123456789_123456789_123456789_123456789_123456789_

Class: OpenSSL::X509::StoreContext

Relationships & Source Files
Inherits: Object
Defined in: ext/openssl/ossl_x509store.c,
ext/openssl/lib/openssl/x509.rb

Overview

A StoreContext is used while validating a single certificate and holds the status involved.

Class Method Summary

Instance Attribute Summary

Instance Method Summary

Constructor Details

.new(store, cert = nil, untrusted = nil)

Sets up a StoreContext for a verification of the X.509 certificate cert.

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 575

static VALUE
ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
{
    VALUE store, cert, chain, t;
    X509_STORE_CTX *ctx;
    X509_STORE *x509st;
    X509 *x509 = NULL;
    STACK_OF(X509) *x509s = NULL;
    int state;

    rb_scan_args(argc, argv, "12", &store, &cert, &chain);
    GetX509StCtx(self, ctx);
    GetX509Store(store, x509st);
    if (!NIL_P(cert))
        x509 = DupX509CertPtr(cert); /* NEED TO DUP */
    if (!NIL_P(chain)) {
        x509s = ossl_protect_x509_ary2sk(chain, &state);
        if (state) {
            X509_free(x509);
            rb_jump_tag(state);
        }
    }
    if (X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
        X509_free(x509);
        sk_X509_pop_free(x509s, X509_free);
        ossl_raise(eX509StoreError, "X509_STORE_CTX_init");
    }
    if (!NIL_P(t = rb_iv_get(store, "@time")))
	ossl_x509stctx_set_time(self, t);
    rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
    rb_iv_set(self, "@cert", cert);

    return self;
}

Instance Attribute Details

#errorInteger (rw)

Returns the error code of stctx. This is typically called after #verify is done, or from the verification callback set to Store#verify_callback=.

See also the man page X509_STORE_CTX_get_error(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 669

static VALUE
ossl_x509stctx_get_err(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error(ctx));
}

#error=(error_code) (rw)

Sets the error code of stctx. This is used by the verification callback set to Store#verify_callback=.

See also the man page X509_STORE_CTX_set_error(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 688

static VALUE
ossl_x509stctx_set_error(VALUE self, VALUE err)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    X509_STORE_CTX_set_error(ctx, NUM2INT(err));

    return err;
}

#flags=(flags) (writeonly)

Sets the verification flags to the context. This overrides the default value set by Store#flags=.

See also the man page X509_VERIFY_PARAM_set_flags(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 787

static VALUE
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
{
    X509_STORE_CTX *store;
    long f = NUM2LONG(flags);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_flags(store, f);

    return flags;
}

#purpose=(purpose) (writeonly)

Sets the purpose of the context. This overrides the default value set by Store#purpose=.

See also the man page X509_VERIFY_PARAM_set_purpose(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 808

static VALUE
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
{
    X509_STORE_CTX *store;
    int p = NUM2INT(purpose);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_purpose(store, p);

    return purpose;
}

#time=(time) (writeonly)

Sets the time used in the verification. If not set, the current time is used.

See also the man page X509_VERIFY_PARAM_set_time(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 849

static VALUE
ossl_x509stctx_set_time(VALUE self, VALUE time)
{
    X509_STORE_CTX *store;
    long t;

    t = NUM2LONG(rb_Integer(time));
    GetX509StCtx(self, store);
    X509_STORE_CTX_set_time(store, 0, t);

    return time;
}

#trust=(trust) (writeonly)

Sets the trust settings of the context. This overrides the default value set by Store#trust=.

See also the man page X509_VERIFY_PARAM_set_trust(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 829

static VALUE
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
{
    X509_STORE_CTX *store;
    int t = NUM2INT(trust);

    GetX509StCtx(self, store);
    X509_STORE_CTX_set_trust(store, t);

    return trust;
}

Instance Method Details

#chainnil | Array of X509::Certificate

Returns the verified chain.

See also the man page X509_STORE_CTX_set0_verified_chain(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 646

static VALUE
ossl_x509stctx_get_chain(VALUE self)
{
    X509_STORE_CTX *ctx;
    const STACK_OF(X509) *chain;

    GetX509StCtx(self, ctx);
    chain = X509_STORE_CTX_get0_chain(ctx);
    if (!chain)
        return Qnil; /* Could be an empty array instead? */
    return ossl_x509_sk2ary(chain);
}

#cleanup

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/x509.rb', line 337

def cleanup
  warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
end

#current_certX509::Certificate

Returns the certificate which caused the error.

See also the man page X509_STORE_CTX_get_current_cert(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 746

static VALUE
ossl_x509stctx_get_curr_cert(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
}

#current_crlX509::CRL

Returns the CRL which caused the error.

See also the man page X509_STORE_CTX_get_current_crl(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 764

static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
    X509_STORE_CTX *ctx;
    X509_CRL *crl;

    GetX509StCtx(self, ctx);
    crl = X509_STORE_CTX_get0_current_crl(ctx);
    if (!crl)
	return Qnil;

    return ossl_x509crl_new(crl);
}

#error_depthInteger

Returns the depth of the chain. This is used in combination with #error.

See also the man page X509_STORE_CTX_get_error_depth(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 728

static VALUE
ossl_x509stctx_get_err_depth(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);

    return INT2NUM(X509_STORE_CTX_get_error_depth(ctx));
}

#error_stringString

Returns the human readable error string corresponding to the error code retrieved by #error.

See also the man page X509_verify_cert_error_string(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 708

static VALUE
ossl_x509stctx_get_err_string(VALUE self)
{
    X509_STORE_CTX *ctx;
    long err;

    GetX509StCtx(self, ctx);
    err = X509_STORE_CTX_get_error(ctx);

    return rb_str_new2(X509_verify_cert_error_string(err));
}

#verifyBoolean

Performs the certificate verification using the parameters set to stctx.

See also the man page X509_verify_cert(3).

[ GitHub ]

  
# File 'ext/openssl/ossl_x509store.c', line 618

static VALUE
ossl_x509stctx_verify(VALUE self)
{
    X509_STORE_CTX *ctx;

    GetX509StCtx(self, ctx);
    VALUE cb = rb_iv_get(self, "@verify_callback");
    X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx, (void *)cb);

    switch (X509_verify_cert(ctx)) {
      case 1:
        return Qtrue;
      case 0:
        ossl_clear_error();
        return Qfalse;
      default:
        ossl_raise(eX509CertError, "X509_verify_cert");
    }
}