summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog13
-rw-r--r--ext/openssl/lib/net/protocols.rb1
-rw-r--r--ext/openssl/lib/openssl/buffering.rb4
-rw-r--r--ext/openssl/lib/openssl/ssl.rb1
-rw-r--r--ext/openssl/ossl_ssl.c25
5 files changed, 41 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 0dca96ccb9..963ea9129c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+Thu Oct 30 02:25:48 2003 GOTOU Yuuzou <gotoyuzo@notwork.org>
+
+ * ext/openssl/lib/openssl/buffering.rb (Buffering#initialize):
+ add new method to inherit @sync from @io.sync.
+
+ * ext/openssl/lib/net/protocols.rb (SSLIO#ssl_connect): no need to
+ set sync flag explicitly.
+
+ * ext/openssl/ossl_ssl.c (ossl_sslctx_initialize): call super.
+
+ * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): set extra chain
+ certificates in @extra_chain_cert.
+
Wed Oct 29 22:02:04 2003 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
* test/drb/drbtest.rb: use rbconfig.rb to make the path of ruby
diff --git a/ext/openssl/lib/net/protocols.rb b/ext/openssl/lib/net/protocols.rb
index 36c5077cb2..073d4f3027 100644
--- a/ext/openssl/lib/net/protocols.rb
+++ b/ext/openssl/lib/net/protocols.rb
@@ -45,7 +45,6 @@ module Net
@ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
@socket = OpenSSL::SSL::SSLSocket.new(@socket, @ssl_context)
- @socket.sync = true
@socket.sync_close = true
@socket.connect
end
diff --git a/ext/openssl/lib/openssl/buffering.rb b/ext/openssl/lib/openssl/buffering.rb
index 031af4baa3..fdbd71bc0c 100644
--- a/ext/openssl/lib/openssl/buffering.rb
+++ b/ext/openssl/lib/openssl/buffering.rb
@@ -19,6 +19,10 @@ module Buffering
attr_accessor :sync
BLOCK_SIZE = 1024*16
+ def initialize(*args)
+ @sync = @io.sync
+ end
+
#
# for reading.
#
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index 38bf4b7484..811a935509 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -71,7 +71,6 @@ module OpenSSL
sock = @svr.accept
begin
ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
- ssl.sync = true
ssl.sync_close = true
ssl.accept if @start_immediately
ssl
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 6305e4c998..4fe2fc8088 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -44,6 +44,7 @@ VALUE cSSLSocket;
#define ossl_sslctx_set_verify_cb(o,v) rb_iv_set((o),"@verify_callback",(v))
#define ossl_sslctx_set_options(o,v) rb_iv_set((o),"@options",(v))
#define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v))
+#define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v))
#define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert")
#define ossl_sslctx_get_key(o) rb_iv_get((o),"@key")
@@ -56,11 +57,12 @@ VALUE cSSLSocket;
#define ossl_sslctx_get_verify_cb(o) rb_iv_get((o),"@verify_callback")
#define ossl_sslctx_get_options(o) rb_iv_get((o),"@options")
#define ossl_sslctx_get_cert_store(o) rb_iv_get((o),"@cert_store")
+#define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert")
static char *ossl_sslctx_attrs[] = {
"cert", "key", "client_ca", "ca_file", "ca_path",
"timeout", "verify_mode", "verify_depth",
- "verify_callback", "options", "cert_store",
+ "verify_callback", "options", "cert_store", "extra_chain_cert"
};
struct {
@@ -160,6 +162,21 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
}
static VALUE
+ossl_sslctx_add_extra_chain_cert_i(VALUE i, VALUE arg)
+{
+ X509 *x509;
+ SSL_CTX *ctx;
+
+ Data_Get_Struct(arg, SSL_CTX, ctx);
+ x509 = DupX509CertPtr(i);
+ if(!SSL_CTX_add_extra_chain_cert(ctx, x509)){
+ ossl_raise(eSSLError, NULL);
+ }
+
+ return i;
+}
+
+static VALUE
ossl_sslctx_setup(VALUE self)
{
SSL_CTX *ctx;
@@ -186,6 +203,11 @@ ossl_sslctx_setup(VALUE self)
SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1);
}
+ val = ossl_sslctx_get_extra_cert(self);
+ if(!NIL_P(val)){
+ rb_iterate(rb_each, val, ossl_sslctx_add_extra_chain_cert_i, self);
+ }
+
/* private key may be bundled in certificate file. */
val = ossl_sslctx_get_cert(self);
cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */
@@ -379,6 +401,7 @@ ossl_ssl_initialize(int argc, VALUE *argv, VALUE self)
ossl_ssl_set_ctx(self, ctx);
ossl_ssl_set_sync_close(self, Qfalse);
ossl_sslctx_setup(ctx);
+ rb_call_super(0, 0);
return self;
}