Ruby  2.4.2p198(2017-09-14revision59899)
ossl_x509.c
Go to the documentation of this file.
1 /*
2  * 'OpenSSL for Ruby' project
3  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
4  * All rights reserved.
5  */
6 /*
7  * This program is licensed under the same licence as Ruby.
8  * (See the file 'LICENCE'.)
9  */
10 #include "ossl.h"
11 
13 
14 #define DefX509Const(x) rb_define_const(mX509, #x, INT2NUM(X509_##x))
15 #define DefX509Default(x,i) \
16  rb_define_const(mX509, "DEFAULT_" #x, rb_str_new2(X509_get_default_##i()))
17 
18 ASN1_TIME *
19 ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
20 {
21  time_t sec;
22 
23 #if defined(HAVE_ASN1_TIME_ADJ)
24  int off_days;
25 
26  ossl_time_split(time, &sec, &off_days);
27  return X509_time_adj_ex(s, off_days, 0, &sec);
28 #else
29  sec = time_to_time_t(time);
30  return X509_time_adj(s, 0, &sec);
31 #endif
32 }
33 
34 void
36 {
37 #if 0
38  mOSSL = rb_define_module("OpenSSL");
39 #endif
40 
42 
51 
52  DefX509Const(V_OK);
53  DefX509Const(V_ERR_UNABLE_TO_GET_ISSUER_CERT);
54  DefX509Const(V_ERR_UNABLE_TO_GET_CRL);
55  DefX509Const(V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE);
56  DefX509Const(V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE);
57  DefX509Const(V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY);
58  DefX509Const(V_ERR_CERT_SIGNATURE_FAILURE);
59  DefX509Const(V_ERR_CRL_SIGNATURE_FAILURE);
60  DefX509Const(V_ERR_CERT_NOT_YET_VALID);
61  DefX509Const(V_ERR_CERT_HAS_EXPIRED);
62  DefX509Const(V_ERR_CRL_NOT_YET_VALID);
63  DefX509Const(V_ERR_CRL_HAS_EXPIRED);
64  DefX509Const(V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD);
65  DefX509Const(V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD);
66  DefX509Const(V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD);
67  DefX509Const(V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
68  DefX509Const(V_ERR_OUT_OF_MEM);
69  DefX509Const(V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
70  DefX509Const(V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
71  DefX509Const(V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
72  DefX509Const(V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
73  DefX509Const(V_ERR_CERT_CHAIN_TOO_LONG);
74  DefX509Const(V_ERR_CERT_REVOKED);
75  DefX509Const(V_ERR_INVALID_CA);
76  DefX509Const(V_ERR_PATH_LENGTH_EXCEEDED);
77  DefX509Const(V_ERR_INVALID_PURPOSE);
78  DefX509Const(V_ERR_CERT_UNTRUSTED);
79  DefX509Const(V_ERR_CERT_REJECTED);
80  DefX509Const(V_ERR_SUBJECT_ISSUER_MISMATCH);
81  DefX509Const(V_ERR_AKID_SKID_MISMATCH);
82  DefX509Const(V_ERR_AKID_ISSUER_SERIAL_MISMATCH);
83  DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
84  DefX509Const(V_ERR_APPLICATION_VERIFICATION);
85 
86  /* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for the
87  * certificate chain leaf. */
88  DefX509Const(V_FLAG_CRL_CHECK);
89  /* Set by Store#flags= and StoreContext#flags=. Enables CRL checking for all
90  * certificates in the certificate chain */
91  DefX509Const(V_FLAG_CRL_CHECK_ALL);
92  /* Set by Store#flags= and StoreContext#flags=. Disables critical extension
93  * checking. */
94  DefX509Const(V_FLAG_IGNORE_CRITICAL);
95  /* Set by Store#flags= and StoreContext#flags=. Disables workarounds for
96  * broken certificates. */
97  DefX509Const(V_FLAG_X509_STRICT);
98  /* Set by Store#flags= and StoreContext#flags=. Enables proxy certificate
99  * verification. */
100  DefX509Const(V_FLAG_ALLOW_PROXY_CERTS);
101  /* Set by Store#flags= and StoreContext#flags=. Enables certificate policy
102  * constraints checking. */
103  DefX509Const(V_FLAG_POLICY_CHECK);
104  /* Set by Store#flags= and StoreContext#flags=.
105  * Implies V_FLAG_POLICY_CHECK */
106  DefX509Const(V_FLAG_EXPLICIT_POLICY);
107  /* Set by Store#flags= and StoreContext#flags=.
108  * Implies V_FLAG_POLICY_CHECK */
109  DefX509Const(V_FLAG_INHIBIT_ANY);
110  /* Set by Store#flags= and StoreContext#flags=.
111  * Implies V_FLAG_POLICY_CHECK */
112  DefX509Const(V_FLAG_INHIBIT_MAP);
113  /* Set by Store#flags= and StoreContext#flags=. */
114  DefX509Const(V_FLAG_NOTIFY_POLICY);
115 #if defined(X509_V_FLAG_EXTENDED_CRL_SUPPORT)
116  /* Set by Store#flags= and StoreContext#flags=. Enables some additional
117  * features including support for indirect signed CRLs. */
118  DefX509Const(V_FLAG_EXTENDED_CRL_SUPPORT);
119 #endif
120 #if defined(X509_V_FLAG_USE_DELTAS)
121  /* Set by Store#flags= and StoreContext#flags=. Uses delta CRLs. If not
122  * specified, deltas are ignored. */
123  DefX509Const(V_FLAG_USE_DELTAS);
124 #endif
125 #if defined(X509_V_FLAG_CHECK_SS_SIGNATURE)
126  /* Set by Store#flags= and StoreContext#flags=. Enables checking of the
127  * signature of the root self-signed CA. */
128  DefX509Const(V_FLAG_CHECK_SS_SIGNATURE);
129 #endif
130 #if defined(X509_V_FLAG_TRUSTED_FIRST)
131  /* Set by Store#flags= and StoreContext#flags=. When constructing a
132  * certificate chain, search the Store first for the issuer certificate.
133  * Enabled by default in OpenSSL >= 1.1.0. */
134  DefX509Const(V_FLAG_TRUSTED_FIRST);
135 #endif
136 #if defined(X509_V_FLAG_NO_ALT_CHAINS)
137  /* Set by Store#flags= and StoreContext#flags=. Suppresses searching for
138  * a alternative chain. No effect in OpenSSL >= 1.1.0. */
139  DefX509Const(V_FLAG_NO_ALT_CHAINS);
140 #endif
141 #if defined(X509_V_FLAG_NO_CHECK_TIME)
142  /* Set by Store#flags= and StoreContext#flags=. Suppresses checking the
143  * validity period of certificates and CRLs. No effect when the current
144  * time is explicitly set by Store#time= or StoreContext#time=. */
145  DefX509Const(V_FLAG_NO_CHECK_TIME);
146 #endif
147 
148  /* Set by Store#purpose=. SSL/TLS client. */
149  DefX509Const(PURPOSE_SSL_CLIENT);
150  /* Set by Store#purpose=. SSL/TLS server. */
151  DefX509Const(PURPOSE_SSL_SERVER);
152  /* Set by Store#purpose=. Netscape SSL server. */
153  DefX509Const(PURPOSE_NS_SSL_SERVER);
154  /* Set by Store#purpose=. S/MIME signing. */
155  DefX509Const(PURPOSE_SMIME_SIGN);
156  /* Set by Store#purpose=. S/MIME encryption. */
157  DefX509Const(PURPOSE_SMIME_ENCRYPT);
158  /* Set by Store#purpose=. CRL signing */
159  DefX509Const(PURPOSE_CRL_SIGN);
160  /* Set by Store#purpose=. No checks. */
161  DefX509Const(PURPOSE_ANY);
162  /* Set by Store#purpose=. OCSP helper. */
163  DefX509Const(PURPOSE_OCSP_HELPER);
164 #if defined(X509_PURPOSE_TIMESTAMP_SIGN)
165  /* Set by Store#purpose=. Time stamps signer. */
166  DefX509Const(PURPOSE_TIMESTAMP_SIGN);
167 #endif
168 
169  DefX509Const(TRUST_COMPAT);
170  DefX509Const(TRUST_SSL_CLIENT);
171  DefX509Const(TRUST_SSL_SERVER);
172  DefX509Const(TRUST_EMAIL);
173  DefX509Const(TRUST_OBJECT_SIGN);
174  DefX509Const(TRUST_OCSP_SIGN);
175  DefX509Const(TRUST_OCSP_REQUEST);
176 #if defined(X509_TRUST_TSA)
177  DefX509Const(TRUST_TSA);
178 #endif
179 
180  DefX509Default(CERT_AREA, cert_area);
181  DefX509Default(CERT_DIR, cert_dir);
182  DefX509Default(CERT_FILE, cert_file);
183  DefX509Default(CERT_DIR_ENV, cert_dir_env);
184  DefX509Default(CERT_FILE_ENV, cert_file_env);
185  DefX509Default(PRIVATE_DIR, private_dir);
186 }
void Init_ossl_x509ext(void)
Definition: ossl_x509ext.c:442
VALUE mOSSL
Definition: ossl.c:213
void Init_ossl_x509revoked(void)
#define DefX509Default(x, i)
Definition: ossl_x509.c:15
ASN1_TIME * ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
Definition: ossl_x509.c:19
time_t time_to_time_t(VALUE time)
Definition: ossl_asn1.c:93
void Init_ossl_x509req(void)
Definition: ossl_x509req.c:446
void Init_ossl_x509name(void)
unsigned long VALUE
Definition: ruby.h:85
VALUE mX509
Definition: ossl_x509.c:12
VALUE rb_define_module_under(VALUE outer, const char *name)
Definition: class.c:790
void Init_ossl_x509crl(void)
Definition: ossl_x509crl.c:509
void Init_ossl_x509(void)
Definition: ossl_x509.c:35
void Init_ossl_x509attr(void)
void Init_ossl_x509store(void)
VALUE rb_define_module(const char *name)
Definition: class.c:768
void Init_ossl_x509cert(void)
#define DefX509Const(x)
Definition: ossl_x509.c:14