Class: OpenSSL::X509::StoreContext
- Inherits:
-
Object
- Object
- OpenSSL::X509::StoreContext
- Defined in:
- ext/openssl/ossl_x509store.c,
lib/openssl/x509.rb,
ext/openssl/ossl_x509store.c
Overview
A StoreContext is used while validating a single certificate and holds the status involved.
Instance Method Summary collapse
-
#chain ⇒ nil | Array of X509::Certificate
Returns the verified chain.
- #cleanup ⇒ Object
-
#current_cert ⇒ X509::Certificate
Returns the certificate which caused the error.
-
#current_crl ⇒ X509::CRL
Returns the CRL which caused the error.
-
#error ⇒ Integer
Returns the error code of stctx.
-
#error=(error_code) ⇒ Object
Sets the error code of stctx.
-
#error_depth ⇒ Integer
Returns the depth of the chain.
-
#error_string ⇒ String
Returns the human readable error string corresponding to the error code retrieved by #error.
-
#flags=(flags) ⇒ Object
Sets the verification flags to the context.
-
#new(store, cert = nil, untrusted = nil) ⇒ Object
constructor
Sets up a StoreContext for a verification of the X.509 certificate cert.
-
#purpose=(purpose) ⇒ Object
Sets the purpose of the context.
-
#time=(time) ⇒ Object
Sets the time used in the verification.
-
#trust=(trust) ⇒ Object
Sets the trust settings of the context.
-
#verify ⇒ Object
Performs the certificate verification using the parameters set to stctx.
Constructor Details
#new(store, cert = nil, untrusted = nil) ⇒ Object
Sets up a StoreContext for a verification of the X.509 certificate cert.
568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 |
# File 'ext/openssl/ossl_x509store.c', line 568
static VALUE
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
{
VALUE store, cert, chain, t;
X509_STORE_CTX *ctx;
X509_STORE *x509st;
X509 *x509 = NULL;
STACK_OF(X509) *x509s = NULL;
int state;
rb_scan_args(argc, argv, "12", &store, &cert, &chain);
GetX509StCtx(self, ctx);
GetX509Store(store, x509st);
if (!NIL_P(cert))
x509 = DupX509CertPtr(cert); /* NEED TO DUP */
if (!NIL_P(chain)) {
x509s = ossl_protect_x509_ary2sk(chain, &state);
if (state) {
X509_free(x509);
rb_jump_tag(state);
}
}
if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
X509_free(x509);
sk_X509_pop_free(x509s, X509_free);
ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
}
if (!NIL_P(t = rb_iv_get(store, "@time")))
ossl_x509stctx_set_time(self, t);
rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
rb_iv_set(self, "@cert", cert);
return self;
}
|
Instance Method Details
#chain ⇒ nil | Array of X509::Certificate
Returns the verified chain.
See also the man page X509_STORE_CTX_set0_verified_chain(3).
639 640 641 642 643 644 645 646 647 648 649 650 |
# File 'ext/openssl/ossl_x509store.c', line 639
static VALUE
ossl_x509stctx_get_chain(VALUE self)
{
X509_STORE_CTX *ctx;
const STACK_OF(X509) *chain;
GetX509StCtx(self, ctx);
chain = X509_STORE_CTX_get0_chain(ctx);
if (!chain)
return Qnil; /* Could be an empty array instead? */
return ossl_x509_sk2ary(chain);
}
|
#cleanup ⇒ Object
337 338 339 |
# File 'lib/openssl/x509.rb', line 337 def cleanup warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE end |
#current_cert ⇒ X509::Certificate
Returns the certificate which caused the error.
See also the man page X509_STORE_CTX_get_current_cert(3).
739 740 741 742 743 744 745 746 747 |
# File 'ext/openssl/ossl_x509store.c', line 739
static VALUE
ossl_x509stctx_get_curr_cert(VALUE self)
{
X509_STORE_CTX *ctx;
GetX509StCtx(self, ctx);
return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
}
|
#current_crl ⇒ X509::CRL
Returns the CRL which caused the error.
See also the man page X509_STORE_CTX_get_current_crl(3).
757 758 759 760 761 762 763 764 765 766 767 768 769 |
# File 'ext/openssl/ossl_x509store.c', line 757
static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
X509_STORE_CTX *ctx;
X509_CRL *crl;
GetX509StCtx(self, ctx);
crl = X509_STORE_CTX_get0_current_crl(ctx);
if (!crl)
return Qnil;
return ossl_x509crl_new(crl);
}
|
#error ⇒ Integer
Returns the error code of stctx. This is typically called after #verify is done, or from the verification callback set to OpenSSL::X509::Store#verify_callback=.
See also the man page X509_STORE_CTX_get_error(3).
662 663 664 665 666 667 668 669 670 |
# File 'ext/openssl/ossl_x509store.c', line 662
static VALUE
ossl_x509stctx_get_err(VALUE self)
{
X509_STORE_CTX *ctx;
GetX509StCtx(self, ctx);
return INT2NUM(X509_STORE_CTX_get_error(ctx));
}
|
#error=(error_code) ⇒ Object
Sets the error code of stctx. This is used by the verification callback set to OpenSSL::X509::Store#verify_callback=.
See also the man page X509_STORE_CTX_set_error(3).
681 682 683 684 685 686 687 688 689 690 |
# File 'ext/openssl/ossl_x509store.c', line 681
static VALUE
ossl_x509stctx_set_error(VALUE self, VALUE err)
{
X509_STORE_CTX *ctx;
GetX509StCtx(self, ctx);
X509_STORE_CTX_set_error(ctx, NUM2INT(err));
return err;
}
|
#error_depth ⇒ Integer
Returns the depth of the chain. This is used in combination with #error.
See also the man page X509_STORE_CTX_get_error_depth(3).
721 722 723 724 725 726 727 728 729 |
# File 'ext/openssl/ossl_x509store.c', line 721
static VALUE
ossl_x509stctx_get_err_depth(VALUE self)
{
X509_STORE_CTX *ctx;
GetX509StCtx(self, ctx);
return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
}
|
#error_string ⇒ String
Returns the human readable error string corresponding to the error code retrieved by #error.
See also the man page X509_verify_cert_error_string(3).
701 702 703 704 705 706 707 708 709 710 711 |
# File 'ext/openssl/ossl_x509store.c', line 701
static VALUE
ossl_x509stctx_get_err_string(VALUE self)
{
X509_STORE_CTX *ctx;
long err;
GetX509StCtx(self, ctx);
err = X509_STORE_CTX_get_error(ctx);
return rb_str_new2(X509_verify_cert_error_string(err));
}
|
#flags=(flags) ⇒ Object
Sets the verification flags to the context. This overrides the default value set by Store#flags=.
See also the man page X509_VERIFY_PARAM_set_flags(3).
780 781 782 783 784 785 786 787 788 789 790 |
# File 'ext/openssl/ossl_x509store.c', line 780
static VALUE
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
{
X509_STORE_CTX *store;
long f = NUM2LONG(flags);
GetX509StCtx(self, store);
X509_STORE_CTX_set_flags(store, f);
return flags;
}
|
#purpose=(purpose) ⇒ Object
Sets the purpose of the context. This overrides the default value set by Store#purpose=.
See also the man page X509_VERIFY_PARAM_set_purpose(3).
801 802 803 804 805 806 807 808 809 810 811 |
# File 'ext/openssl/ossl_x509store.c', line 801
static VALUE
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
{
X509_STORE_CTX *store;
int p = NUM2INT(purpose);
GetX509StCtx(self, store);
X509_STORE_CTX_set_purpose(store, p);
return purpose;
}
|
#time=(time) ⇒ Object
Sets the time used in the verification. If not set, the current time is used.
See also the man page X509_VERIFY_PARAM_set_time(3).
842 843 844 845 846 847 848 849 850 851 852 853 |
# File 'ext/openssl/ossl_x509store.c', line 842
static VALUE
ossl_x509stctx_set_time(VALUE self, VALUE time)
{
X509_STORE_CTX *store;
long t;
t = NUM2LONG(rb_Integer(time));
GetX509StCtx(self, store);
X509_STORE_CTX_set_time(store, 0, t);
return time;
}
|
#trust=(trust) ⇒ Object
Sets the trust settings of the context. This overrides the default value set by Store#trust=.
See also the man page X509_VERIFY_PARAM_set_trust(3).
822 823 824 825 826 827 828 829 830 831 832 |
# File 'ext/openssl/ossl_x509store.c', line 822
static VALUE
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
{
X509_STORE_CTX *store;
int t = NUM2INT(trust);
GetX509StCtx(self, store);
X509_STORE_CTX_set_trust(store, t);
return trust;
}
|
#verify ⇒ Object
Performs the certificate verification using the parameters set to stctx.
See also the man page X509_verify_cert(3).
611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 |
# File 'ext/openssl/ossl_x509store.c', line 611
static VALUE
ossl_x509stctx_verify(VALUE self)
{
X509_STORE_CTX *ctx;
GetX509StCtx(self, ctx);
X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx,
(void *)rb_iv_get(self, "@verify_callback"));
switch (X509_verify_cert(ctx)) {
case 1:
return Qtrue;
case 0:
ossl_clear_error();
return Qfalse;
default:
ossl_raise(eX509CertError, "X509_verify_cert");
}
}
|