1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[ruby/openssl] x509ext: let X509::ExtensionFactory#create_ext take a dotted OID string

Browse Source 
instead of looking of NIDs and then using X509V3_EXT_nconf_nid,
instead just pass strings to X509V3_EXT_nconf, which has all the logic for
processing dealing with generic extensions
also process the oid through ln2nid() to retain compatibility.

[rhe: tweaked commit message and added a test case]

https://github.com/ruby/openssl/commit/9f15741331
This commit is contained in:
Michael Richardson 2017-08-26 20:09:38 -04:00 committed by Hiroshi SHIBATA
parent 98d8f6128e
commit 91e5f51607
2 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ext/openssl/ossl_x509ext.c
View File

@ -209,15 +209,16 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
int nid; int nid;
VALUE rconf; VALUE rconf;
CONF *conf; CONF *conf;
const char *oid_cstr = NULL;
rb_scan_args(argc, argv, "21", &oid, &value, &critical); rb_scan_args(argc, argv, "21", &oid, &value, &critical);
StringValueCStr(oid);
StringValue(value); StringValue(value);
if(NIL_P(critical)) critical = Qfalse; if(NIL_P(critical)) critical = Qfalse;
nid = OBJ_ln2nid(RSTRING_PTR(oid)); oid_cstr = StringValueCStr(oid);
if(!nid) nid = OBJ_sn2nid(RSTRING_PTR(oid)); nid = OBJ_ln2nid(oid_cstr);
if(!nid) ossl_raise(eX509ExtError, "unknown OID `%"PRIsVALUE"'", oid); if (nid != NID_undef)
oid_cstr = OBJ_nid2sn(nid);
valstr = rb_str_new2(RTEST(critical) ? "critical," : ""); valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
rb_str_append(valstr, value); rb_str_append(valstr, value);
@ -228,7 +229,12 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
rconf = rb_iv_get(self, "@config"); rconf = rb_iv_get(self, "@config");
conf = NIL_P(rconf) ? NULL : GetConfig(rconf); conf = NIL_P(rconf) ? NULL : GetConfig(rconf);
X509V3_set_nconf(ctx, conf); X509V3_set_nconf(ctx, conf);
ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));
#if OSSL_OPENSSL_PREREQ(1, 1, 0) || OSSL_IS_LIBRESSL
ext = X509V3_EXT_nconf(conf, ctx, oid_cstr, RSTRING_PTR(valstr));
#else
ext = X509V3_EXT_nconf(conf, ctx, (char *)oid_cstr, RSTRING_PTR(valstr));
#endif
X509V3_set_ctx_nodb(ctx); X509V3_set_ctx_nodb(ctx);
if (!ext){ if (!ext){
ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr); ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);

11
test/openssl/test_x509ext.rb
View File

@ -78,6 +78,17 @@ class OpenSSL::TestX509Extension < OpenSSL::TestCase
assert_equal(@basic_constraints.to_der, bc_ln.to_der) assert_equal(@basic_constraints.to_der, bc_ln.to_der)
end end
def test_factory_create_extension_oid
ef = OpenSSL::X509::ExtensionFactory.new
ef.config = OpenSSL::Config.parse(<<~_end_of_cnf_)
[basic_constraints]
cA = BOOLEAN:TRUE
pathLenConstraint = INTEGER:2
_end_of_cnf_
bc_oid = ef.create_extension("2.5.29.19", "ASN1:SEQUENCE:basic_constraints", true)
assert_equal(@basic_constraints.to_der, bc_oid.to_der)
end
def test_dup def test_dup
ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der) ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der)
assert_equal(@basic_constraints.to_der, ext.to_der) assert_equal(@basic_constraints.to_der, ext.to_der)