зеркало из https://github.com/github/ruby.git
* ext/openssl/lib/openssl.rb: End of transition period introduced by
[ruby-dev:38018]. From the next version of 1.9.3, you should use require "openssl" instead of require "openssl/ssl" and require "openssl/x509" git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32664 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
Родитель
8c30497aae
Коммит
0a9b952c6f
10
ChangeLog
10
ChangeLog
|
@ -1,3 +1,13 @@
|
|||
Mon Jul 25 15:04:33 2011 Hiroshi Nakamura <nahi@ruby-lang.org>
|
||||
|
||||
* ext/openssl/lib/openssl.rb: End of transition period introduced by
|
||||
[ruby-dev:38018]. From the next version of 1.9.3, you should use
|
||||
require "openssl"
|
||||
instead of
|
||||
require "openssl/ssl"
|
||||
and
|
||||
require "openssl/x509"
|
||||
|
||||
Mon Jul 25 13:46:38 2011 Hiroshi Nakamura <nahi@ruby-lang.org>
|
||||
|
||||
* ext/openssl/lib/openssl/x509.rb: Cosmetic change: move definition
|
||||
|
|
|
@ -21,6 +21,4 @@ require 'openssl/cipher'
|
|||
require 'openssl/config'
|
||||
require 'openssl/digest'
|
||||
require 'openssl/x509'
|
||||
require 'openssl/ssl-internal'
|
||||
require 'openssl/x509-internal'
|
||||
|
||||
require 'openssl/ssl'
|
||||
|
|
|
@ -1,177 +0,0 @@
|
|||
=begin
|
||||
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
|
||||
|
||||
= Info
|
||||
'OpenSSL for Ruby 2' project
|
||||
Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
|
||||
All rights reserved.
|
||||
|
||||
= Licence
|
||||
This program is licenced under the same licence as Ruby.
|
||||
(See the file 'LICENCE'.)
|
||||
|
||||
= Version
|
||||
$Id$
|
||||
=end
|
||||
|
||||
require "openssl/buffering"
|
||||
require "fcntl"
|
||||
|
||||
module OpenSSL
|
||||
module SSL
|
||||
class SSLContext
|
||||
DEFAULT_PARAMS = {
|
||||
:ssl_version => "SSLv23",
|
||||
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
||||
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
|
||||
:options => OpenSSL::SSL::OP_ALL,
|
||||
}
|
||||
|
||||
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
||||
DEFAULT_CERT_STORE.set_default_paths
|
||||
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
||||
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
||||
end
|
||||
|
||||
def set_params(params={})
|
||||
params = DEFAULT_PARAMS.merge(params)
|
||||
params.each{|name, value| self.__send__("#{name}=", value) }
|
||||
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
||||
unless self.ca_file or self.ca_path or self.cert_store
|
||||
self.cert_store = DEFAULT_CERT_STORE
|
||||
end
|
||||
end
|
||||
return params
|
||||
end
|
||||
end
|
||||
|
||||
module SocketForwarder
|
||||
def addr
|
||||
to_io.addr
|
||||
end
|
||||
|
||||
def peeraddr
|
||||
to_io.peeraddr
|
||||
end
|
||||
|
||||
def setsockopt(level, optname, optval)
|
||||
to_io.setsockopt(level, optname, optval)
|
||||
end
|
||||
|
||||
def getsockopt(level, optname)
|
||||
to_io.getsockopt(level, optname)
|
||||
end
|
||||
|
||||
def fcntl(*args)
|
||||
to_io.fcntl(*args)
|
||||
end
|
||||
|
||||
def closed?
|
||||
to_io.closed?
|
||||
end
|
||||
|
||||
def do_not_reverse_lookup=(flag)
|
||||
to_io.do_not_reverse_lookup = flag
|
||||
end
|
||||
end
|
||||
|
||||
module Nonblock
|
||||
def initialize(*args)
|
||||
flag = File::NONBLOCK
|
||||
flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
|
||||
@io.fcntl(Fcntl::F_SETFL, flag)
|
||||
super
|
||||
end
|
||||
end
|
||||
|
||||
def verify_certificate_identity(cert, hostname)
|
||||
should_verify_common_name = true
|
||||
cert.extensions.each{|ext|
|
||||
next if ext.oid != "subjectAltName"
|
||||
ext.value.split(/,\s+/).each{|general_name|
|
||||
if /\ADNS:(.*)/ =~ general_name
|
||||
should_verify_common_name = false
|
||||
reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
|
||||
return true if /\A#{reg}\z/i =~ hostname
|
||||
elsif /\AIP Address:(.*)/ =~ general_name
|
||||
should_verify_common_name = false
|
||||
return true if $1 == hostname
|
||||
end
|
||||
}
|
||||
}
|
||||
if should_verify_common_name
|
||||
cert.subject.to_a.each{|oid, value|
|
||||
if oid == "CN"
|
||||
reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
|
||||
return true if /\A#{reg}\z/i =~ hostname
|
||||
end
|
||||
}
|
||||
end
|
||||
return false
|
||||
end
|
||||
module_function :verify_certificate_identity
|
||||
|
||||
class SSLSocket
|
||||
include Buffering
|
||||
include SocketForwarder
|
||||
include Nonblock
|
||||
|
||||
def post_connection_check(hostname)
|
||||
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
||||
raise SSLError, "hostname does not match the server certificate"
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def session
|
||||
SSL::Session.new(self)
|
||||
rescue SSL::Session::SessionError
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
class SSLServer
|
||||
include SocketForwarder
|
||||
attr_accessor :start_immediately
|
||||
|
||||
def initialize(svr, ctx)
|
||||
@svr = svr
|
||||
@ctx = ctx
|
||||
unless ctx.session_id_context
|
||||
session_id = OpenSSL::Digest::MD5.hexdigest($0)
|
||||
@ctx.session_id_context = session_id
|
||||
end
|
||||
@start_immediately = true
|
||||
end
|
||||
|
||||
def to_io
|
||||
@svr
|
||||
end
|
||||
|
||||
def listen(backlog=5)
|
||||
@svr.listen(backlog)
|
||||
end
|
||||
|
||||
def shutdown(how=Socket::SHUT_RDWR)
|
||||
@svr.shutdown(how)
|
||||
end
|
||||
|
||||
def accept
|
||||
sock = @svr.accept
|
||||
begin
|
||||
ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
|
||||
ssl.sync_close = true
|
||||
ssl.accept if @start_immediately
|
||||
ssl
|
||||
rescue SSLError => ex
|
||||
sock.close
|
||||
raise ex
|
||||
end
|
||||
end
|
||||
|
||||
def close
|
||||
@svr.close
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1 +1,177 @@
|
|||
require 'openssl'
|
||||
=begin
|
||||
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
|
||||
|
||||
= Info
|
||||
'OpenSSL for Ruby 2' project
|
||||
Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
|
||||
All rights reserved.
|
||||
|
||||
= Licence
|
||||
This program is licenced under the same licence as Ruby.
|
||||
(See the file 'LICENCE'.)
|
||||
|
||||
= Version
|
||||
$Id$
|
||||
=end
|
||||
|
||||
require "openssl/buffering"
|
||||
require "fcntl"
|
||||
|
||||
module OpenSSL
|
||||
module SSL
|
||||
class SSLContext
|
||||
DEFAULT_PARAMS = {
|
||||
:ssl_version => "SSLv23",
|
||||
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
||||
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
|
||||
:options => OpenSSL::SSL::OP_ALL,
|
||||
}
|
||||
|
||||
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
||||
DEFAULT_CERT_STORE.set_default_paths
|
||||
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
||||
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
||||
end
|
||||
|
||||
def set_params(params={})
|
||||
params = DEFAULT_PARAMS.merge(params)
|
||||
params.each{|name, value| self.__send__("#{name}=", value) }
|
||||
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
||||
unless self.ca_file or self.ca_path or self.cert_store
|
||||
self.cert_store = DEFAULT_CERT_STORE
|
||||
end
|
||||
end
|
||||
return params
|
||||
end
|
||||
end
|
||||
|
||||
module SocketForwarder
|
||||
def addr
|
||||
to_io.addr
|
||||
end
|
||||
|
||||
def peeraddr
|
||||
to_io.peeraddr
|
||||
end
|
||||
|
||||
def setsockopt(level, optname, optval)
|
||||
to_io.setsockopt(level, optname, optval)
|
||||
end
|
||||
|
||||
def getsockopt(level, optname)
|
||||
to_io.getsockopt(level, optname)
|
||||
end
|
||||
|
||||
def fcntl(*args)
|
||||
to_io.fcntl(*args)
|
||||
end
|
||||
|
||||
def closed?
|
||||
to_io.closed?
|
||||
end
|
||||
|
||||
def do_not_reverse_lookup=(flag)
|
||||
to_io.do_not_reverse_lookup = flag
|
||||
end
|
||||
end
|
||||
|
||||
module Nonblock
|
||||
def initialize(*args)
|
||||
flag = File::NONBLOCK
|
||||
flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
|
||||
@io.fcntl(Fcntl::F_SETFL, flag)
|
||||
super
|
||||
end
|
||||
end
|
||||
|
||||
def verify_certificate_identity(cert, hostname)
|
||||
should_verify_common_name = true
|
||||
cert.extensions.each{|ext|
|
||||
next if ext.oid != "subjectAltName"
|
||||
ext.value.split(/,\s+/).each{|general_name|
|
||||
if /\ADNS:(.*)/ =~ general_name
|
||||
should_verify_common_name = false
|
||||
reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
|
||||
return true if /\A#{reg}\z/i =~ hostname
|
||||
elsif /\AIP Address:(.*)/ =~ general_name
|
||||
should_verify_common_name = false
|
||||
return true if $1 == hostname
|
||||
end
|
||||
}
|
||||
}
|
||||
if should_verify_common_name
|
||||
cert.subject.to_a.each{|oid, value|
|
||||
if oid == "CN"
|
||||
reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
|
||||
return true if /\A#{reg}\z/i =~ hostname
|
||||
end
|
||||
}
|
||||
end
|
||||
return false
|
||||
end
|
||||
module_function :verify_certificate_identity
|
||||
|
||||
class SSLSocket
|
||||
include Buffering
|
||||
include SocketForwarder
|
||||
include Nonblock
|
||||
|
||||
def post_connection_check(hostname)
|
||||
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
||||
raise SSLError, "hostname does not match the server certificate"
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def session
|
||||
SSL::Session.new(self)
|
||||
rescue SSL::Session::SessionError
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
class SSLServer
|
||||
include SocketForwarder
|
||||
attr_accessor :start_immediately
|
||||
|
||||
def initialize(svr, ctx)
|
||||
@svr = svr
|
||||
@ctx = ctx
|
||||
unless ctx.session_id_context
|
||||
session_id = OpenSSL::Digest::MD5.hexdigest($0)
|
||||
@ctx.session_id_context = session_id
|
||||
end
|
||||
@start_immediately = true
|
||||
end
|
||||
|
||||
def to_io
|
||||
@svr
|
||||
end
|
||||
|
||||
def listen(backlog=5)
|
||||
@svr.listen(backlog)
|
||||
end
|
||||
|
||||
def shutdown(how=Socket::SHUT_RDWR)
|
||||
@svr.shutdown(how)
|
||||
end
|
||||
|
||||
def accept
|
||||
sock = @svr.accept
|
||||
begin
|
||||
ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
|
||||
ssl.sync_close = true
|
||||
ssl.accept if @start_immediately
|
||||
ssl
|
||||
rescue SSLError => ex
|
||||
sock.close
|
||||
raise ex
|
||||
end
|
||||
end
|
||||
|
||||
def close
|
||||
@svr.close
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,158 +0,0 @@
|
|||
=begin
|
||||
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
|
||||
|
||||
= Info
|
||||
'OpenSSL for Ruby 2' project
|
||||
Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
||||
All rights reserved.
|
||||
|
||||
= Licence
|
||||
This program is licenced under the same licence as Ruby.
|
||||
(See the file 'LICENCE'.)
|
||||
|
||||
= Version
|
||||
$Id$
|
||||
=end
|
||||
|
||||
module OpenSSL
|
||||
module X509
|
||||
class ExtensionFactory
|
||||
def create_extension(*arg)
|
||||
if arg.size > 1
|
||||
create_ext(*arg)
|
||||
else
|
||||
send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
|
||||
end
|
||||
end
|
||||
|
||||
def create_ext_from_array(ary)
|
||||
raise ExtensionError, "unexpected array form" if ary.size > 3
|
||||
create_ext(ary[0], ary[1], ary[2])
|
||||
end
|
||||
|
||||
def create_ext_from_string(str) # "oid = critical, value"
|
||||
oid, value = str.split(/=/, 2)
|
||||
oid.strip!
|
||||
value.strip!
|
||||
create_ext(oid, value)
|
||||
end
|
||||
|
||||
def create_ext_from_hash(hash)
|
||||
create_ext(hash["oid"], hash["value"], hash["critical"])
|
||||
end
|
||||
end
|
||||
|
||||
class Extension
|
||||
def to_s # "oid = critical, value"
|
||||
str = self.oid
|
||||
str << " = "
|
||||
str << "critical, " if self.critical?
|
||||
str << self.value.gsub(/\n/, ", ")
|
||||
end
|
||||
|
||||
def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
|
||||
{"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
|
||||
end
|
||||
|
||||
def to_a
|
||||
[ self.oid, self.value, self.critical? ]
|
||||
end
|
||||
end
|
||||
|
||||
class Name
|
||||
module RFC2253DN
|
||||
Special = ',=+<>#;'
|
||||
HexChar = /[0-9a-fA-F]/
|
||||
HexPair = /#{HexChar}#{HexChar}/
|
||||
HexString = /#{HexPair}+/
|
||||
Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
|
||||
StringChar = /[^#{Special}\\"]/
|
||||
QuoteChar = /[^\\"]/
|
||||
AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
|
||||
AttributeValue = /
|
||||
(?!["#])((?:#{StringChar}|#{Pair})*)|
|
||||
\#(#{HexString})|
|
||||
"((?:#{QuoteChar}|#{Pair})*)"
|
||||
/x
|
||||
TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
|
||||
|
||||
module_function
|
||||
|
||||
def expand_pair(str)
|
||||
return nil unless str
|
||||
return str.gsub(Pair){
|
||||
pair = $&
|
||||
case pair.size
|
||||
when 2 then pair[1,1]
|
||||
when 3 then Integer("0x#{pair[1,2]}").chr
|
||||
else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
|
||||
end
|
||||
}
|
||||
end
|
||||
|
||||
def expand_hexstring(str)
|
||||
return nil unless str
|
||||
der = str.gsub(HexPair){$&.to_i(16).chr }
|
||||
a1 = OpenSSL::ASN1.decode(der)
|
||||
return a1.value, a1.tag
|
||||
end
|
||||
|
||||
def expand_value(str1, str2, str3)
|
||||
value = expand_pair(str1)
|
||||
value, tag = expand_hexstring(str2) unless value
|
||||
value = expand_pair(str3) unless value
|
||||
return value, tag
|
||||
end
|
||||
|
||||
def scan(dn)
|
||||
str = dn
|
||||
ary = []
|
||||
while true
|
||||
if md = TypeAndValue.match(str)
|
||||
remain = md.post_match
|
||||
type = md[1]
|
||||
value, tag = expand_value(md[2], md[3], md[4]) rescue nil
|
||||
if value
|
||||
type_and_value = [type, value]
|
||||
type_and_value.push(tag) if tag
|
||||
ary.unshift(type_and_value)
|
||||
if remain.length > 2 && remain[0] == ?,
|
||||
str = remain[1..-1]
|
||||
next
|
||||
elsif remain.length > 2 && remain[0] == ?+
|
||||
raise OpenSSL::X509::NameError,
|
||||
"multi-valued RDN is not supported: #{dn}"
|
||||
elsif remain.empty?
|
||||
break
|
||||
end
|
||||
end
|
||||
end
|
||||
msg_dn = dn[0, dn.length - str.length] + " =>" + str
|
||||
raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
|
||||
end
|
||||
return ary
|
||||
end
|
||||
end
|
||||
|
||||
class << self
|
||||
def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
|
||||
ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
|
||||
self.new(ary, template)
|
||||
end
|
||||
|
||||
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
|
||||
ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
|
||||
self.new(ary, template)
|
||||
end
|
||||
|
||||
alias parse parse_openssl
|
||||
end
|
||||
end
|
||||
|
||||
class StoreContext
|
||||
def cleanup
|
||||
warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1 +1,158 @@
|
|||
require 'openssl'
|
||||
=begin
|
||||
= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses
|
||||
|
||||
= Info
|
||||
'OpenSSL for Ruby 2' project
|
||||
Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
||||
All rights reserved.
|
||||
|
||||
= Licence
|
||||
This program is licenced under the same licence as Ruby.
|
||||
(See the file 'LICENCE'.)
|
||||
|
||||
= Version
|
||||
$Id$
|
||||
=end
|
||||
|
||||
module OpenSSL
|
||||
module X509
|
||||
class ExtensionFactory
|
||||
def create_extension(*arg)
|
||||
if arg.size > 1
|
||||
create_ext(*arg)
|
||||
else
|
||||
send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
|
||||
end
|
||||
end
|
||||
|
||||
def create_ext_from_array(ary)
|
||||
raise ExtensionError, "unexpected array form" if ary.size > 3
|
||||
create_ext(ary[0], ary[1], ary[2])
|
||||
end
|
||||
|
||||
def create_ext_from_string(str) # "oid = critical, value"
|
||||
oid, value = str.split(/=/, 2)
|
||||
oid.strip!
|
||||
value.strip!
|
||||
create_ext(oid, value)
|
||||
end
|
||||
|
||||
def create_ext_from_hash(hash)
|
||||
create_ext(hash["oid"], hash["value"], hash["critical"])
|
||||
end
|
||||
end
|
||||
|
||||
class Extension
|
||||
def to_s # "oid = critical, value"
|
||||
str = self.oid
|
||||
str << " = "
|
||||
str << "critical, " if self.critical?
|
||||
str << self.value.gsub(/\n/, ", ")
|
||||
end
|
||||
|
||||
def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
|
||||
{"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
|
||||
end
|
||||
|
||||
def to_a
|
||||
[ self.oid, self.value, self.critical? ]
|
||||
end
|
||||
end
|
||||
|
||||
class Name
|
||||
module RFC2253DN
|
||||
Special = ',=+<>#;'
|
||||
HexChar = /[0-9a-fA-F]/
|
||||
HexPair = /#{HexChar}#{HexChar}/
|
||||
HexString = /#{HexPair}+/
|
||||
Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
|
||||
StringChar = /[^#{Special}\\"]/
|
||||
QuoteChar = /[^\\"]/
|
||||
AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
|
||||
AttributeValue = /
|
||||
(?!["#])((?:#{StringChar}|#{Pair})*)|
|
||||
\#(#{HexString})|
|
||||
"((?:#{QuoteChar}|#{Pair})*)"
|
||||
/x
|
||||
TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
|
||||
|
||||
module_function
|
||||
|
||||
def expand_pair(str)
|
||||
return nil unless str
|
||||
return str.gsub(Pair){
|
||||
pair = $&
|
||||
case pair.size
|
||||
when 2 then pair[1,1]
|
||||
when 3 then Integer("0x#{pair[1,2]}").chr
|
||||
else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
|
||||
end
|
||||
}
|
||||
end
|
||||
|
||||
def expand_hexstring(str)
|
||||
return nil unless str
|
||||
der = str.gsub(HexPair){$&.to_i(16).chr }
|
||||
a1 = OpenSSL::ASN1.decode(der)
|
||||
return a1.value, a1.tag
|
||||
end
|
||||
|
||||
def expand_value(str1, str2, str3)
|
||||
value = expand_pair(str1)
|
||||
value, tag = expand_hexstring(str2) unless value
|
||||
value = expand_pair(str3) unless value
|
||||
return value, tag
|
||||
end
|
||||
|
||||
def scan(dn)
|
||||
str = dn
|
||||
ary = []
|
||||
while true
|
||||
if md = TypeAndValue.match(str)
|
||||
remain = md.post_match
|
||||
type = md[1]
|
||||
value, tag = expand_value(md[2], md[3], md[4]) rescue nil
|
||||
if value
|
||||
type_and_value = [type, value]
|
||||
type_and_value.push(tag) if tag
|
||||
ary.unshift(type_and_value)
|
||||
if remain.length > 2 && remain[0] == ?,
|
||||
str = remain[1..-1]
|
||||
next
|
||||
elsif remain.length > 2 && remain[0] == ?+
|
||||
raise OpenSSL::X509::NameError,
|
||||
"multi-valued RDN is not supported: #{dn}"
|
||||
elsif remain.empty?
|
||||
break
|
||||
end
|
||||
end
|
||||
end
|
||||
msg_dn = dn[0, dn.length - str.length] + " =>" + str
|
||||
raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
|
||||
end
|
||||
return ary
|
||||
end
|
||||
end
|
||||
|
||||
class << self
|
||||
def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
|
||||
ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
|
||||
self.new(ary, template)
|
||||
end
|
||||
|
||||
def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
|
||||
ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
|
||||
self.new(ary, template)
|
||||
end
|
||||
|
||||
alias parse parse_openssl
|
||||
end
|
||||
end
|
||||
|
||||
class StoreContext
|
||||
def cleanup
|
||||
warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Загрузка…
Ссылка в новой задаче