summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog23
-rw-r--r--ext/openssl/ossl_ns_spki.c30
-rw-r--r--ext/openssl/ossl_ssl.c2
-rw-r--r--ext/openssl/ossl_x509req.c2
-rw-r--r--ext/openssl/ossl_x509store.c13
-rw-r--r--test/openssl/test_ns_spki.rb59
-rw-r--r--test/openssl/test_x509store.rb22
7 files changed, 144 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 3a7c47b756d..55da807d5ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,26 @@
+Tue Aug 23 05:47:04 2005 GOTOU Yuuzou <gotoyuzo@notwork.org>
+
+ * ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): try to decode
+ the argument as a string.
+
+ * ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method.
+
+ * ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
+ set @time to avoid warning.
+
+ * ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
+ X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
+ wrapped functions fails.
+
+ * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.
+
+ * ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
+ of unused variable.
+
+ * test/openssl/test_ns_spki.rb: add new file.
+
+ * test/openssl/test_x509store.rb: add test for error.
+
Tue Aug 23 01:11:40 2005 Hirokazu Yamamoto <ocean@m2.ccsnet.ne.jp>
* sprintf.c (ruby__sfvwrite): should move `buf' to the end of
diff --git a/ext/openssl/ossl_ns_spki.c b/ext/openssl/ossl_ns_spki.c
index c4ad05dea34..5cba5298504 100644
--- a/ext/openssl/ossl_ns_spki.c
+++ b/ext/openssl/ossl_ns_spki.c
@@ -56,12 +56,17 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
{
NETSCAPE_SPKI *spki;
VALUE buffer;
+ unsigned char *p;
if (rb_scan_args(argc, argv, "01", &buffer) == 0) {
return self;
}
- if (!(spki = NETSCAPE_SPKI_b64_decode(StringValuePtr(buffer), -1))) {
- ossl_raise(eSPKIError, NULL);
+ StringValue(buffer);
+ if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING(buffer)->ptr, -1))) {
+ p = RSTRING(buffer)->ptr;
+ if (!(spki = d2i_NETSCAPE_SPKI(NULL, &p, RSTRING(buffer)->len))) {
+ ossl_raise(eSPKIError, NULL);
+ }
}
NETSCAPE_SPKI_free(DATA_PTR(self));
DATA_PTR(self) = spki;
@@ -70,6 +75,26 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
}
static VALUE
+ossl_spki_to_der(VALUE self)
+{
+ NETSCAPE_SPKI *spki;
+ VALUE str;
+ long len;
+ unsigned char *p;
+
+ GetSPKI(self, spki);
+ if ((len = i2d_NETSCAPE_SPKI(spki, NULL)) <= 0)
+ ossl_raise(eX509CertError, NULL);
+ str = rb_str_new(0, len);
+ p = RSTRING(str)->ptr;
+ if (i2d_NETSCAPE_SPKI(spki, &p) <= 0)
+ ossl_raise(eX509CertError, NULL);
+ ossl_str_adjust(str, p);
+
+ return str;
+}
+
+static VALUE
ossl_spki_to_pem(VALUE self)
{
NETSCAPE_SPKI *spki;
@@ -217,6 +242,7 @@ Init_ossl_ns_spki()
rb_define_alloc_func(cSPKI, ossl_spki_alloc);
rb_define_method(cSPKI, "initialize", ossl_spki_initialize, -1);
+ rb_define_method(cSPKI, "to_der", ossl_spki_to_der, 0);
rb_define_method(cSPKI, "to_pem", ossl_spki_to_pem, 0);
rb_define_alias(cSPKI, "to_s", "to_pem");
rb_define_method(cSPKI, "to_text", ossl_spki_print, 0);
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 7a376223a97..5ae4cae56ff 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -477,7 +477,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return Qnil;
}
if (!SSL_CTX_set_cipher_list(ctx, RSTRING(str)->ptr)) {
- ossl_raise(eSSLError, "SSL_CTX_set_ciphers:");
+ ossl_raise(eSSLError, "SSL_CTX_set_cipher_list:");
}
return v;
diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c
index 35c520194af..d644250433a 100644
--- a/ext/openssl/ossl_x509req.c
+++ b/ext/openssl/ossl_x509req.c
@@ -400,7 +400,7 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
X509_REQ *req;
X509_ATTRIBUTE *attr;
int i;
- VALUE tmp, item;
+ VALUE item;
Check_Type(ary, T_ARRAY);
for (i=0;i<RARRAY(ary)->len; i++) {
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index 5dba7338783..cea845a1cc5 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -137,6 +137,7 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
rb_iv_set(self, "@error", Qnil);
rb_iv_set(self, "@error_string", Qnil);
rb_iv_set(self, "@chain", Qnil);
+ rb_iv_set(self, "@time", Qnil);
return self;
}
@@ -244,7 +245,9 @@ ossl_x509store_set_default_paths(VALUE self)
X509_STORE *store;
GetX509Store(self, store);
- X509_STORE_set_default_paths(store);
+ if (X509_STORE_set_default_paths(store) != 1){
+ ossl_raise(eX509StoreError, NULL);
+ }
return Qnil;
}
@@ -257,7 +260,9 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
GetX509Store(self, store);
- X509_STORE_add_cert(store, cert);
+ if (X509_STORE_add_cert(store, cert) != 1){
+ ossl_raise(eX509StoreError, NULL);
+ }
return self;
}
@@ -270,7 +275,9 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
GetX509Store(self, store);
- X509_STORE_add_crl(store, crl);
+ if (X509_STORE_add_crl(store, crl) != 1){
+ ossl_raise(eX509StoreError, NULL);
+ }
return self;
}
diff --git a/test/openssl/test_ns_spki.rb b/test/openssl/test_ns_spki.rb
new file mode 100644
index 00000000000..3937132aa08
--- /dev/null
+++ b/test/openssl/test_ns_spki.rb
@@ -0,0 +1,59 @@
+begin
+ require "openssl"
+ require File.join(File.dirname(__FILE__), "utils.rb")
+rescue LoadError
+end
+require "test/unit"
+
+if defined?(OpenSSL)
+
+
+class OpenSSL::TestNSSPI < Test::Unit::TestCase
+ def setup
+ # This request data is adopt from the specification of
+ # "Netscape Extensions for User Key Generation".
+ # -- http://wp.netscape.com/eng/security/comm4-keygen.html
+ @b64 = "MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAnX0TILJrOMUue+PtwBRE6XfV"
+ @b64 << "WtKQbsshxk5ZhcUwcwyvcnIq9b82QhJdoACdD34rqfCAIND46fXKQUnb0mvKzQID"
+ @b64 << "AQABFhFNb3ppbGxhSXNNeUZyaWVuZDANBgkqhkiG9w0BAQQFAANBAAKv2Eex2n/S"
+ @b64 << "r/7iJNroWlSzSMtTiQTEB+ADWHGj9u1xrUrOilq/o2cuQxIfZcNZkYAkWP4DubqW"
+ @b64 << "i0//rgBvmco="
+ end
+
+ def teardown
+ end
+
+ def test_build_data
+ key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
+ key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048
+ spki = OpenSSL::Netscape::SPKI.new
+ spki.challenge = "RandomString"
+ spki.public_key = key1.public_key
+ spki.sign(key1, OpenSSL::Digest::SHA1.new)
+ assert(spki.verify(spki.public_key))
+ assert(spki.verify(key1.public_key))
+ assert(!spki.verify(key2.public_key))
+
+ der = spki.to_der
+ spki = OpenSSL::Netscape::SPKI.new(der)
+ assert_equal("RandomString", spki.challenge)
+ assert_equal(key1.public_key.to_der, spki.public_key.to_der)
+ assert(spki.verify(spki.public_key))
+ end
+
+ def test_decode_data
+ spki = OpenSSL::Netscape::SPKI.new(@b64)
+ assert_equal(@b64, spki.to_pem)
+ assert_equal(@b64.unpack("m").first, spki.to_der)
+ assert_equal("MozillaIsMyFriend", spki.challenge)
+ assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
+
+ spki = OpenSSL::Netscape::SPKI.new(@b64.unpack("m").first)
+ assert_equal(@b64, spki.to_pem)
+ assert_equal(@b64.unpack("m").first, spki.to_der)
+ assert_equal("MozillaIsMyFriend", spki.challenge)
+ assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
+ end
+end
+
+end
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb
index 6696020af7f..b0fe5972622 100644
--- a/test/openssl/test_x509store.rb
+++ b/test/openssl/test_x509store.rb
@@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error)
assert_equal(false, store.verify(ee2_cert))
end
+
+ def test_set_errors
+ now = Time.now
+ ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [],
+ nil, nil, OpenSSL::Digest::SHA1.new)
+ store = OpenSSL::X509::Store.new
+ store.add_cert(ca1_cert)
+ assert_raises(OpenSSL::X509::StoreError){
+ store.add_cert(ca1_cert) # add same certificate twice
+ }
+
+ revoke_info = []
+ crl1 = issue_crl(revoke_info, 1, now, now+1800, [],
+ ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+ revoke_info = [ [2, now, 1], ]
+ crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
+ ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
+ store.add_crl(crl1)
+ assert_raises(OpenSSL::X509::StoreError){
+ store.add_crl(crl2) # add CRL issued by same CA twice.
+ }
+ end
end
end