ruby-changes.patch - Ruby - Ruby Issue Tracking System

Feature #11552 » ruby-changes.patch

tshirley (Tim Shirley), 09/25/2015 08:04 PM

     /*
      * call-seq:
      *   request.sign(signer_cert, signer_key)                      -> self
      *   request.sign(signer_cert, signer_key, certificates)        -> self
      *   request.sign(signer_cert, signer_key, certificates, flags) -> self
      *   request.sign(signer_cert, signer_key)                               -> self
      *   request.sign(signer_cert, signer_key, certificates)                 -> self
      *   request.sign(signer_cert, signer_key, certificates, flags)          -> self
      *   request.sign(signer_cert, signer_key, certificates, flags, md_type) -> self
+     *
      * Signs this OCSP request using +signer_cert+ and +signer_key+.
      * +certificates+ is an optional Array of certificates that may be included in
-...
     static VALUE
     ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
+    {
         VALUE signer_cert, signer_key, certs, flags;
         VALUE signer_cert, signer_key, certs, flags, md_type;
         OCSP_REQUEST *req;
         X509 *signer;
         EVP_PKEY *key;
         STACK_OF(X509) *x509s;
         unsigned long flg;
         const EVP_MD *md;
         int ret;
         rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
         rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &md_type);
         signer = GetX509CertPtr(signer_cert);
         key = GetPrivPKeyPtr(signer_key);
         flg = NIL_P(flags) ? 0 : NUM2INT(flags);
-...
     	flags |= OCSP_NOCERTS;
+        }
         else x509s = ossl_x509_ary2sk(certs);
         if(NIL_P(md_type)) md = EVP_sha1();
         else md = GetDigestPtr(md_type);
         GetOCSPReq(self, req);
         ret = OCSP_request_sign(req, signer, key, EVP_sha1(), x509s, flg);
         ret = OCSP_request_sign(req, signer, key, md, x509s, flg);
         sk_X509_pop_free(x509s, X509_free);
         if(!ret) ossl_raise(eOCSPError, NULL);
-...
      *   basic_response.sign(signer_cert, signer_key) -> self
      *   basic_response.sign(signer_cert, signer_key, certificates) -> self
      *   basic_response.sign(signer_cert, signer_key, certificates, flags) -> self
      *   basic_response.sign(signer_cert, signer_key, certificates, flags, md_type) -> self
+     *
      * Signs this response using the +signer_cert+ and +signer_key+.  Additional
      * +certificates+ may be added to the signature along with a set of +flags+.
-...
     static VALUE
     ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
+    {
         VALUE signer_cert, signer_key, certs, flags;
         VALUE signer_cert, signer_key, certs, flags, md_type;
         OCSP_BASICRESP *bs;
         X509 *signer;
         EVP_PKEY *key;
         STACK_OF(X509) *x509s;
         unsigned long flg;
         const EVP_MD *md;
         int ret;
         rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
         rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &md_type);
         signer = GetX509CertPtr(signer_cert);
         key = GetPrivPKeyPtr(signer_key);
         flg = NIL_P(flags) ? 0 : NUM2INT(flags);
-...
         else{
     	x509s = ossl_x509_ary2sk(certs);
+        }
         if(NIL_P(md_type)) md = EVP_sha1();
         else md = GetDigestPtr(md_type);
         GetOCSPBasicRes(self, bs);
         ret = OCSP_basic_sign(bs, signer, key, EVP_sha1(), x509s, flg);
         ret = OCSP_basic_sign(bs, signer, key, md, x509s, flg);
         sk_X509_pop_free(x509s, X509_free);
         if(!ret) ossl_raise(eOCSPError, NULL);

     class OpenSSL::TestOCSP < Test::Unit::TestCase
       def setup
         ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
         ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
         @ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
         ca_serial = 0xabcabcabcabc
         subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
-...
         dgst = OpenSSL::Digest::SHA1.new
         @ca_cert = OpenSSL::TestUtils.issue_cert(
            ca_subj, ca_key, ca_serial, now, now+3600, [], nil, nil, dgst)
            ca_subj, @ca_key, ca_serial, now, now+3600, [], nil, nil, dgst)
         @cert = OpenSSL::TestUtils.issue_cert(
            subj, @key, serial, now, now+3600, [], @ca_cert, nil, dgst)
       end
-...
         # in current implementation not same instance of certificate id, but should contain same data
         assert_equal cid.serial, request.certid.first.serial
       end
       def test_new_ocsp_request_with_digest
         request = OpenSSL::OCSP::Request.new
         cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
         request.add_certid(cid)
         request.sign(@cert, @key, [@cert], nil, OpenSSL::Digest::SHA256.new)
         assert_kind_of OpenSSL::OCSP::Request, request
         # in current implementation not same instance of certificate id, but should contain same data
         assert_equal cid.serial, request.certid.first.serial
       end
       def test_basic_response_sign
         basic_response = OpenSSL::OCSP::BasicResponse.new
         basic_response.sign(@ca_cert, @ca_key)
         assert_kind_of OpenSSL::OCSP::BasicResponse, basic_response
       end
       def test_basic_response_sign_with_digest
         basic_response = OpenSSL::OCSP::BasicResponse.new
         basic_response.sign(@ca_cert, @ca_key, nil, nil, OpenSSL::Digest::SHA256.new)
         assert_kind_of OpenSSL::OCSP::BasicResponse, basic_response
       end
     end
     end

(1-1/1)

Project

General

Profile

Ruby

Feature #11552 » ruby-changes.patch