X509_get0_tbs_sigalg(x509)->algorithm)) { BIO_free(out); ossl_raise(eX509CertError, NULL); } @@ -671,8 +669,8 @@ ossl_x509_set_extensions(VALUE self, VALUE ary) OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509(self, x509); - sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free); - x509->cert_info->extensions = NULL; + while ((ext = X509_delete_ext(x509, 0))) + X509_EXTENSION_free(ext); for (i=0; i<RARRAY_LEN(ary); i++) { ext = DupX509ExtPtr(RARRAY_AREF(ary, i)); diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index 3aa695a5ea..50d70dbb88 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -180,6 +180,7 @@ static VALUE ossl_x509crl_get_signature_algorithm(VALUE self) { X509_CRL *crl; + X509_ALGOR *alg; BIO *out; BUF_MEM *buf; VALUE str; @@ -188,7 +189,8 @@ ossl_x509crl_get_signature_algorithm(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eX509CRLError, NULL); } - if (!i2a_ASN1_OBJECT(out, crl->sig_alg->algorithm)) { + X509_CRL_get0_signature(NULL, &alg, crl); + if (!i2a_ASN1_OBJECT(out, alg->algorithm)) { BIO_free(out); ossl_raise(eX509CRLError, NULL); } @@ -239,7 +241,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time) sec = time_to_time_t(time); GetX509CRL(self, crl); - if (!X509_time_adj(crl->crl->lastUpdate, 0, &sec)) { + if (!X509_time_adj(X509_CRL_get_lastUpdate(crl), 0, &sec)) { ossl_raise(eX509CRLError, NULL); } @@ -260,14 +262,18 @@ static VALUE ossl_x509crl_set_next_update(VALUE self, VALUE time) { X509_CRL *crl; + ASN1_TIME *tm; time_t sec; sec = time_to_time_t(time); GetX509CRL(self, crl); /* This must be some thinko in OpenSSL */ - if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))){ + tm = X509_time_adj(X509_CRL_get_nextUpdate(crl), 0, &sec); + if (!X509_CRL_set_nextUpdate(crl, tm)) { + ASN1_TIME_free(tm); ossl_raise(eX509CRLError, NULL); } + ASN1_TIME_free(tm); return time; } @@ -302,6 +308,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary) { X509_CRL *crl; X509_REVOKED *rev; + STACK_OF(X509_REVOKED) *rev_stack; long i; Check_Type(ary, T_ARRAY); @@ -310,8 +317,9 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary) OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev); } GetX509CRL(self, crl); - sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free); - crl->crl->revoked = NULL; + rev_stack = X509_CRL_get_REVOKED(crl); + while ((rev = sk_X509_REVOKED_delete(rev_stack, 0))) + X509_REVOKED_free(rev); for (i=0; i<RARRAY_LEN(ary); i++) { rev = DupX509RevokedPtr(RARRAY_AREF(ary, i)); if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */ @@ -484,8 +492,8 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary) OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509CRL(self, crl); - sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free); - crl->crl->extensions = NULL; + while ((ext = X509_CRL_delete_ext(crl, 0))) + X509_EXTENSION_free(ext); for (i=0; i<RARRAY_LEN(ary); i++) { ext = DupX509ExtPtr(RARRAY_AREF(ary, i)); if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */ diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index a0e28e29ec..ff307c0626 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -282,6 +282,7 @@ ossl_x509name_to_a(VALUE self) char long_name[512]; const char *short_name; VALUE ary, vname, ret; + ASN1_STRING *value; GetX509Name(self, name); entries = X509_NAME_entry_count(name); @@ -294,7 +295,8 @@ ossl_x509name_to_a(VALUE self) if (!(entry = X509_NAME_get_entry(name, i))) { ossl_raise(eX509NameError, NULL); } - if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) { + if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), + X509_NAME_ENTRY_get_object(entry))) { ossl_raise(eX509NameError, NULL); } nid = OBJ_ln2nid(long_name); @@ -304,10 +306,11 @@ ossl_x509name_to_a(VALUE self) short_name = OBJ_nid2sn(nid); vname = rb_str_new2(short_name); /*do not free*/ } + value = X509_NAME_ENTRY_get_data(entry); ary = rb_ary_new3(3, vname, - rb_str_new((const char *)entry->value->data, entry->value->length), - INT2FIX(entry->value->type)); + rb_str_new((const char *)value->data, value->length), + INT2FIX(value->type)); rb_ary_push(ret, ary); } return ret; diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c index e5ce088a15..0fe856e312 100644 --- a/ext/openssl/ossl_x509req.c +++ b/ext/openssl/ossl_x509req.c @@ -302,6 +302,7 @@ static VALUE ossl_x509req_get_signature_algorithm(VALUE self) { X509_REQ *req; + X509_ALGOR *alg; BIO *out; BUF_MEM *buf; VALUE str; @@ -311,7 +312,8 @@ ossl_x509req_get_signature_algorithm(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eX509ReqError, NULL); } - if (!i2a_ASN1_OBJECT(out, req->sig_alg->algorithm)) { + X509_REQ_get0_signature(NULL, &alg, req); + if (!i2a_ASN1_OBJECT(out, alg->algorithm)) { BIO_free(out); ossl_raise(eX509ReqError, NULL); } @@ -426,8 +428,8 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary) OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr); } GetX509Req(self, req); - sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free); - req->req_info->attributes = NULL; + while ((attr = X509_REQ_delete_attr(req, 0))) + X509_ATTRIBUTE_free(attr); for (i=0;i<RARRAY_LEN(ary); i++) { item = RARRAY_AREF(ary, i); attr = DupX509AttrPtr(item); diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c index 46250e1225..6c1834e88d 100644 --- a/ext/openssl/ossl_x509revoked.c +++ b/ext/openssl/ossl_x509revoked.c @@ -116,16 +116,18 @@ ossl_x509revoked_get_serial(VALUE self) GetX509Rev(self, rev); - return asn1integer_to_num(rev->serialNumber); + return asn1integer_to_num(X509_REVOKED_get0_serialNumber(rev)); } static VALUE ossl_x509revoked_set_serial(VALUE self, VALUE num) { X509_REVOKED *rev; + ASN1_INTEGER *ai; GetX509Rev(self, rev); - rev->serialNumber = num_to_asn1integer(num, rev->serialNumber); + ai = X509_REVOKED_get0_serialNumber(rev); + X509_REVOKED_set_serialNumber(rev, num_to_asn1integer(num, ai)); return num; } @@ -137,7 +139,7 @@ ossl_x509revoked_get_time(VALUE self) GetX509Rev(self, rev); - return asn1time_to_time(rev->revocationDate); + return asn1time_to_time(X509_REVOKED_get0_revocationDate(rev)); } static VALUE @@ -148,7 +150,7 @@ ossl_x509revoked_set_time(VALUE self, VALUE time) sec = time_to_time_t(time); GetX509Rev(self, rev); - if (!X509_time_adj(rev->revocationDate, 0, &sec)) { + if (!X509_time_adj(X509_REVOKED_get0_revocationDate(rev), 0, &sec)) { ossl_raise(eX509RevError, NULL); } @@ -196,8 +198,8 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary) OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509Rev(self, rev); - sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free); - rev->extensions = NULL; + while ((ext = X509_REVOKED_delete_ext(rev, 0))) + X509_EXTENSION_free(ext); for (i=0; i<RARRAY_LEN(ary); i++) { item = RARRAY_AREF(ary, i); ext = DupX509ExtPtr(item); diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 7a07207fd2..47eca6e929 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -149,8 +149,11 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) /* BUG: This method takes any number of arguments but appears to ignore them. */ GetX509Store(self, store); +#if !defined(HAVE_OPAQUE_OPENSSL) + /* TODO: what's this? */ store->ex_data.sk = NULL; - X509_STORE_set_verify_cb_func(store, ossl_verify_cb); +#endif + X509_STORE_set_verify_cb(store, ossl_verify_cb); ossl_x509store_set_vfy_cb(self, Qnil); /* last verification status */ @@ -382,10 +385,10 @@ static void ossl_x509stctx_free(void *ptr) { X509_STORE_CTX *ctx = ptr; - if(ctx->untrusted) - sk_X509_pop_free(ctx->untrusted, X509_free); - if(ctx->cert) - X509_free(ctx->cert); + if (X509_STORE_CTX_get0_untrusted(ctx)) + sk_X509_pop_free(X509_STORE_CTX_get0_untrusted(ctx), X509_free); + if (X509_STORE_CTX_get0_cert(ctx)) + X509_free(X509_STORE_CTX_get0_cert(ctx)); X509_STORE_CTX_free(ctx); } @@ -459,7 +462,7 @@ ossl_x509stctx_get_chain(VALUE self) VALUE ary; GetX509StCtx(self, ctx); - if((chain = X509_STORE_CTX_get_chain(ctx)) == NULL){ + if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){ return Qnil; } if((num = sk_X509_num(chain)) < 0){ @@ -532,11 +535,14 @@ static VALUE ossl_x509stctx_get_curr_crl(VALUE self) { X509_STORE_CTX *ctx; + X509_CRL *crl; GetX509StCtx(self, ctx); - if(!ctx->current_crl) return Qnil; + crl = X509_STORE_CTX_get0_current_crl(ctx); + if (!crl) + return Qnil; - return ossl_x509crl_new(ctx->current_crl); + return ossl_x509crl_new(crl); } static VALUE |