Class: OpenSSL::X509::StoreContext

Inherits:
Object
  • Object
show all
Defined in:
ossl_x509store.c,
lib/openssl/x509.rb,
ossl_x509store.c

Overview

A StoreContext is used while validating a single certificate and holds the status involved.

Instance Method Summary collapse

Constructor Details

#new(store, cert = nil, untrusted = nil) ⇒ Object

Sets up a StoreContext for a verification of the X.509 certificate cert.



582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
 
# File 'ossl_x509store.c', line 582

static VALUE
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
{
    VALUE store, cert, chain;
    X509_STORE_CTX *ctx;
    X509_STORE *x509st;
    X509 *x509 = NULL;
    STACK_OF(X509) *x509s = NULL;
    int state;

    rb_scan_args(argc, argv, "12", &store, &cert, &chain);
    GetX509StCtx(self, ctx);
    GetX509Store(store, x509st);
    if (!NIL_P(cert))
        x509 = DupX509CertPtr(cert); /* NEED TO DUP */
    if (!NIL_P(chain)) {
        x509s = ossl_protect_x509_ary2sk(chain, &state);
        if (state) {
            X509_free(x509);
            rb_jump_tag(state);
        }
    }
    if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
        X509_free(x509);
        sk_X509_pop_free(x509s, X509_free);
        ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
    }
    rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
    rb_iv_set(self, "@cert", cert);

    return self;
}

Instance Method Details

#chainnil | Array of X509::Certificate

Returns the verified chain.

See also the man page X509_STORE_CTX_set0_verified_chain(3).

Returns:



651
652
653
654
655
656
657
658
659
660
661
662
 
# File 'ossl_x509store.c', line 651

static VALUE
ossl_x509stctx_get_chain(VALUE self)
{
    X509_STORE_CTX *ctx;
    const STACK_OF(X509) *chain;

    GetX509StCtx(self, ctx);
    chain = X509_STORE_CTX_get0_chain(ctx);
    if (!chain)
        return Qnil; /* Could be an empty array instead? */
    return ossl_x509_sk2ary(chain);
}

#cleanupObject 



337
338
339
 
# File 'lib/openssl/x509.rb', line 337

def cleanup
  warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
end

#current_certX509::Certificate

Returns the certificate which caused the error.

See also the man page X509_STORE_CTX_get_current_cert(3).

Returns:



751
752
753
754
755
756
757
758
759
 
# File 'ossl_x509store.c', line 751

static VALUE
ossl_x509stctx_get_curr_cert(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
}

#current_crlX509::CRL

Returns the CRL which caused the error.

See also the man page X509_STORE_CTX_get_current_crl(3).

Returns:



769
770
771
772
773
774
775
776
777
778
779
780
781
 
# File 'ossl_x509store.c', line 769

static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
    X509_STORE_CTX *ctx;
    X509_CRL *crl;

    GetX509StCtx(self, ctx);
    crl = X509_STORE_CTX_get0_current_crl(ctx);
    if (!crl)
	return Qnil;

    return ossl_x509crl_new(crl);
}

#errorInteger

Returns the error code of stctx. This is typically called after #verify is done, or from the verification callback set to OpenSSL::X509::Store#verify_callback=.

See also the man page X509_STORE_CTX_get_error(3).

Returns:



674
675
676
677
678
679
680
681
682
 
# File 'ossl_x509store.c', line 674

static VALUE
ossl_x509stctx_get_err(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error(ctx));
}

#error=(error_code) ⇒ Object

Sets the error code of stctx. This is used by the verification callback set to OpenSSL::X509::Store#verify_callback=.

See also the man page X509_STORE_CTX_set_error(3).



693
694
695
696
697
698
699
700
701
702
 
# File 'ossl_x509store.c', line 693

static VALUE
ossl_x509stctx_set_error(VALUE self, VALUE err)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    X509_STORE_CTX_set_error(ctx, NUM2INT(err));

    return err;
}

#error_depthInteger

Returns the depth of the chain. This is used in combination with #error.

See also the man page X509_STORE_CTX_get_error_depth(3).

Returns:



733
734
735
736
737
738
739
740
741
 
# File 'ossl_x509store.c', line 733

static VALUE
ossl_x509stctx_get_err_depth(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
}

#error_stringString

Returns the human readable error string corresponding to the error code retrieved by #error.

See also the man page X509_verify_cert_error_string(3).

Returns:

  • (String) 


713
714
715
716
717
718
719
720
721
722
723
 
# File 'ossl_x509store.c', line 713

static VALUE
ossl_x509stctx_get_err_string(VALUE self)
{
    X509_STORE_CTX *ctx;
    long err;

    GetX509StCtx(self, ctx);
    err = X509_STORE_CTX_get_error(ctx);

    return rb_str_new2(X509_verify_cert_error_string(err));
}

#flags=(flags) ⇒ Object

Sets the verification flags to the context. This overrides the default value set by Store#flags=.

See also the man page X509_VERIFY_PARAM_set_flags(3).



792
793
794
795
796
797
798
799
800
801
802
 
# File 'ossl_x509store.c', line 792

static VALUE
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
{
    X509_STORE_CTX *store;
    long f = NUM2LONG(flags);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_flags(store, f);

    return flags;
}

#purpose=(purpose) ⇒ Object

Sets the purpose of the context. This overrides the default value set by Store#purpose=.

See also the man page X509_VERIFY_PARAM_set_purpose(3).



813
814
815
816
817
818
819
820
821
822
823
 
# File 'ossl_x509store.c', line 813

static VALUE
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
{
    X509_STORE_CTX *store;
    int p = NUM2INT(purpose);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_purpose(store, p);

    return purpose;
}

#time=(time) ⇒ Object

Sets the time used in the verification. If not set, the current time is used.

See also the man page X509_VERIFY_PARAM_set_time(3).



854
855
856
857
858
859
860
861
862
863
864
865
 
# File 'ossl_x509store.c', line 854

static VALUE
ossl_x509stctx_set_time(VALUE self, VALUE time)
{
    X509_STORE_CTX *store;
    long t;

    t = NUM2LONG(rb_Integer(time));
    GetX509StCtx(self, store);
    X509_STORE_CTX_set_time(store, 0, t);

    return time;
}

#trust=(trust) ⇒ Object

Sets the trust settings of the context. This overrides the default value set by Store#trust=.

See also the man page X509_VERIFY_PARAM_set_trust(3).



834
835
836
837
838
839
840
841
842
843
844
 
# File 'ossl_x509store.c', line 834

static VALUE
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
{
    X509_STORE_CTX *store;
    int t = NUM2INT(trust);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_trust(store, t);

    return trust;
}

#verifyObject

Performs the certificate verification using the parameters set to stctx.

See also the man page X509_verify_cert(3).



623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
 
# File 'ossl_x509store.c', line 623

static VALUE
ossl_x509stctx_verify(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    VALUE cb = rb_iv_get(self, "@verify_callback");
    X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx, (void *)cb);

    switch (X509_verify_cert(ctx)) {
      case 1:
        return Qtrue;
      case 0:
        ossl_clear_error();
        return Qfalse;
      default:
        ossl_raise(eX509StoreError, "X509_verify_cert");
    }
}