Class: OpenSSL::X509::StoreContext

Inherits:
Object
  • Object
show all
Defined in:
ext/openssl/ossl_x509store.c,
lib/openssl/x509.rb,
ext/openssl/ossl_x509store.c

Overview

A StoreContext is used while validating a single certificate and holds the status involved.

Instance Method Summary collapse

Constructor Details

#new(store, cert = nil, untrusted = nil) ⇒ Object

Sets up a StoreContext for a verification of the X.509 certificate cert.



575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
# File 'ext/openssl/ossl_x509store.c', line 575

static VALUE
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
{
    VALUE store, cert, chain, t;
    X509_STORE_CTX *ctx;
    X509_STORE *x509st;
    X509 *x509 = NULL;
    STACK_OF(X509) *x509s = NULL;
    int state;

    rb_scan_args(argc, argv, "12", &store, &cert, &chain);
    GetX509StCtx(self, ctx);
    GetX509Store(store, x509st);
    if (!NIL_P(cert))
        x509 = DupX509CertPtr(cert); /* NEED TO DUP */
    if (!NIL_P(chain)) {
        x509s = ossl_protect_x509_ary2sk(chain, &state);
        if (state) {
            X509_free(x509);
            rb_jump_tag(state);
        }
    }
    if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
        X509_free(x509);
        sk_X509_pop_free(x509s, X509_free);
        ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
    }
    if (!NIL_P(t = rb_iv_get(store, "@time")))
	ossl_x509stctx_set_time(self, t);
    rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
    rb_iv_set(self, "@cert", cert);

    return self;
}

Instance Method Details

#chainnil | Array of X509::Certificate

Returns the verified chain.

See also the man page X509_STORE_CTX_set0_verified_chain(3).

Returns:



646
647
648
649
650
651
652
653
654
655
656
657
# File 'ext/openssl/ossl_x509store.c', line 646

static VALUE
ossl_x509stctx_get_chain(VALUE self)
{
    X509_STORE_CTX *ctx;
    const STACK_OF(X509) *chain;

    GetX509StCtx(self, ctx);
    chain = X509_STORE_CTX_get0_chain(ctx);
    if (!chain)
        return Qnil; /* Could be an empty array instead? */
    return ossl_x509_sk2ary(chain);
}

#cleanupObject



337
338
339
# File 'lib/openssl/x509.rb', line 337

def cleanup
  warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
end

#current_certX509::Certificate

Returns the certificate which caused the error.

See also the man page X509_STORE_CTX_get_current_cert(3).

Returns:



746
747
748
749
750
751
752
753
754
# File 'ext/openssl/ossl_x509store.c', line 746

static VALUE
ossl_x509stctx_get_curr_cert(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
}

#current_crlX509::CRL

Returns the CRL which caused the error.

See also the man page X509_STORE_CTX_get_current_crl(3).

Returns:



764
765
766
767
768
769
770
771
772
773
774
775
776
# File 'ext/openssl/ossl_x509store.c', line 764

static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
    X509_STORE_CTX *ctx;
    X509_CRL *crl;

    GetX509StCtx(self, ctx);
    crl = X509_STORE_CTX_get0_current_crl(ctx);
    if (!crl)
	return Qnil;

    return ossl_x509crl_new(crl);
}

#errorInteger

Returns the error code of stctx. This is typically called after #verify is done, or from the verification callback set to OpenSSL::X509::Store#verify_callback=.

See also the man page X509_STORE_CTX_get_error(3).

Returns:



669
670
671
672
673
674
675
676
677
# File 'ext/openssl/ossl_x509store.c', line 669

static VALUE
ossl_x509stctx_get_err(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error(ctx));
}

#error=(error_code) ⇒ Object

Sets the error code of stctx. This is used by the verification callback set to OpenSSL::X509::Store#verify_callback=.

See also the man page X509_STORE_CTX_set_error(3).



688
689
690
691
692
693
694
695
696
697
# File 'ext/openssl/ossl_x509store.c', line 688

static VALUE
ossl_x509stctx_set_error(VALUE self, VALUE err)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    X509_STORE_CTX_set_error(ctx, NUM2INT(err));

    return err;
}

#error_depthInteger

Returns the depth of the chain. This is used in combination with #error.

See also the man page X509_STORE_CTX_get_error_depth(3).

Returns:



728
729
730
731
732
733
734
735
736
# File 'ext/openssl/ossl_x509store.c', line 728

static VALUE
ossl_x509stctx_get_err_depth(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
}

#error_stringString

Returns the human readable error string corresponding to the error code retrieved by #error.

See also the man page X509_verify_cert_error_string(3).

Returns:

  • (String)


708
709
710
711
712
713
714
715
716
717
718
# File 'ext/openssl/ossl_x509store.c', line 708

static VALUE
ossl_x509stctx_get_err_string(VALUE self)
{
    X509_STORE_CTX *ctx;
    long err;

    GetX509StCtx(self, ctx);
    err = X509_STORE_CTX_get_error(ctx);

    return rb_str_new2(X509_verify_cert_error_string(err));
}

#flags=(flags) ⇒ Object

Sets the verification flags to the context. This overrides the default value set by Store#flags=.

See also the man page X509_VERIFY_PARAM_set_flags(3).



787
788
789
790
791
792
793
794
795
796
797
# File 'ext/openssl/ossl_x509store.c', line 787

static VALUE
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
{
    X509_STORE_CTX *store;
    long f = NUM2LONG(flags);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_flags(store, f);

    return flags;
}

#purpose=(purpose) ⇒ Object

Sets the purpose of the context. This overrides the default value set by Store#purpose=.

See also the man page X509_VERIFY_PARAM_set_purpose(3).



808
809
810
811
812
813
814
815
816
817
818
# File 'ext/openssl/ossl_x509store.c', line 808

static VALUE
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
{
    X509_STORE_CTX *store;
    int p = NUM2INT(purpose);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_purpose(store, p);

    return purpose;
}

#time=(time) ⇒ Object

Sets the time used in the verification. If not set, the current time is used.

See also the man page X509_VERIFY_PARAM_set_time(3).



849
850
851
852
853
854
855
856
857
858
859
860
# File 'ext/openssl/ossl_x509store.c', line 849

static VALUE
ossl_x509stctx_set_time(VALUE self, VALUE time)
{
    X509_STORE_CTX *store;
    long t;

    t = NUM2LONG(rb_Integer(time));
    GetX509StCtx(self, store);
    X509_STORE_CTX_set_time(store, 0, t);

    return time;
}

#trust=(trust) ⇒ Object

Sets the trust settings of the context. This overrides the default value set by Store#trust=.

See also the man page X509_VERIFY_PARAM_set_trust(3).



829
830
831
832
833
834
835
836
837
838
839
# File 'ext/openssl/ossl_x509store.c', line 829

static VALUE
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
{
    X509_STORE_CTX *store;
    int t = NUM2INT(trust);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_trust(store, t);

    return trust;
}

#verifyObject

Performs the certificate verification using the parameters set to stctx.

See also the man page X509_verify_cert(3).



618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
# File 'ext/openssl/ossl_x509store.c', line 618

static VALUE
ossl_x509stctx_verify(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    VALUE cb = rb_iv_get(self, "@verify_callback");
    X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx, (void *)cb);

    switch (X509_verify_cert(ctx)) {
      case 1:
        return Qtrue;
      case 0:
        ossl_clear_error();
        return Qfalse;
      default:
        ossl_raise(eX509CertError, "X509_verify_cert");
    }
}