diff options
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | ext/openssl/lib/net/protocols.rb | 1 | ||||
-rw-r--r-- | ext/openssl/lib/openssl/buffering.rb | 4 | ||||
-rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 25 |
5 files changed, 41 insertions, 3 deletions
@@ -1,3 +1,16 @@ +Thu Oct 30 02:25:48 2003 GOTOU Yuuzou <[email protected]> + + * ext/openssl/lib/openssl/buffering.rb (Buffering#initialize): + add new method to inherit @sync from @io.sync. + + * ext/openssl/lib/net/protocols.rb (SSLIO#ssl_connect): no need to + set sync flag explicitly. + + * ext/openssl/ossl_ssl.c (ossl_sslctx_initialize): call super. + + * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): set extra chain + certificates in @extra_chain_cert. + Wed Oct 29 22:02:04 2003 NAKAMURA, Hiroshi <[email protected]> * test/drb/drbtest.rb: use rbconfig.rb to make the path of ruby diff --git a/ext/openssl/lib/net/protocols.rb b/ext/openssl/lib/net/protocols.rb index 36c5077cb2..073d4f3027 100644 --- a/ext/openssl/lib/net/protocols.rb +++ b/ext/openssl/lib/net/protocols.rb @@ -45,7 +45,6 @@ module Net @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE end @socket = OpenSSL::SSL::SSLSocket.new(@socket, @ssl_context) - @socket.sync = true @socket.sync_close = true @socket.connect end diff --git a/ext/openssl/lib/openssl/buffering.rb b/ext/openssl/lib/openssl/buffering.rb index 031af4baa3..fdbd71bc0c 100644 --- a/ext/openssl/lib/openssl/buffering.rb +++ b/ext/openssl/lib/openssl/buffering.rb @@ -19,6 +19,10 @@ module Buffering attr_accessor :sync BLOCK_SIZE = 1024*16 + def initialize(*args) + @sync = @io.sync + end + # # for reading. # diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index 38bf4b7484..811a935509 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -71,7 +71,6 @@ module OpenSSL sock = @svr.accept begin ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) - ssl.sync = true ssl.sync_close = true ssl.accept if @start_immediately ssl diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 6305e4c998..4fe2fc8088 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -44,6 +44,7 @@ VALUE cSSLSocket; #define ossl_sslctx_set_verify_cb(o,v) rb_iv_set((o),"@verify_callback",(v)) #define ossl_sslctx_set_options(o,v) rb_iv_set((o),"@options",(v)) #define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v)) +#define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v)) #define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert") #define ossl_sslctx_get_key(o) rb_iv_get((o),"@key") @@ -56,11 +57,12 @@ VALUE cSSLSocket; #define ossl_sslctx_get_verify_cb(o) rb_iv_get((o),"@verify_callback") #define ossl_sslctx_get_options(o) rb_iv_get((o),"@options") #define ossl_sslctx_get_cert_store(o) rb_iv_get((o),"@cert_store") +#define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert") static char *ossl_sslctx_attrs[] = { "cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", - "verify_callback", "options", "cert_store", + "verify_callback", "options", "cert_store", "extra_chain_cert" }; struct { @@ -160,6 +162,21 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) } static VALUE +ossl_sslctx_add_extra_chain_cert_i(VALUE i, VALUE arg) +{ + X509 *x509; + SSL_CTX *ctx; + + Data_Get_Struct(arg, SSL_CTX, ctx); + x509 = DupX509CertPtr(i); + if(!SSL_CTX_add_extra_chain_cert(ctx, x509)){ + ossl_raise(eSSLError, NULL); + } + + return i; +} + +static VALUE ossl_sslctx_setup(VALUE self) { SSL_CTX *ctx; @@ -186,6 +203,11 @@ ossl_sslctx_setup(VALUE self) SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1); } + val = ossl_sslctx_get_extra_cert(self); + if(!NIL_P(val)){ + rb_iterate(rb_each, val, ossl_sslctx_add_extra_chain_cert_i, self); + } + /* private key may be bundled in certificate file. */ val = ossl_sslctx_get_cert(self); cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */ @@ -379,6 +401,7 @@ ossl_ssl_initialize(int argc, VALUE *argv, VALUE self) ossl_ssl_set_ctx(self, ctx); ossl_ssl_set_sync_close(self, Qfalse); ossl_sslctx_setup(ctx); + rb_call_super(0, 0); return self; } |