Ruby  2.4.2p198(2017-09-14revision59899)
ossl_x509store.c
Go to the documentation of this file.
1 /*
2  * 'OpenSSL for Ruby' project
3  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
4  * All rights reserved.
5  */
6 /*
7  * This program is licensed under the same licence as Ruby.
8  * (See the file 'LICENCE'.)
9  */
10 #include "ossl.h"
11 
12 #define NewX509Store(klass) \
13  TypedData_Wrap_Struct((klass), &ossl_x509store_type, 0)
14 #define SetX509Store(obj, st) do { \
15  if (!(st)) { \
16  ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
17  } \
18  RTYPEDDATA_DATA(obj) = (st); \
19 } while (0)
20 #define GetX509Store(obj, st) do { \
21  TypedData_Get_Struct((obj), X509_STORE, &ossl_x509store_type, (st)); \
22  if (!(st)) { \
23  ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
24  } \
25 } while (0)
26 #define SafeGetX509Store(obj, st) do { \
27  OSSL_Check_Kind((obj), cX509Store); \
28  GetX509Store((obj), (st)); \
29 } while (0)
30 
31 #define NewX509StCtx(klass) \
32  TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, 0)
33 #define SetX509StCtx(obj, ctx) do { \
34  if (!(ctx)) { \
35  ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
36  } \
37  RTYPEDDATA_DATA(obj) = (ctx); \
38 } while (0)
39 #define GetX509StCtx(obj, ctx) do { \
40  TypedData_Get_Struct((obj), X509_STORE_CTX, &ossl_x509stctx_type, (ctx)); \
41  if (!(ctx)) { \
42  ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
43  } \
44 } while (0)
45 #define SafeGetX509StCtx(obj, storep) do { \
46  OSSL_Check_Kind((obj), cX509StoreContext); \
47  GetX509Store((obj), (ctx)); \
48 } while (0)
49 
50 /*
51  * Verify callback stuff
52  */
54 static VALUE ossl_x509stctx_new(X509_STORE_CTX *);
55 
60 };
61 
62 static VALUE
64 {
65  return rb_funcall(args->proc, rb_intern("call"), 2,
66  args->preverify_ok, args->store_ctx);
67 }
68 
69 int
70 ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
71 {
72  VALUE rctx, ret;
73  struct ossl_verify_cb_args args;
74  int state;
75 
76  if (NIL_P(proc))
77  return ok;
78 
79  ret = Qfalse;
80  rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state);
81  if (state) {
83  rb_warn("StoreContext initialization failure");
84  }
85  else {
86  args.proc = proc;
87  args.preverify_ok = ok ? Qtrue : Qfalse;
88  args.store_ctx = rctx;
89  ret = rb_protect((VALUE(*)(VALUE))call_verify_cb_proc, (VALUE)&args, &state);
90  if (state) {
92  rb_warn("exception in verify_callback is ignored");
93  }
94  RTYPEDDATA_DATA(rctx) = NULL;
95  }
96  if (ret == Qtrue) {
97  X509_STORE_CTX_set_error(ctx, X509_V_OK);
98  ok = 1;
99  }
100  else {
101  if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
102  X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
103  ok = 0;
104  }
105 
106  return ok;
107 }
108 
109 /*
110  * Classes
111  */
115 
116 static void
118 {
119  X509_STORE_free(ptr);
120 }
121 
123  "OpenSSL/X509/STORE",
124  {
126  },
128 };
129 
130 /*
131  * Public functions
132  */
133 VALUE
134 ossl_x509store_new(X509_STORE *store)
135 {
136  VALUE obj;
137 
138  obj = NewX509Store(cX509Store);
139  SetX509Store(obj, store);
140 
141  return obj;
142 }
143 
144 X509_STORE *
146 {
147  X509_STORE *store;
148 
149  SafeGetX509Store(obj, store);
150 
151  return store;
152 }
153 
154 X509_STORE *
156 {
157  X509_STORE *store;
158 
159  SafeGetX509Store(obj, store);
160  X509_STORE_up_ref(store);
161 
162  return store;
163 }
164 
165 /*
166  * Private functions
167  */
168 static int
169 x509store_verify_cb(int ok, X509_STORE_CTX *ctx)
170 {
171  VALUE proc;
172 
173  proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx);
174  if (!proc)
177  if (!proc)
178  return ok;
179 
180  return ossl_verify_cb_call(proc, ok, ctx);
181 }
182 
183 static VALUE
185 {
186  X509_STORE *store;
187  VALUE obj;
188 
189  obj = NewX509Store(klass);
190  if((store = X509_STORE_new()) == NULL){
192  }
193  SetX509Store(obj, store);
194 
195  return obj;
196 }
197 
198 /*
199  * General callback for OpenSSL verify
200  */
201 static VALUE
203 {
204  X509_STORE *store;
205 
206  GetX509Store(self, store);
208  rb_iv_set(self, "@verify_callback", cb);
209 
210  return cb;
211 }
212 
213 
214 /*
215  * call-seq:
216  * X509::Store.new => store
217  *
218  * Creates a new X509::Store.
219  */
220 static VALUE
222 {
223  X509_STORE *store;
224 
225 /* BUG: This method takes any number of arguments but appears to ignore them. */
226  GetX509Store(self, store);
227 #if !defined(HAVE_OPAQUE_OPENSSL)
228  /* [Bug #405] [Bug #1678] [Bug #3000]; already fixed? */
229  store->ex_data.sk = NULL;
230 #endif
233 
234  /* last verification status */
235  rb_iv_set(self, "@error", Qnil);
236  rb_iv_set(self, "@error_string", Qnil);
237  rb_iv_set(self, "@chain", Qnil);
238  rb_iv_set(self, "@time", Qnil);
239 
240  return self;
241 }
242 
243 /*
244  * call-seq:
245  * store.flags = flag
246  *
247  * Sets +flag+ to the Store. +flag+ consists of zero or more of the constants
248  * defined in with name V_FLAG_* or'ed together.
249  */
250 static VALUE
252 {
253  X509_STORE *store;
254  long f = NUM2LONG(flags);
255 
256  GetX509Store(self, store);
257  X509_STORE_set_flags(store, f);
258 
259  return flags;
260 }
261 
262 /*
263  * call-seq:
264  * store.purpose = purpose
265  *
266  * Sets the store's purpose to +purpose+. If specified, the verifications on
267  * the store will check every untrusted certificate's extensions are consistent
268  * with the purpose. The purpose is specified by constants:
269  *
270  * * X509::PURPOSE_SSL_CLIENT
271  * * X509::PURPOSE_SSL_SERVER
272  * * X509::PURPOSE_NS_SSL_SERVER
273  * * X509::PURPOSE_SMIME_SIGN
274  * * X509::PURPOSE_SMIME_ENCRYPT
275  * * X509::PURPOSE_CRL_SIGN
276  * * X509::PURPOSE_ANY
277  * * X509::PURPOSE_OCSP_HELPER
278  * * X509::PURPOSE_TIMESTAMP_SIGN
279  */
280 static VALUE
282 {
283  X509_STORE *store;
284  int p = NUM2INT(purpose);
285 
286  GetX509Store(self, store);
287  X509_STORE_set_purpose(store, p);
288 
289  return purpose;
290 }
291 
292 /*
293  * call-seq:
294  * store.trust = trust
295  */
296 static VALUE
298 {
299  X509_STORE *store;
300  int t = NUM2INT(trust);
301 
302  GetX509Store(self, store);
303  X509_STORE_set_trust(store, t);
304 
305  return trust;
306 }
307 
308 /*
309  * call-seq:
310  * store.time = time
311  *
312  * Sets the time to be used in verifications.
313  */
314 static VALUE
316 {
317  rb_iv_set(self, "@time", time);
318  return time;
319 }
320 
321 /*
322  * call-seq:
323  * store.add_file(file) -> self
324  *
325  * Adds the certificates in +file+ to the certificate store. The +file+ can
326  * contain multiple PEM-encoded certificates.
327  */
328 static VALUE
330 {
331  X509_STORE *store;
332  X509_LOOKUP *lookup;
333  char *path = NULL;
334 
335  if(file != Qnil){
336  rb_check_safe_obj(file);
337  path = StringValueCStr(file);
338  }
339  GetX509Store(self, store);
340  lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
341  if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
342  if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
344  }
345 #if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
346  /*
347  * X509_load_cert_crl_file() which is called from X509_LOOKUP_load_file()
348  * did not check the return value of X509_STORE_add_{cert,crl}(), leaking
349  * "cert already in hash table" errors on the error queue, if duplicate
350  * certificates are found. This will be fixed by OpenSSL 1.1.1.
351  */
353 #endif
354 
355  return self;
356 }
357 
358 /*
359  * call-seq:
360  * store.add_path(path) -> self
361  *
362  * Adds +path+ as the hash dir to be looked up by the store.
363  */
364 static VALUE
366 {
367  X509_STORE *store;
368  X509_LOOKUP *lookup;
369  char *path = NULL;
370 
371  if(dir != Qnil){
372  rb_check_safe_obj(dir);
373  path = StringValueCStr(dir);
374  }
375  GetX509Store(self, store);
376  lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
377  if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
378  if(X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1){
380  }
381 
382  return self;
383 }
384 
385 /*
386  * call-seq:
387  * store.set_default_paths
388  *
389  * Configures +store+ to look up CA certificates from the system default
390  * certificate store as needed basis. The location of the store can usually be
391  * determined by:
392  *
393  * * OpenSSL::X509::DEFAULT_CERT_FILE
394  * * OpenSSL::X509::DEFAULT_CERT_DIR
395  */
396 static VALUE
398 {
399  X509_STORE *store;
400 
401  GetX509Store(self, store);
402  if (X509_STORE_set_default_paths(store) != 1){
404  }
405 
406  return Qnil;
407 }
408 
409 /*
410  * call-seq:
411  * store.add_cert(cert)
412  *
413  * Adds the OpenSSL::X509::Certificate +cert+ to the certificate store.
414  */
415 static VALUE
417 {
418  X509_STORE *store;
419  X509 *cert;
420 
421  cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
422  GetX509Store(self, store);
423  if (X509_STORE_add_cert(store, cert) != 1){
425  }
426 
427  return self;
428 }
429 
430 /*
431  * call-seq:
432  * store.add_crl(crl) -> self
433  *
434  * Adds the OpenSSL::X509::CRL +crl+ to the store.
435  */
436 static VALUE
438 {
439  X509_STORE *store;
440  X509_CRL *crl;
441 
442  crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
443  GetX509Store(self, store);
444  if (X509_STORE_add_crl(store, crl) != 1){
446  }
447 
448  return self;
449 }
450 
454 
455 /*
456  * call-seq:
457  * store.verify(cert, chain = nil) -> true | false
458  *
459  * Performs a certificate verification on the OpenSSL::X509::Certificate +cert+.
460  *
461  * +chain+ can be an array of OpenSSL::X509::Certificate that is used to
462  * construct the certificate chain.
463  *
464  * If a block is given, it overrides the callback set by #verify_callback=.
465  *
466  * After finishing the verification, the error information can be retrieved by
467  * #error, #error_string, and the resuting complete certificate chain can be
468  * retrieved by #chain.
469  */
470 static VALUE
472 {
473  VALUE cert, chain;
474  VALUE ctx, proc, result;
475 
476  rb_scan_args(argc, argv, "11", &cert, &chain);
477  ctx = rb_funcall(cX509StoreContext, rb_intern("new"), 3, self, cert, chain);
478  proc = rb_block_given_p() ? rb_block_proc() :
479  rb_iv_get(self, "@verify_callback");
480  rb_iv_set(ctx, "@verify_callback", proc);
481  result = rb_funcall(ctx, rb_intern("verify"), 0);
482 
483  rb_iv_set(self, "@error", ossl_x509stctx_get_err(ctx));
484  rb_iv_set(self, "@error_string", ossl_x509stctx_get_err_string(ctx));
485  rb_iv_set(self, "@chain", ossl_x509stctx_get_chain(ctx));
486 
487  return result;
488 }
489 
490 /*
491  * Public Functions
492  */
493 static void ossl_x509stctx_free(void*);
494 
495 
497  "OpenSSL/X509/STORE_CTX",
498  {
500  },
502 };
503 
504 /*
505  * Private functions
506  */
507 static void
509 {
510  X509_STORE_CTX *ctx = ptr;
512  sk_X509_pop_free(X509_STORE_CTX_get0_untrusted(ctx), X509_free);
513  if (X509_STORE_CTX_get0_cert(ctx))
514  X509_free(X509_STORE_CTX_get0_cert(ctx));
515  X509_STORE_CTX_free(ctx);
516 }
517 
518 static VALUE
520 {
521  X509_STORE_CTX *ctx;
522  VALUE obj;
523 
524  obj = NewX509StCtx(klass);
525  if((ctx = X509_STORE_CTX_new()) == NULL){
527  }
528  SetX509StCtx(obj, ctx);
529 
530  return obj;
531 }
532 
533 static VALUE
534 ossl_x509stctx_new(X509_STORE_CTX *ctx)
535 {
536  VALUE obj;
537 
539  SetX509StCtx(obj, ctx);
540 
541  return obj;
542 }
543 
548 
549 /*
550  * call-seq:
551  * StoreContext.new(store, cert = nil, chain = nil)
552  */
553 static VALUE
555 {
556  VALUE store, cert, chain, t;
557  X509_STORE_CTX *ctx;
558  X509_STORE *x509st;
559  X509 *x509 = NULL;
560  STACK_OF(X509) *x509s = NULL;
561 
562  rb_scan_args(argc, argv, "12", &store, &cert, &chain);
563  GetX509StCtx(self, ctx);
564  SafeGetX509Store(store, x509st);
565  if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
566  if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
567  if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
568  sk_X509_pop_free(x509s, X509_free);
570  }
571  if (!NIL_P(t = rb_iv_get(store, "@time")))
572  ossl_x509stctx_set_time(self, t);
573  rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
574  rb_iv_set(self, "@cert", cert);
575 
576  return self;
577 }
578 
579 /*
580  * call-seq:
581  * stctx.verify -> true | false
582  */
583 static VALUE
585 {
586  X509_STORE_CTX *ctx;
587 
588  GetX509StCtx(self, ctx);
589  X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx,
590  (void *)rb_iv_get(self, "@verify_callback"));
591 
592  switch (X509_verify_cert(ctx)) {
593  case 1:
594  return Qtrue;
595  case 0:
597  return Qfalse;
598  default:
600  }
601 }
602 
603 /*
604  * call-seq:
605  * stctx.chain -> Array of X509::Certificate
606  */
607 static VALUE
609 {
610  X509_STORE_CTX *ctx;
611  STACK_OF(X509) *chain;
612  X509 *x509;
613  int i, num;
614  VALUE ary;
615 
616  GetX509StCtx(self, ctx);
617  if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){
618  return Qnil;
619  }
620  if((num = sk_X509_num(chain)) < 0){
621  OSSL_Debug("certs in chain < 0???");
622  return rb_ary_new();
623  }
624  ary = rb_ary_new2(num);
625  for(i = 0; i < num; i++) {
626  x509 = sk_X509_value(chain, i);
627  rb_ary_push(ary, ossl_x509_new(x509));
628  }
629 
630  return ary;
631 }
632 
633 /*
634  * call-seq:
635  * stctx.error -> Integer
636  */
637 static VALUE
639 {
640  X509_STORE_CTX *ctx;
641 
642  GetX509StCtx(self, ctx);
643 
644  return INT2NUM(X509_STORE_CTX_get_error(ctx));
645 }
646 
647 /*
648  * call-seq:
649  * stctx.error = error_code
650  */
651 static VALUE
653 {
654  X509_STORE_CTX *ctx;
655 
656  GetX509StCtx(self, ctx);
657  X509_STORE_CTX_set_error(ctx, NUM2INT(err));
658 
659  return err;
660 }
661 
662 /*
663  * call-seq:
664  * stctx.error_string -> String
665  *
666  * Returns the error string corresponding to the error code retrieved by #error.
667  */
668 static VALUE
670 {
671  X509_STORE_CTX *ctx;
672  long err;
673 
674  GetX509StCtx(self, ctx);
675  err = X509_STORE_CTX_get_error(ctx);
676 
677  return rb_str_new2(X509_verify_cert_error_string(err));
678 }
679 
680 /*
681  * call-seq:
682  * stctx.error_depth -> Integer
683  */
684 static VALUE
686 {
687  X509_STORE_CTX *ctx;
688 
689  GetX509StCtx(self, ctx);
690 
691  return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
692 }
693 
694 /*
695  * call-seq:
696  * stctx.current_cert -> X509::Certificate
697  */
698 static VALUE
700 {
701  X509_STORE_CTX *ctx;
702 
703  GetX509StCtx(self, ctx);
704 
705  return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
706 }
707 
708 /*
709  * call-seq:
710  * stctx.current_crl -> X509::CRL
711  */
712 static VALUE
714 {
715  X509_STORE_CTX *ctx;
716  X509_CRL *crl;
717 
718  GetX509StCtx(self, ctx);
720  if (!crl)
721  return Qnil;
722 
723  return ossl_x509crl_new(crl);
724 }
725 
726 /*
727  * call-seq:
728  * stctx.flags = flags
729  *
730  * Sets the verification flags to the context. See Store#flags=.
731  */
732 static VALUE
734 {
735  X509_STORE_CTX *store;
736  long f = NUM2LONG(flags);
737 
738  GetX509StCtx(self, store);
739  X509_STORE_CTX_set_flags(store, f);
740 
741  return flags;
742 }
743 
744 /*
745  * call-seq:
746  * stctx.purpose = purpose
747  *
748  * Sets the purpose of the context. See Store#purpose=.
749  */
750 static VALUE
752 {
753  X509_STORE_CTX *store;
754  int p = NUM2INT(purpose);
755 
756  GetX509StCtx(self, store);
757  X509_STORE_CTX_set_purpose(store, p);
758 
759  return purpose;
760 }
761 
762 /*
763  * call-seq:
764  * stctx.trust = trust
765  */
766 static VALUE
768 {
769  X509_STORE_CTX *store;
770  int t = NUM2INT(trust);
771 
772  GetX509StCtx(self, store);
773  X509_STORE_CTX_set_trust(store, t);
774 
775  return trust;
776 }
777 
778 /*
779  * call-seq:
780  * stctx.time = time
781  *
782  * Sets the time used in the verification. If not set, the current time is used.
783  */
784 static VALUE
786 {
787  X509_STORE_CTX *store;
788  long t;
789 
790  t = NUM2LONG(rb_Integer(time));
791  GetX509StCtx(self, store);
792  X509_STORE_CTX_set_time(store, 0, t);
793 
794  return time;
795 }
796 
797 /*
798  * INIT
799  */
800 void
802 {
803 #if 0
804  mOSSL = rb_define_module("OpenSSL");
807 #endif
808 
809  /* Register ext_data slot for verify callback Proc */
810  stctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"stctx_ex_verify_cb_idx", 0, 0, 0);
811  if (stctx_ex_verify_cb_idx < 0)
812  ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index");
813  store_ex_verify_cb_idx = X509_STORE_get_ex_new_index(0, (void *)"store_ex_verify_cb_idx", 0, 0, 0);
814  if (store_ex_verify_cb_idx < 0)
815  ossl_raise(eOSSLError, "X509_STORE_get_ex_new_index");
816 
818 
819  /* Document-class: OpenSSL::X509::Store
820  *
821  * The X509 certificate store holds trusted CA certificates used to verify
822  * peer certificates.
823  *
824  * The easiest way to create a useful certificate store is:
825  *
826  * cert_store = OpenSSL::X509::Store.new
827  * cert_store.set_default_paths
828  *
829  * This will use your system's built-in certificates.
830  *
831  * If your system does not have a default set of certificates you can obtain
832  * a set extracted from Mozilla CA certificate store by cURL maintainers
833  * here: https://curl.haxx.se/docs/caextract.html (You may wish to use the
834  * firefox-db2pem.sh script to extract the certificates from a local install
835  * to avoid man-in-the-middle attacks.)
836  *
837  * After downloading or generating a cacert.pem from the above link you
838  * can create a certificate store from the pem file like this:
839  *
840  * cert_store = OpenSSL::X509::Store.new
841  * cert_store.add_file 'cacert.pem'
842  *
843  * The certificate store can be used with an SSLSocket like this:
844  *
845  * ssl_context = OpenSSL::SSL::SSLContext.new
846  * ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
847  * ssl_context.cert_store = cert_store
848  *
849  * tcp_socket = TCPSocket.open 'example.com', 443
850  *
851  * ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
852  */
853 
855  /*
856  * The callback for additional certificate verification. It is invoked for
857  * each untrusted certificate in the chain.
858  *
859  * The callback is invoked with two values, a boolean that indicates if the
860  * pre-verification by OpenSSL has succeeded or not, and the StoreContext in
861  * use. The callback must return either true or false.
862  */
863  rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse);
864  /*
865  * The error code set by the last call of #verify.
866  */
867  rb_attr(cX509Store, rb_intern("error"), 1, 0, Qfalse);
868  /*
869  * The description for the error code set by the last call of #verify.
870  */
871  rb_attr(cX509Store, rb_intern("error_string"), 1, 0, Qfalse);
872  /*
873  * The certificate chain constructed by the last call of #verify.
874  */
875  rb_attr(cX509Store, rb_intern("chain"), 1, 0, Qfalse);
878  rb_undef_method(cX509Store, "initialize_copy");
879  rb_define_method(cX509Store, "verify_callback=", ossl_x509store_set_vfy_cb, 1);
890 
891  /*
892  * Document-class: OpenSSL::X509::StoreContext
893  *
894  * A StoreContext is used while validating a single certificate and holds
895  * the status involved.
896  */
900  rb_undef_method(cX509StoreContext, "initialize_copy");
913 }
VALUE rb_eStandardError
Definition: error.c:760
VALUE ossl_x509crl_new(X509_CRL *)
Definition: ossl_x509crl.c:76
VALUE mOSSL
Definition: ossl.c:213
#define X509_STORE_CTX_get0_untrusted(x)
#define X509_STORE_get_ex_data(x, idx)
#define RUBY_TYPED_FREE_IMMEDIATELY
Definition: ruby.h:1145
#define INT2NUM(x)
Definition: ruby.h:1538
static VALUE ossl_x509stctx_set_flags(VALUE, VALUE)
static const rb_data_type_t ossl_x509store_type
#define NUM2INT(x)
Definition: ruby.h:684
static VALUE ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE)
static VALUE ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
#define Qtrue
Definition: ruby.h:437
#define X509_STORE_set_verify_cb
VALUE cX509Store
VALUE rb_ary_push(VALUE ary, VALUE item)
Definition: array.c:905
#define GetX509Store(obj, st)
VALUE rb_funcall(VALUE, ID, int,...)
Calls a method.
Definition: vm_eval.c:821
VALUE rb_iv_set(VALUE, const char *, VALUE)
Definition: variable.c:3138
VALUE rb_protect(VALUE(*proc)(VALUE), VALUE data, int *state)
Definition: eval.c:891
VALUE rb_iv_get(VALUE, const char *)
Definition: variable.c:3130
VALUE rb_define_class_under(VALUE outer, const char *name, VALUE super)
Defines a class under the namespace of outer.
Definition: class.c:693
void rb_define_alloc_func(VALUE, rb_alloc_func_t)
STACK_OF(X509) *ossl_x509_ary2sk0(VALUE)
static VALUE ossl_x509stctx_get_err(VALUE)
VALUE cX509StoreContext
static VALUE ossl_x509stctx_set_time(VALUE, VALUE)
static VALUE ossl_x509store_add_path(VALUE self, VALUE dir)
void rb_undef_method(VALUE klass, const char *name)
Definition: class.c:1533
#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef)
#define X509_STORE_CTX_get0_chain(ctx)
static VALUE ossl_x509store_set_trust(VALUE self, VALUE trust)
#define rb_ary_new2
Definition: intern.h:90
static VALUE call_verify_cb_proc(struct ossl_verify_cb_args *args)
static VALUE ossl_x509store_add_crl(VALUE self, VALUE arg)
X509 * GetX509CertPtr(VALUE)
#define SafeGetX509Store(obj, st)
static const rb_data_type_t ossl_x509stctx_type
void ossl_clear_error(void)
Definition: ossl.c:289
int rb_block_given_p(void)
Definition: eval.c:797
static VALUE ossl_x509stctx_set_error(VALUE self, VALUE err)
#define GetX509StCtx(obj, ctx)
VALUE eX509CertError
Definition: ossl_x509cert.c:35
RUBY_EXTERN VALUE rb_cObject
Definition: ruby.h:1872
static VALUE ossl_x509stctx_set_trust(VALUE, VALUE)
void rb_attr(VALUE, ID, int, int, int)
Definition: vm_method.c:1138
VALUE rb_ary_new(void)
Definition: array.c:493
static VALUE ossl_x509store_add_file(VALUE self, VALUE file)
#define SetX509Store(obj, st)
#define NIL_P(v)
Definition: ruby.h:451
int ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
static void ossl_x509stctx_free(void *)
VALUE eOSSLError
Definition: ossl.c:218
int argc
Definition: ruby.c:183
static VALUE ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
#define Qfalse
Definition: ruby.h:436
VALUE ossl_x509_new(X509 *)
Definition: ossl_x509cert.c:55
VALUE rb_Integer(VALUE)
Definition: object.c:2736
static VALUE ossl_x509store_set_time(VALUE self, VALUE time)
#define rb_str_new2
Definition: intern.h:857
int err
Definition: win32.c:135
#define NewX509StCtx(klass)
X509_STORE * DupX509StorePtr(VALUE obj)
static VALUE ossl_x509stctx_get_curr_crl(VALUE self)
#define X509_STORE_set_ex_data(x, idx, data)
static VALUE ossl_x509store_alloc(VALUE klass)
X509_STORE * GetX509StorePtr(VALUE obj)
static VALUE ossl_x509store_set_flags(VALUE self, VALUE flags)
VALUE eX509StoreError
static VALUE ossl_x509stctx_get_err_string(VALUE)
#define X509_STORE_CTX_get0_store(x)
int rb_scan_args(int argc, const VALUE *argv, const char *fmt,...)
Definition: class.c:1919
#define NewX509Store(klass)
#define Qnil
Definition: ruby.h:438
void Init_ossl_x509store(void)
unsigned long VALUE
Definition: ruby.h:85
static VALUE result
Definition: nkf.c:40
VALUE mX509
Definition: ossl_x509.c:12
static VALUE ossl_x509stctx_new(X509_STORE_CTX *)
#define OSSL_Debug
Definition: ossl.h:155
VALUE rb_define_module_under(VALUE outer, const char *name)
Definition: class.c:790
#define X509_STORE_up_ref(x)
#define StringValueCStr(v)
Definition: ruby.h:571
static VALUE ossl_x509stctx_get_curr_cert(VALUE self)
static int x509store_verify_cb(int ok, X509_STORE_CTX *ctx)
#define SetX509StCtx(obj, ctx)
#define f
static int store_ex_verify_cb_idx
VALUE rb_block_proc(void)
Definition: proc.c:787
void rb_set_errinfo(VALUE err)
Definition: eval.c:1630
static VALUE ossl_x509store_add_cert(VALUE self, VALUE arg)
static VALUE ossl_x509stctx_get_err_depth(VALUE self)
void rb_check_safe_obj(VALUE)
Definition: safe.c:117
void ossl_raise(VALUE exc, const char *fmt,...)
Definition: ossl.c:278
X509 * DupX509CertPtr(VALUE)
static VALUE ossl_x509stctx_verify(VALUE self)
#define X509_STORE_CTX_get0_current_crl(x)
static int stctx_ex_verify_cb_idx
static VALUE ossl_x509store_set_purpose(VALUE self, VALUE purpose)
static VALUE ossl_x509stctx_get_chain(VALUE)
#define RTYPEDDATA_DATA(v)
Definition: ruby.h:1117
static VALUE ossl_x509stctx_alloc(VALUE klass)
VALUE ossl_x509store_new(X509_STORE *store)
VALUE rb_define_module(const char *name)
Definition: class.c:768
#define X509_STORE_CTX_get0_cert(x)
X509_CRL * GetX509CRLPtr(VALUE)
Definition: ossl_x509crl.c:55
#define rb_intern(str)
static VALUE ossl_x509store_set_vfy_cb(VALUE self, VALUE cb)
#define NULL
Definition: _sdbm.c:102
void rb_define_method(VALUE klass, const char *name, VALUE(*func)(ANYARGS), int argc)
Definition: class.c:1515
void rb_warn(const char *fmt,...)
Definition: error.c:221
static VALUE ossl_x509store_set_default_paths(VALUE self)
#define NUM2LONG(x)
Definition: ruby.h:648
char ** argv
Definition: ruby.c:184
static void ossl_x509store_free(void *ptr)