From fc133b89979195d350d30abbc92b00eaa4f540cb Mon Sep 17 00:00:00 2001 From: gotoyuzo Date: Sat, 1 Nov 2003 09:24:55 +0000 Subject: * ext/openssl/ossl_ssl.c (ossl_ssl_peer_cert_chain): add new method SSLSocket#peer_cert_chain. * ext/openssl/ossl_x509req.c (GetX509ReqPtr): new function which returns underlying X509_REQ. * ext/openssl/ossl_x509ext.c (ossl_x509extfactory_set_issuer_cert, ossl_x509extfactory_set_subject_cert, ossl_x509extfactory_set_crl, ossl_x509extfactory_set_subject_req, ossl_x509extfactory_set_config): use underlying C struct without duplication not to leak momory. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/ossl_ssl.c | 26 ++++++++++++++++++++++++++ ext/openssl/ossl_x509.h | 1 + ext/openssl/ossl_x509ext.c | 10 +++++----- ext/openssl/ossl_x509req.c | 10 ++++++++++ 4 files changed, 42 insertions(+), 5 deletions(-) (limited to 'ext/openssl') diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 4fe2fc8088..d243b78dbb 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -603,6 +603,31 @@ ossl_ssl_get_peer_cert(VALUE self) return obj; } +static VALUE +ossl_ssl_get_peer_cert_chain(VALUE self) +{ + SSL *ssl; + STACK_OF(X509) *chain; + X509 *cert; + VALUE ary; + int i, num; + + Data_Get_Struct(self, SSL, ssl); + if(!ssl){ + rb_warning("SSL session is not started yet."); + return Qnil; + } + chain = SSL_get_peer_cert_chain(ssl); + num = sk_num(chain); + ary = rb_ary_new2(num); + for (i = 0; i < num; i++){ + cert = (X509*)sk_value(chain, i); + rb_ary_push(ary, ossl_x509_new(cert)); + } + + return ary; +} + static VALUE ossl_ssl_get_cipher(VALUE self) { @@ -674,6 +699,7 @@ Init_ossl_ssl() rb_define_method(cSSLSocket, "sysclose", ossl_ssl_close, 0); rb_define_method(cSSLSocket, "cert", ossl_ssl_get_cert, 0); rb_define_method(cSSLSocket, "peer_cert", ossl_ssl_get_peer_cert, 0); + rb_define_method(cSSLSocket, "peer_cert_chain", ossl_ssl_get_peer_cert_chain, 0); rb_define_method(cSSLSocket, "cipher", ossl_ssl_get_cipher, 0); rb_define_method(cSSLSocket, "state", ossl_ssl_get_state, 0); diff --git a/ext/openssl/ossl_x509.h b/ext/openssl/ossl_x509.h index 196ce06848..1a43569073 100644 --- a/ext/openssl/ossl_x509.h +++ b/ext/openssl/ossl_x509.h @@ -80,6 +80,7 @@ extern VALUE cX509Req; extern VALUE eX509ReqError; VALUE ossl_x509req_new(X509_REQ *); +X509_REQ *GetX509ReqPtr(VALUE); X509_REQ *DupX509ReqPtr(VALUE); void Init_ossl_x509req(void); diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c index 23e768a9b5..d9ec846ac1 100644 --- a/ext/openssl/ossl_x509ext.c +++ b/ext/openssl/ossl_x509ext.c @@ -118,7 +118,7 @@ ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert) GetX509ExtFactory(self, ctx); rb_iv_set(self, "@issuer_certificate", cert); - ctx->issuer_cert = DupX509CertPtr(cert); /* DUP NEEDED */ + ctx->issuer_cert = GetX509CertPtr(cert); /* NO DUP NEEDED */ return cert; } @@ -130,7 +130,7 @@ ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert) GetX509ExtFactory(self, ctx); rb_iv_set(self, "@subject_certificate", cert); - ctx->subject_cert = DupX509CertPtr(cert); /* DUP NEEDED */ + ctx->subject_cert = GetX509CertPtr(cert); /* NO DUP NEEDED */ return cert; } @@ -142,7 +142,7 @@ ossl_x509extfactory_set_subject_req(VALUE self, VALUE req) GetX509ExtFactory(self, ctx); rb_iv_set(self, "@subject_request", req); - ctx->subject_req = DupX509ReqPtr(req); + ctx->subject_req = GetX509ReqPtr(req); /* NO DUP NEEDED */ return req; } @@ -154,7 +154,7 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl) GetX509ExtFactory(self, ctx); rb_iv_set(self, "@crl", crl); - ctx->crl = DupX509CRLPtr(crl); + ctx->crl = GetX509CRLPtr(crl); /* NO DUP NEEDED */ return crl; } @@ -168,7 +168,7 @@ ossl_x509extfactory_set_config(VALUE self, VALUE config) GetX509ExtFactory(self, ctx); rb_iv_set(self, "@config", config); - conf = GetConfigPtr(config); + conf = GetConfigPtr(config); /* NO DUP NEEDED */ X509V3_set_nconf(ctx, conf); return config; diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c index b35bc2506e..3585b20859 100644 --- a/ext/openssl/ossl_x509req.c +++ b/ext/openssl/ossl_x509req.c @@ -55,6 +55,16 @@ ossl_x509req_new(X509_REQ *req) return obj; } +X509_REQ * +GetX509ReqPtr(VALUE obj) +{ + X509_REQ *req; + + SafeGetX509Req(obj, req); + + return req; +} + X509_REQ * DupX509ReqPtr(VALUE obj) { -- cgit v1.2.3