diff options
author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-09-03 12:35:27 +0000 |
---|---|---|
committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-09-03 12:35:27 +0000 |
commit | 609103dbb5fb182eec12f052226c43e39b907682 (patch) | |
tree | 881cdacc3312e65261ebd34a807c75ee09fdb303 /ext/openssl/ossl_x509name.c | |
parent | b9801bb8b2f5ce91755e0076d79140a72ff94d6a (diff) | |
download | ruby-609103dbb5fb182eec12f052226c43e39b907682.tar.gz |
openssl: import v2.1.0.beta1
Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5
(imported by r59567) can be found at:
https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1
----------------------------------------------------------------
Antonio Terceiro (1):
test/test_ssl: explicitly accept TLS 1.1 in corresponding test
Colby Swandale (1):
document using secure protocol to fetch git master in Bundler
Colton Jenkins (1):
Add fips_mode_get to return fips_mode
Kazuki Yamaguchi (85):
Start preparing for 2.1.0
Remove support for OpenSSL 0.9.8 and 1.0.0
bn: refine tests
bn: implement unary {plus,minus} operators for OpenSSL::BN
bn: implement OpenSSL::BN#negative?
Don't define main() when built with --enable-debug
test: let OpenSSL::TestCase include OpenSSL::TestUtils
test: prepare test PKey instances on demand
Add OpenSSL.print_mem_leaks
Enable OSSL_MDEBUG on CI builds
ssl: move default DH parameters from OpenSSL::PKey::DH
Make exceptions with the same format regardless of OpenSSL.debug
ssl: show reason of 'certificate verify error' in exception message
ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
ssl: do not confuse different ex_data index registries
ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
Fix RDoc markup
ssl: suppress compiler warning
ext/openssl/deprecation.rb: remove broken-apple-openssl
extconf.rb: print informative message if OpenSSL can't be found
Rakefile: compile the extension before test
kdf: introduce OpenSSL::KDF module
ossl.h: add NUM2UINT64T() macro
kdf: add scrypt
Expand rb_define_copy_func() macro
Expand FPTR_TO_FD() macro
Remove SafeGet*() macros
cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()
digest: rename GetDigestPtr() to ossl_evp_get_digestbyname()
Add ossl_str_new(), an exception-safe rb_str_new()
bio: simplify ossl_membio2str() using ossl_str_new()
Remove unused functions and macros
Drop support for LibreSSL 2.3
ocsp: add OpenSSL::OCSP::Request#signed?
asn1: infinite length -> indefinite length
asn1: rearrange tests
ssl: remove a needless NULL check in SSL::SSLContext#ciphers
ssl: return nil in SSL::SSLSocket#cipher if session is not started
asn1: remove an unnecessary function prototype
asn1: require tag information when instantiating generic type
asn1: initialize 'unused_bits' attribute of BitString with 0
asn1: check for illegal 'unused_bits' value of BitString
asn1: disallow NULL to be passed to asn1time_to_time()
asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid
asn1: allow constructed encoding with definite length form
asn1: prohibit indefinite length form for primitive encoding
asn1: allow tag number to be >= 32 for universal tag class
asn1: use ossl_asn1_tag()
asn1: clean up OpenSSL::ASN1::Constructive#to_der
asn1: harmonize OpenSSL::ASN1::*#to_der
asn1: prevent EOC octets from being in the middle of the content
asn1: do not treat EOC octets as part of content octets
x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry
ssl: do not call session_remove_cb during GC
Backport "Merge branch 'topic/test-memory-leak'" to maint
cipher: update the documentation for Cipher#auth_tag=
Rakefile: let sync:to_ruby know about test/openssl/fixtures
test: fix formatting
test/utils: remove OpenSSL::TestUtils.silent
test/utils: add SSLTestCase#tls12_supported?
test/utils: have start_server yield only the port number
test/utils: do not set ecdh_curves in start_server
test/utils: let server_loop close socket
test/utils: improve error handling in start_server
test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
test/utils: do not use DSA certificates in SSL tests
test/test_ssl: remove test_invalid_shutdown_by_gc
test/test_ssl: move test_multibyte_read_write to test_pair
test/test_ssl_session: rearrange tests
test/test_pair, test/test_ssl: fix for TLS 1.3
ssl: remove useless call to rb_thread_wait_fd()
ssl: fix NPN support
ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private
ssl: use 2048-bit group in the default tmp_dh_cb
ssl: ensure that SSL option flags are non-negative
ssl: update OpenSSL::SSL::OP_* flags
ssl: prefer TLS_method() over SSLv23_method()
ssl: add SSLContext#min_version= and #max_version=
ssl: rework SSLContext#ssl_version=
test/test_x509name: change script encoding to ASCII-8BIT
x509name: refactor OpenSSL::X509::Name#to_s
x509name: add OpenSSL::X509::Name#to_utf8
x509name: add OpenSSL::X509::Name#inspect
x509name: update regexp in OpenSSL::X509::Name.parse
Ruby/OpenSSL 2.1.0.beta1
Marcus Stollsteimer (1):
Fix rdoc for core Integer class
nobu (4):
[DOC] {read,write}_nonblock with exception: false
[DOC] keyword argument _exception_
[DOC] mark up literals
Revert r57690 except for read_nonblock
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl_x509name.c')
-rw-r--r-- | ext/openssl/ossl_x509name.c | 138 |
1 files changed, 89 insertions, 49 deletions
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index ac98c1b94c..b2063954d1 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -23,10 +23,6 @@ ossl_raise(rb_eRuntimeError, "Name wasn't initialized."); \ } \ } while (0) -#define SafeGetX509Name(obj, name) do { \ - OSSL_Check_Kind((obj), cX509Name); \ - GetX509Name((obj), (name)); \ -} while (0) #define OBJECT_TYPE_TEMPLATE \ rb_const_get(cX509Name, rb_intern("OBJECT_TYPE_TEMPLATE")) @@ -81,7 +77,7 @@ GetX509NamePtr(VALUE obj) { X509_NAME *name; - SafeGetX509Name(obj, name); + GetX509Name(obj, name); return name; } @@ -135,15 +131,15 @@ ossl_x509name_init_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, args)) * * Creates a new Name. * - * A name may be created from a DER encoded string +der+, an Array - * representing a +distinguished_name+ or a +distinguished_name+ along with a - * +template+. + * A name may be created from a DER encoded string _der_, an Array + * representing a _distinguished_name_ or a _distinguished_name_ along with a + * _template_. * * name = OpenSSL::X509::Name.new [['CN', 'nobody'], ['DC', 'example']] * * name = OpenSSL::X509::Name.new name.to_der * - * See add_entry for a description of the +distinguished_name+ Array's + * See add_entry for a description of the _distinguished_name_ Array's * contents */ static VALUE @@ -188,7 +184,7 @@ ossl_x509name_initialize_copy(VALUE self, VALUE other) rb_check_frozen(self); GetX509Name(self, name); - SafeGetX509Name(other, name_other); + GetX509Name(other, name_other); name_new = X509_NAME_dup(name_other); if (!name_new) @@ -202,9 +198,9 @@ ossl_x509name_initialize_copy(VALUE self, VALUE other) /* * call-seq: - * name.add_entry(oid, value [, type]) => self + * name.add_entry(oid, value [, type], loc: -1, set: 0) => self * - * Adds a new entry with the given +oid+ and +value+ to this name. The +oid+ + * Adds a new entry with the given _oid_ and _value_ to this name. The _oid_ * is an object identifier defined in ASN.1. Some common OIDs are: * * C:: Country Name @@ -213,24 +209,39 @@ ossl_x509name_initialize_copy(VALUE self, VALUE other) * O:: Organization Name * OU:: Organizational Unit Name * ST:: State or Province Name + * + * The optional keyword parameters _loc_ and _set_ specify where to insert the + * new attribute. Refer to the manpage of X509_NAME_add_entry(3) for details. + * _loc_ defaults to -1 and _set_ defaults to 0. This appends a single-valued + * RDN to the end. */ static VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self) { X509_NAME *name; - VALUE oid, value, type; + VALUE oid, value, type, opts, kwargs[2]; + static ID kwargs_ids[2]; const char *oid_name; + int loc = -1, set = 0; - rb_scan_args(argc, argv, "21", &oid, &value, &type); + if (!kwargs_ids[0]) { + kwargs_ids[0] = rb_intern_const("loc"); + kwargs_ids[1] = rb_intern_const("set"); + } + rb_scan_args(argc, argv, "21:", &oid, &value, &type, &opts); + rb_get_kwargs(opts, kwargs_ids, 0, 2, kwargs); oid_name = StringValueCStr(oid); StringValue(value); if(NIL_P(type)) type = rb_aref(OBJECT_TYPE_TEMPLATE, oid); + if (kwargs[0] != Qundef) + loc = NUM2INT(kwargs[0]); + if (kwargs[1] != Qundef) + set = NUM2INT(kwargs[1]); GetX509Name(self, name); if (!X509_NAME_add_entry_by_txt(name, oid_name, NUM2INT(type), - (const unsigned char *)RSTRING_PTR(value), RSTRING_LENINT(value), -1, 0)) { - ossl_raise(eX509NameError, NULL); - } - + (unsigned char *)RSTRING_PTR(value), + RSTRING_LENINT(value), loc, set)) + ossl_raise(eX509NameError, "X509_NAME_add_entry_by_txt"); return self; } @@ -249,42 +260,73 @@ ossl_x509name_to_s_old(VALUE self) return str; } +static VALUE +x509name_print(VALUE self, unsigned long iflag) +{ + X509_NAME *name; + BIO *out; + + GetX509Name(self, name); + out = BIO_new(BIO_s_mem()); + if (!out) + ossl_raise(eX509NameError, NULL); + if (!X509_NAME_print_ex(out, name, 0, iflag)) { + BIO_free(out); + ossl_raise(eX509NameError, "X509_NAME_print_ex"); + } + return ossl_membio2str(out); +} + /* * call-seq: - * name.to_s => string - * name.to_s(flags) => string + * name.to_s -> string + * name.to_s(format) -> string * - * Returns this name as a Distinguished Name string. +flags+ may be one of: + * Returns a String representation of the Distinguished Name. _format_ is + * one of: * * * OpenSSL::X509::Name::COMPAT * * OpenSSL::X509::Name::RFC2253 * * OpenSSL::X509::Name::ONELINE * * OpenSSL::X509::Name::MULTILINE + * + * If _format_ is omitted, the largely broken and traditional OpenSSL format + * is used. */ static VALUE ossl_x509name_to_s(int argc, VALUE *argv, VALUE self) { - X509_NAME *name; - VALUE flag, str; - BIO *out; - unsigned long iflag; - - rb_scan_args(argc, argv, "01", &flag); - if (NIL_P(flag)) + rb_check_arity(argc, 0, 1); + /* name.to_s(nil) was allowed */ + if (!argc || NIL_P(argv[0])) return ossl_x509name_to_s_old(self); - else iflag = NUM2ULONG(flag); - if (!(out = BIO_new(BIO_s_mem()))) - ossl_raise(eX509NameError, NULL); - GetX509Name(self, name); - if (!X509_NAME_print_ex(out, name, 0, iflag)){ - BIO_free(out); - ossl_raise(eX509NameError, NULL); - } - str = ossl_membio2str(out); + else + return x509name_print(self, NUM2ULONG(argv[0])); +} +/* + * call-seq; + * name.to_utf8 -> string + * + * Returns an UTF-8 representation of the distinguished name, as specified + * in {RFC 2253}[https://www.ietf.org/rfc/rfc2253.txt]. + */ +static VALUE +ossl_x509name_to_utf8(VALUE self) +{ + VALUE str = x509name_print(self, XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB); + rb_enc_associate_index(str, rb_utf8_encindex()); return str; } +/* :nodoc: */ +static VALUE +ossl_x509name_inspect(VALUE self) +{ + return rb_enc_sprintf(rb_utf8_encoding(), "#<%"PRIsVALUE" %"PRIsVALUE">", + rb_obj_class(self), ossl_x509name_to_utf8(self)); +} + /* * call-seq: * name.to_a => [[name, data, type], ...] @@ -338,18 +380,18 @@ ossl_x509name_cmp0(VALUE self, VALUE other) X509_NAME *name1, *name2; GetX509Name(self, name1); - SafeGetX509Name(other, name2); + GetX509Name(other, name2); return X509_NAME_cmp(name1, name2); } /* * call-seq: - * name.cmp other => integer - * name.<=> other => integer + * name.cmp(other) -> -1 | 0 | 1 + * name <=> other -> -1 | 0 | 1 * - * Compares this Name with +other+ and returns 0 if they are the same and -1 or - * +1 if they are greater or less than each other respectively. + * Compares this Name with _other_ and returns +0+ if they are the same and +-1+ + * or ++1+ if they are greater or less than each other respectively. */ static VALUE ossl_x509name_cmp(VALUE self, VALUE other) @@ -365,9 +407,9 @@ ossl_x509name_cmp(VALUE self, VALUE other) /* * call-seq: - * name.eql? other => boolean + * name.eql?(other) -> true | false * - * Returns true if +name+ and +other+ refer to the same hash key. + * Returns true if _name_ and _other_ refer to the same hash key. */ static VALUE ossl_x509name_eql(VALUE self, VALUE other) @@ -398,7 +440,6 @@ ossl_x509name_hash(VALUE self) return ULONG2NUM(hash); } -#ifdef HAVE_X509_NAME_HASH_OLD /* * call-seq: * name.hash_old => integer @@ -417,7 +458,6 @@ ossl_x509name_hash_old(VALUE self) return ULONG2NUM(hash); } -#endif /* * call-seq: @@ -478,17 +518,17 @@ Init_ossl_x509name(void) rb_define_alloc_func(cX509Name, ossl_x509name_alloc); rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1); - rb_define_copy_func(cX509Name, ossl_x509name_initialize_copy); + rb_define_method(cX509Name, "initialize_copy", ossl_x509name_initialize_copy, 1); rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1); rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1); + rb_define_method(cX509Name, "to_utf8", ossl_x509name_to_utf8, 0); + rb_define_method(cX509Name, "inspect", ossl_x509name_inspect, 0); rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0); rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1); rb_define_alias(cX509Name, "<=>", "cmp"); rb_define_method(cX509Name, "eql?", ossl_x509name_eql, 1); rb_define_method(cX509Name, "hash", ossl_x509name_hash, 0); -#ifdef HAVE_X509_NAME_HASH_OLD rb_define_method(cX509Name, "hash_old", ossl_x509name_hash_old, 0); -#endif rb_define_method(cX509Name, "to_der", ossl_x509name_to_der, 0); utf8str = INT2NUM(V_ASN1_UTF8STRING); |