github
/
ruby
зеркало из https://github.com/github/ruby.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): try to decode 

the argument as a string.

* ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method.

* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
  set @time to avoid warning.

* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
  X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
  wrapped functions fails.

* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.

* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
  of unused variable.

* test/openssl/test_ns_spki.rb: add new file.

* test/openssl/test_x509store.rb: add test for error.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9021 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
gotoyuzo 2005-08-22 20:47:55 +00:00
Родитель f19fe6d957
Коммит 8a94b1740a
7 изменённых файлов: 144 добавлений и 7 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

23
ChangeLog
Просмотреть файл

@ -1,3 +1,26 @@
Tue Aug 23 05:47:04 2005 GOTOU Yuuzou <gotoyuzo@notwork.org>
* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): try to decode
the argument as a string.
* ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method.
* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
set @time to avoid warning.
* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
wrapped functions fails.
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.
* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
of unused variable.
* test/openssl/test_ns_spki.rb: add new file.
* test/openssl/test_x509store.rb: add test for error.
Tue Aug 23 01:11:40 2005 Hirokazu Yamamoto <ocean@m2.ccsnet.ne.jp>
* sprintf.c (ruby__sfvwrite): should move `buf' to the end of

30
ext/openssl/ossl_ns_spki.c
Просмотреть файл

@ -56,12 +56,17 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
{
NETSCAPE_SPKI *spki;
VALUE buffer;
unsigned char *p;
if (rb_scan_args(argc, argv, "01", &buffer) == 0) {
return self;
}
if (!(spki = NETSCAPE_SPKI_b64_decode(StringValuePtr(buffer), -1))) {
ossl_raise(eSPKIError, NULL);
StringValue(buffer);
if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING(buffer)->ptr, -1))) {
p = RSTRING(buffer)->ptr;
if (!(spki = d2i_NETSCAPE_SPKI(NULL, &p, RSTRING(buffer)->len))) {
ossl_raise(eSPKIError, NULL);
}
}
NETSCAPE_SPKI_free(DATA_PTR(self));
DATA_PTR(self) = spki;
@ -69,6 +74,26 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
return self;
}
static VALUE
ossl_spki_to_der(VALUE self)
{
NETSCAPE_SPKI *spki;
VALUE str;
long len;
unsigned char *p;
GetSPKI(self, spki);
if ((len = i2d_NETSCAPE_SPKI(spki, NULL)) <= 0)
ossl_raise(eX509CertError, NULL);
str = rb_str_new(0, len);
p = RSTRING(str)->ptr;
if (i2d_NETSCAPE_SPKI(spki, &p) <= 0)
ossl_raise(eX509CertError, NULL);
ossl_str_adjust(str, p);
return str;
}
static VALUE
ossl_spki_to_pem(VALUE self)
{
@ -217,6 +242,7 @@ Init_ossl_ns_spki()
rb_define_alloc_func(cSPKI, ossl_spki_alloc);
rb_define_method(cSPKI, "initialize", ossl_spki_initialize, -1);
rb_define_method(cSPKI, "to_der", ossl_spki_to_der, 0);
rb_define_method(cSPKI, "to_pem", ossl_spki_to_pem, 0);
rb_define_alias(cSPKI, "to_s", "to_pem");
rb_define_method(cSPKI, "to_text", ossl_spki_print, 0);

2
ext/openssl/ossl_ssl.c
Просмотреть файл

@ -477,7 +477,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return Qnil;
}
if (!SSL_CTX_set_cipher_list(ctx, RSTRING(str)->ptr)) {
ossl_raise(eSSLError, "SSL_CTX_set_ciphers:");
ossl_raise(eSSLError, "SSL_CTX_set_cipher_list:");
}
return v;

2
ext/openssl/ossl_x509req.c
Просмотреть файл

@ -400,7 +400,7 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
X509_REQ *req;
X509_ATTRIBUTE *attr;
int i;
VALUE tmp, item;
VALUE item;
Check_Type(ary, T_ARRAY);
for (i=0;i<RARRAY(ary)->len; i++) {

13
ext/openssl/ossl_x509store.c
Просмотреть файл

@ -137,6 +137,7 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
rb_iv_set(self, "@error", Qnil);
rb_iv_set(self, "@error_string", Qnil);
rb_iv_set(self, "@chain", Qnil);
rb_iv_set(self, "@time", Qnil);
return self;
}
@ -244,7 +245,9 @@ ossl_x509store_set_default_paths(VALUE self)
X509_STORE *store;
GetX509Store(self, store);
X509_STORE_set_default_paths(store);
if (X509_STORE_set_default_paths(store) != 1){
ossl_raise(eX509StoreError, NULL);
}
return Qnil;
}
@ -257,7 +260,9 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
GetX509Store(self, store);
X509_STORE_add_cert(store, cert);
if (X509_STORE_add_cert(store, cert) != 1){
ossl_raise(eX509StoreError, NULL);
}
return self;
}
@ -270,7 +275,9 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
GetX509Store(self, store);
X509_STORE_add_crl(store, crl);
if (X509_STORE_add_crl(store, crl) != 1){
ossl_raise(eX509StoreError, NULL);
}
return self;
}

59
test/openssl/test_ns_spki.rb Normal file
Просмотреть файл

@ -0,0 +1,59 @@
begin
require "openssl"
require File.join(File.dirname(__FILE__), "utils.rb")
rescue LoadError
end
require "test/unit"
if defined?(OpenSSL)
class OpenSSL::TestNSSPI < Test::Unit::TestCase
def setup
# This request data is adopt from the specification of
# "Netscape Extensions for User Key Generation".
# -- http://wp.netscape.com/eng/security/comm4-keygen.html
@b64 = "MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAnX0TILJrOMUue+PtwBRE6XfV"
@b64 << "WtKQbsshxk5ZhcUwcwyvcnIq9b82QhJdoACdD34rqfCAIND46fXKQUnb0mvKzQID"
@b64 << "AQABFhFNb3ppbGxhSXNNeUZyaWVuZDANBgkqhkiG9w0BAQQFAANBAAKv2Eex2n/S"
@b64 << "r/7iJNroWlSzSMtTiQTEB+ADWHGj9u1xrUrOilq/o2cuQxIfZcNZkYAkWP4DubqW"
@b64 << "i0//rgBvmco="
end
def teardown
end
def test_build_data
key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048
spki = OpenSSL::Netscape::SPKI.new
spki.challenge = "RandomString"
spki.public_key = key1.public_key
spki.sign(key1, OpenSSL::Digest::SHA1.new)
assert(spki.verify(spki.public_key))
assert(spki.verify(key1.public_key))
assert(!spki.verify(key2.public_key))
der = spki.to_der
spki = OpenSSL::Netscape::SPKI.new(der)
assert_equal("RandomString", spki.challenge)
assert_equal(key1.public_key.to_der, spki.public_key.to_der)
assert(spki.verify(spki.public_key))
end
def test_decode_data
spki = OpenSSL::Netscape::SPKI.new(@b64)
assert_equal(@b64, spki.to_pem)
assert_equal(@b64.unpack("m").first, spki.to_der)
assert_equal("MozillaIsMyFriend", spki.challenge)
assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
spki = OpenSSL::Netscape::SPKI.new(@b64.unpack("m").first)
assert_equal(@b64, spki.to_pem)
assert_equal(@b64.unpack("m").first, spki.to_der)
assert_equal("MozillaIsMyFriend", spki.challenge)
assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
end
end
end

22
test/openssl/test_x509store.rb
Просмотреть файл

@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase
assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error)
assert_equal(false, store.verify(ee2_cert))
end
def test_set_errors
now = Time.now
ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [],
nil, nil, OpenSSL::Digest::SHA1.new)
store = OpenSSL::X509::Store.new
store.add_cert(ca1_cert)
assert_raises(OpenSSL::X509::StoreError){
store.add_cert(ca1_cert) # add same certificate twice
}
revoke_info = []
crl1 = issue_crl(revoke_info, 1, now, now+1800, [],
ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
revoke_info = [ [2, now, 1], ]
crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [],
ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new)
store.add_crl(crl1)
assert_raises(OpenSSL::X509::StoreError){
store.add_crl(crl2) # add CRL issued by same CA twice.
}
end
end
end