Class: OpenSSL::X509::StoreContext

Inherits:
Object
  • Object
show all
Defined in:
ext/openssl/ossl_x509store.c,
lib/openssl/x509.rb,
ext/openssl/ossl_x509store.c

Overview

A StoreContext is used while validating a single certificate and holds the status involved.

Instance Method Summary collapse

Constructor Details

#new(store, cert = nil, untrusted = nil) ⇒ Object

Sets up a StoreContext for a verification of the X.509 certificate cert.



568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
# File 'ext/openssl/ossl_x509store.c', line 568

static VALUE
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
{
    VALUE store, cert, chain, t;
    X509_STORE_CTX *ctx;
    X509_STORE *x509st;
    X509 *x509 = NULL;
    STACK_OF(X509) *x509s = NULL;
    int state;

    rb_scan_args(argc, argv, "12", &store, &cert, &chain);
    GetX509StCtx(self, ctx);
    GetX509Store(store, x509st);
    if (!NIL_P(cert))
        x509 = DupX509CertPtr(cert); /* NEED TO DUP */
    if (!NIL_P(chain)) {
        x509s = ossl_protect_x509_ary2sk(chain, &state);
        if (state) {
            X509_free(x509);
            rb_jump_tag(state);
        }
    }
    if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
        X509_free(x509);
        sk_X509_pop_free(x509s, X509_free);
        ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
    }
    if (!NIL_P(t = rb_iv_get(store, "@time")))
	ossl_x509stctx_set_time(self, t);
    rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
    rb_iv_set(self, "@cert", cert);

    return self;
}

Instance Method Details

#chainnil | Array of X509::Certificate

Returns the verified chain.

See also the man page X509_STORE_CTX_set0_verified_chain(3).

Returns:



639
640
641
642
643
644
645
646
647
648
649
650
# File 'ext/openssl/ossl_x509store.c', line 639

static VALUE
ossl_x509stctx_get_chain(VALUE self)
{
    X509_STORE_CTX *ctx;
    const STACK_OF(X509) *chain;

    GetX509StCtx(self, ctx);
    chain = X509_STORE_CTX_get0_chain(ctx);
    if (!chain)
        return Qnil; /* Could be an empty array instead? */
    return ossl_x509_sk2ary(chain);
}

#cleanupObject



337
338
339
# File 'lib/openssl/x509.rb', line 337

def cleanup
  warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
end

#current_certX509::Certificate

Returns the certificate which caused the error.

See also the man page X509_STORE_CTX_get_current_cert(3).

Returns:



739
740
741
742
743
744
745
746
747
# File 'ext/openssl/ossl_x509store.c', line 739

static VALUE
ossl_x509stctx_get_curr_cert(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
}

#current_crlX509::CRL

Returns the CRL which caused the error.

See also the man page X509_STORE_CTX_get_current_crl(3).

Returns:



757
758
759
760
761
762
763
764
765
766
767
768
769
# File 'ext/openssl/ossl_x509store.c', line 757

static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
    X509_STORE_CTX *ctx;
    X509_CRL *crl;

    GetX509StCtx(self, ctx);
    crl = X509_STORE_CTX_get0_current_crl(ctx);
    if (!crl)
	return Qnil;

    return ossl_x509crl_new(crl);
}

#errorInteger

Returns the error code of stctx. This is typically called after #verify is done, or from the verification callback set to OpenSSL::X509::Store#verify_callback=.

See also the man page X509_STORE_CTX_get_error(3).

Returns:



662
663
664
665
666
667
668
669
670
# File 'ext/openssl/ossl_x509store.c', line 662

static VALUE
ossl_x509stctx_get_err(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error(ctx));
}

#error=(error_code) ⇒ Object

Sets the error code of stctx. This is used by the verification callback set to OpenSSL::X509::Store#verify_callback=.

See also the man page X509_STORE_CTX_set_error(3).



681
682
683
684
685
686
687
688
689
690
# File 'ext/openssl/ossl_x509store.c', line 681

static VALUE
ossl_x509stctx_set_error(VALUE self, VALUE err)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    X509_STORE_CTX_set_error(ctx, NUM2INT(err));

    return err;
}

#error_depthInteger

Returns the depth of the chain. This is used in combination with #error.

See also the man page X509_STORE_CTX_get_error_depth(3).

Returns:



721
722
723
724
725
726
727
728
729
# File 'ext/openssl/ossl_x509store.c', line 721

static VALUE
ossl_x509stctx_get_err_depth(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
}

#error_stringString

Returns the human readable error string corresponding to the error code retrieved by #error.

See also the man page X509_verify_cert_error_string(3).

Returns:

  • (String)


701
702
703
704
705
706
707
708
709
710
711
# File 'ext/openssl/ossl_x509store.c', line 701

static VALUE
ossl_x509stctx_get_err_string(VALUE self)
{
    X509_STORE_CTX *ctx;
    long err;

    GetX509StCtx(self, ctx);
    err = X509_STORE_CTX_get_error(ctx);

    return rb_str_new2(X509_verify_cert_error_string(err));
}

#flags=(flags) ⇒ Object

Sets the verification flags to the context. This overrides the default value set by Store#flags=.

See also the man page X509_VERIFY_PARAM_set_flags(3).



780
781
782
783
784
785
786
787
788
789
790
# File 'ext/openssl/ossl_x509store.c', line 780

static VALUE
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
{
    X509_STORE_CTX *store;
    long f = NUM2LONG(flags);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_flags(store, f);

    return flags;
}

#purpose=(purpose) ⇒ Object

Sets the purpose of the context. This overrides the default value set by Store#purpose=.

See also the man page X509_VERIFY_PARAM_set_purpose(3).



801
802
803
804
805
806
807
808
809
810
811
# File 'ext/openssl/ossl_x509store.c', line 801

static VALUE
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
{
    X509_STORE_CTX *store;
    int p = NUM2INT(purpose);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_purpose(store, p);

    return purpose;
}

#time=(time) ⇒ Object

Sets the time used in the verification. If not set, the current time is used.

See also the man page X509_VERIFY_PARAM_set_time(3).



842
843
844
845
846
847
848
849
850
851
852
853
# File 'ext/openssl/ossl_x509store.c', line 842

static VALUE
ossl_x509stctx_set_time(VALUE self, VALUE time)
{
    X509_STORE_CTX *store;
    long t;

    t = NUM2LONG(rb_Integer(time));
    GetX509StCtx(self, store);
    X509_STORE_CTX_set_time(store, 0, t);

    return time;
}

#trust=(trust) ⇒ Object

Sets the trust settings of the context. This overrides the default value set by Store#trust=.

See also the man page X509_VERIFY_PARAM_set_trust(3).



822
823
824
825
826
827
828
829
830
831
832
# File 'ext/openssl/ossl_x509store.c', line 822

static VALUE
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
{
    X509_STORE_CTX *store;
    int t = NUM2INT(trust);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_trust(store, t);

    return trust;
}

#verifyObject

Performs the certificate verification using the parameters set to stctx.

See also the man page X509_verify_cert(3).



611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
# File 'ext/openssl/ossl_x509store.c', line 611

static VALUE
ossl_x509stctx_verify(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx,
			       (void *)rb_iv_get(self, "@verify_callback"));

    switch (X509_verify_cert(ctx)) {
      case 1:
        return Qtrue;
      case 0:
        ossl_clear_error();
        return Qfalse;
      default:
        ossl_raise(eX509CertError, "X509_verify_cert");
    }
}