[ruby/openssl] x509ext: let X509::ExtensionFactory#create_ext take a dotted OID string

instead of looking of NIDs and then using X509V3_EXT_nconf_nid, instead just pass strings to X509V3_EXT_nconf, which has all the logic for processing dealing with generic extensions also process the oid through ln2nid() to retain compatibility. [rhe: tweaked commit message and added a test case] https://github.com/ruby/openssl/commit/9f15741331
2017-08-26 20:09:38 -04:00 · 2017-08-26 20:09:38 -04:00 · 91e5f51607
commit 91e5f51607
parent 98d8f6128e
2 changed files with 22 additions and 5 deletions
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@ -209,15 +209,16 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
    int nid;
    VALUE rconf;
    CONF *conf;
+    const char *oid_cstr = NULL;

    rb_scan_args(argc, argv, "21", &oid, &value, &critical);
-    StringValueCStr(oid);
    StringValue(value);
    if(NIL_P(critical)) critical = Qfalse;

-    nid = OBJ_ln2nid(RSTRING_PTR(oid));
-    if(!nid) nid = OBJ_sn2nid(RSTRING_PTR(oid));
-    if(!nid) ossl_raise(eX509ExtError, "unknown OID `%"PRIsVALUE"'", oid);
+    oid_cstr = StringValueCStr(oid);
+    nid = OBJ_ln2nid(oid_cstr);
+    if (nid != NID_undef)
+      oid_cstr = OBJ_nid2sn(nid);

    valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
    rb_str_append(valstr, value);
@ -228,7 +229,12 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
    rconf = rb_iv_get(self, "@config");
    conf = NIL_P(rconf) ? NULL : GetConfig(rconf);
    X509V3_set_nconf(ctx, conf);
-    ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));
+
+#if OSSL_OPENSSL_PREREQ(1, 1, 0) || OSSL_IS_LIBRESSL
+    ext = X509V3_EXT_nconf(conf, ctx, oid_cstr, RSTRING_PTR(valstr));
+#else
+    ext = X509V3_EXT_nconf(conf, ctx, (char *)oid_cstr, RSTRING_PTR(valstr));
+#endif
    X509V3_set_ctx_nodb(ctx);
    if (!ext){
 	ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
--- a/test/openssl/test_x509ext.rb
+++ b/test/openssl/test_x509ext.rb
@ -78,6 +78,17 @@ class OpenSSL::TestX509Extension < OpenSSL::TestCase
    assert_equal(@basic_constraints.to_der, bc_ln.to_der)
  end

+  def test_factory_create_extension_oid
+    ef = OpenSSL::X509::ExtensionFactory.new
+    ef.config = OpenSSL::Config.parse(<<~_end_of_cnf_)
+      [basic_constraints]
+      cA = BOOLEAN:TRUE
+      pathLenConstraint = INTEGER:2
+    _end_of_cnf_
+    bc_oid = ef.create_extension("2.5.29.19", "ASN1:SEQUENCE:basic_constraints", true)
+    assert_equal(@basic_constraints.to_der, bc_oid.to_der)
+  end
+
  def test_dup
    ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
    assert_equal(@basic_constraints.to_der, ext.to_der)