Class: OpenSSL::X509::StoreContext
Relationships & Source Files | |
Inherits: | Object |
Defined in: | ext/openssl/ossl_x509store.c, ext/openssl/lib/openssl/x509.rb |
Overview
A StoreContext is used while validating a single certificate and holds the status involved.
Class Method Summary
-
.new(store, cert = nil, untrusted = nil)
constructor
Sets up a
StoreContext
for a verification of the X.509 certificate cert.
Instance Attribute Summary
-
#error ⇒ Integer
rw
Returns the error code of stctx.
-
#error=(error_code)
rw
Sets the error code of stctx.
-
#flags=(flags)
writeonly
Sets the verification flags to the context.
-
#purpose=(purpose)
writeonly
Sets the purpose of the context.
-
#time=(time)
writeonly
Sets the time used in the verification.
-
#trust=(trust)
writeonly
Sets the trust settings of the context.
Instance Method Summary
-
#chain ⇒ nil | Array of X509::Certificate
Returns the verified chain.
- #cleanup
-
#current_cert ⇒ X509::Certificate
Returns the certificate which caused the error.
-
#current_crl ⇒ X509::CRL
Returns the
CRL
which caused the error. -
#error_depth ⇒ Integer
Returns the depth of the chain.
-
#error_string ⇒ String
Returns the human readable error string corresponding to the error code retrieved by #error.
-
#verify ⇒ Boolean
Performs the certificate verification using the parameters set to stctx.
Constructor Details
.new(store, cert = nil, untrusted = nil)
Sets up a StoreContext
for a verification of the X.509 certificate cert.
# File 'ext/openssl/ossl_x509store.c', line 568
static VALUE ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) { VALUE store, cert, chain, t; X509_STORE_CTX *ctx; X509_STORE *x509st; X509 *x509 = NULL; STACK_OF(X509) *x509s = NULL; int state; rb_scan_args(argc, argv, "12", &store, &cert, &chain); GetX509StCtx(self, ctx); GetX509Store(store, x509st); if (!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */ if (!NIL_P(chain)) { x509s = ossl_protect_x509_ary2sk(chain, &state); if (state) { X509_free(x509); rb_jump_tag(state); } } if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){ X509_free(x509); sk_X509_pop_free(x509s, X509_free); ossl_raise(eX509StoreError, "X509_STORE_CTX_init"); } if (!NIL_P(t = rb_iv_get(store, "@time"))) ossl_x509stctx_set_time(self, t); rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); rb_iv_set(self, "@cert", cert); return self; }
Instance Attribute Details
#error ⇒ Integer (rw)
Returns the error code of stctx. This is typically called after #verify is done, or from the verification callback set to Store#verify_callback=.
See also the man page X509_STORE_CTX_get_error(3).
# File 'ext/openssl/ossl_x509store.c', line 662
static VALUE ossl_x509stctx_get_err(VALUE self) { X509_STORE_CTX *ctx; GetX509StCtx(self, ctx); return INT2NUM(X509_STORE_CTX_get_error(ctx)); }
#error=(error_code) (rw)
Sets the error code of stctx. This is used by the verification callback set to Store#verify_callback=.
See also the man page X509_STORE_CTX_set_error(3).
# File 'ext/openssl/ossl_x509store.c', line 681
static VALUE ossl_x509stctx_set_error(VALUE self, VALUE err) { X509_STORE_CTX *ctx; GetX509StCtx(self, ctx); X509_STORE_CTX_set_error(ctx, NUM2INT(err)); return err; }
#flags=(flags) (writeonly)
Sets the verification flags to the context. This overrides the default value set by Store#flags=.
See also the man page X509_VERIFY_PARAM_set_flags(3).
# File 'ext/openssl/ossl_x509store.c', line 780
static VALUE ossl_x509stctx_set_flags(VALUE self, VALUE flags) { X509_STORE_CTX *store; long f = NUM2LONG(flags); GetX509StCtx(self, store); X509_STORE_CTX_set_flags(store, f); return flags; }
#purpose=(purpose) (writeonly)
Sets the purpose of the context. This overrides the default value set by Store#purpose=.
See also the man page X509_VERIFY_PARAM_set_purpose(3).
# File 'ext/openssl/ossl_x509store.c', line 801
static VALUE ossl_x509stctx_set_purpose(VALUE self, VALUE purpose) { X509_STORE_CTX *store; int p = NUM2INT(purpose); GetX509StCtx(self, store); X509_STORE_CTX_set_purpose(store, p); return purpose; }
#time=(time) (writeonly)
Sets the time used in the verification. If not set, the current time is used.
See also the man page X509_VERIFY_PARAM_set_time(3).
# File 'ext/openssl/ossl_x509store.c', line 842
static VALUE ossl_x509stctx_set_time(VALUE self, VALUE time) { X509_STORE_CTX *store; long t; t = NUM2LONG(rb_Integer(time)); GetX509StCtx(self, store); X509_STORE_CTX_set_time(store, 0, t); return time; }
#trust=(trust) (writeonly)
Sets the trust settings of the context. This overrides the default value set by Store#trust=.
See also the man page X509_VERIFY_PARAM_set_trust(3).
# File 'ext/openssl/ossl_x509store.c', line 822
static VALUE ossl_x509stctx_set_trust(VALUE self, VALUE trust) { X509_STORE_CTX *store; int t = NUM2INT(trust); GetX509StCtx(self, store); X509_STORE_CTX_set_trust(store, t); return trust; }
Instance Method Details
#chain ⇒ nil
| Array
of
X509::Certificate
Returns the verified chain.
See also the man page X509_STORE_CTX_set0_verified_chain(3).
# File 'ext/openssl/ossl_x509store.c', line 639
static VALUE ossl_x509stctx_get_chain(VALUE self) { X509_STORE_CTX *ctx; const STACK_OF(X509) *chain; GetX509StCtx(self, ctx); chain = X509_STORE_CTX_get0_chain(ctx); if (!chain) return Qnil; /* Could be an empty array instead? */ return ossl_x509_sk2ary(chain); }
#cleanup
[ GitHub ]# File 'ext/openssl/lib/openssl/x509.rb', line 337
def cleanup warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE end
#current_cert ⇒ X509::Certificate
Returns the certificate which caused the error.
See also the man page X509_STORE_CTX_get_current_cert(3).
# File 'ext/openssl/ossl_x509store.c', line 739
static VALUE ossl_x509stctx_get_curr_cert(VALUE self) { X509_STORE_CTX *ctx; GetX509StCtx(self, ctx); return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx)); }
#current_crl ⇒ X509::CRL
Returns the CRL
which caused the error.
See also the man page X509_STORE_CTX_get_current_crl(3).
# File 'ext/openssl/ossl_x509store.c', line 757
static VALUE ossl_x509stctx_get_curr_crl(VALUE self) { X509_STORE_CTX *ctx; X509_CRL *crl; GetX509StCtx(self, ctx); crl = X509_STORE_CTX_get0_current_crl(ctx); if (!crl) return Qnil; return ossl_x509crl_new(crl); }
#error_depth ⇒ Integer
Returns the depth of the chain. This is used in combination with #error.
See also the man page X509_STORE_CTX_get_error_depth(3).
# File 'ext/openssl/ossl_x509store.c', line 721
static VALUE ossl_x509stctx_get_err_depth(VALUE self) { X509_STORE_CTX *ctx; GetX509StCtx(self, ctx); return INT2NUM(X509_STORE_CTX_get_error_depth(ctx)); }
#error_string ⇒ String
Returns the human readable error string corresponding to the error code retrieved by #error.
See also the man page X509_verify_cert_error_string(3).
# File 'ext/openssl/ossl_x509store.c', line 701
static VALUE ossl_x509stctx_get_err_string(VALUE self) { X509_STORE_CTX *ctx; long err; GetX509StCtx(self, ctx); err = X509_STORE_CTX_get_error(ctx); return rb_str_new2(X509_verify_cert_error_string(err)); }
#verify ⇒ Boolean
Performs the certificate verification using the parameters set to stctx.
See also the man page X509_verify_cert(3).
# File 'ext/openssl/ossl_x509store.c', line 611
static VALUE ossl_x509stctx_verify(VALUE self) { X509_STORE_CTX *ctx; GetX509StCtx(self, ctx); X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx, (void *)rb_iv_get(self, "@verify_callback")); switch (X509_verify_cert(ctx)) { case 1: return Qtrue; case 0: ossl_clear_error(); return Qfalse; default: ossl_raise(eX509CertError, "X509_verify_cert"); } }