Feature #11552 ยป ruby-changes.patch
ext/openssl/ossl_ocsp.c (working copy) | ||
---|---|---|
/*
|
||
* call-seq:
|
||
* request.sign(signer_cert, signer_key) -> self
|
||
* request.sign(signer_cert, signer_key, certificates) -> self
|
||
* request.sign(signer_cert, signer_key, certificates, flags) -> self
|
||
* request.sign(signer_cert, signer_key) -> self
|
||
* request.sign(signer_cert, signer_key, certificates) -> self
|
||
* request.sign(signer_cert, signer_key, certificates, flags) -> self
|
||
* request.sign(signer_cert, signer_key, certificates, flags, md_type) -> self
|
||
*
|
||
* Signs this OCSP request using +signer_cert+ and +signer_key+.
|
||
* +certificates+ is an optional Array of certificates that may be included in
|
||
... | ... | |
static VALUE
|
||
ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
|
||
{
|
||
VALUE signer_cert, signer_key, certs, flags;
|
||
VALUE signer_cert, signer_key, certs, flags, md_type;
|
||
OCSP_REQUEST *req;
|
||
X509 *signer;
|
||
EVP_PKEY *key;
|
||
STACK_OF(X509) *x509s;
|
||
unsigned long flg;
|
||
const EVP_MD *md;
|
||
int ret;
|
||
rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
|
||
rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &md_type);
|
||
signer = GetX509CertPtr(signer_cert);
|
||
key = GetPrivPKeyPtr(signer_key);
|
||
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
|
||
... | ... | |
flags |= OCSP_NOCERTS;
|
||
}
|
||
else x509s = ossl_x509_ary2sk(certs);
|
||
if(NIL_P(md_type)) md = EVP_sha1();
|
||
else md = GetDigestPtr(md_type);
|
||
|
||
GetOCSPReq(self, req);
|
||
ret = OCSP_request_sign(req, signer, key, EVP_sha1(), x509s, flg);
|
||
ret = OCSP_request_sign(req, signer, key, md, x509s, flg);
|
||
sk_X509_pop_free(x509s, X509_free);
|
||
if(!ret) ossl_raise(eOCSPError, NULL);
|
||
... | ... | |
* basic_response.sign(signer_cert, signer_key) -> self
|
||
* basic_response.sign(signer_cert, signer_key, certificates) -> self
|
||
* basic_response.sign(signer_cert, signer_key, certificates, flags) -> self
|
||
* basic_response.sign(signer_cert, signer_key, certificates, flags, md_type) -> self
|
||
*
|
||
* Signs this response using the +signer_cert+ and +signer_key+. Additional
|
||
* +certificates+ may be added to the signature along with a set of +flags+.
|
||
... | ... | |
static VALUE
|
||
ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
|
||
{
|
||
VALUE signer_cert, signer_key, certs, flags;
|
||
VALUE signer_cert, signer_key, certs, flags, md_type;
|
||
OCSP_BASICRESP *bs;
|
||
X509 *signer;
|
||
EVP_PKEY *key;
|
||
STACK_OF(X509) *x509s;
|
||
unsigned long flg;
|
||
const EVP_MD *md;
|
||
int ret;
|
||
rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
|
||
rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &md_type);
|
||
signer = GetX509CertPtr(signer_cert);
|
||
key = GetPrivPKeyPtr(signer_key);
|
||
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
|
||
... | ... | |
else{
|
||
x509s = ossl_x509_ary2sk(certs);
|
||
}
|
||
if(NIL_P(md_type)) md = EVP_sha1();
|
||
else md = GetDigestPtr(md_type);
|
||
GetOCSPBasicRes(self, bs);
|
||
ret = OCSP_basic_sign(bs, signer, key, EVP_sha1(), x509s, flg);
|
||
ret = OCSP_basic_sign(bs, signer, key, md, x509s, flg);
|
||
sk_X509_pop_free(x509s, X509_free);
|
||
if(!ret) ossl_raise(eOCSPError, NULL);
|
||
test/openssl/test_ocsp.rb (working copy) | ||
---|---|---|
class OpenSSL::TestOCSP < Test::Unit::TestCase
|
||
def setup
|
||
ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
|
||
ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
@ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
ca_serial = 0xabcabcabcabc
|
||
subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
|
||
... | ... | |
dgst = OpenSSL::Digest::SHA1.new
|
||
@ca_cert = OpenSSL::TestUtils.issue_cert(
|
||
ca_subj, ca_key, ca_serial, now, now+3600, [], nil, nil, dgst)
|
||
ca_subj, @ca_key, ca_serial, now, now+3600, [], nil, nil, dgst)
|
||
@cert = OpenSSL::TestUtils.issue_cert(
|
||
subj, @key, serial, now, now+3600, [], @ca_cert, nil, dgst)
|
||
end
|
||
... | ... | |
# in current implementation not same instance of certificate id, but should contain same data
|
||
assert_equal cid.serial, request.certid.first.serial
|
||
end
|
||
def test_new_ocsp_request_with_digest
|
||
request = OpenSSL::OCSP::Request.new
|
||
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
|
||
request.add_certid(cid)
|
||
request.sign(@cert, @key, [@cert], nil, OpenSSL::Digest::SHA256.new)
|
||
assert_kind_of OpenSSL::OCSP::Request, request
|
||
# in current implementation not same instance of certificate id, but should contain same data
|
||
assert_equal cid.serial, request.certid.first.serial
|
||
end
|
||
def test_basic_response_sign
|
||
basic_response = OpenSSL::OCSP::BasicResponse.new
|
||
basic_response.sign(@ca_cert, @ca_key)
|
||
assert_kind_of OpenSSL::OCSP::BasicResponse, basic_response
|
||
end
|
||
def test_basic_response_sign_with_digest
|
||
basic_response = OpenSSL::OCSP::BasicResponse.new
|
||
basic_response.sign(@ca_cert, @ca_key, nil, nil, OpenSSL::Digest::SHA256.new)
|
||
assert_kind_of OpenSSL::OCSP::BasicResponse, basic_response
|
||
end
|
||
end
|
||
end
|