1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[ruby/openssl] Set time directly on the x509 store

Browse Source 
(https://github.com/ruby/openssl/pull/770)

Instead of an ivar, so other ossl functions that take a store will use the correct time when verifying

https://github.com/ruby/openssl/commit/21aadc66ae
This commit is contained in:
Samuel Giddins 2024-07-24 09:50:57 -07:00 committed by git
parent 1388945f0d
commit 0d3ce31234
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ext/openssl/extconf.rb
View File

@ -190,6 +190,7 @@ have_func("TS_VERIFY_CTX_add_flags(NULL, 0)", ts_h)
have_func("TS_RESP_CTX_set_time_cb(NULL, NULL, NULL)", ts_h) have_func("TS_RESP_CTX_set_time_cb(NULL, NULL, NULL)", ts_h)
have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h) have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h)
have_func("SSL_CTX_set_post_handshake_auth(NULL, 0)", ssl_h) have_func("SSL_CTX_set_post_handshake_auth(NULL, 0)", ssl_h)
have_func("X509_STORE_get0_param(NULL)", x509_h)
# added in 1.1.1 # added in 1.1.1
have_func("EVP_PKEY_check(NULL)", evp_h) have_func("EVP_PKEY_check(NULL)", evp_h)

17
ext/openssl/ossl_x509store.c
View File

@ -223,7 +223,6 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
rb_iv_set(self, "@error", Qnil); rb_iv_set(self, "@error", Qnil);
rb_iv_set(self, "@error_string", Qnil); rb_iv_set(self, "@error_string", Qnil);
rb_iv_set(self, "@chain", Qnil); rb_iv_set(self, "@chain", Qnil);
rb_iv_set(self, "@time", Qnil);
return self; return self;
} }
@ -329,7 +328,16 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
static VALUE static VALUE
ossl_x509store_set_time(VALUE self, VALUE time) ossl_x509store_set_time(VALUE self, VALUE time)
{ {
rb_iv_set(self, "@time", time); X509_STORE *store;
X509_VERIFY_PARAM *param;
GetX509Store(self, store);
#ifdef HAVE_X509_STORE_GET0_PARAM
param = X509_STORE_get0_param(store);
#else
param = store->param;
#endif
X509_VERIFY_PARAM_set_time(param, NUM2LONG(rb_Integer(time)));
return time; return time;
} }
@ -564,7 +572,6 @@ ossl_x509stctx_new(X509_STORE_CTX *ctx)
static VALUE ossl_x509stctx_set_flags(VALUE, VALUE); static VALUE ossl_x509stctx_set_flags(VALUE, VALUE);
static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE); static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE);
static VALUE ossl_x509stctx_set_trust(VALUE, VALUE); static VALUE ossl_x509stctx_set_trust(VALUE, VALUE);
static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
/* /*
* call-seq: * call-seq:
@ -575,7 +582,7 @@ static VALUE ossl_x509stctx_set_time(VALUE, VALUE);
static VALUE static VALUE
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
{ {
VALUE store, cert, chain, t; VALUE store, cert, chain;
X509_STORE_CTX *ctx; X509_STORE_CTX *ctx;
X509_STORE *x509st; X509_STORE *x509st;
X509 *x509 = NULL; X509 *x509 = NULL;
@ -599,8 +606,6 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
sk_X509_pop_free(x509s, X509_free); sk_X509_pop_free(x509s, X509_free);
ossl_raise(eX509StoreError, "X509_STORE_CTX_init"); ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
} }
if (!NIL_P(t = rb_iv_get(store, "@time")))
ossl_x509stctx_set_time(self, t);
rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
rb_iv_set(self, "@cert", cert); rb_iv_set(self, "@cert", cert);