Class: OpenSSL::X509::StoreContext

Inherits:
Object
  • Object
show all
Defined in:
ext/openssl/ossl_x509store.c,
lib/openssl/x509.rb,
ext/openssl/ossl_x509store.c

Overview

A StoreContext is used while validating a single certificate and holds the status involved.

Instance Method Summary collapse

Constructor Details

#new(store, cert = nil, untrusted = nil) ⇒ Object

Sets up a StoreContext for a verification of the X.509 certificate cert.



565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
 
# File 'ext/openssl/ossl_x509store.c', line 565

static VALUE
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
{
    VALUE store, cert, chain;
    X509_STORE_CTX *ctx;
    X509_STORE *x509st;
    X509 *x509 = NULL;
    STACK_OF(X509) *x509s = NULL;
    int state;

    rb_scan_args(argc, argv, "12", &store, &cert, &chain);
    GetX509StCtx(self, ctx);
    GetX509Store(store, x509st);
    if (!NIL_P(cert))
        x509 = DupX509CertPtr(cert); /* NEED TO DUP */
    if (!NIL_P(chain)) {
        x509s = ossl_protect_x509_ary2sk(chain, &state);
        if (state) {
            X509_free(x509);
            rb_jump_tag(state);
        }
    }
    if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
        X509_free(x509);
        sk_X509_pop_free(x509s, X509_free);
        ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
    }
    rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
    rb_iv_set(self, "@cert", cert);

    return self;
}

Instance Method Details

#chainnil | Array of X509::Certificate

Returns the verified chain.

See also the man page X509_STORE_CTX_set0_verified_chain(3).



635
636
637
638
639
640
641
642
643
644
645
646
 
# File 'ext/openssl/ossl_x509store.c', line 635

static VALUE
ossl_x509stctx_get_chain(VALUE self)
{
    X509_STORE_CTX *ctx;
    const STACK_OF(X509) *chain;

    GetX509StCtx(self, ctx);
    chain = X509_STORE_CTX_get0_chain(ctx);
    if (!chain)
        return Qnil; /* Could be an empty array instead? */
    return ossl_x509_sk2ary(chain);
}

#cleanupObject 



337
338
339
 
# File 'lib/openssl/x509.rb', line 337

def cleanup
  warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
end

#current_certX509::Certificate

Returns the certificate which caused the error.

See also the man page X509_STORE_CTX_get_current_cert(3).



735
736
737
738
739
740
741
742
743
744
745
746
747
 
# File 'ext/openssl/ossl_x509store.c', line 735

static VALUE
ossl_x509stctx_get_curr_cert(VALUE self)
{
    X509_STORE_CTX *ctx;
    X509 *x509;

    GetX509StCtx(self, ctx);
    x509 = X509_STORE_CTX_get_current_cert(ctx);
    if (!x509)
        return Qnil;

    return ossl_x509_new(x509);
}

#current_crlX509::CRL

Returns the CRL which caused the error.

See also the man page X509_STORE_CTX_get_current_crl(3).



757
758
759
760
761
762
763
764
765
766
767
768
769
 
# File 'ext/openssl/ossl_x509store.c', line 757

static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
    X509_STORE_CTX *ctx;
    X509_CRL *crl;

    GetX509StCtx(self, ctx);
    crl = X509_STORE_CTX_get0_current_crl(ctx);
    if (!crl)
        return Qnil;

    return ossl_x509crl_new(crl);
}

#errorInteger

Returns the error code of stctx. This is typically called after #verify is done, or from the verification callback set to OpenSSL::X509::Store#verify_callback=.

See also the man page X509_STORE_CTX_get_error(3).



658
659
660
661
662
663
664
665
666
 
# File 'ext/openssl/ossl_x509store.c', line 658

static VALUE
ossl_x509stctx_get_err(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error(ctx));
}

#error=(error_code) ⇒ Object

Sets the error code of stctx. This is used by the verification callback set to OpenSSL::X509::Store#verify_callback=.

See also the man page X509_STORE_CTX_set_error(3).



677
678
679
680
681
682
683
684
685
686
 
# File 'ext/openssl/ossl_x509store.c', line 677

static VALUE
ossl_x509stctx_set_error(VALUE self, VALUE err)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    X509_STORE_CTX_set_error(ctx, NUM2INT(err));

    return err;
}

#error_depthInteger

Returns the depth of the chain. This is used in combination with #error.

See also the man page X509_STORE_CTX_get_error_depth(3).



717
718
719
720
721
722
723
724
725
 
# File 'ext/openssl/ossl_x509store.c', line 717

static VALUE
ossl_x509stctx_get_err_depth(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
}

#error_stringString

Returns the human readable error string corresponding to the error code retrieved by #error.

See also the man page X509_verify_cert_error_string(3).



697
698
699
700
701
702
703
704
705
706
707
 
# File 'ext/openssl/ossl_x509store.c', line 697

static VALUE
ossl_x509stctx_get_err_string(VALUE self)
{
    X509_STORE_CTX *ctx;
    long err;

    GetX509StCtx(self, ctx);
    err = X509_STORE_CTX_get_error(ctx);

    return rb_str_new2(X509_verify_cert_error_string(err));
}

#flags=(flags) ⇒ Object

Sets the verification flags to the context. This overrides the default value set by Store#flags=.

See also the man page X509_VERIFY_PARAM_set_flags(3).



780
781
782
783
784
785
786
787
788
789
790
 
# File 'ext/openssl/ossl_x509store.c', line 780

static VALUE
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
{
    X509_STORE_CTX *store;
    long f = NUM2LONG(flags);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_flags(store, f);

    return flags;
}

#purpose=(purpose) ⇒ Object

Sets the purpose of the context. This overrides the default value set by Store#purpose=.

See also the man page X509_VERIFY_PARAM_set_purpose(3).



801
802
803
804
805
806
807
808
809
810
811
 
# File 'ext/openssl/ossl_x509store.c', line 801

static VALUE
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
{
    X509_STORE_CTX *store;
    int p = NUM2INT(purpose);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_purpose(store, p);

    return purpose;
}

#time=(time) ⇒ Object

Sets the time used in the verification. If not set, the current time is used.

See also the man page X509_VERIFY_PARAM_set_time(3).



842
843
844
845
846
847
848
849
850
851
852
853
 
# File 'ext/openssl/ossl_x509store.c', line 842

static VALUE
ossl_x509stctx_set_time(VALUE self, VALUE time)
{
    X509_STORE_CTX *store;
    long t;

    t = NUM2LONG(rb_Integer(time));
    GetX509StCtx(self, store);
    X509_STORE_CTX_set_time(store, 0, t);

    return time;
}

#trust=(trust) ⇒ Object

Sets the trust settings of the context. This overrides the default value set by Store#trust=.

See also the man page X509_VERIFY_PARAM_set_trust(3).



822
823
824
825
826
827
828
829
830
831
832
 
# File 'ext/openssl/ossl_x509store.c', line 822

static VALUE
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
{
    X509_STORE_CTX *store;
    int t = NUM2INT(trust);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_trust(store, t);

    return trust;
}

#verifyObject

Performs the certificate verification using the parameters set to stctx.

See also the man page X509_verify_cert(3).



606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
 
# File 'ext/openssl/ossl_x509store.c', line 606

static VALUE
ossl_x509stctx_verify(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    VALUE cb = rb_iv_get(self, "@verify_callback");
    X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx, (void *)cb);
    RB_OBJ_WRITTEN(self, Qundef, cb);

    switch (X509_verify_cert(ctx)) {
      case 1:
        return Qtrue;
      case 0:
        ossl_clear_error();
        return Qfalse;
      default:
        ossl_raise(eX509StoreError, "X509_verify_cert");
    }
}