diff options
| -rw-r--r-- | ChangeLog | 13 | ||||
| -rw-r--r-- | ext/openssl/extconf.rb | 1 | ||||
| -rw-r--r-- | ext/openssl/ossl_x509ext.c | 24 | ||||
| -rw-r--r-- | test/openssl/test_x509ext.rb | 74 |
4 files changed, 108 insertions, 4 deletions
@@ -1,3 +1,16 @@ +Wed Nov 23 07:26:44 2005 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * ext/openssl/extconf.rb: check for X509V3_EXT_nconf_nid. + + * ext/openssl/ossl_x509ext.c (MakeX509ExtFactory): should use + OPENSSL_malloc to allocate X509V3_CTX. + + * ext/openssl/ossl_x509ext.c (ossl_x509extfactory_create_ext): use + X509V3_EXT_nconf_nid to avoid SEGV (and to build extensions which + values are placed in separate section). + + * test/openssl/test_x509ext.rb: new file. + Wed Nov 23 01:22:57 2005 Nobuyoshi Nakada <nobu@ruby-lang.org> * file.c (test_identical): test if two files are identical. diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index f2fe9a40f4..42afc9608c 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -84,6 +84,7 @@ have_func("HMAC_CTX_copy") have_func("HMAC_CTX_init") have_func("PEM_def_callback") have_func("X509V3_set_nconf") +have_func("X509V3_EXT_nconf_nid") have_func("X509_CRL_add0_revoked") have_func("X509_CRL_set_issuer_name") have_func("X509_CRL_set_version") diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c index 8ba555d3e0..31ffec48fa 100644 --- a/ext/openssl/ossl_x509ext.c +++ b/ext/openssl/ossl_x509ext.c @@ -26,9 +26,12 @@ OSSL_Check_Kind(obj, cX509Ext); \ GetX509Ext(obj, ext); \ } while (0) - -#define MakeX509ExtFactory(klass, obj, ctx) \ - obj = Data_Make_Struct(klass, X509V3_CTX, 0, ossl_x509extfactory_free, ctx) +#define MakeX509ExtFactory(klass, obj, ctx) do { \ + if (!(ctx = OPENSSL_malloc(sizeof(X509V3_CTX)))) \ + ossl_raise(rb_eRuntimeError, "CTX wasn't allocated!"); \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, 0); \ + obj = Data_Wrap_Struct(klass, 0, ossl_x509extfactory_free, ctx); \ +} while (0) #define GetX509ExtFactory(obj, ctx) do { \ Data_Get_Struct(obj, X509V3_CTX, ctx); \ if (!ctx) { \ @@ -214,6 +217,12 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self) X509_EXTENSION *ext; VALUE oid, value, critical, valstr, obj; int nid; +#ifdef HAVE_X509V3_EXT_NCONF_NID + VALUE rconf; + CONF *conf; +#else + static LHASH *empty_lhash; +#endif rb_scan_args(argc, argv, "21", &oid, &value, &critical); StringValue(oid); @@ -226,7 +235,14 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self) valstr = rb_str_new2(RTEST(critical) ? "critical," : ""); rb_str_append(valstr, value); GetX509ExtFactory(self, ctx); - ext = X509V3_EXT_conf_nid(NULL, ctx, nid, RSTRING(valstr)->ptr); +#ifdef HAVE_X509V3_EXT_NCONF_NID + rconf = rb_iv_get(self, "@config"); + conf = NIL_P(rconf) ? NULL : GetConfigPtr(rconf); + ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING(valstr)->ptr); +#else + if (!empty_lhash) empty_lhash = lh_new(NULL, NULL); + ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING(valstr)->ptr); +#endif if (!ext){ ossl_raise(eX509ExtError, "%s = %s", RSTRING(oid)->ptr, RSTRING(value)->ptr); diff --git a/test/openssl/test_x509ext.rb b/test/openssl/test_x509ext.rb new file mode 100644 index 0000000000..d43bbd6bd3 --- /dev/null +++ b/test/openssl/test_x509ext.rb @@ -0,0 +1,74 @@ +begin + require "openssl" + require File.join(File.dirname(__FILE__), "utils.rb") +rescue LoadError +end +require "test/unit" + +if defined?(OpenSSL) + +class OpenSSL::TestX509Extension < Test::Unit::TestCase + def setup + @basic_constraints_value = OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::Boolean(true), # CA + OpenSSL::ASN1::Integer(2) # pathlen + ]) + @basic_constraints = OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::ObjectId("basicConstraints"), + OpenSSL::ASN1::Boolean(true), + OpenSSL::ASN1::OctetString(@basic_constraints_value.to_der), + ]) + end + + def teardown + end + + def test_new + ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der) + assert_equal("basicConstraints", ext.oid) + assert_equal(true, ext.critical?) + assert_equal("CA:TRUE, pathlen:2", ext.value) + + ext = OpenSSL::X509::Extension.new("2.5.29.19", + @basic_constraints_value.to_der, true) + assert_equal(@basic_constraints.to_der, ext.to_der) + end + + def test_create_by_factory + ef = OpenSSL::X509::ExtensionFactory.new + + bc = ef.create_extension("basicConstraints", "critical, CA:TRUE, pathlen:2") + assert_equal(@basic_constraints.to_der, bc.to_der) + + bc = ef.create_extension("basicConstraints", "CA:TRUE, pathlen:2", true) + assert_equal(@basic_constraints.to_der, bc.to_der) + + begin + ef.config = OpenSSL::Config.parse(<<-_end_of_cnf_) + [crlDistPts] + URI.1 = http://www.example.com/crl + URI.2 = ldap://ldap.example.com/cn=ca?certificateRevocationList;binary + _end_of_cnf_ + rescue NotImplementedError + return + end + + cdp = ef.create_extension("crlDistributionPoints", "@crlDistPts") + assert_equal(false, cdp.critical?) + assert_equal("crlDistributionPoints", cdp.oid) + assert_match(%{URI:http://www\.example\.com/crl}, cdp.value) + assert_match( + %r{URI:ldap://ldap\.example\.com/cn=ca\?certificateRevocationList;binary}, + cdp.value) + + cdp = ef.create_extension("crlDistributionPoints", "critical, @crlDistPts") + assert_equal(true, cdp.critical?) + assert_equal("crlDistributionPoints", cdp.oid) + assert_match(%{URI:http://www.example.com/crl}, cdp.value) + assert_match( + %r{URI:ldap://ldap.example.com/cn=ca\?certificateRevocationList;binary}, + cdp.value) + end +end + +end |