Class: OpenSSL::X509::StoreContext

Inherits:
Object
  • Object
show all
Defined in:
ext/openssl/ossl_x509store.c,
lib/openssl/x509.rb,
ext/openssl/ossl_x509store.c

Overview

A StoreContext is used while validating a single certificate and holds the status involved.

Instance Method Summary collapse

Constructor Details

#new(store, cert = nil, untrusted = nil) ⇒ Object

Sets up a StoreContext for a verification of the X.509 certificate cert.



532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
 
# File 'ext/openssl/ossl_x509store.c', line 532

static VALUE
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
{
    VALUE store, cert, chain, t;
    X509_STORE_CTX *ctx;
    X509_STORE *x509st;
    X509 *x509 = NULL;
    STACK_OF(X509) *x509s = NULL;
    int state;

    rb_scan_args(argc, argv, "12", &store, &cert, &chain);
    GetX509StCtx(self, ctx);
    GetX509Store(store, x509st);
    if (!NIL_P(cert))
        x509 = DupX509CertPtr(cert); /* NEED TO DUP */
    if (!NIL_P(chain)) {
        x509s = ossl_protect_x509_ary2sk(chain, &state);
        if (state) {
            X509_free(x509);
            rb_jump_tag(state);
        }
    }
    if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
        X509_free(x509);
        sk_X509_pop_free(x509s, X509_free);
        ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
    }
    if (!NIL_P(t = rb_iv_get(store, "@time")))
	ossl_x509stctx_set_time(self, t);
    rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
    rb_iv_set(self, "@cert", cert);

    return self;
}

Instance Method Details

#chainArray of X509::Certificate

Returns:



595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
 
# File 'ext/openssl/ossl_x509store.c', line 595

static VALUE
ossl_x509stctx_get_chain(VALUE self)
{
    X509_STORE_CTX *ctx;
    STACK_OF(X509) *chain;
    X509 *x509;
    int i, num;
    VALUE ary;

    GetX509StCtx(self, ctx);
    if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){
        return Qnil;
    }
    if((num = sk_X509_num(chain)) < 0){
	OSSL_Debug("certs in chain < 0???");
	return rb_ary_new();
    }
    ary = rb_ary_new2(num);
    for(i = 0; i < num; i++) {
	x509 = sk_X509_value(chain, i);
	rb_ary_push(ary, ossl_x509_new(x509));
    }

    return ary;
}

#cleanupObject 



319
320
321
 
# File 'lib/openssl/x509.rb', line 319

def cleanup
  warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
end

#current_certX509::Certificate

Returns:



686
687
688
689
690
691
692
693
694
 
# File 'ext/openssl/ossl_x509store.c', line 686

static VALUE
ossl_x509stctx_get_curr_cert(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
}

#current_crlX509::CRL

Returns:



700
701
702
703
704
705
706
707
708
709
710
711
712
 
# File 'ext/openssl/ossl_x509store.c', line 700

static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
    X509_STORE_CTX *ctx;
    X509_CRL *crl;

    GetX509StCtx(self, ctx);
    crl = X509_STORE_CTX_get0_current_crl(ctx);
    if (!crl)
	return Qnil;

    return ossl_x509crl_new(crl);
}

#errorInteger

Returns:



625
626
627
628
629
630
631
632
633
 
# File 'ext/openssl/ossl_x509store.c', line 625

static VALUE
ossl_x509stctx_get_err(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error(ctx));
}

#error=(error_code) ⇒ Object 



639
640
641
642
643
644
645
646
647
648
 
# File 'ext/openssl/ossl_x509store.c', line 639

static VALUE
ossl_x509stctx_set_error(VALUE self, VALUE err)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    X509_STORE_CTX_set_error(ctx, NUM2INT(err));

    return err;
}

#error_depthInteger

Returns:



672
673
674
675
676
677
678
679
680
 
# File 'ext/openssl/ossl_x509store.c', line 672

static VALUE
ossl_x509stctx_get_err_depth(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
}

#error_stringString

Returns the error string corresponding to the error code retrieved by #error.

Returns:

  • (String) 


656
657
658
659
660
661
662
663
664
665
666
 
# File 'ext/openssl/ossl_x509store.c', line 656

static VALUE
ossl_x509stctx_get_err_string(VALUE self)
{
    X509_STORE_CTX *ctx;
    long err;

    GetX509StCtx(self, ctx);
    err = X509_STORE_CTX_get_error(ctx);

    return rb_str_new2(X509_verify_cert_error_string(err));
}

#flags=(flags) ⇒ Object

Sets the verification flags to the context. See Store#flags=.



720
721
722
723
724
725
726
727
728
729
730
 
# File 'ext/openssl/ossl_x509store.c', line 720

static VALUE
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
{
    X509_STORE_CTX *store;
    long f = NUM2LONG(flags);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_flags(store, f);

    return flags;
}

#purpose=(purpose) ⇒ Object

Sets the purpose of the context. See Store#purpose=.



738
739
740
741
742
743
744
745
746
747
748
 
# File 'ext/openssl/ossl_x509store.c', line 738

static VALUE
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
{
    X509_STORE_CTX *store;
    int p = NUM2INT(purpose);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_purpose(store, p);

    return purpose;
}

#time=(time) ⇒ Object

Sets the time used in the verification. If not set, the current time is used.



772
773
774
775
776
777
778
779
780
781
782
783
 
# File 'ext/openssl/ossl_x509store.c', line 772

static VALUE
ossl_x509stctx_set_time(VALUE self, VALUE time)
{
    X509_STORE_CTX *store;
    long t;

    t = NUM2LONG(rb_Integer(time));
    GetX509StCtx(self, store);
    X509_STORE_CTX_set_time(store, 0, t);

    return time;
}

#trust=(trust) ⇒ Object 



754
755
756
757
758
759
760
761
762
763
764
 
# File 'ext/openssl/ossl_x509store.c', line 754

static VALUE
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
{
    X509_STORE_CTX *store;
    int t = NUM2INT(trust);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_trust(store, t);

    return trust;
}

#verifyObject 



571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
 
# File 'ext/openssl/ossl_x509store.c', line 571

static VALUE
ossl_x509stctx_verify(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx,
			       (void *)rb_iv_get(self, "@verify_callback"));

    switch (X509_verify_cert(ctx)) {
      case 1:
	return Qtrue;
      case 0:
	ossl_clear_error();
	return Qfalse;
      default:
	ossl_raise(eX509CertError, NULL);
    }
}